philrz
commented
3 years ago @nwt: Thanks for the approval. I wanted to build a scratch artifact and test it out before merging, but I struggled with getting it to build from a branch here in this repo, so I just made a fork at https://github.com/philrz/build-suricata. The scratch artifact https://github.com/philrz/build-suricata/releases/tag/v5.0.3-brim-linux-magic-fix-test1 tested out successfully on Arch Linux whereas the prior one failed, so that's progress. But while I was at it I found & fixed an accident-that-was-waiting-to-happen on the macOS side. The Makefile-macOS.brim had a hard-coded libmagic version in it which was now causing a build failure because the libmagic on the Actions runners has advanced from 5.39 to 5.40 in the time since we last made a build. I then tweaked that Makefile to dynamically determine the current version via brew, as was already done in the Actions Workflow. That fix worked, so I've pushed that change to this branch here as well. Feel free to give it another look & re-approve if you're ok with my Makefile adjustment, then I'll merge.
A community user recently reported the same symptoms as described in brimdata/brimcap#18. I don't know yet what specific Linux distribution they're running, but seeing the issue show up again motivated me to set up Arch Linux (against which brimdata/brimcap#18 was originally reported) and repro the problem on both the last GA Brim
v0.24.0as well as the latest beta build https://storage.googleapis.com/brimsec-releases/brim/v0.25.0-prerelease-95581f92.0/linux/Brim-0.25.0-prerelease-95581f92.0.deb.This is effectively the same fix we did for macOS in #7. My goal is to confirm that it makes the problem go away on Arch Linux without causing any trouble on the major distros like Ubuntu and RedHat where we've never had this problem.