Project

General

Profile

Actions
Copy link

Bug #14088

closed

pfsense 2.7-dev pfSense-pkg-snort installation failed!

Added by Peter Moreno about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Christian McDonald
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
2.7.x
Affected Plus Version:
Affected Architecture:
amd64

Description

Hello.

I want to test snort on pfsense 2.7-dev latest version

But I receive this error:

Installing pfSense-pkg-snort...

Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (2 conflicting)
- luajit-devel-2.1.0.20230104 [pfSense] conflicts with luajit-openresty-2.1.20230119 [installed] on /usr/local/bin/luajit
- luajit-devel-2.1.0.20230104 [pfSense] conflicts with luajit-openresty-2.1.20230119 [pfSense] on /usr/local/bin/luajit
Checking integrity... done (0 conflicting)
The following 11 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
lua-resty-core: 0.1.24
lua-resty-lrucache: 0.13
luajit-openresty: 2.1.20230119
nginx: 1.22.1_5,3
pfSense: 2.7.0.a.20230309.0600

New packages to be INSTALLED:
daq: 2.2.2_3 [pfSense]
libdnet: 1.13_3 [pfSense]
libpcap: 1.10.2 [pfSense]
luajit-devel: 2.1.0.20230104 [pfSense]
pfSense-pkg-snort: 4.1.6_7 [pfSense]
snort: 2.9.20_1 [pfSense]

Number of packages to be removed: 5
Number of packages to be installed: 6

The process will require 3 MiB more space.
pkg-static: Cannot delete vital package: pfSense!
pkg-static: If you are sure you want to remove pfSense,
pkg-static: unset the 'vital' flag with: pkg set -v 0 pfSense
Failed

2.7.0-DEVELOPMENT (amd64)
built on Thu Mar 09 06:05:43 UTC 2023
FreeBSD 14.0-CURRENT

The system is on the latest version.
Version information updated at Thu Mar 9 9:16:38 PST 2023

If u need further info let know!!!

Files

bug-snort-1.png (16.6 KB) bug-snort-1.png bug snort Peter Moreno, 03/09/2023 11:49 AM
Actions
Copy link
 #1

Updated by Christian McDonald about 2 years ago

  • Assignee set to Christian McDonald

This also impacts 23.05 snapshots.

We currently build nginx with LUA support (which we don't use). Snort also depends on LUA. However, nginx and snort depend on different (conflicting) packages that provide LUA.

This would also mean that even on upstream FreeBSD, one could not both have snort and nginx (with LUA option on) installed at the same time.

We need to either fix the dependency conflict and upstream it, or just disable LUA option on our nginx build.

Actions
Copy link
 #2

Updated by Bill Meeks about 2 years ago

Christian McDonald wrote in #note-1:

This also impacts 23.05 snapshots.

We currently build nginx with LUA support (which we don't use). Snort also depends on LUA. However, nginx and snort depend on different (conflicting) packages that provide LUA.

This would also mean that even on upstream FreeBSD, one could not both have snort and nginx (with LUA option on) installed at the same time.

We need to either fix the dependency conflict and upstream it, or just disable LUA option on our nginx build.

If I recall from some earlier experimentation I did during the Fall last year, Snort and Suricata both don't really care which LUA they use (real LUA Devel or open-resty). But at the time there was something in the pfSense build (and maybe it was nginx, but I don't recall) that wanted LUA and not LUA Devel. My understanding, from very limited Google research, is that LUA Devel is really the "maintained branch" now and generic LUA has stagnated. At the time of my Google research last Fall, most developers were using LUA Devel.

I'm running off old memory now, and there may be "bit rot", so I may not have all my facts 100% aligned <grin>. I do recall that to get Snort and Suricata to compile in 2.7 DEVEL at the time (back in late November last year), I had to specifically link luajit to open-resty . Here are the two pull requests from that period that did this:

https://github.com/pfsense/FreeBSD-ports/pull/1195
https://github.com/pfsense/FreeBSD-ports/pull/1197

Perhaps it's now time to undo that change to open-resty ??? I can say that when I tested in my private repo, Snort and Suricata worked fine with luajit instead of open-resty . But they both do NEED LUA to function. LUA is used in the OpenAppID module of Snort.

If you want to revert those two commits in the 23.05 and 2.7 CE snapshots, it's fine with me. I think that will solve the issue (unless nginx does not like LUA Devel).

Actions
Copy link
 #3

Updated by Christian McDonald about 2 years ago

  • Status changed from New to Feedback

Thanks Bill for the history, that was helpful.

Honestly one of these days I need to audit the port options that we have enabled (mostly the upstream defaults), and just turn off the unused bits...I'm sure there are many. We already do the same for the kernel and world. Why not for ports too?

I set the luajit-openresty option on snort again. That is a quick fix here.

openresty looks to track devel very closely.

Actions
Copy link
 #4

Updated by Bill Meeks about 2 years ago

Christian McDonald wrote in #note-3:

Thanks Bill for the history, that was helpful.

I set the luajit-openresty option on snort again. That is a quick fix here.

Suricata will need the same change as Snort. If not changed, it will also throw the library conflict error during package installation.

Actions
Copy link
 #5

Updated by Christian McDonald about 2 years ago

I checked the Suricata port and it still uses luajit:luajit-openresty. Both work now.

Actions
Copy link
 #6

Updated by Peter Moreno about 2 years ago

Yes, now I could install snort, thanks!!!

Actions
Copy link
 #7

Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom PDF