Zeek 6.1 now uses __zeek_plugin__ as plugin magic file. We decided to go without backwards compat for the old __bro_plugin__ within in Zeek assuming users should just use the zkg version bundled with Zeek.
However, we never added the code for zkg to actually recognize and handle the new __zeek_plugin__ file. There was a commit, but it never made it in 76c0d456abd5321d99abfe036afbcb7666d8b31e (and we should continue to handle __bro_plugin__ in a backwards compatible manner.
a newer zkg not recognizing bro_plugin anymore. This seems like we we can/should add backwards compat on the zkg side for that, so that it moves either bro_plugin or __zeek_plugin__ depending on which exists.
Effectively, with Zeek 6.1 currently plugins cannot be unloaded/loaded. There are actually tests failing in #170, but we never realized as it's not running regularly. Probably need an integration test on the Zeek side for zkg, similarly how we do things for zeekctl.
In a Zeek 6.1 container after installing zeek-more-hashes
# zkg install https://github.com/zeek/zeek-more-hashes
The following packages will be INSTALLED:
https://github.com/zeek/zeek-more-hashes (v0.2.0)
Proceed? [Y/n] Y
Running unit tests for "https://github.com/zeek/zeek-more-hashes"
Installing "https://github.com/zeek/zeek-more-hashes".............
Installed "https://github.com/zeek/zeek-more-hashes" (v0.2.0)
Loaded "https://github.com/zeek/zeek-more-hashes"
# zeek -N | grep More
Zeek::MoreHashes - More analyzers and built-in functions for hashing. (dynamic, version 0.2.0)
# zkg unload zeek-more-hashes
The following packages will be UNLOADED:
zeek/zeek/zeek-more-hashes
Proceed? [Y/n] Y
Unloaded "zeek/zeek/zeek-more-hashes"
# zeek -N | grep More
Zeek::MoreHashes - More analyzers and built-in functions for hashing. (dynamic, version 0.2.0)
Zeek 6.1 now uses
__zeek_plugin__as plugin magic file. We decided to go without backwards compat for the old__bro_plugin__within in Zeek assuming users should just use thezkgversion bundled with Zeek.However, we never added the code for
zkgto actually recognize and handle the new__zeek_plugin__file. There was a commit, but it never made it in 76c0d456abd5321d99abfe036afbcb7666d8b31e (and we should continue to handle__bro_plugin__in a backwards compatible manner.Reference: https://github.com/zeek/zeek/pull/3155#discussion_r1261222306
Effectively, with Zeek 6.1 currently plugins cannot be unloaded/loaded. There are actually tests failing in #170, but we never realized as it's not running regularly. Probably need an integration test on the Zeek side for zkg, similarly how we do things for zeekctl.
In a Zeek 6.1 container after installing zeek-more-hashes