Support #7463
open
- Tracker changed from Feature to Support
- Assignee deleted (
OISF Dev)
- Target version deleted (
TBD)
I've heard some ppl have done it, but we have no guide to do it. If you manage to do it, it would be great if you can share the steps.
Basic steps, but I haven't tried myself, have only thought about it:
- build static versions of all the C dependencies, most modern Linux distributions as far as I know don't provide static versions for everything needed
- point Suricata at these static versions instead of shared ones, it can probably all be done with ./configure flags, but I wouldn't be surprised if some patching required
- the last bit, static libc - I'm not so sure, final build with MUSL maybe
We've managed to do this successfully, however, the plugin loading has a dlopen, patching this out (Its sadly not a configuration option) gave a fully static build of suricata.
Most dependencies (In (docker) ubuntu at least) came with a static library. We only had to rebuild libpcap without some dependencies, for example:
CFLAGS="-static" ./configure --disable-rdma --disable-shared --disable-usb --disable-netmap --disable-bluetooth --disable-dbus --without-libnl --with-pcap=linux
A command like
CFLAGS="-static" LDFLAGS="-static-libgcc -static -L/path/to/libpcap -L/lib/x86_64-linux-gnu/ -L/usr/lib/gcc/x86_64-linux-gnu/11/ -l:libgcc.a -l:libjansson.a -l:libm.a -l:liblz4.a -l:libyaml.a -l:libcap-ng.a -l:libyaml.a -l:libpcre2-8.a -l:libc.a -l:libz.a" CPPFLAGS="-I/path/to/libpcap" ./configure --disable-shared --enable-static --disable-gccmarch-native
Is probably enough to build suricata statically
Also available in: Atom
PDF