meta-security: subtree update:27ddb45554..fa800e5261

Christophe PRIOUZEAU (1):
      cryptsetup tpm incubator: fix installed vs shipped

Christopher Larson (3):
      checksecurity: use more portable find args
      clamav: add tmpfiles.d config
      suricata: add tmpfiles.d config

Ming Liu (1):
      meta: inherit features_check instead of distro_features_check

Norbert Kaminski (1):
      meta-tpm/recipes-tpm2/tpm2-tss/tpm2-tss_2.3.1.bb: add new udev dir to FILES and append EXTRA_OECONF

Change-Id: I51369027c747f12d64adb8dbe0262dfb96937ad1
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-security/recipes-ids/suricata/files/tmpfiles.suricata b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata
new file mode 100644
index 0000000..fbf3784
--- /dev/null
+++ b/meta-security/recipes-ids/suricata/files/tmpfiles.suricata
@@ -0,0 +1,2 @@
+#Type Path        Mode UID  GID  Age Argument
+d /var/log/suricata 0755 root root
diff --git a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
index e15a9a3..b2700d6 100644
--- a/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
+++ b/meta-security/recipes-ids/suricata/suricata_4.1.5.bb
@@ -6,6 +6,7 @@
 
 SRC_URI += " \
     file://volatiles.03_suricata \
+    file://tmpfiles.suricata \
     file://suricata.yaml \
     file://suricata.service \
     file://run-ptest \
@@ -59,14 +60,19 @@
 
     install -m 0644 ${S}/threshold.config ${D}${sysconfdir}/suricata
 
-    install -d ${D}${systemd_unitdir}/system
-    sed  -e s:/etc:${sysconfdir}:g \
-         -e s:/var/run:/run:g \
-         -e s:/var:${localstatedir}:g \
-         -e s:/usr/bin:${bindir}:g \
-         -e s:/bin/kill:${base_bindir}/kill:g \
-         -e s:/usr/lib:${libdir}:g \
-         ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/tmpfiles.d
+        install -m 0644 ${WORKDIR}/tmpfiles.suricata ${D}${sysconfdir}/tmpfiles.d/suricata.conf
+
+        install -d ${D}${systemd_unitdir}/system
+        sed  -e s:/etc:${sysconfdir}:g \
+             -e s:/var/run:/run:g \
+             -e s:/var:${localstatedir}:g \
+             -e s:/usr/bin:${bindir}:g \
+             -e s:/bin/kill:${base_bindir}/kill:g \
+             -e s:/usr/lib:${libdir}:g \
+             ${WORKDIR}/suricata.service > ${D}${systemd_unitdir}/system/suricata.service
+    fi
 
     # Remove /var/run as it is created on startup
     rm -rf ${D}${localstatedir}/run
@@ -74,7 +80,9 @@
 }
 
 pkg_postinst_ontarget_${PN} () {
-if [ -e /etc/init.d/populate-volatile.sh ] ; then
+if command -v systemd-tmpfiles >/dev/null; then
+    systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/suricata.conf
+elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
     ${sysconfdir}/init.d/populate-volatile.sh update
 fi
 }
@@ -82,7 +90,7 @@
 SYSTEMD_PACKAGES = "${PN}"
 
 PACKAGES =+ "${PN}-socketcontrol"
-FILES_${PN} += "${systemd_unitdir}"
+FILES_${PN} += "${systemd_unitdir} ${sysconfdir}/tmpfiles.d"
 FILES_${PN}-socketcontrol = "${bindir}/suricatasc ${PYTHON_SITEPACKAGES_DIR}"
 
 CONFFILES_${PN} = "${sysconfdir}/suricata/suricata.yaml"