# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           cmake 1.1
PortGroup           openssl 1.0

name                zeek
version             8.0.3
revision            0
categories          net security
maintainers         {mps @Schamschula} openmaintainer
license             BSD

description         Zeek is a powerful network analysis framework that is much different \
                    from the typical IDS you may know.

long_description    {*}${description} Zeek is the new name for the long-established Bro \
                    system. Note that parts of the system retain the "Bro" name, and it \
                    also often appears in the documentation and distributions.

homepage            https://www.zeek.org/
master_sites        https://download.zeek.org/

checksums           rmd160  f9c0fcc57b96f153aa1be933e617b75b5a33e0e3 \
                    sha256  c178a85e502835cef9584e9a5cb049b4a6abc00bd2bd3c07d4bc3466e5df6eee \
                    size    99613493

subport ${name} {
    conflicts   ${name}-devel
}

subport ${name}-devel {
    conflicts   ${name}

    version         8.0.3
    revision        0

    checksums       rmd160  f9c0fcc57b96f153aa1be933e617b75b5a33e0e3 \
                    sha256  c178a85e502835cef9584e9a5cb049b4a6abc00bd2bd3c07d4bc3466e5df6eee \
                    size    99613493
}

openssl.branch      3

set python.version  313
set python.branch   [string index ${python.version} 0].[string range ${python.version} 1 end]

depends_build-append \
                    port:flex \
                    port:swig \
                    port:swig-python

depends_lib-append  port:bison \
                    port:curl \
                    port:libmagic \
                    port:libmaxminddb \
                    port:libpcap \
                    port:perl5 \
                    port:python${python.version} \
                    port:readline \
                    port:zmq \
                    port:zlib

configure.args-append \
                    -DCMAKE_BUILD_WITH_INSTALL_RPATH:BOOL=OFF \
                    -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
                    -DPYTHON_EXECUTABLE=${prefix}/bin/python${python.branch} \
                    -DPYTHON_CONFIG=${frameworks_dir}/Python.framework/Versions/${python.branch}/lib/python${python.branch}/config-${python.branch}-darwin/python-config.py \
                    -DZEEK_ETC_INSTALL_DIR=${prefix}/etc/zeek \
                    -DZEEK_LOG_DIR=${prefix}/var/log/zeek \
                    -DZEEK_SPOOL_DIR=${prefix}/var/spool

variant universal   {}

compiler.cxx_standard   2017

# see https://trac.macports.org/ticket/60252
platforms           {darwin >= 19}

post-destroot {
    delete {*}[glob ${destroot}${prefix}/etc/zeek/*.cfg]

    xinstall -d ${destroot}${prefix}/share/examples/${name}
    copy ${worksrcpath}/auxil/zeekctl/etc/node.cfg ${destroot}${prefix}/share/examples/${name}/
    copy ${worksrcpath}/auxil/zeekctl/etc/networks.cfg ${destroot}${prefix}/share/examples/${name}/
    copy ${worksrcpath}/auxil/zeekctl/etc/zeekctl.cfg.in ${destroot}${prefix}/share/examples/${name}/

    xinstall -d ${destroot}${prefix}/Library/LaunchDaemons/
    copy ${filespath}/org.macports.zeek.plist ${destroot}${prefix}/Library/LaunchDaemons/
    reinplace "s|%%PREFIX%%|${prefix}|g" ${destroot}${prefix}/Library/LaunchDaemons/org.macports.zeek.plist

    xinstall -d ${destroot}${prefix}/etc/${name}
    xinstall -d ${destroot}${prefix}/var/log/${name}
    xinstall -d ${destroot}${prefix}/var/spool/${name}
    destroot.keepdirs ${destroot}${prefix}/etc/${name} \
        ${destroot}${prefix}/var/log/${name} \
        ${destroot}${prefix}/var/spool/${name}
}

startupitem.create      yes
startupitem.netchange   yes
startupitem.start       "${prefix}/bin/zeekctl start"
startupitem.stop        "${prefix}/bin/zeekctl stop"
startupitem.restart     "${prefix}/bin/zeekctl restart"

post-activate {
    if {![file exists ${prefix}/etc/zeek/node.cfg]} {
        copy ${prefix}/share/examples/${name}/node.cfg ${prefix}/etc/zeek/node.cfg
    }
    if {![file exists ${prefix}/etc/zeek/networks.cfg]} {
        copy ${prefix}/share/examples/${name}/networks.cfg ${prefix}/etc/zeek/networks.cfg
    }
    if {![file exists ${prefix}/etc/zeek/zeekctl.cfg]} {
        copy ${prefix}/share/examples/${name}/zeekctl.cfg.in ${prefix}/etc/zeek/zeekctl.cfg
    }
}

# This doesn't work due to error: error: AF_UNIX path too long
# To manual test:
# sudo port build
# cd ${worksrcpath}/aux/btest/testing
# sudo make all
#
#test.run            yes
#test.target         all
#test.dir            ${worksrcpath}/aux/btest/testing

notes "
You'll need to set your ZEEKHOME to ${prefix}/share/zeek and your
ZEEKPATH to ${prefix}/share/zeek/site:${prefix}/share/zeek/policy
to use the provided policies.

Check online documentation to finish install
https://docs.zeek.org/en/stable/quickstart/index.html

1) review config: node.cfg, network.cfg, zeekctl.cfg
   especially network interface, MailTo
   Existing files have not been modified

2) Run as root or with sudo
     # zeekctl
     \[ZeekControl\] > install
     \[ZeekControl\] > start

3) Use scheduled task for maintenance
  # ln -s ${prefix}/Library/LaunchDaemons/org.macports.zeek.plist /Library/LaunchDaemons/
  # launchctl load -w /Library/LaunchDaemons/org.macports.zeek.plist


**** UPGRADING ****

Paths have been changed to respect macports hierarchy
${prefix}/etc -> ${prefix}/etc/zeek
${prefix}/spool -> ${prefix}/var/spool/zeek
${prefix}/logs -> ${prefix}/var/log/zeek
"

livecheck.type      regex
livecheck.url       https://zeek.org/get-zeek/
if {${subport} eq ${name}} {
    livecheck.regex     org/${name}-(8\.0\.\[0-9a-z.\]+)${extract.suffix}
} else {
    livecheck.regex     org/${name}-(\[0-9a-z.\]+)${extract.suffix}
}
