Fails to install for Zeek 3.1.1

[eric-ooi]

Hello,

I recently updated Zeek to 3.1.1 and was unable to run Zeek with this package enabled. I tried removing and reinstalling via zkg and it fails to build, suggesting I check the build.log. In there I see:

=== STDERR === === STDOUT === Cannot determine Bro source directory, use --bro-dist=DIR. /home/zeek/.zkg/logs/bro-http2-build.log (END)

I tried adding "bro_dist" into the zkg config file but that didn't seem to help. Any ideas?

[Mraoul]

Iirc Zeek 3.1 changed requirements for scripts including changing the script extension from .bro to .zeek -- this package hasn't been updated to support the new format, yet.

Also, we internally still need to support 2.6.x, at least for a little while, so I'll need to see if the Zeek Package Manager has added anything for supporting multiple versions of Zeek or specifying which package releases can support a version.

[eric-ooi]

Thanks @Mraoul. I think the hard requirement for changing from .bro to .zeek will be in ver 4.x as it looks like some of my other older plugins made the upgrade just fine. My guess is that it will build if it can support zkg's zeek_dist variable. But obviously, you'd know more than I would. :)

[eric-ooi]

Ah, nevermind. There's more to it than just recognizing zeek_dist as it looks like manually building it doesn't work.

[eric-ooi]

This might be useful: https://zeek.org/2020/02/21/updating-a-plugin-in-zeek3-1/

[Mraoul]

Okay, I finally got around to taking a look at this -- unfortunately it looks like they deprecated an internal API in 3.0 and then removed it in 3.1 which broke the code, that combined with some other issues (e.g., bro_init also fully removed in 3.1), I decided to break backwards compatibility -- meaning the next version will only support Zeek 3.0 and 3.1.

I've made all of the changes to the branch support-zeek-3-plus if you'd like to try it out yourself. You can install the branch by passing the name to the --version flag of zkg. E.g.,:

zkg install bro/mitrecnd/bro-http2 --version support-zeek-3-plus

I've tested this on CentOS 7 with both Zeek 3.0.6 and 3.1.3 and the latest versions of the dependencies (libnghttp2-devel 1.31.1 and libbrotli 1.0.7)

I need to do some other testing before I commit this to master and cut a release, but that shouldn't take too much longer.

Thanks for your patience!

[eric-ooi]

I just tried on CentOS 7 with Zeek 3.1.1 and can confirm it is working great! For anyone reading this, the install command with zkg now requires "zeek" versus "bro":

zkg install zeek/mitrecnd/bro-http2 --version support-zeek-3-plus

Really appreciate your work on this and looking forward to the release! :)