Suricata » Suricata-Update

I hope to get this fixed up soon, but for now, and I'll update the documentation for this as well, the recommended way to install Suricata-Update is as bundled with Suricata.

From what I can tell, PyPi stopped accepting our distutils created bundles, so we have to move to something more modern.

Jason Ish wrote in #note-1:

I hope to get this fixed up soon, but for now, and I'll update the documentation for this as well, the recommended way to install Suricata-Update is as bundled with Suricata.

From what I can tell, PyPi stopped accepting our distutils created bundles, so we have to move to something more modern.

Actually, it's not bundled with Suricata. Reproducible on python:3.9-slim-buster Docker image:


echo "deb http://http.debian.net/debian buster-backports main" > \
/etc/apt/sources.list.d/backports.list && \
apt-get update -y && apt-get install -y --no-install-recommends \
curl=7.64.0-4+deb10u3 \
git=1:2.20.1-2+deb10u4 \
git-man=1:2.20.1-2+deb10u4 \
libcurl4=7.64.0-4+deb10u3 \
suricata=1:6.0.1-2~bpo10+1 -t buster-backports && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*


Then find / -name 'suricata-update' -type f returns 0 results when run as root.

Secondly the installation of Suricata 6.x from source is also outright broken on Debian, per https://github.com/rusticata/der-parser/issues/36.

OISF is a well-funded organization. What's the excuse for using outdated distutils for years after setuptools became the de-facto tool? I don't even see an open pull request.

Bradley Solomon wrote in #note-2:

Jason Ish wrote in #note-1:

I hope to get this fixed up soon, but for now, and I'll update the documentation for this as well, the recommended way to install Suricata-Update is as bundled with Suricata.

From what I can tell, PyPi stopped accepting our distutils created bundles, so we have to move to something more modern.

Actually, it's not bundled with Suricata. Reproducible on python:3.9-slim-buster Docker image:


echo "deb http://http.debian.net/debian buster-backports main" > \
/etc/apt/sources.list.d/backports.list && \
apt-get update -y && apt-get install -y --no-install-recommends \
curl=7.64.0-4+deb10u3 \
git=1:2.20.1-2+deb10u4 \
git-man=1:2.20.1-2+deb10u4 \
libcurl4=7.64.0-4+deb10u3 \
suricata=1:6.0.1-2~bpo10+1 -t buster-backports && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*


Then find / -name 'suricata-update' -type f returns 0 results when run as root.

Secondly the installation of Suricata 6.x from source is also outright broken on Debian, per https://github.com/rusticata/der-parser/issues/36.

Debian unbundles it.

Debian unbundles it.

So the recommended install method on Debian would be ... what, exactly?

python3 -m pip install https://github.com/OISF/suricata-update/archive/refs/tags/1.2.6.tar.gz it is, for lack of a better option.

Bradley Solomon wrote in #note-3:

OISF is a well-funded organization. What's the excuse for using outdated distutils for years after setuptools became the de-facto tool? I don't even see an open pull request.

Please behave yourself professionally in this forum. OISF doesn't owe you any excuse or explanation. We're happy discuss reasons and point to prior discussions, but not in this way.

Bradley Solomon wrote in #note-5:

Debian unbundles it.

So the recommended install method on Debian would be ... what, exactly?

python3 -m pip install https://github.com/OISF/suricata-update/archive/refs/tags/1.2.6.tar.gz it is, for lack of a better option.

See https://suricata.readthedocs.io/en/suricata-6.0.9/install.html#debian. Adapt as needed for your Debian version. But packaging for Debian is a Debian detail, not Suricata.