Support #7463
openCan I compile suricata into statically build file?
Updated by Victor Julien about 1 month ago
- Tracker changed from Feature to Support
- Assignee deleted (
OISF Dev) - Target version deleted (
TBD)
I've heard some ppl have done it, but we have no guide to do it. If you manage to do it, it would be great if you can share the steps.
Updated by Jason Ish about 1 month ago
Basic steps, but I haven't tried myself, have only thought about it:
- build static versions of all the C dependencies, most modern Linux distributions as far as I know don't provide static versions for everything needed
- point Suricata at these static versions instead of shared ones, it can probably all be done with ./configure flags, but I wouldn't be surprised if some patching required
- the last bit, static libc - I'm not so sure, final build with MUSL maybe
Updated by Hans Vermeer about 1 month ago · Edited
We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a configuration option) gave a fully static build of suricata.
Most dependencies (In (docker) ubuntu at least) came with a static library. We only had to rebuild libpcap without some dependencies, for example:
CFLAGS="-static" ./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl --with-pcap=linux
A command like
CFLAGS="-static" LDFLAGS="-static-libgcc -static -L/path/to/libpcap -L/lib/x86_64-linux-gnu/ -L/usr/lib/gcc/x86_64-linux-gnu/11/ -l:libgcc.a -l:libjansson.a -l:libm.a -l:liblz4.a -l:libyaml.a -l:libcap-ng.a -l:libyaml.a -l:libpcre2-8.a -l:libc.a -l:libz.a" CPPFLAGS="-I/path/to/libpcap" ./configure --disable-shared --enable-static --disable-gccmarch-native
Is probably enough to build suricata statically
Updated by QianKai Lin 26 days ago · Edited
I tried to build it in alpine linux 3.21 but when I compiled it with hyperscan, it will produce a problem, i don't know how to fix, this is my steps.
Build steps¶
apk add git clang llvm make automake autoconf pkgconfig libtool linux-headers bash vim
apk add zlib zlib-dev zlib-static
apk add lz4 lz4-dev lz4-static
apk add pcre2-dev
apk add jansson-dev jansson-static
apk add yaml yaml-dev yaml-static
apk add libpcap-dev
apk add libcap-ng-dev libcap-ng-static
apk add file file libmagic
apk add libunwind-dev libunwind-static
apk add libelf libbpf-dev libxdp-dev libxdp-static
apk add rust cargo
apk add ragel boost-dev cmake
echo 'export PATH=/root/.cargo/bin:$PATH' >> /etc/profile
source /etc/profile
cargo install --force cbindgen
git clone https://github.com/Intel/hyperscan
cd hyperscan
cmake -DBUILD_STATIC_AND_SHARED=1 -DCMAKE_INSTALL_PREFIX:PATH=/usr -DCMAKE_C_FLAGS="-march=core-avx2" -DCMAKE_CXX_FLAGS="-march=core-avx2"
cmake --build ./
cmake --install ./
cd ..
git clone https://github.com/OISF/suricata
cd suricata
git clone https://github.com/OISF/libhtp
./autogen.sh
# don't know why hyperscan can't configure
ln -s /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/libgcc.a /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/libgcc_s.a
LDFLAGS="-static" PKG_CONFIG="pkg-config --static" ./configure --disable-shared --enable-static --prefix=/usr --localstatedir=/var --sysconfdir=/etc
# compile rust failed
rm -f /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/libgcc_s.a
make -j4 V=1 LDFLAGS="-static -all-static"
ln -s /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/libgcc.a /usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/libgcc_s.a
make -j4 V=1 LDFLAGS="-static -all-static"
Error¶
/usr/lib/gcc/x86_64-alpine-linux-musl/14.2.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lgcc_s: No such file or directory
Updated by QianKai Lin 26 days ago
Hans Vermeer wrote in #note-3:
We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a configuration option) gave a fully static build of suricata.
Most dependencies (In (docker) ubuntu at least) came with a static library. We only had to rebuild libpcap without some dependencies, for example:[...]
A command like
[...]Is probably enough to build suricata statically
Thank you so much!!! I will try it.