* Updating rust and eco system @ 2026-01-22 17:38 Stefan Schantl 2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl 2026-01-23 10:31 ` Updating rust and eco system Michael Tremer 0 siblings, 2 replies; 17+ messages in thread From: Stefan Schantl @ 2026-01-22 17:38 UTC (permalink / raw) To: development Hello list followers, I'm currently updating rust and affected modules. This happends mainly because I'm trying to fix the "suricata cache grows infinite" problem, which a lot of people are affected. To archive this, I ported the patches from suricata main development branch to our used suricata version (8.0.3). To perform a full build, a new tool called cbindgen - which is a rust to c bindings generator, is required. Sadly this tool is also written in rust and requires some new dependencies and a more up to date rust compiler. I hope to send a patchset for all this very soon to the mailing list. Best regards, -Stefan ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 0/3] suricata: Add ability to purge the sgh cache 2026-01-22 17:38 Updating rust and eco system Stefan Schantl @ 2026-01-23 5:26 ` Stefan Schantl 2026-01-23 5:26 ` [PATCH 1/3] suricata: Add upstream patch to purge sgh-mpm-caches Stefan Schantl ` (2 more replies) 2026-01-23 10:31 ` Updating rust and eco system Michael Tremer 1 sibling, 3 replies; 17+ messages in thread From: Stefan Schantl @ 2026-01-23 5:26 UTC (permalink / raw) To: development; +Cc: Stefan Schantl Good morning list followers, I've recently finished building and testing the patched suricata version on my productive system. When starting the patched suricata or doing a reload operation, all the sgh cache files which are older than 7 days have been removed successfully. So for me this changes can be shipped to a bigger group of testers. Best regards, -Stefan Stefan Schantl (3): suricata: Add upstream patch to purge sgh-mpm-caches rust: Update to 1.92.0 cbindgen: New package config/rootfiles/common/aarch64/rust | 130 +- config/rootfiles/common/cbindgen | 1 + config/rootfiles/common/riscv64/rust | 109 +- config/rootfiles/common/rust-adler2 | 15 + config/rootfiles/common/rust-anstream | 22 + config/rootfiles/common/rust-anstyle | 15 + config/rootfiles/common/rust-anstyle-parse | 16 + config/rootfiles/common/rust-anstyle-query | 11 + config/rootfiles/common/rust-anstyle-wincon | 14 + config/rootfiles/common/rust-anyhow | 56 + config/rootfiles/common/rust-auditable-serde | 9 + config/rootfiles/common/rust-bitflags | 63 + config/rootfiles/common/rust-clap | 154 ++ config/rootfiles/common/rust-clap_builder | 71 + config/rootfiles/common/rust-clap_lex | 9 + config/rootfiles/common/rust-colorchoice | 8 + config/rootfiles/common/rust-crc32fast | 19 + config/rootfiles/common/rust-displaydoc | 42 + config/rootfiles/common/rust-errno | 16 + config/rootfiles/common/rust-fastrand | 16 + config/rootfiles/common/rust-flate2 | 71 + config/rootfiles/common/rust-form_urlencoded | 8 + config/rootfiles/common/rust-getrandom | 85 +- config/rootfiles/common/rust-getrandom-0.2.4 | 38 + config/rootfiles/common/rust-heck | 17 + config/rootfiles/common/rust-humantime | 16 + config/rootfiles/common/rust-icu_collections | 85 ++ config/rootfiles/common/rust-icu_locale_core | 105 ++ config/rootfiles/common/rust-icu_normalizer | 42 + .../rootfiles/common/rust-icu_normalizer_data | 17 + config/rootfiles/common/rust-icu_properties | 19 + .../rootfiles/common/rust-icu_properties_data | 139 ++ config/rootfiles/common/rust-icu_provider | 29 + config/rootfiles/common/rust-id-arena | 14 + config/rootfiles/common/rust-idna | 24 + config/rootfiles/common/rust-idna_adapter | 9 + .../common/rust-is_terminal_polyfill | 8 + config/rootfiles/common/rust-leb128fmt | 9 + config/rootfiles/common/rust-libc | 801 ++++++---- config/rootfiles/common/rust-libc-0.2.108 | 277 ++++ config/rootfiles/common/rust-linux-raw-sys | 410 +++++ config/rootfiles/common/rust-litemap | 27 + config/rootfiles/common/rust-log | 47 +- config/rootfiles/common/rust-log-0.4.14 | 22 + config/rootfiles/common/rust-miniz_oxide | 24 + config/rootfiles/common/rust-once_cell | 55 +- config/rootfiles/common/rust-once_cell-1.9.0 | 24 + .../rootfiles/common/rust-once_cell_polyfill | 10 + config/rootfiles/common/rust-percent-encoding | 9 + config/rootfiles/common/rust-potential_utf | 10 + config/rootfiles/common/rust-prettyplease | 39 + config/rootfiles/common/rust-r-efi | 71 + config/rootfiles/common/rust-rustix | 403 +++++ config/rootfiles/common/rust-semver | 42 +- config/rootfiles/common/rust-semver-0.9.0 | 15 + config/rootfiles/common/rust-semver-parser | 33 +- .../rootfiles/common/rust-semver-parser-0.7.0 | 12 + config/rootfiles/common/rust-serde | 71 +- config/rootfiles/common/rust-serde-1.0.216 | 32 + config/rootfiles/common/rust-serde_core | 31 + config/rootfiles/common/rust-serde_derive | 67 +- .../common/rust-serde_derive-1.0.216 | 28 + config/rootfiles/common/rust-simd-adler32 | 19 + config/rootfiles/common/rust-smallvec | 40 +- config/rootfiles/common/rust-smallvec-1.8.0 | 18 + config/rootfiles/common/rust-spdx | 605 ++++++++ .../rootfiles/common/rust-stable_deref_trait | 18 +- config/rootfiles/common/rust-strsim | 14 + config/rootfiles/common/rust-syn | 225 +-- config/rootfiles/common/rust-syn-2.0.90 | 111 ++ config/rootfiles/common/rust-synstructure | 16 +- config/rootfiles/common/rust-tempfile | 32 + config/rootfiles/common/rust-tinystr | 25 + config/rootfiles/common/rust-topological-sort | 9 + config/rootfiles/common/rust-unicode-xid | 30 +- .../rootfiles/common/rust-unicode-xid-0.2.1 | 14 + config/rootfiles/common/rust-url | 20 + config/rootfiles/common/rust-utf16_iter | 12 + config/rootfiles/common/rust-utf8_iter | 12 + config/rootfiles/common/rust-utf8parse | 12 + config/rootfiles/common/rust-wasip2 | 30 + config/rootfiles/common/rust-wasm-encoder | 45 + config/rootfiles/common/rust-wasm-metadata | 31 + config/rootfiles/common/rust-wasmparser | 79 + config/rootfiles/common/rust-windows-link | 9 + config/rootfiles/common/rust-windows-sys | 505 +++++++ config/rootfiles/common/rust-wit-bindgen | 42 + config/rootfiles/common/rust-wit-bindgen-core | 15 + config/rootfiles/common/rust-wit-bindgen-rust | 21 + .../common/rust-wit-bindgen-rust-macro | 10 + config/rootfiles/common/rust-wit-component | 1006 +++++++++++++ config/rootfiles/common/rust-wit-parser | 621 ++++++++ config/rootfiles/common/rust-write16 | 10 + config/rootfiles/common/rust-writeable | 23 + config/rootfiles/common/rust-yoke | 18 + config/rootfiles/common/rust-yoke-derive | 11 + config/rootfiles/common/rust-zerofrom | 9 + config/rootfiles/common/rust-zerofrom-derive | 11 + config/rootfiles/common/rust-zerotrie | 44 + config/rootfiles/common/rust-zerovec | 69 + config/rootfiles/common/rust-zerovec-derive | 17 + config/rootfiles/common/x86_64/rust | 82 +- config/suricata/suricata.yaml | 1 + lfs/cbindgen | 80 + lfs/rust | 13 +- lfs/rust-adler2 | 81 + lfs/rust-anstream | 81 + lfs/rust-anstyle | 81 + lfs/rust-anstyle-parse | 81 + lfs/rust-anstyle-query | 81 + lfs/rust-anstyle-wincon | 81 + lfs/rust-anyhow | 81 + lfs/rust-auditable-serde | 81 + lfs/rust-bitflags | 81 + lfs/rust-clap | 81 + lfs/rust-clap_builder | 81 + lfs/rust-clap_lex | 81 + lfs/rust-colorchoice | 81 + lfs/rust-crc32fast | 81 + lfs/rust-displaydoc | 81 + lfs/rust-errno | 81 + lfs/rust-fastrand | 81 + lfs/rust-flate2 | 81 + lfs/rust-form_urlencoded | 81 + lfs/rust-getrandom | 8 +- lfs/rust-getrandom-0.2.4 | 81 + lfs/rust-heck | 81 + lfs/rust-humantime | 81 + lfs/rust-icu_collections | 81 + lfs/rust-icu_locale_core | 81 + lfs/rust-icu_normalizer | 81 + lfs/rust-icu_normalizer_data | 81 + lfs/rust-icu_properties | 81 + lfs/rust-icu_properties_data | 81 + lfs/rust-icu_provider | 81 + lfs/rust-id-arena | 81 + lfs/rust-idna | 81 + lfs/rust-idna_adapter | 81 + lfs/rust-is_terminal_polyfill | 81 + lfs/rust-leb128fmt | 81 + lfs/rust-libc | 7 +- lfs/rust-libc-0.2.108 | 80 + lfs/rust-linux-raw-sys | 81 + lfs/rust-litemap | 81 + lfs/rust-log | 12 +- lfs/rust-log-0.4.14 | 85 ++ lfs/rust-miniz_oxide | 81 + lfs/rust-once_cell | 12 +- lfs/rust-once_cell-1.9.0 | 85 ++ lfs/rust-once_cell_polyfill | 81 + lfs/rust-percent-encoding | 81 + lfs/rust-potential_utf | 81 + lfs/rust-prettyplease | 81 + lfs/rust-r-efi | 81 + lfs/rust-rustix | 81 + lfs/rust-semver | 12 +- lfs/rust-semver-0.9.0 | 85 ++ lfs/rust-semver-parser | 7 +- lfs/rust-semver-parser-0.7.0 | 80 + lfs/rust-serde | 4 +- lfs/rust-serde-1.0.216 | 81 + lfs/rust-serde_core | 81 + lfs/rust-serde_derive | 4 +- lfs/rust-serde_derive-1.0.216 | 81 + lfs/rust-simd-adler32 | 81 + lfs/rust-smallvec | 12 +- lfs/rust-smallvec-1.8.0 | 85 ++ lfs/rust-spdx | 81 + lfs/rust-stable_deref_trait | 12 +- lfs/rust-strsim | 81 + lfs/rust-syn | 4 +- lfs/rust-syn-2.0.90 | 81 + lfs/rust-synstructure | 4 +- lfs/rust-tempfile | 81 + lfs/rust-tinystr | 81 + lfs/rust-topological-sort | 81 + lfs/rust-unicode-xid | 7 +- lfs/rust-unicode-xid-0.2.1 | 80 + lfs/rust-url | 81 + lfs/rust-utf16_iter | 81 + lfs/rust-utf8_iter | 81 + lfs/rust-utf8parse | 81 + lfs/rust-wasip2 | 81 + lfs/rust-wasm-encoder | 81 + lfs/rust-wasm-metadata | 81 + lfs/rust-wasmparser | 81 + lfs/rust-windows-link | 81 + lfs/rust-windows-sys | 81 + lfs/rust-wit-bindgen | 81 + lfs/rust-wit-bindgen-core | 81 + lfs/rust-wit-bindgen-rust | 81 + lfs/rust-wit-bindgen-rust-macro | 81 + lfs/rust-wit-component | 81 + lfs/rust-wit-parser | 81 + lfs/rust-write16 | 81 + lfs/rust-writeable | 81 + lfs/rust-yoke | 81 + lfs/rust-yoke-derive | 81 + lfs/rust-zerofrom | 81 + lfs/rust-zerofrom-derive | 81 + lfs/rust-zerotrie | 81 + lfs/rust-zerovec | 81 + lfs/rust-zerovec-derive | 81 + lfs/suricata | 13 +- make.sh | 133 +- ...suricata-8.0.3-purge-hyperscan-cache.patch | 1341 +++++++++++++++++ 206 files changed, 15762 insertions(+), 853 deletions(-) create mode 100644 config/rootfiles/common/cbindgen create mode 100644 config/rootfiles/common/rust-adler2 create mode 100644 config/rootfiles/common/rust-anstream create mode 100644 config/rootfiles/common/rust-anstyle create mode 100644 config/rootfiles/common/rust-anstyle-parse create mode 100644 config/rootfiles/common/rust-anstyle-query create mode 100644 config/rootfiles/common/rust-anstyle-wincon create mode 100644 config/rootfiles/common/rust-anyhow create mode 100644 config/rootfiles/common/rust-auditable-serde create mode 100644 config/rootfiles/common/rust-bitflags create mode 100644 config/rootfiles/common/rust-clap create mode 100644 config/rootfiles/common/rust-clap_builder create mode 100644 config/rootfiles/common/rust-clap_lex create mode 100644 config/rootfiles/common/rust-colorchoice create mode 100644 config/rootfiles/common/rust-crc32fast create mode 100644 config/rootfiles/common/rust-displaydoc create mode 100644 config/rootfiles/common/rust-errno create mode 100644 config/rootfiles/common/rust-fastrand create mode 100644 config/rootfiles/common/rust-flate2 create mode 100644 config/rootfiles/common/rust-form_urlencoded create mode 100644 config/rootfiles/common/rust-getrandom-0.2.4 create mode 100644 config/rootfiles/common/rust-heck create mode 100644 config/rootfiles/common/rust-humantime create mode 100644 config/rootfiles/common/rust-icu_collections create mode 100644 config/rootfiles/common/rust-icu_locale_core create mode 100644 config/rootfiles/common/rust-icu_normalizer create mode 100644 config/rootfiles/common/rust-icu_normalizer_data create mode 100644 config/rootfiles/common/rust-icu_properties create mode 100644 config/rootfiles/common/rust-icu_properties_data create mode 100644 config/rootfiles/common/rust-icu_provider create mode 100644 config/rootfiles/common/rust-id-arena create mode 100644 config/rootfiles/common/rust-idna create mode 100644 config/rootfiles/common/rust-idna_adapter create mode 100644 config/rootfiles/common/rust-is_terminal_polyfill create mode 100644 config/rootfiles/common/rust-leb128fmt create mode 100644 config/rootfiles/common/rust-libc-0.2.108 create mode 100644 config/rootfiles/common/rust-linux-raw-sys create mode 100644 config/rootfiles/common/rust-litemap create mode 100644 config/rootfiles/common/rust-log-0.4.14 create mode 100644 config/rootfiles/common/rust-miniz_oxide create mode 100644 config/rootfiles/common/rust-once_cell-1.9.0 create mode 100644 config/rootfiles/common/rust-once_cell_polyfill create mode 100644 config/rootfiles/common/rust-percent-encoding create mode 100644 config/rootfiles/common/rust-potential_utf create mode 100644 config/rootfiles/common/rust-prettyplease create mode 100644 config/rootfiles/common/rust-r-efi create mode 100644 config/rootfiles/common/rust-rustix create mode 100644 config/rootfiles/common/rust-semver-0.9.0 create mode 100644 config/rootfiles/common/rust-semver-parser-0.7.0 create mode 100644 config/rootfiles/common/rust-serde-1.0.216 create mode 100644 config/rootfiles/common/rust-serde_core create mode 100644 config/rootfiles/common/rust-serde_derive-1.0.216 create mode 100644 config/rootfiles/common/rust-simd-adler32 create mode 100644 config/rootfiles/common/rust-smallvec-1.8.0 create mode 100644 config/rootfiles/common/rust-spdx create mode 100644 config/rootfiles/common/rust-strsim create mode 100644 config/rootfiles/common/rust-syn-2.0.90 create mode 100644 config/rootfiles/common/rust-tempfile create mode 100644 config/rootfiles/common/rust-tinystr create mode 100644 config/rootfiles/common/rust-topological-sort create mode 100644 config/rootfiles/common/rust-unicode-xid-0.2.1 create mode 100644 config/rootfiles/common/rust-url create mode 100644 config/rootfiles/common/rust-utf16_iter create mode 100644 config/rootfiles/common/rust-utf8_iter create mode 100644 config/rootfiles/common/rust-utf8parse create mode 100644 config/rootfiles/common/rust-wasip2 create mode 100644 config/rootfiles/common/rust-wasm-encoder create mode 100644 config/rootfiles/common/rust-wasm-metadata create mode 100644 config/rootfiles/common/rust-wasmparser create mode 100644 config/rootfiles/common/rust-windows-link create mode 100644 config/rootfiles/common/rust-windows-sys create mode 100644 config/rootfiles/common/rust-wit-bindgen create mode 100644 config/rootfiles/common/rust-wit-bindgen-core create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust-macro create mode 100644 config/rootfiles/common/rust-wit-component create mode 100644 config/rootfiles/common/rust-wit-parser create mode 100644 config/rootfiles/common/rust-write16 create mode 100644 config/rootfiles/common/rust-writeable create mode 100644 config/rootfiles/common/rust-yoke create mode 100644 config/rootfiles/common/rust-yoke-derive create mode 100644 config/rootfiles/common/rust-zerofrom create mode 100644 config/rootfiles/common/rust-zerofrom-derive create mode 100644 config/rootfiles/common/rust-zerotrie create mode 100644 config/rootfiles/common/rust-zerovec create mode 100644 config/rootfiles/common/rust-zerovec-derive create mode 100644 lfs/cbindgen create mode 100644 lfs/rust-adler2 create mode 100644 lfs/rust-anstream create mode 100644 lfs/rust-anstyle create mode 100644 lfs/rust-anstyle-parse create mode 100644 lfs/rust-anstyle-query create mode 100644 lfs/rust-anstyle-wincon create mode 100644 lfs/rust-anyhow create mode 100644 lfs/rust-auditable-serde create mode 100644 lfs/rust-bitflags create mode 100644 lfs/rust-clap create mode 100644 lfs/rust-clap_builder create mode 100644 lfs/rust-clap_lex create mode 100644 lfs/rust-colorchoice create mode 100644 lfs/rust-crc32fast create mode 100644 lfs/rust-displaydoc create mode 100644 lfs/rust-errno create mode 100644 lfs/rust-fastrand create mode 100644 lfs/rust-flate2 create mode 100644 lfs/rust-form_urlencoded create mode 100644 lfs/rust-getrandom-0.2.4 create mode 100644 lfs/rust-heck create mode 100644 lfs/rust-humantime create mode 100644 lfs/rust-icu_collections create mode 100644 lfs/rust-icu_locale_core create mode 100644 lfs/rust-icu_normalizer create mode 100644 lfs/rust-icu_normalizer_data create mode 100644 lfs/rust-icu_properties create mode 100644 lfs/rust-icu_properties_data create mode 100644 lfs/rust-icu_provider create mode 100644 lfs/rust-id-arena create mode 100644 lfs/rust-idna create mode 100644 lfs/rust-idna_adapter create mode 100644 lfs/rust-is_terminal_polyfill create mode 100644 lfs/rust-leb128fmt create mode 100644 lfs/rust-libc-0.2.108 create mode 100644 lfs/rust-linux-raw-sys create mode 100644 lfs/rust-litemap create mode 100644 lfs/rust-log-0.4.14 create mode 100644 lfs/rust-miniz_oxide create mode 100644 lfs/rust-once_cell-1.9.0 create mode 100644 lfs/rust-once_cell_polyfill create mode 100644 lfs/rust-percent-encoding create mode 100644 lfs/rust-potential_utf create mode 100644 lfs/rust-prettyplease create mode 100644 lfs/rust-r-efi create mode 100644 lfs/rust-rustix create mode 100644 lfs/rust-semver-0.9.0 create mode 100644 lfs/rust-semver-parser-0.7.0 create mode 100644 lfs/rust-serde-1.0.216 create mode 100644 lfs/rust-serde_core create mode 100644 lfs/rust-serde_derive-1.0.216 create mode 100644 lfs/rust-simd-adler32 create mode 100644 lfs/rust-smallvec-1.8.0 create mode 100644 lfs/rust-spdx create mode 100644 lfs/rust-strsim create mode 100644 lfs/rust-syn-2.0.90 create mode 100644 lfs/rust-tempfile create mode 100644 lfs/rust-tinystr create mode 100644 lfs/rust-topological-sort create mode 100644 lfs/rust-unicode-xid-0.2.1 create mode 100644 lfs/rust-url create mode 100644 lfs/rust-utf16_iter create mode 100644 lfs/rust-utf8_iter create mode 100644 lfs/rust-utf8parse create mode 100644 lfs/rust-wasip2 create mode 100644 lfs/rust-wasm-encoder create mode 100644 lfs/rust-wasm-metadata create mode 100644 lfs/rust-wasmparser create mode 100644 lfs/rust-windows-link create mode 100644 lfs/rust-windows-sys create mode 100644 lfs/rust-wit-bindgen create mode 100644 lfs/rust-wit-bindgen-core create mode 100644 lfs/rust-wit-bindgen-rust create mode 100644 lfs/rust-wit-bindgen-rust-macro create mode 100644 lfs/rust-wit-component create mode 100644 lfs/rust-wit-parser create mode 100644 lfs/rust-write16 create mode 100644 lfs/rust-writeable create mode 100644 lfs/rust-yoke create mode 100644 lfs/rust-yoke-derive create mode 100644 lfs/rust-zerofrom create mode 100644 lfs/rust-zerofrom-derive create mode 100644 lfs/rust-zerotrie create mode 100644 lfs/rust-zerovec create mode 100644 lfs/rust-zerovec-derive create mode 100644 src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch -- 2.47.3 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 1/3] suricata: Add upstream patch to purge sgh-mpm-caches 2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl @ 2026-01-23 5:26 ` Stefan Schantl 2026-01-23 5:26 ` [PATCH 2/3] rust: Update to 1.92.0 Stefan Schantl 2026-01-23 10:09 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Michael Tremer 2 siblings, 0 replies; 17+ messages in thread From: Stefan Schantl @ 2026-01-23 5:26 UTC (permalink / raw) To: development; +Cc: Stefan Schantl This patch is collection of the recently merged upstream patches to allow purging the sgh-mpm-cache (hyperscan) after a specified amount of time. (https://github.com/OISF/suricata/pull/14630) I've set this to the upstreams example default of 7 days for now. Fixes #13926. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> --- config/suricata/suricata.yaml | 1 + lfs/suricata | 13 +- ...suricata-8.0.3-purge-hyperscan-cache.patch | 1341 +++++++++++++++++ 3 files changed, 1354 insertions(+), 1 deletion(-) create mode 100644 src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index dd3492eb6..e91c003e7 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -1534,6 +1534,7 @@ detect: # Cache MPM contexts to the disk to avoid rule compilation at the startup. # Cache files are created in the standard library directory. sgh-mpm-caching: yes + sgh-mpm-caching-max-age: 7d sgh-mpm-caching-path: /var/cache/suricata/sgh # inspection-recursion-limit: 3000 # maximum number of times a tx will get logged for rules without app-layer keywords diff --git a/lfs/suricata b/lfs/suricata index c483aef0a..a20450c31 100644 --- a/lfs/suricata +++ b/lfs/suricata @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2025 IPFire Team <info@ipfire.org> # +# Copyright (C) 2007-2026 IPFire Team <info@ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -71,6 +71,14 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-8.0.0-disable-sid-2210059.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch + + # Temporary workaround because the suricata 8.0.3 tarball does not contain the rust source as trusted vendor + # for humantime and the module is required since applying the purge-hyperscan-cache patchfile. + # + # So we have to copy our installed rust module into the desired directory here. + cd $(DIR_APP) && cp -avf /usr/share/cargo/registry/humantime* $(DIR_APP)/rust/vendor + cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \ --prefix=/usr \ --sysconfdir=/etc \ @@ -86,6 +94,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --enable-rust \ --enable-unix-socket + # Drop the Cargo.lock file before building. + cd $(DIR_APP) && rm -rvf $(DIR_APP)/rust/Cargo.lock + cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && make install-conf diff --git a/src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch b/src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch new file mode 100644 index 000000000..14f36985d --- /dev/null +++ b/src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch @@ -0,0 +1,1341 @@ +commit 47fc78eeae9a365b4d36609154642ca72c9cb9fb +Author: Lukas Sismis <lsismis@oisf.net> +Date: Mon Sep 15 11:40:30 2025 +0200 + + hs: update the file description + +diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c +index 2e58676fa..fd54cf306 100644 +--- a/src/util-mpm-hs-cache.c ++++ b/src/util-mpm-hs-cache.c +@@ -20,7 +20,7 @@ + * + * \author Lukas Sismis <lsismis@oisf.net> + * +- * MPM pattern matcher that calls the Hyperscan regex matcher. ++ * Hyperscan cache helper utilities for MPM cache files. + */ + + #include "suricata-common.h" +commit 2a313ff429eb49be5e4c3b9dadfca127fa64c5fe +Author: Lukas Sismis <lsismis@oisf.net> +Date: Thu Oct 30 12:01:33 2025 +0100 + + hs: reduce cache filename size to max file limit + +diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c +index fd54cf306..1e5001ba0 100644 +--- a/src/util-mpm-hs-cache.c ++++ b/src/util-mpm-hs-cache.c +@@ -41,7 +41,7 @@ static const char *HSCacheConstructFPath(const char *folder_path, uint64_t hs_db + static char hash_file_path[PATH_MAX]; + + char hash_file_path_suffix[] = "_v1.hs"; +- char filename[PATH_MAX]; ++ char filename[NAME_MAX]; + uint64_t r = snprintf( + filename, sizeof(filename), "%020" PRIu64 "%s", hs_db_hash, hash_file_path_suffix); + if (r != (uint64_t)(20 + strlen(hash_file_path_suffix))) +commit c282880174875fab6bcc62a2a60c85b58dfb0d32 +Author: Lukas Sismis <lsismis@oisf.net> +Date: Thu Oct 30 12:04:35 2025 +0100 + + hs: change hash in the cache name to SHA256 + +diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c +index 1e5001ba0..83bbee59c 100644 +--- a/src/util-mpm-hs-cache.c ++++ b/src/util-mpm-hs-cache.c +@@ -34,17 +34,17 @@ + + #ifdef BUILD_HYPERSCAN + ++#include "rust.h" + #include <hs.h> + +-static const char *HSCacheConstructFPath(const char *folder_path, uint64_t hs_db_hash) ++static const char *HSCacheConstructFPath(const char *folder_path, const char *hs_db_hash) + { + static char hash_file_path[PATH_MAX]; + + char hash_file_path_suffix[] = "_v1.hs"; + char filename[NAME_MAX]; +- uint64_t r = snprintf( +- filename, sizeof(filename), "%020" PRIu64 "%s", hs_db_hash, hash_file_path_suffix); +- if (r != (uint64_t)(20 + strlen(hash_file_path_suffix))) ++ uint64_t r = snprintf(filename, sizeof(filename), "%s%s", hs_db_hash, hash_file_path_suffix); ++ if (r != (uint64_t)(strlen(hs_db_hash) + strlen(hash_file_path_suffix))) + return NULL; + + r = PathMerge(hash_file_path, sizeof(hash_file_path), folder_path, filename); +@@ -104,22 +104,22 @@ static char *HSReadStream(const char *file_path, size_t *buffer_sz) + * Function to hash the searched pattern, only things relevant to Hyperscan + * compilation are hashed. + */ +-static void SCHSCachePatternHash(const SCHSPattern *p, uint32_t *h1, uint32_t *h2) ++static void SCHSCachePatternHash(const SCHSPattern *p, SCSha256 *sha256) + { + BUG_ON(p->original_pat == NULL); + BUG_ON(p->sids == NULL); + +- hashlittle2_safe(&p->len, sizeof(p->len), h1, h2); +- hashlittle2_safe(&p->flags, sizeof(p->flags), h1, h2); +- hashlittle2_safe(p->original_pat, p->len, h1, h2); +- hashlittle2_safe(&p->id, sizeof(p->id), h1, h2); +- hashlittle2_safe(&p->offset, sizeof(p->offset), h1, h2); +- hashlittle2_safe(&p->depth, sizeof(p->depth), h1, h2); +- hashlittle2_safe(&p->sids_size, sizeof(p->sids_size), h1, h2); +- hashlittle2_safe(p->sids, p->sids_size * sizeof(SigIntId), h1, h2); ++ SCSha256Update(sha256, (const uint8_t *)&p->len, sizeof(p->len)); ++ SCSha256Update(sha256, (const uint8_t *)&p->flags, sizeof(p->flags)); ++ SCSha256Update(sha256, (const uint8_t *)p->original_pat, p->len); ++ SCSha256Update(sha256, (const uint8_t *)&p->id, sizeof(p->id)); ++ SCSha256Update(sha256, (const uint8_t *)&p->offset, sizeof(p->offset)); ++ SCSha256Update(sha256, (const uint8_t *)&p->depth, sizeof(p->depth)); ++ SCSha256Update(sha256, (const uint8_t *)&p->sids_size, sizeof(p->sids_size)); ++ SCSha256Update(sha256, (const uint8_t *)p->sids, p->sids_size * sizeof(SigIntId)); + } + +-int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath) ++int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath) + { + const char *hash_file_static = HSCacheConstructFPath(dirpath, hs_db_hash); + if (hash_file_static == NULL) +@@ -161,7 +161,7 @@ freeup: + return ret; + } + +-static int HSSaveCache(hs_database_t *hs_db, uint64_t hs_db_hash, const char *dstpath) ++static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char *dstpath) + { + static bool notified = false; + char *db_stream = NULL; +@@ -220,14 +220,26 @@ cleanup: + return ret; + } + +-uint64_t HSHashDb(const PatternDatabase *pd) ++int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len) + { +- uint32_t hash[2] = { 0 }; +- hashword2(&pd->pattern_cnt, 1, &hash[0], &hash[1]); ++ SCSha256 *hasher = SCSha256New(); ++ if (hasher == NULL) { ++ SCLogDebug("sha256 hashing failed"); ++ return -1; ++ } ++ SCSha256Update(hasher, (const uint8_t *)&pd->pattern_cnt, sizeof(pd->pattern_cnt)); + for (uint32_t i = 0; i < pd->pattern_cnt; i++) { +- SCHSCachePatternHash(pd->parray[i], &hash[0], &hash[1]); ++ SCHSCachePatternHash(pd->parray[i], hasher); ++ } ++ ++ if (!SCSha256FinalizeToHex(hasher, hash, hash_len)) { ++ hasher = NULL; ++ SCLogDebug("sha256 hashing failed"); ++ return -1; + } +- return ((uint64_t)hash[1] << 32) | hash[0]; ++ ++ hasher = NULL; ++ return 0; + } + + void HSSaveCacheIterator(void *data, void *aux) +@@ -244,7 +256,11 @@ void HSSaveCacheIterator(void *data, void *aux) + return; + } + +- if (HSSaveCache(pd->hs_db, HSHashDb(pd), iter_data->cache_path) == 0) { ++ char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator ++ if (HSHashDb(pd, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) { ++ return; ++ } ++ if (HSSaveCache(pd->hs_db, hs_db_hash, iter_data->cache_path) == 0) { + pd->cached = true; // for rule reloads + iter_data->pd_stats->hs_dbs_cache_saved_cnt++; + } +diff --git a/src/util-mpm-hs-cache.h b/src/util-mpm-hs-cache.h +index 237762d5a..225c5001a 100644 +--- a/src/util-mpm-hs-cache.h ++++ b/src/util-mpm-hs-cache.h +@@ -35,8 +35,8 @@ struct HsIteratorData { + const char *cache_path; + }; + +-int HSLoadCache(hs_database_t **hs_db, uint64_t hs_db_hash, const char *dirpath); +-uint64_t HSHashDb(const PatternDatabase *pd); ++int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath); ++int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len); + void HSSaveCacheIterator(void *data, void *aux); + #endif /* BUILD_HYPERSCAN */ + +diff --git a/src/util-mpm-hs.c b/src/util-mpm-hs.c +index dde5bf36a..ad7178eb8 100644 +--- a/src/util-mpm-hs.c ++++ b/src/util-mpm-hs.c +@@ -683,8 +683,11 @@ static int PatternDatabaseGetCached( + return 0; + } else if (cache_dir_path) { + pd_cached = *pd; +- uint64_t db_lookup_hash = HSHashDb(pd_cached); +- if (HSLoadCache(&pd_cached->hs_db, db_lookup_hash, cache_dir_path) == 0) { ++ char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator ++ if (HSHashDb(pd_cached, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) { ++ return -1; ++ } ++ if (HSLoadCache(&pd_cached->hs_db, hs_db_hash, cache_dir_path) == 0) { + pd_cached->ref_cnt = 1; + pd_cached->cached = true; + if (HSScratchAlloc(pd_cached->hs_db) != 0) { +commit 3e4fdb2118bfcb8b2644944daded2d8c67420499 +Author: Lukas Sismis <lsismis@oisf.net> +Date: Sat Sep 13 11:23:16 2025 +0200 + + misc: time unit parsing function + +diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in +index d296a196e..d47cdd197 100644 +--- a/rust/Cargo.lock.in ++++ b/rust/Cargo.lock.in +@@ -688,6 +688,12 @@ dependencies = [ + "windows-sys 0.52.0", + ] + ++[[package]] ++name = "humantime" ++version = "2.3.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424" ++ + [[package]] + name = "indexmap" + version = "2.11.4" +@@ -1551,6 +1557,7 @@ dependencies = [ + "flate2", + "hex", + "hkdf", ++ "humantime", + "ipsec-parser", + "kerberos-parser", + "lazy_static", +diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in +index 0fedea33f..22e166062 100644 +--- a/rust/Cargo.toml.in ++++ b/rust/Cargo.toml.in +@@ -77,6 +77,7 @@ lazy_static = "~1.5.0" + base64 = "~0.22.1" + bendy = { version = "~0.3.3", default-features = false } + asn1-rs = { version = "~0.6.2" } ++humantime = "~2.3.0" + ldap-parser = { version = "~0.5.0" } + hex = "~0.4.3" + psl = "2" +diff --git a/rust/src/util.rs b/rust/src/util.rs +index 9d45ae26d..2cb2da17c 100644 +--- a/rust/src/util.rs ++++ b/rust/src/util.rs +@@ -17,6 +17,7 @@ + + //! Utility module. + ++use std::borrow::Cow; + use std::ffi::CStr; + use std::os::raw::c_char; + +@@ -26,6 +27,8 @@ use nom8::combinator::verify; + use nom8::multi::many1_count; + use nom8::{AsChar, IResult, Parser}; + ++use humantime::parse_duration; ++ + #[no_mangle] + pub unsafe extern "C" fn SCCheckUtf8(val: *const c_char) -> bool { + CStr::from_ptr(val).to_str().is_ok() +@@ -63,10 +66,56 @@ pub unsafe extern "C" fn SCValidateDomain(input: *const u8, in_len: u32) -> u32 + return 0; + } + ++/// Add 's' suffix if input is only digits, and convert to lowercase if needed. ++fn duration_unit_normalize(input: &str) -> Cow<'_, str> { ++ if input.bytes().all(|b| b.is_ascii_digit()) { ++ let mut owned = String::with_capacity(input.len() + 1); ++ owned.push_str(input); ++ owned.push('s'); ++ return Cow::Owned(owned); ++ } ++ ++ if input.bytes().any(|b| b.is_ascii_uppercase()) { ++ Cow::Owned(input.to_ascii_lowercase()) ++ } else { ++ Cow::Borrowed(input) ++ } ++} ++ ++/// Reads a C string from `input`, parses it, and writes the result to `*res`. ++/// Returns 0 on success (result written to *res), -1 otherwise. ++#[no_mangle] ++pub unsafe extern "C" fn SCParseTimeDuration(input: *const c_char, res: *mut u64) -> i32 { ++ if input.is_null() || res.is_null() { ++ return -1; ++ } ++ ++ let input_str = match CStr::from_ptr(input).to_str() { ++ Ok(s) => s, ++ Err(_) => return -1, ++ }; ++ ++ let trimmed = input_str.trim(); ++ if trimmed.is_empty() { ++ return -1; ++ } ++ ++ let normalized = duration_unit_normalize(trimmed); ++ match parse_duration(normalized.as_ref()) { ++ Ok(duration) => { ++ *res = duration.as_secs(); ++ 0 ++ } ++ Err(_) => -1, ++ } ++} ++ + #[cfg(test)] + mod tests { + + use super::*; ++ use std::ffi::CString; ++ use std::ptr::{null, null_mut}; + + #[test] + fn test_parse_domain() { +@@ -83,4 +132,73 @@ mod tests { + let buf1: &[u8] = "a(x)y.com".as_bytes(); + assert!(parse_domain(buf1).is_err()); + } ++ ++ #[test] ++ fn test_parse_time_valid() { ++ unsafe { ++ let mut v: u64 = 0; ++ ++ let s = CString::new("10").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 10); ++ ++ let s = CString::new("0").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 0); ++ ++ let s = CString::new("2H").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 7200); ++ ++ let s = CString::new("1 day").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 86400); ++ ++ let s = CString::new("1w").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 604800); ++ ++ let s = CString::new("1 week").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 604800); ++ ++ let s = CString::new("1y").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 31557600); ++ ++ let s = CString::new("1 year").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, 31557600); ++ ++ // max ++ let s = CString::new("18446744073709551615").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), 0); ++ assert_eq!(v, u64::MAX); ++ } ++ } ++ ++ #[test] ++ fn test_parse_time_duration_invalid() { ++ unsafe { ++ let mut v: u64 = 0; ++ let s = CString::new("10q").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), -1); ++ ++ let s = CString::new("abc").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), -1); ++ ++ let s = CString::new("-300s").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), -1); ++ ++ let s = CString::new("1h -600s").unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), -1); ++ ++ assert_eq!(SCParseTimeDuration(null(), &mut v), -1); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), null_mut()), -1); ++ ++ let overflow_years = (u64::MAX / 31557600) + 1; ++ let s = CString::new(format!("{}y", overflow_years)).unwrap(); ++ assert_eq!(SCParseTimeDuration(s.as_ptr(), &mut v), -1); ++ } ++ } + } +diff --git a/rust/sys/src/sys.rs b/rust/sys/src/sys.rs +index 3dbd2293e..7be2a12b4 100644 +--- a/rust/sys/src/sys.rs ++++ b/rust/sys/src/sys.rs +@@ -701,6 +701,11 @@ extern "C" { + name: *const ::std::os::raw::c_char, val: *mut f32, + ) -> ::std::os::raw::c_int; + } ++extern "C" { ++ pub fn SCConfGetTime( ++ name: *const ::std::os::raw::c_char, val: *mut u64, ++ ) -> ::std::os::raw::c_int; ++} + extern "C" { + pub fn SCConfSet( + name: *const ::std::os::raw::c_char, val: *const ::std::os::raw::c_char, +commit 85f0382072173c226426d4556a9d959ab0a90c34 +Author: Lukas Sismis <lsismis@oisf.net> +Date: Sat Sep 13 23:55:02 2025 +0200 + + conf: add time parsing conf function + +diff --git a/src/conf.c b/src/conf.c +index 3be82529d..c81da37b4 100644 +--- a/src/conf.c ++++ b/src/conf.c +@@ -42,6 +42,7 @@ + #include "util-debug.h" + #include "util-path.h" + #include "util-conf.h" ++#include "rust.h" + + /** Maximum size of a complete domain name. */ + #define NODE_NAME_MAX 1024 +@@ -647,6 +648,36 @@ int SCConfGetFloat(const char *name, float *val) + return 1; + } + ++/** ++ * \brief Retrieve a configuration value as a time duration in seconds. ++ * ++ * The configuration value is expected to be a string with a number ++ * followed by an optional time-describing unit (e.g. s, seconds, weeks, years). ++ * If no unit is specified, seconds are assumed. ++ * ++ * \param name Name of configuration parameter to get. ++ * \param val Pointer to an uint64_t that will be set the ++ * configuration value in seconds. ++ * ++ * \retval 1 will be returned if the name is found and was properly ++ * converted to a time duration, otherwise 0 will be returned. ++ */ ++int SCConfGetTime(const char *name, uint64_t *val) ++{ ++ const char *strval = NULL; ++ ++ if (SCConfGet(name, &strval) == 0) ++ return 0; ++ ++ if (strval == NULL || strval[0] == '\0') ++ return 0; ++ ++ if (SCParseTimeDuration(strval, val) != 0) ++ return 0; ++ ++ return 1; ++} ++ + /** + * \brief Remove (and SCFree) the provided configuration node. + */ +diff --git a/src/conf.h b/src/conf.h +index 348138998..0f3a881ac 100644 +--- a/src/conf.h ++++ b/src/conf.h +@@ -67,6 +67,7 @@ int SCConfGetInt(const char *name, intmax_t *val); + int SCConfGetBool(const char *name, int *val); + int SCConfGetDouble(const char *name, double *val); + int SCConfGetFloat(const char *name, float *val); ++int SCConfGetTime(const char *name, uint64_t *val); + int SCConfSet(const char *name, const char *val); + int SCConfSetFromString(const char *input, int final); + int SCConfSetFinal(const char *name, const char *val); +commit fd3847db728536f6b345c33542f98a72fc058e8b +Author: Lukas Sismis <lsismis@oisf.net> +Date: Mon Sep 15 11:36:01 2025 +0200 + + path: signal last use of the file (touch) + + To have a system-level overview of when was the last time the file was + used, update the file modification timestamp to to the current time. + + This is needed to remove stale cache files of the system. + + Access time is not used as it may be, on the system level, disabled. + + Ticket: 7830 + +diff --git a/src/util-path.c b/src/util-path.c +index 356c4a772..cde5a67ff 100644 +--- a/src/util-path.c ++++ b/src/util-path.c +@@ -277,3 +277,23 @@ bool SCPathContainsTraversal(const char *path) + #endif + return strstr(path, pattern) != NULL; + } ++ ++/** ++ * \brief Update access and modification time of an existing file to 'now'. ++ * \param path The file path to touch ++ * \retval 0 on success, -1 on failure ++ */ ++int SCTouchFile(const char *path) ++{ ++ if (path == NULL || path[0] == '\0') { ++ errno = EINVAL; ++ return -1; ++ } ++#ifndef OS_WIN32 ++ struct utimbuf ub; ++ ub.actime = ub.modtime = time(NULL); ++ if (utime(path, &ub) == 0) ++ return 0; ++#endif ++ return -1; ++} +diff --git a/src/util-path.h b/src/util-path.h +index b2b262490..e835d847d 100644 +--- a/src/util-path.h ++++ b/src/util-path.h +@@ -59,5 +59,6 @@ bool SCIsRegularFile(const struct dirent *const dir_entry); + char *SCRealPath(const char *path, char *resolved_path); + const char *SCBasename(const char *path); + bool SCPathContainsTraversal(const char *path); ++int SCTouchFile(const char *path); + + #endif /* SURICATA_UTIL_PATH_H */ +commit 7031c268655aec5c44420902bbda6f7aea8eba33 +Author: Lukas Sismis <lsismis@oisf.net> +Date: Mon Sep 15 11:39:02 2025 +0200 + + hs: touch cache files on use to signal activity + + Ticket: 7830 + +diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c +index 83bbee59c..41b308171 100644 +--- a/src/util-mpm-hs-cache.c ++++ b/src/util-mpm-hs-cache.c +@@ -150,6 +150,10 @@ int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpa + } + + ret = 0; ++ /* Touch file to update modification time so active caches are retained. */ ++ if (SCTouchFile(hash_file_static) != 0) { ++ SCLogDebug("Failed to update mtime for %s", hash_file_static); ++ } + goto freeup; + } + +commit 08f5abe5e967bbcfbc0c11a797ef86125afd3db8 +Author: Lukas Sismis <lsismis@oisf.net> +Date: Sun Dec 28 00:09:29 2025 +0100 + + detect-engine: make mpm & spm part of MT stub ctx + + As a intermediary step for Hyperscan (MPM) caching, + the MPM config initialization should be part of the default + detect engine context for later dynamic retrieval. + + Ticket: 7830 + +diff --git a/src/detect-engine.c b/src/detect-engine.c +index b6d2d4237..12b1683c5 100644 +--- a/src/detect-engine.c ++++ b/src/detect-engine.c +@@ -2495,6 +2495,20 @@ static DetectEngineCtx *DetectEngineCtxInitReal( + de_ctx->filemagic_thread_ctx_id = -1; + de_ctx->tenant_id = tenant_id; + ++ de_ctx->mpm_matcher = PatternMatchDefaultMatcher(); ++ de_ctx->spm_matcher = SinglePatternMatchDefaultMatcher(); ++ ++ if (mpm_table[de_ctx->mpm_matcher].ConfigInit) { ++ de_ctx->mpm_cfg = mpm_table[de_ctx->mpm_matcher].ConfigInit(); ++ if (de_ctx->mpm_cfg == NULL) { ++ goto error; ++ } ++ } ++ if (DetectEngineMpmCachingEnabled() && mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet) { ++ mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet( ++ de_ctx->mpm_cfg, DetectEngineMpmCachingGetPath()); ++ } ++ + if (type == DETECT_ENGINE_TYPE_DD_STUB || type == DETECT_ENGINE_TYPE_MT_STUB) { + de_ctx->version = DetectEngineGetVersion(); + SCLogDebug("stub %u with version %u", type, de_ctx->version); +@@ -2511,23 +2525,8 @@ static DetectEngineCtx *DetectEngineCtxInitReal( + } + de_ctx->failure_fatal = (failure_fatal == 1); + +- de_ctx->mpm_matcher = PatternMatchDefaultMatcher(); +- de_ctx->spm_matcher = SinglePatternMatchDefaultMatcher(); +- SCLogConfig("pattern matchers: MPM: %s, SPM: %s", +- mpm_table[de_ctx->mpm_matcher].name, +- spm_table[de_ctx->spm_matcher].name); +- +- if (mpm_table[de_ctx->mpm_matcher].ConfigInit) { +- de_ctx->mpm_cfg = mpm_table[de_ctx->mpm_matcher].ConfigInit(); +- if (de_ctx->mpm_cfg == NULL) { +- goto error; +- } +- } +- if (DetectEngineMpmCachingEnabled() && mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet) { +- mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet( +- de_ctx->mpm_cfg, DetectEngineMpmCachingGetPath()); +- } +- ++ SCLogConfig("pattern matchers: MPM: %s, SPM: %s", mpm_table[de_ctx->mpm_matcher].name, ++ spm_table[de_ctx->spm_matcher].name); + de_ctx->spm_global_thread_ctx = SpmInitGlobalThreadCtx(de_ctx->spm_matcher); + if (de_ctx->spm_global_thread_ctx == NULL) { + SCLogDebug("Unable to alloc SpmGlobalThreadCtx."); +commit 15c83be61ac3f47bf198fe24eb908db5a84b7ccd +Author: Lukas Sismis <lsismis@oisf.net> +Date: Mon Sep 15 11:24:23 2025 +0200 + + hs: prune stale MPM cache files + + Hyperscan MPM can cache the compiled contexts to files. + This however grows as rulesets change and leads to bloating + the system. This addition prunes the stale cache files based + on their modified file timestamp. + + Part of this work incorporates new model for MPM cache stats + to split it out from the cache save function and aggregate + cache-related stats in one place (newly added pruning). + + Ticket: 7830 + +diff --git a/doc/userguide/performance/hyperscan.rst b/doc/userguide/performance/hyperscan.rst +index 065163110..1060d3aef 100644 +--- a/doc/userguide/performance/hyperscan.rst ++++ b/doc/userguide/performance/hyperscan.rst +@@ -83,6 +83,8 @@ if it is present on the system in case of the "auto" setting. + If the current suricata installation does not have hyperscan + support, refer to :ref:`installation` + ++.. _hyperscan-cache-configuration: ++ + Hyperscan caching + ~~~~~~~~~~~~~~~~~ + +@@ -104,6 +106,24 @@ To enable this function, in `suricata.yaml` configure: + sgh-mpm-caching-path: /var/lib/suricata/cache/hs + + ++To avoid cache files growing indefinitely, Suricata supports pruning of old ++cache files. Suricata removes cache files older than the specified age ++on startup/rule reloads, where age is determined by delta of the file ++modification time and the current time. ++Cache files that are actively being used will have their modification time ++updated when loaded, so they won't be deleted. ++ ++In `suricata.yaml` configure: ++ ++:: ++ ++ detect: ++ sgh-mpm-caching-max-age: 7d ++ ++The setting accepts a combination of time units (s,m,h,d,w,y), ++e.g. `1w 3d 12h` for 1 week, 3 days and 12 hours. Setting the value to `0` ++disables pruning. ++ + **Note**: + You might need to create and adjust permissions to the default caching folder + path, especially if you are running Suricata as a non-root user. +diff --git a/doc/userguide/upgrade.rst b/doc/userguide/upgrade.rst +index ef8d1e369..054e3eb38 100644 +--- a/doc/userguide/upgrade.rst ++++ b/doc/userguide/upgrade.rst +@@ -68,6 +68,10 @@ Other Changes + from unbounded to 2048. Configuration options, ``max-tx``, + ``max-points``, and ``max-objects`` have been added for users who + may need to change these defaults. ++- Hyperscan caching (`detect.sgh-mpm-caching`), when enabled, prunes ++ cache files that have not been used in the last 7 days by default. ++ See :ref:`Hyperscan caching configuration ++ <hyperscan-cache-configuration>` for more information. + + Upgrading to 8.0.1 + ------------------ +diff --git a/src/detect-engine-loader.c b/src/detect-engine-loader.c +index ef0e8ef13..a97ebd6d2 100644 +--- a/src/detect-engine-loader.c ++++ b/src/detect-engine-loader.c +@@ -502,10 +502,6 @@ skip_regular_rules: + + ret = 0; + +- if (mpm_table[de_ctx->mpm_matcher].CacheRuleset != NULL) { +- mpm_table[de_ctx->mpm_matcher].CacheRuleset(de_ctx->mpm_cfg); +- } +- + end: + gettimeofday(&de_ctx->last_reload, NULL); + if (SCRunmodeGet() == RUNMODE_ENGINE_ANALYSIS) { +diff --git a/src/detect-engine.c b/src/detect-engine.c +index 12b1683c5..28e0bc14a 100644 +--- a/src/detect-engine.c ++++ b/src/detect-engine.c +@@ -2481,6 +2481,49 @@ const char *DetectEngineMpmCachingGetPath(void) + return SGH_CACHE_DIR; + } + ++void DetectEngineMpmCacheService(uint32_t op_flags) ++{ ++ DetectEngineCtx *de_ctx = DetectEngineGetCurrent(); ++ if (!de_ctx) { ++ return; ++ } ++ ++ if (!de_ctx->mpm_cfg || !de_ctx->mpm_cfg->cache_dir_path) { ++ goto error; ++ } ++ ++ if (mpm_table[de_ctx->mpm_matcher].CacheStatsInit != NULL) { ++ de_ctx->mpm_cfg->cache_stats = mpm_table[de_ctx->mpm_matcher].CacheStatsInit(); ++ if (de_ctx->mpm_cfg->cache_stats == NULL) { ++ goto error; ++ } ++ } ++ ++ if (op_flags & DETECT_ENGINE_MPM_CACHE_OP_SAVE) { ++ if (mpm_table[de_ctx->mpm_matcher].CacheRuleset != NULL) { ++ mpm_table[de_ctx->mpm_matcher].CacheRuleset(de_ctx->mpm_cfg); ++ } ++ } ++ ++ if (op_flags & DETECT_ENGINE_MPM_CACHE_OP_PRUNE) { ++ if (mpm_table[de_ctx->mpm_matcher].CachePrune != NULL) { ++ mpm_table[de_ctx->mpm_matcher].CachePrune(de_ctx->mpm_cfg); ++ } ++ } ++ ++ if (mpm_table[de_ctx->mpm_matcher].CacheStatsPrint != NULL) { ++ mpm_table[de_ctx->mpm_matcher].CacheStatsPrint(de_ctx->mpm_cfg->cache_stats); ++ } ++ ++ if (mpm_table[de_ctx->mpm_matcher].CacheStatsDeinit != NULL) { ++ mpm_table[de_ctx->mpm_matcher].CacheStatsDeinit(de_ctx->mpm_cfg->cache_stats); ++ de_ctx->mpm_cfg->cache_stats = NULL; ++ } ++ ++error: ++ DetectEngineDeReference(&de_ctx); ++} ++ + static DetectEngineCtx *DetectEngineCtxInitReal( + enum DetectEngineType type, const char *prefix, uint32_t tenant_id) + { +@@ -2503,10 +2546,18 @@ static DetectEngineCtx *DetectEngineCtxInitReal( + if (de_ctx->mpm_cfg == NULL) { + goto error; + } +- } +- if (DetectEngineMpmCachingEnabled() && mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet) { +- mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet( +- de_ctx->mpm_cfg, DetectEngineMpmCachingGetPath()); ++ ++ if (DetectEngineMpmCachingEnabled() && mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet) { ++ mpm_table[de_ctx->mpm_matcher].ConfigCacheDirSet( ++ de_ctx->mpm_cfg, DetectEngineMpmCachingGetPath()); ++ ++ if (mpm_table[de_ctx->mpm_matcher].CachePrune) { ++ if (SCConfGetTime("detect.sgh-mpm-caching-max-age", ++ &de_ctx->mpm_cfg->cache_max_age_seconds) != 1) { ++ de_ctx->mpm_cfg->cache_max_age_seconds = 7ULL * 24ULL * 60ULL * 60ULL; ++ } ++ } ++ } + } + + if (type == DETECT_ENGINE_TYPE_DD_STUB || type == DETECT_ENGINE_TYPE_MT_STUB) { +@@ -4885,6 +4936,8 @@ int DetectEngineReload(const SCInstance *suri) + + SCLogDebug("old_de_ctx should have been freed"); + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_SAVE | DETECT_ENGINE_MPM_CACHE_OP_PRUNE); ++ + SCLogNotice("rule reload complete"); + + #ifdef HAVE_MALLOC_TRIM +diff --git a/src/detect-engine.h b/src/detect-engine.h +index 2c56475f6..2d45d3253 100644 +--- a/src/detect-engine.h ++++ b/src/detect-engine.h +@@ -88,6 +88,7 @@ TmEcode DetectEngineThreadCtxInit(ThreadVars *, void *, void **); + TmEcode DetectEngineThreadCtxDeinit(ThreadVars *, void *); + bool DetectEngineMpmCachingEnabled(void); + const char *DetectEngineMpmCachingGetPath(void); ++void DetectEngineMpmCacheService(uint32_t op_flags); + /* faster as a macro than a inline function on my box -- VJ */ + #define DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) + void DetectEngineResetMaxSigId(DetectEngineCtx *); +diff --git a/src/detect.h b/src/detect.h +index 62c888e6a..49fbfe3eb 100644 +--- a/src/detect.h ++++ b/src/detect.h +@@ -1750,6 +1750,9 @@ extern SigTableElmt *sigmatch_table; + + /** Remember to add the options in SignatureIsIPOnly() at detect.c otherwise it wont be part of a signature group */ + ++#define DETECT_ENGINE_MPM_CACHE_OP_PRUNE BIT_U32(0) ++#define DETECT_ENGINE_MPM_CACHE_OP_SAVE BIT_U32(1) ++ + /* detection api */ + TmEcode Detect(ThreadVars *tv, Packet *p, void *data); + uint8_t DetectPreFlow(ThreadVars *tv, DetectEngineThreadCtx *det_ctx, Packet *p); +diff --git a/src/runmode-unix-socket.c b/src/runmode-unix-socket.c +index c2405f057..706a35b7e 100644 +--- a/src/runmode-unix-socket.c ++++ b/src/runmode-unix-socket.c +@@ -967,6 +967,8 @@ TmEcode UnixSocketRegisterTenantHandler(json_t *cmd, json_t* answer, void *data) + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_SAVE); ++ + json_object_set_new(answer, "message", json_string("handler added")); + return TM_ECODE_OK; + } +@@ -1054,6 +1056,8 @@ TmEcode UnixSocketUnregisterTenantHandler(json_t *cmd, json_t* answer, void *dat + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_PRUNE); ++ + json_object_set_new(answer, "message", json_string("handler removed")); + return TM_ECODE_OK; + } +@@ -1126,6 +1130,8 @@ TmEcode UnixSocketRegisterTenant(json_t *cmd, json_t* answer, void *data) + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_SAVE); ++ + json_object_set_new(answer, "message", json_string("adding tenant succeeded")); + return TM_ECODE_OK; + } +@@ -1193,6 +1199,8 @@ TmEcode UnixSocketReloadTenant(json_t *cmd, json_t* answer, void *data) + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_SAVE | DETECT_ENGINE_MPM_CACHE_OP_PRUNE); ++ + json_object_set_new(answer, "message", json_string("reloading tenant succeeded")); + return TM_ECODE_OK; + } +@@ -1226,6 +1234,7 @@ TmEcode UnixSocketReloadTenants(json_t *cmd, json_t *answer, void *data) + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_SAVE | DETECT_ENGINE_MPM_CACHE_OP_PRUNE); + SCLogNotice("reload-tenants complete"); + + json_object_set_new(answer, "message", json_string("reloading tenants succeeded")); +@@ -1284,6 +1293,8 @@ TmEcode UnixSocketUnregisterTenant(json_t *cmd, json_t* answer, void *data) + return TM_ECODE_FAILED; + } + ++ DetectEngineMpmCacheService(DETECT_ENGINE_MPM_CACHE_OP_PRUNE); ++ + /* walk free list, freeing the removed de_ctx */ + DetectEnginePruneFreeList(); + +diff --git a/src/suricata.c b/src/suricata.c +index c6f94c3ce..a106c56f7 100644 +--- a/src/suricata.c ++++ b/src/suricata.c +@@ -2688,6 +2688,8 @@ void PostConfLoadedDetectSetup(SCInstance *suri) + gettimeofday(&de_ctx->last_reload, NULL); + DetectEngineAddToMaster(de_ctx); + DetectEngineBumpVersion(); ++ DetectEngineMpmCacheService( ++ DETECT_ENGINE_MPM_CACHE_OP_SAVE | DETECT_ENGINE_MPM_CACHE_OP_PRUNE); + } + } + +diff --git a/src/util-mpm-hs-cache.c b/src/util-mpm-hs-cache.c +index 41b308171..58a2aa6ab 100644 +--- a/src/util-mpm-hs-cache.c ++++ b/src/util-mpm-hs-cache.c +@@ -37,21 +37,22 @@ + #include "rust.h" + #include <hs.h> + +-static const char *HSCacheConstructFPath(const char *folder_path, const char *hs_db_hash) +-{ +- static char hash_file_path[PATH_MAX]; ++#define HS_CACHE_FILE_VERSION "2" ++#define HS_CACHE_FILE_SUFFIX "_v" HS_CACHE_FILE_VERSION ".hs" + +- char hash_file_path_suffix[] = "_v1.hs"; ++static int16_t HSCacheConstructFPath( ++ const char *dir_path, const char *db_hash, char *out_path, uint16_t out_path_size) ++{ + char filename[NAME_MAX]; +- uint64_t r = snprintf(filename, sizeof(filename), "%s%s", hs_db_hash, hash_file_path_suffix); +- if (r != (uint64_t)(strlen(hs_db_hash) + strlen(hash_file_path_suffix))) +- return NULL; ++ uint64_t r = snprintf(filename, sizeof(filename), "%s" HS_CACHE_FILE_SUFFIX, db_hash); ++ if (r != (uint64_t)(strlen(db_hash) + strlen(HS_CACHE_FILE_SUFFIX))) ++ return -1; + +- r = PathMerge(hash_file_path, sizeof(hash_file_path), folder_path, filename); ++ r = PathMerge(out_path, out_path_size, dir_path, filename); + if (r) +- return NULL; ++ return -1; + +- return hash_file_path; ++ return 0; + } + + static char *HSReadStream(const char *file_path, size_t *buffer_sz) +@@ -121,8 +122,11 @@ static void SCHSCachePatternHash(const SCHSPattern *p, SCSha256 *sha256) + + int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath) + { +- const char *hash_file_static = HSCacheConstructFPath(dirpath, hs_db_hash); +- if (hash_file_static == NULL) ++ char hash_file_static[PATH_MAX]; ++ int ret = (int)HSCacheConstructFPath( ++ dirpath, hs_db_hash, hash_file_static, sizeof(hash_file_static)); ++ ++ if (ret != 0) + return -1; + + SCLogDebug("Loading the cached HS DB from %s", hash_file_static); +@@ -131,7 +135,6 @@ int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpa + + FILE *db_cache = fopen(hash_file_static, "r"); + char *buffer = NULL; +- int ret = 0; + if (db_cache) { + size_t buffer_size; + buffer = HSReadStream(hash_file_static, &buffer_size); +@@ -170,15 +173,20 @@ static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char + static bool notified = false; + char *db_stream = NULL; + size_t db_size; +- int ret = -1; ++ int ret; + + hs_error_t err = hs_serialize_database(hs_db, &db_stream, &db_size); + if (err != HS_SUCCESS) { + SCLogWarning("Failed to serialize Hyperscan database: %s", HSErrorToStr(err)); ++ ret = -1; + goto cleanup; + } + +- const char *hash_file_static = HSCacheConstructFPath(dstpath, hs_db_hash); ++ char hash_file_static[PATH_MAX]; ++ ret = (int)HSCacheConstructFPath( ++ dstpath, hs_db_hash, hash_file_static, sizeof(hash_file_static)); ++ if (ret != 0) ++ goto cleanup; + SCLogDebug("Caching the compiled HS at %s", hash_file_static); + if (SCPathExists(hash_file_static)) { + // potentially signs that it might not work as expected as we got into +@@ -198,6 +206,7 @@ static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char + hash_file_static); + notified = true; + } ++ ret = -1; + goto cleanup; + } + size_t r = fwrite(db_stream, sizeof(db_stream[0]), db_size, db_cache_out); +@@ -217,7 +226,6 @@ static int HSSaveCache(hs_database_t *hs_db, const char *hs_db_hash, const char + goto cleanup; + } + +- ret = 0; + cleanup: + if (db_stream) + SCFree(db_stream); +@@ -270,4 +278,187 @@ void HSSaveCacheIterator(void *data, void *aux) + } + } + ++void HSCacheFilenameUsedIterator(void *data, void *aux) ++{ ++ PatternDatabase *pd = (PatternDatabase *)data; ++ struct HsInUseCacheFilesIteratorData *iter_data = (struct HsInUseCacheFilesIteratorData *)aux; ++ if (pd->no_cache || !pd->cached) ++ return; ++ ++ char hs_db_hash[SC_SHA256_LEN * 2 + 1]; // * 2 for hex +1 for nul terminator ++ if (HSHashDb(pd, hs_db_hash, ARRAY_SIZE(hs_db_hash)) != 0) { ++ return; ++ } ++ ++ char *fpath = SCCalloc(PATH_MAX, sizeof(char)); ++ if (fpath == NULL) { ++ SCLogWarning("Failed to allocate memory for cache file path"); ++ return; ++ } ++ if (HSCacheConstructFPath(iter_data->cache_path, hs_db_hash, fpath, PATH_MAX)) { ++ SCFree(fpath); ++ return; ++ } ++ ++ int r = HashTableAdd(iter_data->tbl, (void *)fpath, (uint16_t)strlen(fpath)); ++ if (r < 0) { ++ SCLogWarning("Failed to add used cache file path %s to hash table", fpath); ++ SCFree(fpath); ++ } ++} ++ ++/** ++ * \brief Check if HS cache file is stale by age. ++ * ++ * \param mtime File modification time. ++ * \param cutoff Time cutoff (files older than this will be removed). ++ * ++ * \retval true if file should be pruned, false otherwise. ++ */ ++static bool HSPruneFileByAge(time_t mtime, time_t cutoff) ++{ ++ return mtime < cutoff; ++} ++ ++/** ++ * \brief Check if HS cache file is version-compatible. ++ * ++ * \param filename Cache file name. ++ * ++ * \retval true if file should be pruned, false otherwise. ++ */ ++static bool HSPruneFileByVersion(const char *filename) ++{ ++ if (strlen(filename) < strlen(HS_CACHE_FILE_SUFFIX)) { ++ return true; ++ } ++ ++ const char *underscore = strrchr(filename, '_'); ++ if (underscore == NULL || strcmp(underscore, HS_CACHE_FILE_SUFFIX) != 0) { ++ return true; ++ } ++ ++ return false; ++} ++ ++int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches) ++{ ++ if (mpm_conf == NULL || mpm_conf->cache_dir_path == NULL) ++ return -1; ++ if (mpm_conf->cache_max_age_seconds == 0) ++ return 0; // disabled ++ ++ const time_t now = time(NULL); ++ if (now == (time_t)-1) { ++ return -1; ++ } else if (mpm_conf->cache_max_age_seconds >= (uint64_t)now) { ++ return 0; ++ } ++ ++ DIR *dir = opendir(mpm_conf->cache_dir_path); ++ if (dir == NULL) { ++ return -1; ++ } ++ ++ struct dirent *ent; ++ char path[PATH_MAX]; ++ uint32_t considered = 0, removed = 0; ++ const time_t cutoff = now - (time_t)mpm_conf->cache_max_age_seconds; ++ while ((ent = readdir(dir)) != NULL) { ++ const char *name = ent->d_name; ++ size_t namelen = strlen(name); ++ if (namelen < 3 || strcmp(name + namelen - 3, ".hs") != 0) ++ continue; ++ ++ if (PathMerge(path, ARRAY_SIZE(path), mpm_conf->cache_dir_path, name) != 0) ++ continue; ++ ++ struct stat st; ++ if (stat(path, &st) != 0 || !S_ISREG(st.st_mode)) ++ continue; ++ ++ considered++; ++ ++ const bool prune_by_age = HSPruneFileByAge(st.st_mtime, cutoff); ++ const bool prune_by_version = HSPruneFileByVersion(name); ++ if (!prune_by_age && !prune_by_version) ++ continue; ++ ++ void *cache_inuse = HashTableLookup(inuse_caches, path, (uint16_t)strlen(path)); ++ if (cache_inuse != NULL) ++ continue; // in use ++ ++ if (unlink(path) == 0) { ++ removed++; ++ SCLogDebug("File %s removed because of %s%s%s", path, prune_by_age ? "age" : "", ++ prune_by_age && prune_by_version ? " and " : "", ++ prune_by_version ? "incompatible version" : ""); ++ } else { ++ SCLogWarning("Failed to prune \"%s\": %s", path, strerror(errno)); ++ } ++ } ++ closedir(dir); ++ ++ PatternDatabaseCache *pd_cache_stats = mpm_conf->cache_stats; ++ if (pd_cache_stats) { ++ pd_cache_stats->hs_dbs_cache_pruned_cnt = removed; ++ pd_cache_stats->hs_dbs_cache_pruned_considered_cnt = considered; ++ pd_cache_stats->hs_dbs_cache_pruned_cutoff = cutoff; ++ pd_cache_stats->cache_max_age_seconds = mpm_conf->cache_max_age_seconds; ++ } ++ return 0; ++} ++ ++void *SCHSCacheStatsInit(void) ++{ ++ PatternDatabaseCache *pd_cache_stats = SCCalloc(1, sizeof(PatternDatabaseCache)); ++ if (pd_cache_stats == NULL) { ++ SCLogError("Failed to allocate memory for Hyperscan cache stats"); ++ return NULL; ++ } ++ return pd_cache_stats; ++} ++ ++void SCHSCacheStatsPrint(void *data) ++{ ++ if (data == NULL) { ++ return; ++ } ++ ++ PatternDatabaseCache *pd_cache_stats = (PatternDatabaseCache *)data; ++ ++ char time_str[64]; ++ struct tm tm_s; ++ struct tm *tm_info = SCLocalTime(pd_cache_stats->hs_dbs_cache_pruned_cutoff, &tm_s); ++ if (tm_info != NULL) { ++ strftime(time_str, ARRAY_SIZE(time_str), "%Y-%m-%d %H:%M:%S", tm_info); ++ } else { ++ snprintf(time_str, ARRAY_SIZE(time_str), "%" PRIu64 " seconds", ++ pd_cache_stats->cache_max_age_seconds); ++ } ++ ++ if (pd_cache_stats->hs_cacheable_dbs_cnt) { ++ SCLogInfo("Rule group caching - loaded: %u newly cached: %u total cacheable: %u", ++ pd_cache_stats->hs_dbs_cache_loaded_cnt, pd_cache_stats->hs_dbs_cache_saved_cnt, ++ pd_cache_stats->hs_cacheable_dbs_cnt); ++ } ++ if (pd_cache_stats->hs_dbs_cache_pruned_considered_cnt) { ++ SCLogInfo("Rule group cache pruning removed %u/%u of HS caches due to " ++ "version-incompatibility (not v%s) or " ++ "age (older than %s)", ++ pd_cache_stats->hs_dbs_cache_pruned_cnt, ++ pd_cache_stats->hs_dbs_cache_pruned_considered_cnt, HS_CACHE_FILE_VERSION, ++ time_str); ++ } ++} ++ ++void SCHSCacheStatsDeinit(void *data) ++{ ++ if (data == NULL) { ++ return; ++ } ++ PatternDatabaseCache *pd_cache_stats = (PatternDatabaseCache *)data; ++ SCFree(pd_cache_stats); ++} ++ + #endif /* BUILD_HYPERSCAN */ +diff --git a/src/util-mpm-hs-cache.h b/src/util-mpm-hs-cache.h +index 225c5001a..24b4eece0 100644 +--- a/src/util-mpm-hs-cache.h ++++ b/src/util-mpm-hs-cache.h +@@ -35,9 +35,24 @@ struct HsIteratorData { + const char *cache_path; + }; + ++/** ++ * \brief Data structure to store in-use cache files. ++ * Used in cache pruning to avoid deleting files that are still in use. ++ */ ++struct HsInUseCacheFilesIteratorData { ++ HashTable *tbl; // stores file paths of in-use cache files ++ const char *cache_path; ++}; ++ + int HSLoadCache(hs_database_t **hs_db, const char *hs_db_hash, const char *dirpath); + int HSHashDb(const PatternDatabase *pd, char *hash, size_t hash_len); + void HSSaveCacheIterator(void *data, void *aux); ++void HSCacheFilenameUsedIterator(void *data, void *aux); ++int SCHSCachePruneEvaluate(MpmConfig *mpm_conf, HashTable *inuse_caches); ++ ++void *SCHSCacheStatsInit(void); ++void SCHSCacheStatsPrint(void *data); ++void SCHSCacheStatsDeinit(void *data); + #endif /* BUILD_HYPERSCAN */ + + #endif /* SURICATA_UTIL_MPM_HS_CACHE__H */ +diff --git a/src/util-mpm-hs-core.h b/src/util-mpm-hs-core.h +index 699dd6956..8392127cf 100644 +--- a/src/util-mpm-hs-core.h ++++ b/src/util-mpm-hs-core.h +@@ -93,6 +93,10 @@ typedef struct PatternDatabaseCache_ { + uint32_t hs_cacheable_dbs_cnt; + uint32_t hs_dbs_cache_loaded_cnt; + uint32_t hs_dbs_cache_saved_cnt; ++ uint32_t hs_dbs_cache_pruned_cnt; ++ uint32_t hs_dbs_cache_pruned_considered_cnt; ++ time_t hs_dbs_cache_pruned_cutoff; ++ uint64_t cache_max_age_seconds; + } PatternDatabaseCache; + + const char *HSErrorToStr(hs_error_t error_code); +diff --git a/src/util-mpm-hs.c b/src/util-mpm-hs.c +index ad7178eb8..df4a66b2e 100644 +--- a/src/util-mpm-hs.c ++++ b/src/util-mpm-hs.c +@@ -835,18 +835,53 @@ static int SCHSCacheRuleset(MpmConfig *mpm_conf) + mpm_conf->cache_dir_path); + return -1; + } +- PatternDatabaseCache pd_stats = { 0 }; +- struct HsIteratorData iter_data = { .pd_stats = &pd_stats, ++ PatternDatabaseCache *pd_stats = mpm_conf->cache_stats; ++ struct HsIteratorData iter_data = { .pd_stats = pd_stats, + .cache_path = mpm_conf->cache_dir_path }; + SCMutexLock(&g_db_table_mutex); + HashTableIterate(g_db_table, HSSaveCacheIterator, &iter_data); + SCMutexUnlock(&g_db_table_mutex); +- SCLogNotice("Rule group caching - loaded: %u newly cached: %u total cacheable: %u", +- pd_stats.hs_dbs_cache_loaded_cnt, pd_stats.hs_dbs_cache_saved_cnt, +- pd_stats.hs_cacheable_dbs_cnt); + return 0; + } + ++static uint32_t FilenameTableHash(HashTable *ht, void *data, uint16_t len) ++{ ++ const char *fname = data; ++ uint32_t hash = hashlittle_safe(data, strlen(fname), 0); ++ hash %= ht->array_size; ++ return hash; ++} ++ ++static void FilenameTableFree(void *data) ++{ ++ SCFree(data); ++} ++ ++static int SCHSCachePrune(MpmConfig *mpm_conf) ++{ ++ if (!mpm_conf || !mpm_conf->cache_dir_path) { ++ return -1; ++ } ++ ++ SCLogDebug("Pruning the Hyperscan cache folder %s", mpm_conf->cache_dir_path); ++ // we need to initialize hash map of in-use cache files ++ HashTable *inuse_caches = ++ HashTableInit(INIT_DB_HASH_SIZE, FilenameTableHash, NULL, FilenameTableFree); ++ if (inuse_caches == NULL) { ++ return -1; ++ } ++ struct HsInUseCacheFilesIteratorData iter_data = { .tbl = inuse_caches, ++ .cache_path = mpm_conf->cache_dir_path }; ++ ++ SCMutexLock(&g_db_table_mutex); ++ HashTableIterate(g_db_table, HSCacheFilenameUsedIterator, &iter_data); ++ SCMutexUnlock(&g_db_table_mutex); ++ ++ int r = SCHSCachePruneEvaluate(mpm_conf, inuse_caches); ++ HashTableFree(inuse_caches); ++ return r; ++} ++ + /** + * \brief Init the mpm thread context. + * +@@ -1178,7 +1213,11 @@ void MpmHSRegister(void) + mpm_table[MPM_HS].AddPattern = SCHSAddPatternCS; + mpm_table[MPM_HS].AddPatternNocase = SCHSAddPatternCI; + mpm_table[MPM_HS].Prepare = SCHSPreparePatterns; ++ mpm_table[MPM_HS].CacheStatsInit = SCHSCacheStatsInit; ++ mpm_table[MPM_HS].CacheStatsPrint = SCHSCacheStatsPrint; ++ mpm_table[MPM_HS].CacheStatsDeinit = SCHSCacheStatsDeinit; + mpm_table[MPM_HS].CacheRuleset = SCHSCacheRuleset; ++ mpm_table[MPM_HS].CachePrune = SCHSCachePrune; + mpm_table[MPM_HS].Search = SCHSSearch; + mpm_table[MPM_HS].PrintCtx = SCHSPrintInfo; + mpm_table[MPM_HS].PrintThreadCtx = SCHSPrintSearchStats; +diff --git a/src/util-mpm.h b/src/util-mpm.h +index c2c434152..859ceae12 100644 +--- a/src/util-mpm.h ++++ b/src/util-mpm.h +@@ -90,6 +90,8 @@ typedef struct MpmPattern_ { + + typedef struct MpmConfig_ { + const char *cache_dir_path; ++ uint64_t cache_max_age_seconds; /* 0 means disabled/no pruning policy */ ++ void *cache_stats; + } MpmConfig; + + typedef struct MpmCtx_ { +@@ -175,7 +177,11 @@ typedef struct MpmTableElmt_ { + int (*AddPatternNocase)(struct MpmCtx_ *, const uint8_t *, uint16_t, uint16_t, uint16_t, + uint32_t, SigIntId, uint8_t); + int (*Prepare)(MpmConfig *, struct MpmCtx_ *); ++ void *(*CacheStatsInit)(void); ++ void (*CacheStatsPrint)(void *data); ++ void (*CacheStatsDeinit)(void *data); + int (*CacheRuleset)(MpmConfig *); ++ int (*CachePrune)(MpmConfig *); + /** \retval cnt number of patterns that matches: once per pattern max. */ + uint32_t (*Search)(const struct MpmCtx_ *, struct MpmThreadCtx_ *, PrefilterRuleStore *, const uint8_t *, uint32_t); + void (*PrintCtx)(struct MpmCtx_ *); +diff --git a/suricata.yaml.in b/suricata.yaml.in +index a0ab5a066..d7ce7c2cc 100644 +--- a/suricata.yaml.in ++++ b/suricata.yaml.in +@@ -1810,6 +1810,10 @@ detect: + # Cache files are created in the standard library directory. + sgh-mpm-caching: yes + sgh-mpm-caching-path: @e_sghcachedir@ ++ # Maximum age for cached MPM databases before they are pruned. ++ # Accepts a combination of time units (s,m,h,d,w,y). ++ # Omit to use the default, 0 to disable. ++ # sgh-mpm-caching-max-age: 7d + # inspection-recursion-limit: 3000 + # maximum number of times a tx will get logged for rules without app-layer keywords + # stream-tx-log-limit: 4 +commit 56c1552c3e8425ca07ce3b6ba88f2215b984c5fb +Author: Lukas Sismis <lsismis@oisf.net> +Date: Mon Nov 3 19:47:16 2025 +0100 + + hs: warn about the same cache directory + + This is especially relevant for multi-instance simultaneous setups + as we might risk read/write races. + +diff --git a/doc/userguide/performance/hyperscan.rst b/doc/userguide/performance/hyperscan.rst +index 1060d3aef..a64322730 100644 +--- a/doc/userguide/performance/hyperscan.rst ++++ b/doc/userguide/performance/hyperscan.rst +@@ -127,3 +127,7 @@ disables pruning. + **Note**: + You might need to create and adjust permissions to the default caching folder + path, especially if you are running Suricata as a non-root user. ++ ++**Note**: ++If you're running multiple Suricata instances, use separate cache folders ++for each one to avoid read/write conflicts when they run at the same time. -- 2.47.3 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 2/3] rust: Update to 1.92.0 2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl 2026-01-23 5:26 ` [PATCH 1/3] suricata: Add upstream patch to purge sgh-mpm-caches Stefan Schantl @ 2026-01-23 5:26 ` Stefan Schantl 2026-01-23 10:09 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Michael Tremer 2 siblings, 0 replies; 17+ messages in thread From: Stefan Schantl @ 2026-01-23 5:26 UTC (permalink / raw) To: development; +Cc: Stefan Schantl This is an update to the latest stable release of rust Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> --- config/rootfiles/common/aarch64/rust | 130 +++++++++++++-------------- config/rootfiles/common/riscv64/rust | 109 +++++++++++----------- config/rootfiles/common/x86_64/rust | 82 ++++++++++------- lfs/rust | 13 ++- 4 files changed, 173 insertions(+), 161 deletions(-) diff --git a/config/rootfiles/common/aarch64/rust b/config/rootfiles/common/aarch64/rust index 19055ac28..71b7ce9a2 100644 --- a/config/rootfiles/common/aarch64/rust +++ b/config/rootfiles/common/aarch64/rust @@ -6,70 +6,11 @@ #usr/bin/rustdoc #usr/etc/bash_completion.d #usr/etc/bash_completion.d/cargo -#usr/lib/libdarling_macro-48c60ba578c36a18.so -#usr/lib/libderive_setters-bdfbec951c0a0cf1.so -#usr/lib/libderive_where-1280fdedb928b2b9.so -#usr/lib/libdisplaydoc-2a39d0af4ba451ec.so -#usr/lib/libicu_provider_macros-2355031845105802.so -#usr/lib/libproc_macro_hack-2fb61d9ea1b51e16.so -#usr/lib/librustc_driver-c048d41570338542.so -#usr/lib/librustc_fluent_macro-5d08f2449a8d1a39.so -#usr/lib/librustc_index_macros-3616864e0878239b.so -#usr/lib/librustc_macros-9af36f6a1d64f82e.so -#usr/lib/librustc_type_ir_macros-965f2d2a9475d718.so -#usr/lib/libserde_derive-6a6f9b18169a12f0.so -#usr/lib/libthiserror_impl-02bd7f8a09469611.so -#usr/lib/libtime_macros-e83d7ae85f0f72f4.so -#usr/lib/libtracing_attributes-c49d2f63065f963b.so -#usr/lib/libunic_langid_macros_impl-0bbf2066776f4784.so -#usr/lib/libyoke_derive-3668e5798b12e026.so -#usr/lib/libzerocopy_derive-75eaa3aa75782f35.so -#usr/lib/libzerofrom_derive-0f9693bcd0f4a45b.so -#usr/lib/libzerovec_derive-302e6c91f5b923b1.so +#usr/etc/target-spec-json-schema.json +#usr/lib/libLLVM-21-rust-1.92.0-stable.so +#usr/lib/libLLVM.so.21.1-rust-1.92.0-stable +#usr/lib/librustc_driver-d31eb41759495bb2.so #usr/lib/rustlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/ld.lld -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/ld64.lld -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/lld-link -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/wasm-ld -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/rust-objcopy -#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/wasm-component-ld -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libaddr2line-b5c2000e0cd7e2da.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libadler-7522a3b17c9865c1.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/liballoc-dd37cd35aaa8bbc1.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcfg_if-d85d8ca815fd8ede.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcompiler_builtins-28e5089f2b5f6c14.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcore-f87f661789447f5d.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libgetopts-0d2560c9c04f523e.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libgimli-260b0ae067fcbc74.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libhashbrown-f81554601df81dba.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/liblibc-a407511d16763038.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libmemchr-49c225520932793c.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libminiz_oxide-904261fe6c2793b4.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libobject-1238c66087ccc721.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libpanic_abort-a663c8e263fd76c3.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libpanic_unwind-8015a5c851b5d89f.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libproc_macro-13fc50646028bfe3.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libprofiler_builtins-17fa3f5dd5b39bf9.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.asan.a -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.hwasan.a -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.lsan.a -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.msan.a -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.tsan.a -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_demangle-bdd5e3a96276e325.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-1ef59f0a1b872e31.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_core-e352fdf6f38ada21.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_std-05a98bc8a268f144.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd-55e662df679d038f.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd-55e662df679d038f.so -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd_detect-0b86b09b624ecd98.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libsysroot-61b860b8000a8886.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libtest-603b1bafd4f145b9.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libunicode_width-691e5c3921b9b49f.rlib -#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libunwind-1146c5c38405ef5e.rlib #usr/lib/rustlib/components #usr/lib/rustlib/etc #usr/lib/rustlib/etc/gdb_load_rust_pretty_printers.py @@ -85,6 +26,51 @@ #usr/lib/rustlib/manifest-rustc #usr/lib/rustlib/rust-installer-version #usr/lib/rustlib/uninstall.sh +#usr/lib/rustlib/aarch64-unknown-linux-gnu +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/ld.lld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/ld64.lld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/lld-link +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/gcc-ld/wasm-ld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/rust-lld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/rust-objcopy +#usr/lib/rustlib/aarch64-unknown-linux-gnu/bin/wasm-component-ld +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libaddr2line-11d54e777384a9e5.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libadler2-1e0b0d62df36c85c.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/liballoc-06039bcfba61f665.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcfg_if-6a40188dd7d989d2.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcompiler_builtins-3e2e950d4bac10b5.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libcore-5080178c80bf7a93.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libgetopts-c8814943458d63c4.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libgimli-35018e994bad7042.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libhashbrown-2ed6a8f06fc51a9d.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/liblibc-d25e598578fbf080.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libmemchr-09f2ab7e0d97e07a.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libminiz_oxide-5312b588e5cfab93.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libobject-2dc10b344e05b569.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libpanic_abort-e2ab0eec3e5fd91a.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libpanic_unwind-932f22f820d1e5ec.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libproc_macro-f8e79ba97b69012b.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libprofiler_builtins-5fea4b1d5095fe92.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.asan.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.dfsan.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.lsan.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.msan.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.safestack.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc-stable_rt.tsan.a +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_demangle-43b2ff22c18e1125.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_literal_escaper-54d515d7e0ffe0c6.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-05b02707a5b2a256.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_core-327ea4f353b4eb8c.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/librustc_std_workspace_std-c7bda3ac2a6b49f7.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd-225863f279df55c4.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd-225863f279df55c4.so +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libstd_detect-5978f0713dd5442d.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libsysroot-85bdb6374f3e9283.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libtest-6c04d4913014a9fc.rlib +#usr/lib/rustlib/aarch64-unknown-linux-gnu/lib/libunwind-94fdfaf0af91a65d.rlib #usr/libexec/rust-analyzer-proc-macro-srv #usr/share/cargo #usr/share/cargo/registry @@ -94,10 +80,22 @@ #usr/share/doc/cargo/LICENSE-THIRD-PARTY #usr/share/doc/cargo/README.md #usr/share/doc/rust -#usr/share/doc/rust/COPYRIGHT -#usr/share/doc/rust/LICENSE-APACHE -#usr/share/doc/rust/LICENSE-MIT +#usr/share/doc/rust/COPYRIGHT-library.html +#usr/share/doc/rust/COPYRIGHT.html #usr/share/doc/rust/README.md +#usr/share/doc/rust/licenses +#usr/share/doc/rust/licenses/Apache-2.0.txt +#usr/share/doc/rust/licenses/BSD-2-Clause.txt +#usr/share/doc/rust/licenses/CC-BY-SA-4.0.txt +#usr/share/doc/rust/licenses/GCC-exception-3.1.txt +#usr/share/doc/rust/licenses/GPL-2.0-only.txt +#usr/share/doc/rust/licenses/GPL-3.0-or-later.txt +#usr/share/doc/rust/licenses/ISC.txt +#usr/share/doc/rust/licenses/LLVM-exception.txt +#usr/share/doc/rust/licenses/MIT.txt +#usr/share/doc/rust/licenses/NCSA.txt +#usr/share/doc/rust/licenses/OFL-1.1.txt +#usr/share/doc/rust/licenses/Unicode-3.0.txt #usr/share/man/man1/cargo-add.1 #usr/share/man/man1/cargo-bench.1 #usr/share/man/man1/cargo-build.1 diff --git a/config/rootfiles/common/riscv64/rust b/config/rootfiles/common/riscv64/rust index fd106892d..96e813076 100644 --- a/config/rootfiles/common/riscv64/rust +++ b/config/rootfiles/common/riscv64/rust @@ -6,26 +6,10 @@ #usr/bin/rustdoc #usr/etc/bash_completion.d #usr/etc/bash_completion.d/cargo -#usr/lib/libdarling_macro-333094c091df4015.so -#usr/lib/libderive_setters-eb9d17375f0d2024.so -#usr/lib/libderive_where-a4ceb656b618c723.so -#usr/lib/libdisplaydoc-6ab65588c4fed8b6.so -#usr/lib/libicu_provider_macros-c1885a81c3aaa649.so -#usr/lib/libproc_macro_hack-e8d8a46285916400.so -#usr/lib/librustc_driver-308f082c9fea1d1b.so -#usr/lib/librustc_fluent_macro-556889dcb410e6da.so -#usr/lib/librustc_index_macros-4b06439ae4c576d8.so -#usr/lib/librustc_macros-0c8828fa6210aaec.so -#usr/lib/librustc_type_ir_macros-0b05e66771d07295.so -#usr/lib/libserde_derive-70778b02209d2ff5.so -#usr/lib/libthiserror_impl-35548549b7872eab.so -#usr/lib/libtime_macros-ef6b176b1d947a33.so -#usr/lib/libtracing_attributes-85c7e1ea105764f4.so -#usr/lib/libunic_langid_macros_impl-b2f246a72e268ad0.so -#usr/lib/libyoke_derive-701ee0d81fd6e1e2.so -#usr/lib/libzerocopy_derive-e95fa47f5d0db252.so -#usr/lib/libzerofrom_derive-42ab18fae7d19f9a.so -#usr/lib/libzerovec_derive-8fa84d155226655f.so +#usr/etc/target-spec-json-schema.json +#usr/lib/libLLVM-21-rust-1.92.0-stable.so +#usr/lib/libLLVM.so.21.1-rust-1.92.0-stable +#usr/lib/librustc_driver-d31eb41759495bb2.so #usr/lib/rustlib #usr/lib/rustlib/components #usr/lib/rustlib/etc @@ -40,6 +24,8 @@ #usr/lib/rustlib/manifest-cargo #usr/lib/rustlib/manifest-rust-std-riscv64gc-unknown-linux-gnu #usr/lib/rustlib/manifest-rustc +#usr/lib/rustlib/rust-installer-version +#usr/lib/rustlib/uninstall.sh #usr/lib/rustlib/riscv64gc-unknown-linux-gnu #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/gcc-ld @@ -47,39 +33,44 @@ #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/gcc-ld/ld64.lld #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/gcc-ld/lld-link #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/gcc-ld/wasm-ld +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/rust-lld #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/rust-objcopy #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/bin/wasm-component-ld #usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libaddr2line-65de847b01fb13aa.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libadler-f6150e2c8c7520a2.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/liballoc-65012f886c45ba83.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcfg_if-47b2ac880739af72.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcompiler_builtins-dcaac2e374baa989.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcore-e62f8d07515ae7ba.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libgetopts-3510c6a7a63b709c.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libgimli-94dceb6179529152.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libhashbrown-4a3b141370a80fcc.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/liblibc-e30ed58f641c8fef.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libmemchr-108d2e39dad4e231.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libminiz_oxide-809679d650a1462c.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libobject-3d904933cc45ac22.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libpanic_abort-a7dfdf989f233c89.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libpanic_unwind-432a51b442d90b95.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libproc_macro-cd166f2f689a98b2.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libprofiler_builtins-67327994d1b4bdc1.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_demangle-6087e86748847731.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_alloc-45dd03eb45d52454.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_core-fc703f796971554d.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_std-ebf8396a16eebb78.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd-8231cf027982a9e9.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd-8231cf027982a9e9.so -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd_detect-045721e0e8276e21.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libsysroot-3abe192d8d8fd99f.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libtest-11bd44812334fefb.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libunicode_width-5ad33c2ccb05df6c.rlib -#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libunwind-aaaa2315ee122353.rlib -#usr/lib/rustlib/rust-installer-version -#usr/lib/rustlib/uninstall.sh +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libaddr2line-11d54e777384a9e5.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libadler2-1e0b0d62df36c85c.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/liballoc-06039bcfba61f665.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcfg_if-6a40188dd7d989d2.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcompiler_builtins-3e2e950d4bac10b5.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libcore-5080178c80bf7a93.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libgetopts-c8814943458d63c4.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libgimli-35018e994bad7042.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libhashbrown-2ed6a8f06fc51a9d.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/liblibc-d25e598578fbf080.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libmemchr-09f2ab7e0d97e07a.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libminiz_oxide-5312b588e5cfab93.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libobject-2dc10b344e05b569.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libpanic_abort-e2ab0eec3e5fd91a.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libpanic_unwind-932f22f820d1e5ec.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libproc_macro-f8e79ba97b69012b.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libprofiler_builtins-5fea4b1d5095fe92.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.asan.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.dfsan.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.lsan.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.msan.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.safestack.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc-stable_rt.tsan.a +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_demangle-43b2ff22c18e1125.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_literal_escaper-54d515d7e0ffe0c6.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_alloc-05b02707a5b2a256.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_core-327ea4f353b4eb8c.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/librustc_std_workspace_std-c7bda3ac2a6b49f7.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd-225863f279df55c4.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd-225863f279df55c4.so +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libstd_detect-5978f0713dd5442d.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libsysroot-85bdb6374f3e9283.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libtest-6c04d4913014a9fc.rlib +#usr/lib/rustlib/riscv64gc-unknown-linux-gnu/lib/libunwind-94fdfaf0af91a65d.rlib #usr/libexec/rust-analyzer-proc-macro-srv #usr/share/cargo #usr/share/cargo/registry @@ -89,10 +80,22 @@ #usr/share/doc/cargo/LICENSE-THIRD-PARTY #usr/share/doc/cargo/README.md #usr/share/doc/rust -#usr/share/doc/rust/COPYRIGHT -#usr/share/doc/rust/LICENSE-APACHE -#usr/share/doc/rust/LICENSE-MIT +#usr/share/doc/rust/COPYRIGHT-library.html +#usr/share/doc/rust/COPYRIGHT.html #usr/share/doc/rust/README.md +#usr/share/doc/rust/licenses +#usr/share/doc/rust/licenses/Apache-2.0.txt +#usr/share/doc/rust/licenses/BSD-2-Clause.txt +#usr/share/doc/rust/licenses/CC-BY-SA-4.0.txt +#usr/share/doc/rust/licenses/GCC-exception-3.1.txt +#usr/share/doc/rust/licenses/GPL-2.0-only.txt +#usr/share/doc/rust/licenses/GPL-3.0-or-later.txt +#usr/share/doc/rust/licenses/ISC.txt +#usr/share/doc/rust/licenses/LLVM-exception.txt +#usr/share/doc/rust/licenses/MIT.txt +#usr/share/doc/rust/licenses/NCSA.txt +#usr/share/doc/rust/licenses/OFL-1.1.txt +#usr/share/doc/rust/licenses/Unicode-3.0.txt #usr/share/man/man1/cargo-add.1 #usr/share/man/man1/cargo-bench.1 #usr/share/man/man1/cargo-build.1 diff --git a/config/rootfiles/common/x86_64/rust b/config/rootfiles/common/x86_64/rust index e6c0ac5ef..adf16ec7b 100644 --- a/config/rootfiles/common/x86_64/rust +++ b/config/rootfiles/common/x86_64/rust @@ -6,9 +6,10 @@ #usr/bin/rustdoc #usr/etc/bash_completion.d #usr/etc/bash_completion.d/cargo -#usr/lib/libLLVM-19-rust-1.85.0-stable.so -#usr/lib/libLLVM.so.19.1-rust-1.85.0-stable -#usr/lib/librustc_driver-77ea5bfe5f9d9ec5.so +#usr/etc/target-spec-json-schema.json +#usr/lib/libLLVM-21-rust-1.92.0-stable.so +#usr/lib/libLLVM.so.21.1-rust-1.92.0-stable +#usr/lib/librustc_driver-d31eb41759495bb2.so #usr/lib/rustlib #usr/lib/rustlib/components #usr/lib/rustlib/etc @@ -32,43 +33,44 @@ #usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/gcc-ld/ld64.lld #usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/gcc-ld/lld-link #usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/gcc-ld/wasm-ld +#usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/rust-lld #usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/rust-objcopy #usr/lib/rustlib/x86_64-unknown-linux-gnu/bin/wasm-component-ld #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libaddr2line-86d8d9428792e8ef.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libadler-fa99f5692b5dce85.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc-715bc629a88bca60.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if-f7ee3f1ea78d9dae.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins-1af05515ab19524a.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-406129d0e3fbc101.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgetopts-d04d0c542852b7d7.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgimli-10f06487503767c2.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown-a7f5bb2f736d3c49.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc-d3a35665f881365a.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libmemchr-500edd5521c440d4.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libminiz_oxide-376454d49910c786.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libobject-ec6154ccae37a33e.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_abort-4dabff3cfff0af69.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind-267e668abf74a283.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libproc_macro-57e423f2e16d22f0.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libprofiler_builtins-39641a735291dd5c.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libaddr2line-11d54e777384a9e5.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libadler2-1e0b0d62df36c85c.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc-06039bcfba61f665.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if-6a40188dd7d989d2.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcompiler_builtins-3e2e950d4bac10b5.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-5080178c80bf7a93.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgetopts-c8814943458d63c4.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libgimli-35018e994bad7042.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown-2ed6a8f06fc51a9d.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc-d25e598578fbf080.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libmemchr-09f2ab7e0d97e07a.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libminiz_oxide-5312b588e5cfab93.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libobject-2dc10b344e05b569.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_abort-e2ab0eec3e5fd91a.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind-932f22f820d1e5ec.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libproc_macro-f8e79ba97b69012b.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libprofiler_builtins-5fea4b1d5095fe92.rlib #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.asan.a #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.dfsan.a #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.lsan.a #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.msan.a #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.safestack.a #usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc-stable_rt.tsan.a -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_demangle-6a38424de1e5bca5.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-7e368919bdc4a44c.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_core-ae70165d1278cff7.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_std-6cf585dc4073d549.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-6273572f18644c87.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-6273572f18644c87.so -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_detect-de9763ea1c19dca3.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libsysroot-e9aa32a273745138.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libtest-bb17ba1fa02ea08e.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunicode_width-7748d1fe0f8acd00.rlib -#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind-91cafdaf16f7fe40.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_demangle-43b2ff22c18e1125.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_literal_escaper-54d515d7e0ffe0c6.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-05b02707a5b2a256.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_core-327ea4f353b4eb8c.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_std-c7bda3ac2a6b49f7.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-225863f279df55c4.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-225863f279df55c4.so +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd_detect-5978f0713dd5442d.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libsysroot-85bdb6374f3e9283.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libtest-6c04d4913014a9fc.rlib +#usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind-94fdfaf0af91a65d.rlib #usr/libexec/rust-analyzer-proc-macro-srv #usr/share/cargo #usr/share/cargo/registry @@ -78,10 +80,22 @@ #usr/share/doc/cargo/LICENSE-THIRD-PARTY #usr/share/doc/cargo/README.md #usr/share/doc/rust -#usr/share/doc/rust/COPYRIGHT -#usr/share/doc/rust/LICENSE-APACHE -#usr/share/doc/rust/LICENSE-MIT +#usr/share/doc/rust/COPYRIGHT-library.html +#usr/share/doc/rust/COPYRIGHT.html #usr/share/doc/rust/README.md +#usr/share/doc/rust/licenses +#usr/share/doc/rust/licenses/Apache-2.0.txt +#usr/share/doc/rust/licenses/BSD-2-Clause.txt +#usr/share/doc/rust/licenses/CC-BY-SA-4.0.txt +#usr/share/doc/rust/licenses/GCC-exception-3.1.txt +#usr/share/doc/rust/licenses/GPL-2.0-only.txt +#usr/share/doc/rust/licenses/GPL-3.0-or-later.txt +#usr/share/doc/rust/licenses/ISC.txt +#usr/share/doc/rust/licenses/LLVM-exception.txt +#usr/share/doc/rust/licenses/MIT.txt +#usr/share/doc/rust/licenses/NCSA.txt +#usr/share/doc/rust/licenses/OFL-1.1.txt +#usr/share/doc/rust/licenses/Unicode-3.0.txt #usr/share/man/man1/cargo-add.1 #usr/share/man/man1/cargo-bench.1 #usr/share/man/man1/cargo-build.1 diff --git a/lfs/rust b/lfs/rust index a122265eb..5cf265c4d 100644 --- a/lfs/rust +++ b/lfs/rust @@ -24,12 +24,12 @@ include Config -VER = 1.85.0 +VER = 1.92.0 # https://forge.rust-lang.org/infra/other-installation-methods.html#standalone-installers THISAPP = rust-$(VER) -DL_FILE = $(THISAPP)-$(RUST_PLATFORM).tar.gz +DL_FILE = $(THISAPP)-$(RUST_PLATFORM).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP)-$(RUST_PLATFORM) TARGET = $(DIR_INFO)/$(THISAPP) @@ -42,9 +42,9 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(THISAPP)-x86_64-unknown-linux-gnu.tar.gz_BLAKE2 = c8df9b124ed155482d445c01a4e4d113206fc5d1bd2c8c55fbcd3462819796a06ec3b5fe8a0943f8eb46ef256673cf50101bb8644fea1565ae612d650f23ece8 -$(THISAPP)-aarch64-unknown-linux-gnu.tar.gz_BLAKE2 = bb5c7085b352e33b5cbfccc3910c2793918c517beb77cd432de60d798de997d0f659f489a08e98fd85e2ea56593b8fb831c9d6a8f78c684712b5bbc35a5824d4 -$(THISAPP)-riscv64gc-unknown-linux-gnu.tar.gz_BLAKE2 = a29aae566e349d597f7ed311c4b7b061c267f9c678b0227930401b8b89ccf56168bbbc168601d8c9d927a116f3efeb1e8ce582e9ca4aec40f270fa0ea9fa9a01 +$(THISAPP)-x86_64-unknown-linux-gnu.tar.xz_BLAKE2 = a4d300f49db610ec30123c68f7b29ea72cf24e543e14f00d3ffafd7a41a25b699fef7b9d62be06a327d4aa08a191c3deca4b7472b7c0c99a0aefa16c7027a7de +$(THISAPP)-aarch64-unknown-linux-gnu.tar.xz_BLAKE2 = 268524a8066b68dfc2aa4fa524679b3ecc1bf47f74aab47b794eeb0a3ecc76255b7056ad1a852512a52a06802a2dc457bba8c60107d0cb9b464215c344c5430d +$(THISAPP)-riscv64gc-unknown-linux-gnu.tar.xz_BLAKE2 = e9b200abbd0e294019cd99bb3c6768615ce0bbb7609b3c723a0a57a0d697bdc438c691523f8487b14a9c9397eff0f56b02662b0eb78e057d03100d1ab8d888d6 install : $(TARGET) @@ -80,9 +80,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --prefix=/usr \ --disable-ldconfig - # Remove LLVM tools - rm -vf /usr/lib/rustlib/$(RUST_PLATFORM)/bin/rust-ll{d,vm-dwp} - # Create local registry mkdir -pv $(CARGO_REGISTRY) -- 2.47.3 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 0/3] suricata: Add ability to purge the sgh cache 2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl 2026-01-23 5:26 ` [PATCH 1/3] suricata: Add upstream patch to purge sgh-mpm-caches Stefan Schantl 2026-01-23 5:26 ` [PATCH 2/3] rust: Update to 1.92.0 Stefan Schantl @ 2026-01-23 10:09 ` Michael Tremer 2026-01-23 10:33 ` Adolf Belka 2 siblings, 1 reply; 17+ messages in thread From: Michael Tremer @ 2026-01-23 10:09 UTC (permalink / raw) To: Stefan Schantl; +Cc: development Hello Stefan, Thank you for this patch. It baffles me that some functionality that could be implemented in a single find command is pulling in just under one hundred more Rust crates. Shipping crates that even have the word “Windows” in their name is beyond me since we are a Linux distribution. I understand that we have no other choice in this instance and that we will need these things anyways for any future versions of Suricata. To state this once more, this is something that seems absolutely unmaintainable to me. The pure quantity of the code that is being added is completely unauditable, well… you all know how I am feeling about this. I will merge this now and then we will have to have a little conversation about the state of Rust in IPFire. Best, -Michael > On 23 Jan 2026, at 05:26, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Good morning list followers, > > I've recently finished building and testing the patched suricata version > on my productive system. > > When starting the patched suricata or doing a reload operation, all the > sgh cache files which are older than 7 days have been removed > successfully. > > So for me this changes can be shipped to a bigger group of testers. > > Best regards, > > -Stefan > > Stefan Schantl (3): > suricata: Add upstream patch to purge sgh-mpm-caches > rust: Update to 1.92.0 > cbindgen: New package > > config/rootfiles/common/aarch64/rust | 130 +- > config/rootfiles/common/cbindgen | 1 + > config/rootfiles/common/riscv64/rust | 109 +- > config/rootfiles/common/rust-adler2 | 15 + > config/rootfiles/common/rust-anstream | 22 + > config/rootfiles/common/rust-anstyle | 15 + > config/rootfiles/common/rust-anstyle-parse | 16 + > config/rootfiles/common/rust-anstyle-query | 11 + > config/rootfiles/common/rust-anstyle-wincon | 14 + > config/rootfiles/common/rust-anyhow | 56 + > config/rootfiles/common/rust-auditable-serde | 9 + > config/rootfiles/common/rust-bitflags | 63 + > config/rootfiles/common/rust-clap | 154 ++ > config/rootfiles/common/rust-clap_builder | 71 + > config/rootfiles/common/rust-clap_lex | 9 + > config/rootfiles/common/rust-colorchoice | 8 + > config/rootfiles/common/rust-crc32fast | 19 + > config/rootfiles/common/rust-displaydoc | 42 + > config/rootfiles/common/rust-errno | 16 + > config/rootfiles/common/rust-fastrand | 16 + > config/rootfiles/common/rust-flate2 | 71 + > config/rootfiles/common/rust-form_urlencoded | 8 + > config/rootfiles/common/rust-getrandom | 85 +- > config/rootfiles/common/rust-getrandom-0.2.4 | 38 + > config/rootfiles/common/rust-heck | 17 + > config/rootfiles/common/rust-humantime | 16 + > config/rootfiles/common/rust-icu_collections | 85 ++ > config/rootfiles/common/rust-icu_locale_core | 105 ++ > config/rootfiles/common/rust-icu_normalizer | 42 + > .../rootfiles/common/rust-icu_normalizer_data | 17 + > config/rootfiles/common/rust-icu_properties | 19 + > .../rootfiles/common/rust-icu_properties_data | 139 ++ > config/rootfiles/common/rust-icu_provider | 29 + > config/rootfiles/common/rust-id-arena | 14 + > config/rootfiles/common/rust-idna | 24 + > config/rootfiles/common/rust-idna_adapter | 9 + > .../common/rust-is_terminal_polyfill | 8 + > config/rootfiles/common/rust-leb128fmt | 9 + > config/rootfiles/common/rust-libc | 801 ++++++---- > config/rootfiles/common/rust-libc-0.2.108 | 277 ++++ > config/rootfiles/common/rust-linux-raw-sys | 410 +++++ > config/rootfiles/common/rust-litemap | 27 + > config/rootfiles/common/rust-log | 47 +- > config/rootfiles/common/rust-log-0.4.14 | 22 + > config/rootfiles/common/rust-miniz_oxide | 24 + > config/rootfiles/common/rust-once_cell | 55 +- > config/rootfiles/common/rust-once_cell-1.9.0 | 24 + > .../rootfiles/common/rust-once_cell_polyfill | 10 + > config/rootfiles/common/rust-percent-encoding | 9 + > config/rootfiles/common/rust-potential_utf | 10 + > config/rootfiles/common/rust-prettyplease | 39 + > config/rootfiles/common/rust-r-efi | 71 + > config/rootfiles/common/rust-rustix | 403 +++++ > config/rootfiles/common/rust-semver | 42 +- > config/rootfiles/common/rust-semver-0.9.0 | 15 + > config/rootfiles/common/rust-semver-parser | 33 +- > .../rootfiles/common/rust-semver-parser-0.7.0 | 12 + > config/rootfiles/common/rust-serde | 71 +- > config/rootfiles/common/rust-serde-1.0.216 | 32 + > config/rootfiles/common/rust-serde_core | 31 + > config/rootfiles/common/rust-serde_derive | 67 +- > .../common/rust-serde_derive-1.0.216 | 28 + > config/rootfiles/common/rust-simd-adler32 | 19 + > config/rootfiles/common/rust-smallvec | 40 +- > config/rootfiles/common/rust-smallvec-1.8.0 | 18 + > config/rootfiles/common/rust-spdx | 605 ++++++++ > .../rootfiles/common/rust-stable_deref_trait | 18 +- > config/rootfiles/common/rust-strsim | 14 + > config/rootfiles/common/rust-syn | 225 +-- > config/rootfiles/common/rust-syn-2.0.90 | 111 ++ > config/rootfiles/common/rust-synstructure | 16 +- > config/rootfiles/common/rust-tempfile | 32 + > config/rootfiles/common/rust-tinystr | 25 + > config/rootfiles/common/rust-topological-sort | 9 + > config/rootfiles/common/rust-unicode-xid | 30 +- > .../rootfiles/common/rust-unicode-xid-0.2.1 | 14 + > config/rootfiles/common/rust-url | 20 + > config/rootfiles/common/rust-utf16_iter | 12 + > config/rootfiles/common/rust-utf8_iter | 12 + > config/rootfiles/common/rust-utf8parse | 12 + > config/rootfiles/common/rust-wasip2 | 30 + > config/rootfiles/common/rust-wasm-encoder | 45 + > config/rootfiles/common/rust-wasm-metadata | 31 + > config/rootfiles/common/rust-wasmparser | 79 + > config/rootfiles/common/rust-windows-link | 9 + > config/rootfiles/common/rust-windows-sys | 505 +++++++ > config/rootfiles/common/rust-wit-bindgen | 42 + > config/rootfiles/common/rust-wit-bindgen-core | 15 + > config/rootfiles/common/rust-wit-bindgen-rust | 21 + > .../common/rust-wit-bindgen-rust-macro | 10 + > config/rootfiles/common/rust-wit-component | 1006 +++++++++++++ > config/rootfiles/common/rust-wit-parser | 621 ++++++++ > config/rootfiles/common/rust-write16 | 10 + > config/rootfiles/common/rust-writeable | 23 + > config/rootfiles/common/rust-yoke | 18 + > config/rootfiles/common/rust-yoke-derive | 11 + > config/rootfiles/common/rust-zerofrom | 9 + > config/rootfiles/common/rust-zerofrom-derive | 11 + > config/rootfiles/common/rust-zerotrie | 44 + > config/rootfiles/common/rust-zerovec | 69 + > config/rootfiles/common/rust-zerovec-derive | 17 + > config/rootfiles/common/x86_64/rust | 82 +- > config/suricata/suricata.yaml | 1 + > lfs/cbindgen | 80 + > lfs/rust | 13 +- > lfs/rust-adler2 | 81 + > lfs/rust-anstream | 81 + > lfs/rust-anstyle | 81 + > lfs/rust-anstyle-parse | 81 + > lfs/rust-anstyle-query | 81 + > lfs/rust-anstyle-wincon | 81 + > lfs/rust-anyhow | 81 + > lfs/rust-auditable-serde | 81 + > lfs/rust-bitflags | 81 + > lfs/rust-clap | 81 + > lfs/rust-clap_builder | 81 + > lfs/rust-clap_lex | 81 + > lfs/rust-colorchoice | 81 + > lfs/rust-crc32fast | 81 + > lfs/rust-displaydoc | 81 + > lfs/rust-errno | 81 + > lfs/rust-fastrand | 81 + > lfs/rust-flate2 | 81 + > lfs/rust-form_urlencoded | 81 + > lfs/rust-getrandom | 8 +- > lfs/rust-getrandom-0.2.4 | 81 + > lfs/rust-heck | 81 + > lfs/rust-humantime | 81 + > lfs/rust-icu_collections | 81 + > lfs/rust-icu_locale_core | 81 + > lfs/rust-icu_normalizer | 81 + > lfs/rust-icu_normalizer_data | 81 + > lfs/rust-icu_properties | 81 + > lfs/rust-icu_properties_data | 81 + > lfs/rust-icu_provider | 81 + > lfs/rust-id-arena | 81 + > lfs/rust-idna | 81 + > lfs/rust-idna_adapter | 81 + > lfs/rust-is_terminal_polyfill | 81 + > lfs/rust-leb128fmt | 81 + > lfs/rust-libc | 7 +- > lfs/rust-libc-0.2.108 | 80 + > lfs/rust-linux-raw-sys | 81 + > lfs/rust-litemap | 81 + > lfs/rust-log | 12 +- > lfs/rust-log-0.4.14 | 85 ++ > lfs/rust-miniz_oxide | 81 + > lfs/rust-once_cell | 12 +- > lfs/rust-once_cell-1.9.0 | 85 ++ > lfs/rust-once_cell_polyfill | 81 + > lfs/rust-percent-encoding | 81 + > lfs/rust-potential_utf | 81 + > lfs/rust-prettyplease | 81 + > lfs/rust-r-efi | 81 + > lfs/rust-rustix | 81 + > lfs/rust-semver | 12 +- > lfs/rust-semver-0.9.0 | 85 ++ > lfs/rust-semver-parser | 7 +- > lfs/rust-semver-parser-0.7.0 | 80 + > lfs/rust-serde | 4 +- > lfs/rust-serde-1.0.216 | 81 + > lfs/rust-serde_core | 81 + > lfs/rust-serde_derive | 4 +- > lfs/rust-serde_derive-1.0.216 | 81 + > lfs/rust-simd-adler32 | 81 + > lfs/rust-smallvec | 12 +- > lfs/rust-smallvec-1.8.0 | 85 ++ > lfs/rust-spdx | 81 + > lfs/rust-stable_deref_trait | 12 +- > lfs/rust-strsim | 81 + > lfs/rust-syn | 4 +- > lfs/rust-syn-2.0.90 | 81 + > lfs/rust-synstructure | 4 +- > lfs/rust-tempfile | 81 + > lfs/rust-tinystr | 81 + > lfs/rust-topological-sort | 81 + > lfs/rust-unicode-xid | 7 +- > lfs/rust-unicode-xid-0.2.1 | 80 + > lfs/rust-url | 81 + > lfs/rust-utf16_iter | 81 + > lfs/rust-utf8_iter | 81 + > lfs/rust-utf8parse | 81 + > lfs/rust-wasip2 | 81 + > lfs/rust-wasm-encoder | 81 + > lfs/rust-wasm-metadata | 81 + > lfs/rust-wasmparser | 81 + > lfs/rust-windows-link | 81 + > lfs/rust-windows-sys | 81 + > lfs/rust-wit-bindgen | 81 + > lfs/rust-wit-bindgen-core | 81 + > lfs/rust-wit-bindgen-rust | 81 + > lfs/rust-wit-bindgen-rust-macro | 81 + > lfs/rust-wit-component | 81 + > lfs/rust-wit-parser | 81 + > lfs/rust-write16 | 81 + > lfs/rust-writeable | 81 + > lfs/rust-yoke | 81 + > lfs/rust-yoke-derive | 81 + > lfs/rust-zerofrom | 81 + > lfs/rust-zerofrom-derive | 81 + > lfs/rust-zerotrie | 81 + > lfs/rust-zerovec | 81 + > lfs/rust-zerovec-derive | 81 + > lfs/suricata | 13 +- > make.sh | 133 +- > ...suricata-8.0.3-purge-hyperscan-cache.patch | 1341 +++++++++++++++++ > 206 files changed, 15762 insertions(+), 853 deletions(-) > create mode 100644 config/rootfiles/common/cbindgen > create mode 100644 config/rootfiles/common/rust-adler2 > create mode 100644 config/rootfiles/common/rust-anstream > create mode 100644 config/rootfiles/common/rust-anstyle > create mode 100644 config/rootfiles/common/rust-anstyle-parse > create mode 100644 config/rootfiles/common/rust-anstyle-query > create mode 100644 config/rootfiles/common/rust-anstyle-wincon > create mode 100644 config/rootfiles/common/rust-anyhow > create mode 100644 config/rootfiles/common/rust-auditable-serde > create mode 100644 config/rootfiles/common/rust-bitflags > create mode 100644 config/rootfiles/common/rust-clap > create mode 100644 config/rootfiles/common/rust-clap_builder > create mode 100644 config/rootfiles/common/rust-clap_lex > create mode 100644 config/rootfiles/common/rust-colorchoice > create mode 100644 config/rootfiles/common/rust-crc32fast > create mode 100644 config/rootfiles/common/rust-displaydoc > create mode 100644 config/rootfiles/common/rust-errno > create mode 100644 config/rootfiles/common/rust-fastrand > create mode 100644 config/rootfiles/common/rust-flate2 > create mode 100644 config/rootfiles/common/rust-form_urlencoded > create mode 100644 config/rootfiles/common/rust-getrandom-0.2.4 > create mode 100644 config/rootfiles/common/rust-heck > create mode 100644 config/rootfiles/common/rust-humantime > create mode 100644 config/rootfiles/common/rust-icu_collections > create mode 100644 config/rootfiles/common/rust-icu_locale_core > create mode 100644 config/rootfiles/common/rust-icu_normalizer > create mode 100644 config/rootfiles/common/rust-icu_normalizer_data > create mode 100644 config/rootfiles/common/rust-icu_properties > create mode 100644 config/rootfiles/common/rust-icu_properties_data > create mode 100644 config/rootfiles/common/rust-icu_provider > create mode 100644 config/rootfiles/common/rust-id-arena > create mode 100644 config/rootfiles/common/rust-idna > create mode 100644 config/rootfiles/common/rust-idna_adapter > create mode 100644 config/rootfiles/common/rust-is_terminal_polyfill > create mode 100644 config/rootfiles/common/rust-leb128fmt > create mode 100644 config/rootfiles/common/rust-libc-0.2.108 > create mode 100644 config/rootfiles/common/rust-linux-raw-sys > create mode 100644 config/rootfiles/common/rust-litemap > create mode 100644 config/rootfiles/common/rust-log-0.4.14 > create mode 100644 config/rootfiles/common/rust-miniz_oxide > create mode 100644 config/rootfiles/common/rust-once_cell-1.9.0 > create mode 100644 config/rootfiles/common/rust-once_cell_polyfill > create mode 100644 config/rootfiles/common/rust-percent-encoding > create mode 100644 config/rootfiles/common/rust-potential_utf > create mode 100644 config/rootfiles/common/rust-prettyplease > create mode 100644 config/rootfiles/common/rust-r-efi > create mode 100644 config/rootfiles/common/rust-rustix > create mode 100644 config/rootfiles/common/rust-semver-0.9.0 > create mode 100644 config/rootfiles/common/rust-semver-parser-0.7.0 > create mode 100644 config/rootfiles/common/rust-serde-1.0.216 > create mode 100644 config/rootfiles/common/rust-serde_core > create mode 100644 config/rootfiles/common/rust-serde_derive-1.0.216 > create mode 100644 config/rootfiles/common/rust-simd-adler32 > create mode 100644 config/rootfiles/common/rust-smallvec-1.8.0 > create mode 100644 config/rootfiles/common/rust-spdx > create mode 100644 config/rootfiles/common/rust-strsim > create mode 100644 config/rootfiles/common/rust-syn-2.0.90 > create mode 100644 config/rootfiles/common/rust-tempfile > create mode 100644 config/rootfiles/common/rust-tinystr > create mode 100644 config/rootfiles/common/rust-topological-sort > create mode 100644 config/rootfiles/common/rust-unicode-xid-0.2.1 > create mode 100644 config/rootfiles/common/rust-url > create mode 100644 config/rootfiles/common/rust-utf16_iter > create mode 100644 config/rootfiles/common/rust-utf8_iter > create mode 100644 config/rootfiles/common/rust-utf8parse > create mode 100644 config/rootfiles/common/rust-wasip2 > create mode 100644 config/rootfiles/common/rust-wasm-encoder > create mode 100644 config/rootfiles/common/rust-wasm-metadata > create mode 100644 config/rootfiles/common/rust-wasmparser > create mode 100644 config/rootfiles/common/rust-windows-link > create mode 100644 config/rootfiles/common/rust-windows-sys > create mode 100644 config/rootfiles/common/rust-wit-bindgen > create mode 100644 config/rootfiles/common/rust-wit-bindgen-core > create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust > create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust-macro > create mode 100644 config/rootfiles/common/rust-wit-component > create mode 100644 config/rootfiles/common/rust-wit-parser > create mode 100644 config/rootfiles/common/rust-write16 > create mode 100644 config/rootfiles/common/rust-writeable > create mode 100644 config/rootfiles/common/rust-yoke > create mode 100644 config/rootfiles/common/rust-yoke-derive > create mode 100644 config/rootfiles/common/rust-zerofrom > create mode 100644 config/rootfiles/common/rust-zerofrom-derive > create mode 100644 config/rootfiles/common/rust-zerotrie > create mode 100644 config/rootfiles/common/rust-zerovec > create mode 100644 config/rootfiles/common/rust-zerovec-derive > create mode 100644 lfs/cbindgen > create mode 100644 lfs/rust-adler2 > create mode 100644 lfs/rust-anstream > create mode 100644 lfs/rust-anstyle > create mode 100644 lfs/rust-anstyle-parse > create mode 100644 lfs/rust-anstyle-query > create mode 100644 lfs/rust-anstyle-wincon > create mode 100644 lfs/rust-anyhow > create mode 100644 lfs/rust-auditable-serde > create mode 100644 lfs/rust-bitflags > create mode 100644 lfs/rust-clap > create mode 100644 lfs/rust-clap_builder > create mode 100644 lfs/rust-clap_lex > create mode 100644 lfs/rust-colorchoice > create mode 100644 lfs/rust-crc32fast > create mode 100644 lfs/rust-displaydoc > create mode 100644 lfs/rust-errno > create mode 100644 lfs/rust-fastrand > create mode 100644 lfs/rust-flate2 > create mode 100644 lfs/rust-form_urlencoded > create mode 100644 lfs/rust-getrandom-0.2.4 > create mode 100644 lfs/rust-heck > create mode 100644 lfs/rust-humantime > create mode 100644 lfs/rust-icu_collections > create mode 100644 lfs/rust-icu_locale_core > create mode 100644 lfs/rust-icu_normalizer > create mode 100644 lfs/rust-icu_normalizer_data > create mode 100644 lfs/rust-icu_properties > create mode 100644 lfs/rust-icu_properties_data > create mode 100644 lfs/rust-icu_provider > create mode 100644 lfs/rust-id-arena > create mode 100644 lfs/rust-idna > create mode 100644 lfs/rust-idna_adapter > create mode 100644 lfs/rust-is_terminal_polyfill > create mode 100644 lfs/rust-leb128fmt > create mode 100644 lfs/rust-libc-0.2.108 > create mode 100644 lfs/rust-linux-raw-sys > create mode 100644 lfs/rust-litemap > create mode 100644 lfs/rust-log-0.4.14 > create mode 100644 lfs/rust-miniz_oxide > create mode 100644 lfs/rust-once_cell-1.9.0 > create mode 100644 lfs/rust-once_cell_polyfill > create mode 100644 lfs/rust-percent-encoding > create mode 100644 lfs/rust-potential_utf > create mode 100644 lfs/rust-prettyplease > create mode 100644 lfs/rust-r-efi > create mode 100644 lfs/rust-rustix > create mode 100644 lfs/rust-semver-0.9.0 > create mode 100644 lfs/rust-semver-parser-0.7.0 > create mode 100644 lfs/rust-serde-1.0.216 > create mode 100644 lfs/rust-serde_core > create mode 100644 lfs/rust-serde_derive-1.0.216 > create mode 100644 lfs/rust-simd-adler32 > create mode 100644 lfs/rust-smallvec-1.8.0 > create mode 100644 lfs/rust-spdx > create mode 100644 lfs/rust-strsim > create mode 100644 lfs/rust-syn-2.0.90 > create mode 100644 lfs/rust-tempfile > create mode 100644 lfs/rust-tinystr > create mode 100644 lfs/rust-topological-sort > create mode 100644 lfs/rust-unicode-xid-0.2.1 > create mode 100644 lfs/rust-url > create mode 100644 lfs/rust-utf16_iter > create mode 100644 lfs/rust-utf8_iter > create mode 100644 lfs/rust-utf8parse > create mode 100644 lfs/rust-wasip2 > create mode 100644 lfs/rust-wasm-encoder > create mode 100644 lfs/rust-wasm-metadata > create mode 100644 lfs/rust-wasmparser > create mode 100644 lfs/rust-windows-link > create mode 100644 lfs/rust-windows-sys > create mode 100644 lfs/rust-wit-bindgen > create mode 100644 lfs/rust-wit-bindgen-core > create mode 100644 lfs/rust-wit-bindgen-rust > create mode 100644 lfs/rust-wit-bindgen-rust-macro > create mode 100644 lfs/rust-wit-component > create mode 100644 lfs/rust-wit-parser > create mode 100644 lfs/rust-write16 > create mode 100644 lfs/rust-writeable > create mode 100644 lfs/rust-yoke > create mode 100644 lfs/rust-yoke-derive > create mode 100644 lfs/rust-zerofrom > create mode 100644 lfs/rust-zerofrom-derive > create mode 100644 lfs/rust-zerotrie > create mode 100644 lfs/rust-zerovec > create mode 100644 lfs/rust-zerovec-derive > create mode 100644 src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch > > -- > 2.47.3 > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 0/3] suricata: Add ability to purge the sgh cache 2026-01-23 10:09 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Michael Tremer @ 2026-01-23 10:33 ` Adolf Belka 2026-01-23 10:43 ` Michael Tremer 0 siblings, 1 reply; 17+ messages in thread From: Adolf Belka @ 2026-01-23 10:33 UTC (permalink / raw) To: Michael Tremer; +Cc: Stefan Schantl, IPFire: Development-List Hi Michael, On 23/01/2026 11:09, Michael Tremer wrote: > Hello Stefan, > > Thank you for this patch. > > It baffles me that some functionality that could be implemented in a single find command is pulling in just under one hundred more Rust crates. Shipping crates that even have the word “Windows” in their name is beyond me since we are a Linux distribution. This is happening because we are building the rust crates in offline mode and so it is up to us to figure out which OS we should be supporting. So you have to patch the Cargo.toml file in the rust module tarball to disable or remove any entries related to windows or wasm or any other OS that is not linux and where building the module tries to bring additional modules not related to Linux. This is something I have had to do with every Rust update and also with all my attempts with the Python update that also ends up needing updated and many additional rust modules. The good thing is that a lot of what Stefan has built here, except for the windows crates, are also required for the python update. On that point I will send out a separate email regarding my status and position. > > I understand that we have no other choice in this instance and that we will need these things anyways for any future versions of Suricata. > > To state this once more, this is something that seems absolutely unmaintainable to me. The pure quantity of the code that is being added is completely unauditable, well… you all know how I am feeling about this. > > I will merge this now and then we will have to have a little conversation about the state of Rust in IPFire. That would be a good topic to discuss. Regards, Adolf. > > Best, > -Michael > >> On 23 Jan 2026, at 05:26, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >> >> Good morning list followers, >> >> I've recently finished building and testing the patched suricata version >> on my productive system. >> >> When starting the patched suricata or doing a reload operation, all the >> sgh cache files which are older than 7 days have been removed >> successfully. >> >> So for me this changes can be shipped to a bigger group of testers. >> >> Best regards, >> >> -Stefan >> >> Stefan Schantl (3): >> suricata: Add upstream patch to purge sgh-mpm-caches >> rust: Update to 1.92.0 >> cbindgen: New package >> >> config/rootfiles/common/aarch64/rust | 130 +- >> config/rootfiles/common/cbindgen | 1 + >> config/rootfiles/common/riscv64/rust | 109 +- >> config/rootfiles/common/rust-adler2 | 15 + >> config/rootfiles/common/rust-anstream | 22 + >> config/rootfiles/common/rust-anstyle | 15 + >> config/rootfiles/common/rust-anstyle-parse | 16 + >> config/rootfiles/common/rust-anstyle-query | 11 + >> config/rootfiles/common/rust-anstyle-wincon | 14 + >> config/rootfiles/common/rust-anyhow | 56 + >> config/rootfiles/common/rust-auditable-serde | 9 + >> config/rootfiles/common/rust-bitflags | 63 + >> config/rootfiles/common/rust-clap | 154 ++ >> config/rootfiles/common/rust-clap_builder | 71 + >> config/rootfiles/common/rust-clap_lex | 9 + >> config/rootfiles/common/rust-colorchoice | 8 + >> config/rootfiles/common/rust-crc32fast | 19 + >> config/rootfiles/common/rust-displaydoc | 42 + >> config/rootfiles/common/rust-errno | 16 + >> config/rootfiles/common/rust-fastrand | 16 + >> config/rootfiles/common/rust-flate2 | 71 + >> config/rootfiles/common/rust-form_urlencoded | 8 + >> config/rootfiles/common/rust-getrandom | 85 +- >> config/rootfiles/common/rust-getrandom-0.2.4 | 38 + >> config/rootfiles/common/rust-heck | 17 + >> config/rootfiles/common/rust-humantime | 16 + >> config/rootfiles/common/rust-icu_collections | 85 ++ >> config/rootfiles/common/rust-icu_locale_core | 105 ++ >> config/rootfiles/common/rust-icu_normalizer | 42 + >> .../rootfiles/common/rust-icu_normalizer_data | 17 + >> config/rootfiles/common/rust-icu_properties | 19 + >> .../rootfiles/common/rust-icu_properties_data | 139 ++ >> config/rootfiles/common/rust-icu_provider | 29 + >> config/rootfiles/common/rust-id-arena | 14 + >> config/rootfiles/common/rust-idna | 24 + >> config/rootfiles/common/rust-idna_adapter | 9 + >> .../common/rust-is_terminal_polyfill | 8 + >> config/rootfiles/common/rust-leb128fmt | 9 + >> config/rootfiles/common/rust-libc | 801 ++++++---- >> config/rootfiles/common/rust-libc-0.2.108 | 277 ++++ >> config/rootfiles/common/rust-linux-raw-sys | 410 +++++ >> config/rootfiles/common/rust-litemap | 27 + >> config/rootfiles/common/rust-log | 47 +- >> config/rootfiles/common/rust-log-0.4.14 | 22 + >> config/rootfiles/common/rust-miniz_oxide | 24 + >> config/rootfiles/common/rust-once_cell | 55 +- >> config/rootfiles/common/rust-once_cell-1.9.0 | 24 + >> .../rootfiles/common/rust-once_cell_polyfill | 10 + >> config/rootfiles/common/rust-percent-encoding | 9 + >> config/rootfiles/common/rust-potential_utf | 10 + >> config/rootfiles/common/rust-prettyplease | 39 + >> config/rootfiles/common/rust-r-efi | 71 + >> config/rootfiles/common/rust-rustix | 403 +++++ >> config/rootfiles/common/rust-semver | 42 +- >> config/rootfiles/common/rust-semver-0.9.0 | 15 + >> config/rootfiles/common/rust-semver-parser | 33 +- >> .../rootfiles/common/rust-semver-parser-0.7.0 | 12 + >> config/rootfiles/common/rust-serde | 71 +- >> config/rootfiles/common/rust-serde-1.0.216 | 32 + >> config/rootfiles/common/rust-serde_core | 31 + >> config/rootfiles/common/rust-serde_derive | 67 +- >> .../common/rust-serde_derive-1.0.216 | 28 + >> config/rootfiles/common/rust-simd-adler32 | 19 + >> config/rootfiles/common/rust-smallvec | 40 +- >> config/rootfiles/common/rust-smallvec-1.8.0 | 18 + >> config/rootfiles/common/rust-spdx | 605 ++++++++ >> .../rootfiles/common/rust-stable_deref_trait | 18 +- >> config/rootfiles/common/rust-strsim | 14 + >> config/rootfiles/common/rust-syn | 225 +-- >> config/rootfiles/common/rust-syn-2.0.90 | 111 ++ >> config/rootfiles/common/rust-synstructure | 16 +- >> config/rootfiles/common/rust-tempfile | 32 + >> config/rootfiles/common/rust-tinystr | 25 + >> config/rootfiles/common/rust-topological-sort | 9 + >> config/rootfiles/common/rust-unicode-xid | 30 +- >> .../rootfiles/common/rust-unicode-xid-0.2.1 | 14 + >> config/rootfiles/common/rust-url | 20 + >> config/rootfiles/common/rust-utf16_iter | 12 + >> config/rootfiles/common/rust-utf8_iter | 12 + >> config/rootfiles/common/rust-utf8parse | 12 + >> config/rootfiles/common/rust-wasip2 | 30 + >> config/rootfiles/common/rust-wasm-encoder | 45 + >> config/rootfiles/common/rust-wasm-metadata | 31 + >> config/rootfiles/common/rust-wasmparser | 79 + >> config/rootfiles/common/rust-windows-link | 9 + >> config/rootfiles/common/rust-windows-sys | 505 +++++++ >> config/rootfiles/common/rust-wit-bindgen | 42 + >> config/rootfiles/common/rust-wit-bindgen-core | 15 + >> config/rootfiles/common/rust-wit-bindgen-rust | 21 + >> .../common/rust-wit-bindgen-rust-macro | 10 + >> config/rootfiles/common/rust-wit-component | 1006 +++++++++++++ >> config/rootfiles/common/rust-wit-parser | 621 ++++++++ >> config/rootfiles/common/rust-write16 | 10 + >> config/rootfiles/common/rust-writeable | 23 + >> config/rootfiles/common/rust-yoke | 18 + >> config/rootfiles/common/rust-yoke-derive | 11 + >> config/rootfiles/common/rust-zerofrom | 9 + >> config/rootfiles/common/rust-zerofrom-derive | 11 + >> config/rootfiles/common/rust-zerotrie | 44 + >> config/rootfiles/common/rust-zerovec | 69 + >> config/rootfiles/common/rust-zerovec-derive | 17 + >> config/rootfiles/common/x86_64/rust | 82 +- >> config/suricata/suricata.yaml | 1 + >> lfs/cbindgen | 80 + >> lfs/rust | 13 +- >> lfs/rust-adler2 | 81 + >> lfs/rust-anstream | 81 + >> lfs/rust-anstyle | 81 + >> lfs/rust-anstyle-parse | 81 + >> lfs/rust-anstyle-query | 81 + >> lfs/rust-anstyle-wincon | 81 + >> lfs/rust-anyhow | 81 + >> lfs/rust-auditable-serde | 81 + >> lfs/rust-bitflags | 81 + >> lfs/rust-clap | 81 + >> lfs/rust-clap_builder | 81 + >> lfs/rust-clap_lex | 81 + >> lfs/rust-colorchoice | 81 + >> lfs/rust-crc32fast | 81 + >> lfs/rust-displaydoc | 81 + >> lfs/rust-errno | 81 + >> lfs/rust-fastrand | 81 + >> lfs/rust-flate2 | 81 + >> lfs/rust-form_urlencoded | 81 + >> lfs/rust-getrandom | 8 +- >> lfs/rust-getrandom-0.2.4 | 81 + >> lfs/rust-heck | 81 + >> lfs/rust-humantime | 81 + >> lfs/rust-icu_collections | 81 + >> lfs/rust-icu_locale_core | 81 + >> lfs/rust-icu_normalizer | 81 + >> lfs/rust-icu_normalizer_data | 81 + >> lfs/rust-icu_properties | 81 + >> lfs/rust-icu_properties_data | 81 + >> lfs/rust-icu_provider | 81 + >> lfs/rust-id-arena | 81 + >> lfs/rust-idna | 81 + >> lfs/rust-idna_adapter | 81 + >> lfs/rust-is_terminal_polyfill | 81 + >> lfs/rust-leb128fmt | 81 + >> lfs/rust-libc | 7 +- >> lfs/rust-libc-0.2.108 | 80 + >> lfs/rust-linux-raw-sys | 81 + >> lfs/rust-litemap | 81 + >> lfs/rust-log | 12 +- >> lfs/rust-log-0.4.14 | 85 ++ >> lfs/rust-miniz_oxide | 81 + >> lfs/rust-once_cell | 12 +- >> lfs/rust-once_cell-1.9.0 | 85 ++ >> lfs/rust-once_cell_polyfill | 81 + >> lfs/rust-percent-encoding | 81 + >> lfs/rust-potential_utf | 81 + >> lfs/rust-prettyplease | 81 + >> lfs/rust-r-efi | 81 + >> lfs/rust-rustix | 81 + >> lfs/rust-semver | 12 +- >> lfs/rust-semver-0.9.0 | 85 ++ >> lfs/rust-semver-parser | 7 +- >> lfs/rust-semver-parser-0.7.0 | 80 + >> lfs/rust-serde | 4 +- >> lfs/rust-serde-1.0.216 | 81 + >> lfs/rust-serde_core | 81 + >> lfs/rust-serde_derive | 4 +- >> lfs/rust-serde_derive-1.0.216 | 81 + >> lfs/rust-simd-adler32 | 81 + >> lfs/rust-smallvec | 12 +- >> lfs/rust-smallvec-1.8.0 | 85 ++ >> lfs/rust-spdx | 81 + >> lfs/rust-stable_deref_trait | 12 +- >> lfs/rust-strsim | 81 + >> lfs/rust-syn | 4 +- >> lfs/rust-syn-2.0.90 | 81 + >> lfs/rust-synstructure | 4 +- >> lfs/rust-tempfile | 81 + >> lfs/rust-tinystr | 81 + >> lfs/rust-topological-sort | 81 + >> lfs/rust-unicode-xid | 7 +- >> lfs/rust-unicode-xid-0.2.1 | 80 + >> lfs/rust-url | 81 + >> lfs/rust-utf16_iter | 81 + >> lfs/rust-utf8_iter | 81 + >> lfs/rust-utf8parse | 81 + >> lfs/rust-wasip2 | 81 + >> lfs/rust-wasm-encoder | 81 + >> lfs/rust-wasm-metadata | 81 + >> lfs/rust-wasmparser | 81 + >> lfs/rust-windows-link | 81 + >> lfs/rust-windows-sys | 81 + >> lfs/rust-wit-bindgen | 81 + >> lfs/rust-wit-bindgen-core | 81 + >> lfs/rust-wit-bindgen-rust | 81 + >> lfs/rust-wit-bindgen-rust-macro | 81 + >> lfs/rust-wit-component | 81 + >> lfs/rust-wit-parser | 81 + >> lfs/rust-write16 | 81 + >> lfs/rust-writeable | 81 + >> lfs/rust-yoke | 81 + >> lfs/rust-yoke-derive | 81 + >> lfs/rust-zerofrom | 81 + >> lfs/rust-zerofrom-derive | 81 + >> lfs/rust-zerotrie | 81 + >> lfs/rust-zerovec | 81 + >> lfs/rust-zerovec-derive | 81 + >> lfs/suricata | 13 +- >> make.sh | 133 +- >> ...suricata-8.0.3-purge-hyperscan-cache.patch | 1341 +++++++++++++++++ >> 206 files changed, 15762 insertions(+), 853 deletions(-) >> create mode 100644 config/rootfiles/common/cbindgen >> create mode 100644 config/rootfiles/common/rust-adler2 >> create mode 100644 config/rootfiles/common/rust-anstream >> create mode 100644 config/rootfiles/common/rust-anstyle >> create mode 100644 config/rootfiles/common/rust-anstyle-parse >> create mode 100644 config/rootfiles/common/rust-anstyle-query >> create mode 100644 config/rootfiles/common/rust-anstyle-wincon >> create mode 100644 config/rootfiles/common/rust-anyhow >> create mode 100644 config/rootfiles/common/rust-auditable-serde >> create mode 100644 config/rootfiles/common/rust-bitflags >> create mode 100644 config/rootfiles/common/rust-clap >> create mode 100644 config/rootfiles/common/rust-clap_builder >> create mode 100644 config/rootfiles/common/rust-clap_lex >> create mode 100644 config/rootfiles/common/rust-colorchoice >> create mode 100644 config/rootfiles/common/rust-crc32fast >> create mode 100644 config/rootfiles/common/rust-displaydoc >> create mode 100644 config/rootfiles/common/rust-errno >> create mode 100644 config/rootfiles/common/rust-fastrand >> create mode 100644 config/rootfiles/common/rust-flate2 >> create mode 100644 config/rootfiles/common/rust-form_urlencoded >> create mode 100644 config/rootfiles/common/rust-getrandom-0.2.4 >> create mode 100644 config/rootfiles/common/rust-heck >> create mode 100644 config/rootfiles/common/rust-humantime >> create mode 100644 config/rootfiles/common/rust-icu_collections >> create mode 100644 config/rootfiles/common/rust-icu_locale_core >> create mode 100644 config/rootfiles/common/rust-icu_normalizer >> create mode 100644 config/rootfiles/common/rust-icu_normalizer_data >> create mode 100644 config/rootfiles/common/rust-icu_properties >> create mode 100644 config/rootfiles/common/rust-icu_properties_data >> create mode 100644 config/rootfiles/common/rust-icu_provider >> create mode 100644 config/rootfiles/common/rust-id-arena >> create mode 100644 config/rootfiles/common/rust-idna >> create mode 100644 config/rootfiles/common/rust-idna_adapter >> create mode 100644 config/rootfiles/common/rust-is_terminal_polyfill >> create mode 100644 config/rootfiles/common/rust-leb128fmt >> create mode 100644 config/rootfiles/common/rust-libc-0.2.108 >> create mode 100644 config/rootfiles/common/rust-linux-raw-sys >> create mode 100644 config/rootfiles/common/rust-litemap >> create mode 100644 config/rootfiles/common/rust-log-0.4.14 >> create mode 100644 config/rootfiles/common/rust-miniz_oxide >> create mode 100644 config/rootfiles/common/rust-once_cell-1.9.0 >> create mode 100644 config/rootfiles/common/rust-once_cell_polyfill >> create mode 100644 config/rootfiles/common/rust-percent-encoding >> create mode 100644 config/rootfiles/common/rust-potential_utf >> create mode 100644 config/rootfiles/common/rust-prettyplease >> create mode 100644 config/rootfiles/common/rust-r-efi >> create mode 100644 config/rootfiles/common/rust-rustix >> create mode 100644 config/rootfiles/common/rust-semver-0.9.0 >> create mode 100644 config/rootfiles/common/rust-semver-parser-0.7.0 >> create mode 100644 config/rootfiles/common/rust-serde-1.0.216 >> create mode 100644 config/rootfiles/common/rust-serde_core >> create mode 100644 config/rootfiles/common/rust-serde_derive-1.0.216 >> create mode 100644 config/rootfiles/common/rust-simd-adler32 >> create mode 100644 config/rootfiles/common/rust-smallvec-1.8.0 >> create mode 100644 config/rootfiles/common/rust-spdx >> create mode 100644 config/rootfiles/common/rust-strsim >> create mode 100644 config/rootfiles/common/rust-syn-2.0.90 >> create mode 100644 config/rootfiles/common/rust-tempfile >> create mode 100644 config/rootfiles/common/rust-tinystr >> create mode 100644 config/rootfiles/common/rust-topological-sort >> create mode 100644 config/rootfiles/common/rust-unicode-xid-0.2.1 >> create mode 100644 config/rootfiles/common/rust-url >> create mode 100644 config/rootfiles/common/rust-utf16_iter >> create mode 100644 config/rootfiles/common/rust-utf8_iter >> create mode 100644 config/rootfiles/common/rust-utf8parse >> create mode 100644 config/rootfiles/common/rust-wasip2 >> create mode 100644 config/rootfiles/common/rust-wasm-encoder >> create mode 100644 config/rootfiles/common/rust-wasm-metadata >> create mode 100644 config/rootfiles/common/rust-wasmparser >> create mode 100644 config/rootfiles/common/rust-windows-link >> create mode 100644 config/rootfiles/common/rust-windows-sys >> create mode 100644 config/rootfiles/common/rust-wit-bindgen >> create mode 100644 config/rootfiles/common/rust-wit-bindgen-core >> create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust >> create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust-macro >> create mode 100644 config/rootfiles/common/rust-wit-component >> create mode 100644 config/rootfiles/common/rust-wit-parser >> create mode 100644 config/rootfiles/common/rust-write16 >> create mode 100644 config/rootfiles/common/rust-writeable >> create mode 100644 config/rootfiles/common/rust-yoke >> create mode 100644 config/rootfiles/common/rust-yoke-derive >> create mode 100644 config/rootfiles/common/rust-zerofrom >> create mode 100644 config/rootfiles/common/rust-zerofrom-derive >> create mode 100644 config/rootfiles/common/rust-zerotrie >> create mode 100644 config/rootfiles/common/rust-zerovec >> create mode 100644 config/rootfiles/common/rust-zerovec-derive >> create mode 100644 lfs/cbindgen >> create mode 100644 lfs/rust-adler2 >> create mode 100644 lfs/rust-anstream >> create mode 100644 lfs/rust-anstyle >> create mode 100644 lfs/rust-anstyle-parse >> create mode 100644 lfs/rust-anstyle-query >> create mode 100644 lfs/rust-anstyle-wincon >> create mode 100644 lfs/rust-anyhow >> create mode 100644 lfs/rust-auditable-serde >> create mode 100644 lfs/rust-bitflags >> create mode 100644 lfs/rust-clap >> create mode 100644 lfs/rust-clap_builder >> create mode 100644 lfs/rust-clap_lex >> create mode 100644 lfs/rust-colorchoice >> create mode 100644 lfs/rust-crc32fast >> create mode 100644 lfs/rust-displaydoc >> create mode 100644 lfs/rust-errno >> create mode 100644 lfs/rust-fastrand >> create mode 100644 lfs/rust-flate2 >> create mode 100644 lfs/rust-form_urlencoded >> create mode 100644 lfs/rust-getrandom-0.2.4 >> create mode 100644 lfs/rust-heck >> create mode 100644 lfs/rust-humantime >> create mode 100644 lfs/rust-icu_collections >> create mode 100644 lfs/rust-icu_locale_core >> create mode 100644 lfs/rust-icu_normalizer >> create mode 100644 lfs/rust-icu_normalizer_data >> create mode 100644 lfs/rust-icu_properties >> create mode 100644 lfs/rust-icu_properties_data >> create mode 100644 lfs/rust-icu_provider >> create mode 100644 lfs/rust-id-arena >> create mode 100644 lfs/rust-idna >> create mode 100644 lfs/rust-idna_adapter >> create mode 100644 lfs/rust-is_terminal_polyfill >> create mode 100644 lfs/rust-leb128fmt >> create mode 100644 lfs/rust-libc-0.2.108 >> create mode 100644 lfs/rust-linux-raw-sys >> create mode 100644 lfs/rust-litemap >> create mode 100644 lfs/rust-log-0.4.14 >> create mode 100644 lfs/rust-miniz_oxide >> create mode 100644 lfs/rust-once_cell-1.9.0 >> create mode 100644 lfs/rust-once_cell_polyfill >> create mode 100644 lfs/rust-percent-encoding >> create mode 100644 lfs/rust-potential_utf >> create mode 100644 lfs/rust-prettyplease >> create mode 100644 lfs/rust-r-efi >> create mode 100644 lfs/rust-rustix >> create mode 100644 lfs/rust-semver-0.9.0 >> create mode 100644 lfs/rust-semver-parser-0.7.0 >> create mode 100644 lfs/rust-serde-1.0.216 >> create mode 100644 lfs/rust-serde_core >> create mode 100644 lfs/rust-serde_derive-1.0.216 >> create mode 100644 lfs/rust-simd-adler32 >> create mode 100644 lfs/rust-smallvec-1.8.0 >> create mode 100644 lfs/rust-spdx >> create mode 100644 lfs/rust-strsim >> create mode 100644 lfs/rust-syn-2.0.90 >> create mode 100644 lfs/rust-tempfile >> create mode 100644 lfs/rust-tinystr >> create mode 100644 lfs/rust-topological-sort >> create mode 100644 lfs/rust-unicode-xid-0.2.1 >> create mode 100644 lfs/rust-url >> create mode 100644 lfs/rust-utf16_iter >> create mode 100644 lfs/rust-utf8_iter >> create mode 100644 lfs/rust-utf8parse >> create mode 100644 lfs/rust-wasip2 >> create mode 100644 lfs/rust-wasm-encoder >> create mode 100644 lfs/rust-wasm-metadata >> create mode 100644 lfs/rust-wasmparser >> create mode 100644 lfs/rust-windows-link >> create mode 100644 lfs/rust-windows-sys >> create mode 100644 lfs/rust-wit-bindgen >> create mode 100644 lfs/rust-wit-bindgen-core >> create mode 100644 lfs/rust-wit-bindgen-rust >> create mode 100644 lfs/rust-wit-bindgen-rust-macro >> create mode 100644 lfs/rust-wit-component >> create mode 100644 lfs/rust-wit-parser >> create mode 100644 lfs/rust-write16 >> create mode 100644 lfs/rust-writeable >> create mode 100644 lfs/rust-yoke >> create mode 100644 lfs/rust-yoke-derive >> create mode 100644 lfs/rust-zerofrom >> create mode 100644 lfs/rust-zerofrom-derive >> create mode 100644 lfs/rust-zerotrie >> create mode 100644 lfs/rust-zerovec >> create mode 100644 lfs/rust-zerovec-derive >> create mode 100644 src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch >> >> -- >> 2.47.3 >> >> > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 0/3] suricata: Add ability to purge the sgh cache 2026-01-23 10:33 ` Adolf Belka @ 2026-01-23 10:43 ` Michael Tremer 0 siblings, 0 replies; 17+ messages in thread From: Michael Tremer @ 2026-01-23 10:43 UTC (permalink / raw) To: Adolf Belka; +Cc: Stefan Schantl, IPFire: Development-List Hello Adolf, > On 23 Jan 2026, at 10:33, Adolf Belka <adolf.belka@ipfire.org> wrote: > > Hi Michael, > > On 23/01/2026 11:09, Michael Tremer wrote: >> Hello Stefan, >> Thank you for this patch. >> It baffles me that some functionality that could be implemented in a single find command is pulling in just under one hundred more Rust crates. Shipping crates that even have the word “Windows” in their name is beyond me since we are a Linux distribution. > > This is happening because we are building the rust crates in offline mode and so it is up to us to figure out which OS we should be supporting. > > So you have to patch the Cargo.toml file in the rust module tarball to disable or remove any entries related to windows or wasm or any other OS that is not linux and where building the module tries to bring additional modules not related to Linux. > This is something I have had to do with every Rust update and also with all my attempts with the Python update that also ends up needing updated and many additional rust modules. Stefan might have to confirm this, but I suppose it is much easier to use the scripts that we have to add another Rust crate instead of manually patching the Cargo.toml files. > The good thing is that a lot of what Stefan has built here, except for the windows crates, are also required for the python update. I urged him to contact you first, but I assume he has been so in the zone that he just wanted to get it done with. > On that point I will send out a separate email regarding my status and position. I will keep an eye out for this! -Michael >> I understand that we have no other choice in this instance and that we will need these things anyways for any future versions of Suricata. >> To state this once more, this is something that seems absolutely unmaintainable to me. The pure quantity of the code that is being added is completely unauditable, well… you all know how I am feeling about this. >> I will merge this now and then we will have to have a little conversation about the state of Rust in IPFire. > > That would be a good topic to discuss. > > Regards, > > Adolf. > > >> Best, >> -Michael >>> On 23 Jan 2026, at 05:26, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >>> >>> Good morning list followers, >>> >>> I've recently finished building and testing the patched suricata version >>> on my productive system. >>> >>> When starting the patched suricata or doing a reload operation, all the >>> sgh cache files which are older than 7 days have been removed >>> successfully. >>> >>> So for me this changes can be shipped to a bigger group of testers. >>> >>> Best regards, >>> >>> -Stefan >>> >>> Stefan Schantl (3): >>> suricata: Add upstream patch to purge sgh-mpm-caches >>> rust: Update to 1.92.0 >>> cbindgen: New package >>> >>> config/rootfiles/common/aarch64/rust | 130 +- >>> config/rootfiles/common/cbindgen | 1 + >>> config/rootfiles/common/riscv64/rust | 109 +- >>> config/rootfiles/common/rust-adler2 | 15 + >>> config/rootfiles/common/rust-anstream | 22 + >>> config/rootfiles/common/rust-anstyle | 15 + >>> config/rootfiles/common/rust-anstyle-parse | 16 + >>> config/rootfiles/common/rust-anstyle-query | 11 + >>> config/rootfiles/common/rust-anstyle-wincon | 14 + >>> config/rootfiles/common/rust-anyhow | 56 + >>> config/rootfiles/common/rust-auditable-serde | 9 + >>> config/rootfiles/common/rust-bitflags | 63 + >>> config/rootfiles/common/rust-clap | 154 ++ >>> config/rootfiles/common/rust-clap_builder | 71 + >>> config/rootfiles/common/rust-clap_lex | 9 + >>> config/rootfiles/common/rust-colorchoice | 8 + >>> config/rootfiles/common/rust-crc32fast | 19 + >>> config/rootfiles/common/rust-displaydoc | 42 + >>> config/rootfiles/common/rust-errno | 16 + >>> config/rootfiles/common/rust-fastrand | 16 + >>> config/rootfiles/common/rust-flate2 | 71 + >>> config/rootfiles/common/rust-form_urlencoded | 8 + >>> config/rootfiles/common/rust-getrandom | 85 +- >>> config/rootfiles/common/rust-getrandom-0.2.4 | 38 + >>> config/rootfiles/common/rust-heck | 17 + >>> config/rootfiles/common/rust-humantime | 16 + >>> config/rootfiles/common/rust-icu_collections | 85 ++ >>> config/rootfiles/common/rust-icu_locale_core | 105 ++ >>> config/rootfiles/common/rust-icu_normalizer | 42 + >>> .../rootfiles/common/rust-icu_normalizer_data | 17 + >>> config/rootfiles/common/rust-icu_properties | 19 + >>> .../rootfiles/common/rust-icu_properties_data | 139 ++ >>> config/rootfiles/common/rust-icu_provider | 29 + >>> config/rootfiles/common/rust-id-arena | 14 + >>> config/rootfiles/common/rust-idna | 24 + >>> config/rootfiles/common/rust-idna_adapter | 9 + >>> .../common/rust-is_terminal_polyfill | 8 + >>> config/rootfiles/common/rust-leb128fmt | 9 + >>> config/rootfiles/common/rust-libc | 801 ++++++---- >>> config/rootfiles/common/rust-libc-0.2.108 | 277 ++++ >>> config/rootfiles/common/rust-linux-raw-sys | 410 +++++ >>> config/rootfiles/common/rust-litemap | 27 + >>> config/rootfiles/common/rust-log | 47 +- >>> config/rootfiles/common/rust-log-0.4.14 | 22 + >>> config/rootfiles/common/rust-miniz_oxide | 24 + >>> config/rootfiles/common/rust-once_cell | 55 +- >>> config/rootfiles/common/rust-once_cell-1.9.0 | 24 + >>> .../rootfiles/common/rust-once_cell_polyfill | 10 + >>> config/rootfiles/common/rust-percent-encoding | 9 + >>> config/rootfiles/common/rust-potential_utf | 10 + >>> config/rootfiles/common/rust-prettyplease | 39 + >>> config/rootfiles/common/rust-r-efi | 71 + >>> config/rootfiles/common/rust-rustix | 403 +++++ >>> config/rootfiles/common/rust-semver | 42 +- >>> config/rootfiles/common/rust-semver-0.9.0 | 15 + >>> config/rootfiles/common/rust-semver-parser | 33 +- >>> .../rootfiles/common/rust-semver-parser-0.7.0 | 12 + >>> config/rootfiles/common/rust-serde | 71 +- >>> config/rootfiles/common/rust-serde-1.0.216 | 32 + >>> config/rootfiles/common/rust-serde_core | 31 + >>> config/rootfiles/common/rust-serde_derive | 67 +- >>> .../common/rust-serde_derive-1.0.216 | 28 + >>> config/rootfiles/common/rust-simd-adler32 | 19 + >>> config/rootfiles/common/rust-smallvec | 40 +- >>> config/rootfiles/common/rust-smallvec-1.8.0 | 18 + >>> config/rootfiles/common/rust-spdx | 605 ++++++++ >>> .../rootfiles/common/rust-stable_deref_trait | 18 +- >>> config/rootfiles/common/rust-strsim | 14 + >>> config/rootfiles/common/rust-syn | 225 +-- >>> config/rootfiles/common/rust-syn-2.0.90 | 111 ++ >>> config/rootfiles/common/rust-synstructure | 16 +- >>> config/rootfiles/common/rust-tempfile | 32 + >>> config/rootfiles/common/rust-tinystr | 25 + >>> config/rootfiles/common/rust-topological-sort | 9 + >>> config/rootfiles/common/rust-unicode-xid | 30 +- >>> .../rootfiles/common/rust-unicode-xid-0.2.1 | 14 + >>> config/rootfiles/common/rust-url | 20 + >>> config/rootfiles/common/rust-utf16_iter | 12 + >>> config/rootfiles/common/rust-utf8_iter | 12 + >>> config/rootfiles/common/rust-utf8parse | 12 + >>> config/rootfiles/common/rust-wasip2 | 30 + >>> config/rootfiles/common/rust-wasm-encoder | 45 + >>> config/rootfiles/common/rust-wasm-metadata | 31 + >>> config/rootfiles/common/rust-wasmparser | 79 + >>> config/rootfiles/common/rust-windows-link | 9 + >>> config/rootfiles/common/rust-windows-sys | 505 +++++++ >>> config/rootfiles/common/rust-wit-bindgen | 42 + >>> config/rootfiles/common/rust-wit-bindgen-core | 15 + >>> config/rootfiles/common/rust-wit-bindgen-rust | 21 + >>> .../common/rust-wit-bindgen-rust-macro | 10 + >>> config/rootfiles/common/rust-wit-component | 1006 +++++++++++++ >>> config/rootfiles/common/rust-wit-parser | 621 ++++++++ >>> config/rootfiles/common/rust-write16 | 10 + >>> config/rootfiles/common/rust-writeable | 23 + >>> config/rootfiles/common/rust-yoke | 18 + >>> config/rootfiles/common/rust-yoke-derive | 11 + >>> config/rootfiles/common/rust-zerofrom | 9 + >>> config/rootfiles/common/rust-zerofrom-derive | 11 + >>> config/rootfiles/common/rust-zerotrie | 44 + >>> config/rootfiles/common/rust-zerovec | 69 + >>> config/rootfiles/common/rust-zerovec-derive | 17 + >>> config/rootfiles/common/x86_64/rust | 82 +- >>> config/suricata/suricata.yaml | 1 + >>> lfs/cbindgen | 80 + >>> lfs/rust | 13 +- >>> lfs/rust-adler2 | 81 + >>> lfs/rust-anstream | 81 + >>> lfs/rust-anstyle | 81 + >>> lfs/rust-anstyle-parse | 81 + >>> lfs/rust-anstyle-query | 81 + >>> lfs/rust-anstyle-wincon | 81 + >>> lfs/rust-anyhow | 81 + >>> lfs/rust-auditable-serde | 81 + >>> lfs/rust-bitflags | 81 + >>> lfs/rust-clap | 81 + >>> lfs/rust-clap_builder | 81 + >>> lfs/rust-clap_lex | 81 + >>> lfs/rust-colorchoice | 81 + >>> lfs/rust-crc32fast | 81 + >>> lfs/rust-displaydoc | 81 + >>> lfs/rust-errno | 81 + >>> lfs/rust-fastrand | 81 + >>> lfs/rust-flate2 | 81 + >>> lfs/rust-form_urlencoded | 81 + >>> lfs/rust-getrandom | 8 +- >>> lfs/rust-getrandom-0.2.4 | 81 + >>> lfs/rust-heck | 81 + >>> lfs/rust-humantime | 81 + >>> lfs/rust-icu_collections | 81 + >>> lfs/rust-icu_locale_core | 81 + >>> lfs/rust-icu_normalizer | 81 + >>> lfs/rust-icu_normalizer_data | 81 + >>> lfs/rust-icu_properties | 81 + >>> lfs/rust-icu_properties_data | 81 + >>> lfs/rust-icu_provider | 81 + >>> lfs/rust-id-arena | 81 + >>> lfs/rust-idna | 81 + >>> lfs/rust-idna_adapter | 81 + >>> lfs/rust-is_terminal_polyfill | 81 + >>> lfs/rust-leb128fmt | 81 + >>> lfs/rust-libc | 7 +- >>> lfs/rust-libc-0.2.108 | 80 + >>> lfs/rust-linux-raw-sys | 81 + >>> lfs/rust-litemap | 81 + >>> lfs/rust-log | 12 +- >>> lfs/rust-log-0.4.14 | 85 ++ >>> lfs/rust-miniz_oxide | 81 + >>> lfs/rust-once_cell | 12 +- >>> lfs/rust-once_cell-1.9.0 | 85 ++ >>> lfs/rust-once_cell_polyfill | 81 + >>> lfs/rust-percent-encoding | 81 + >>> lfs/rust-potential_utf | 81 + >>> lfs/rust-prettyplease | 81 + >>> lfs/rust-r-efi | 81 + >>> lfs/rust-rustix | 81 + >>> lfs/rust-semver | 12 +- >>> lfs/rust-semver-0.9.0 | 85 ++ >>> lfs/rust-semver-parser | 7 +- >>> lfs/rust-semver-parser-0.7.0 | 80 + >>> lfs/rust-serde | 4 +- >>> lfs/rust-serde-1.0.216 | 81 + >>> lfs/rust-serde_core | 81 + >>> lfs/rust-serde_derive | 4 +- >>> lfs/rust-serde_derive-1.0.216 | 81 + >>> lfs/rust-simd-adler32 | 81 + >>> lfs/rust-smallvec | 12 +- >>> lfs/rust-smallvec-1.8.0 | 85 ++ >>> lfs/rust-spdx | 81 + >>> lfs/rust-stable_deref_trait | 12 +- >>> lfs/rust-strsim | 81 + >>> lfs/rust-syn | 4 +- >>> lfs/rust-syn-2.0.90 | 81 + >>> lfs/rust-synstructure | 4 +- >>> lfs/rust-tempfile | 81 + >>> lfs/rust-tinystr | 81 + >>> lfs/rust-topological-sort | 81 + >>> lfs/rust-unicode-xid | 7 +- >>> lfs/rust-unicode-xid-0.2.1 | 80 + >>> lfs/rust-url | 81 + >>> lfs/rust-utf16_iter | 81 + >>> lfs/rust-utf8_iter | 81 + >>> lfs/rust-utf8parse | 81 + >>> lfs/rust-wasip2 | 81 + >>> lfs/rust-wasm-encoder | 81 + >>> lfs/rust-wasm-metadata | 81 + >>> lfs/rust-wasmparser | 81 + >>> lfs/rust-windows-link | 81 + >>> lfs/rust-windows-sys | 81 + >>> lfs/rust-wit-bindgen | 81 + >>> lfs/rust-wit-bindgen-core | 81 + >>> lfs/rust-wit-bindgen-rust | 81 + >>> lfs/rust-wit-bindgen-rust-macro | 81 + >>> lfs/rust-wit-component | 81 + >>> lfs/rust-wit-parser | 81 + >>> lfs/rust-write16 | 81 + >>> lfs/rust-writeable | 81 + >>> lfs/rust-yoke | 81 + >>> lfs/rust-yoke-derive | 81 + >>> lfs/rust-zerofrom | 81 + >>> lfs/rust-zerofrom-derive | 81 + >>> lfs/rust-zerotrie | 81 + >>> lfs/rust-zerovec | 81 + >>> lfs/rust-zerovec-derive | 81 + >>> lfs/suricata | 13 +- >>> make.sh | 133 +- >>> ...suricata-8.0.3-purge-hyperscan-cache.patch | 1341 +++++++++++++++++ >>> 206 files changed, 15762 insertions(+), 853 deletions(-) >>> create mode 100644 config/rootfiles/common/cbindgen >>> create mode 100644 config/rootfiles/common/rust-adler2 >>> create mode 100644 config/rootfiles/common/rust-anstream >>> create mode 100644 config/rootfiles/common/rust-anstyle >>> create mode 100644 config/rootfiles/common/rust-anstyle-parse >>> create mode 100644 config/rootfiles/common/rust-anstyle-query >>> create mode 100644 config/rootfiles/common/rust-anstyle-wincon >>> create mode 100644 config/rootfiles/common/rust-anyhow >>> create mode 100644 config/rootfiles/common/rust-auditable-serde >>> create mode 100644 config/rootfiles/common/rust-bitflags >>> create mode 100644 config/rootfiles/common/rust-clap >>> create mode 100644 config/rootfiles/common/rust-clap_builder >>> create mode 100644 config/rootfiles/common/rust-clap_lex >>> create mode 100644 config/rootfiles/common/rust-colorchoice >>> create mode 100644 config/rootfiles/common/rust-crc32fast >>> create mode 100644 config/rootfiles/common/rust-displaydoc >>> create mode 100644 config/rootfiles/common/rust-errno >>> create mode 100644 config/rootfiles/common/rust-fastrand >>> create mode 100644 config/rootfiles/common/rust-flate2 >>> create mode 100644 config/rootfiles/common/rust-form_urlencoded >>> create mode 100644 config/rootfiles/common/rust-getrandom-0.2.4 >>> create mode 100644 config/rootfiles/common/rust-heck >>> create mode 100644 config/rootfiles/common/rust-humantime >>> create mode 100644 config/rootfiles/common/rust-icu_collections >>> create mode 100644 config/rootfiles/common/rust-icu_locale_core >>> create mode 100644 config/rootfiles/common/rust-icu_normalizer >>> create mode 100644 config/rootfiles/common/rust-icu_normalizer_data >>> create mode 100644 config/rootfiles/common/rust-icu_properties >>> create mode 100644 config/rootfiles/common/rust-icu_properties_data >>> create mode 100644 config/rootfiles/common/rust-icu_provider >>> create mode 100644 config/rootfiles/common/rust-id-arena >>> create mode 100644 config/rootfiles/common/rust-idna >>> create mode 100644 config/rootfiles/common/rust-idna_adapter >>> create mode 100644 config/rootfiles/common/rust-is_terminal_polyfill >>> create mode 100644 config/rootfiles/common/rust-leb128fmt >>> create mode 100644 config/rootfiles/common/rust-libc-0.2.108 >>> create mode 100644 config/rootfiles/common/rust-linux-raw-sys >>> create mode 100644 config/rootfiles/common/rust-litemap >>> create mode 100644 config/rootfiles/common/rust-log-0.4.14 >>> create mode 100644 config/rootfiles/common/rust-miniz_oxide >>> create mode 100644 config/rootfiles/common/rust-once_cell-1.9.0 >>> create mode 100644 config/rootfiles/common/rust-once_cell_polyfill >>> create mode 100644 config/rootfiles/common/rust-percent-encoding >>> create mode 100644 config/rootfiles/common/rust-potential_utf >>> create mode 100644 config/rootfiles/common/rust-prettyplease >>> create mode 100644 config/rootfiles/common/rust-r-efi >>> create mode 100644 config/rootfiles/common/rust-rustix >>> create mode 100644 config/rootfiles/common/rust-semver-0.9.0 >>> create mode 100644 config/rootfiles/common/rust-semver-parser-0.7.0 >>> create mode 100644 config/rootfiles/common/rust-serde-1.0.216 >>> create mode 100644 config/rootfiles/common/rust-serde_core >>> create mode 100644 config/rootfiles/common/rust-serde_derive-1.0.216 >>> create mode 100644 config/rootfiles/common/rust-simd-adler32 >>> create mode 100644 config/rootfiles/common/rust-smallvec-1.8.0 >>> create mode 100644 config/rootfiles/common/rust-spdx >>> create mode 100644 config/rootfiles/common/rust-strsim >>> create mode 100644 config/rootfiles/common/rust-syn-2.0.90 >>> create mode 100644 config/rootfiles/common/rust-tempfile >>> create mode 100644 config/rootfiles/common/rust-tinystr >>> create mode 100644 config/rootfiles/common/rust-topological-sort >>> create mode 100644 config/rootfiles/common/rust-unicode-xid-0.2.1 >>> create mode 100644 config/rootfiles/common/rust-url >>> create mode 100644 config/rootfiles/common/rust-utf16_iter >>> create mode 100644 config/rootfiles/common/rust-utf8_iter >>> create mode 100644 config/rootfiles/common/rust-utf8parse >>> create mode 100644 config/rootfiles/common/rust-wasip2 >>> create mode 100644 config/rootfiles/common/rust-wasm-encoder >>> create mode 100644 config/rootfiles/common/rust-wasm-metadata >>> create mode 100644 config/rootfiles/common/rust-wasmparser >>> create mode 100644 config/rootfiles/common/rust-windows-link >>> create mode 100644 config/rootfiles/common/rust-windows-sys >>> create mode 100644 config/rootfiles/common/rust-wit-bindgen >>> create mode 100644 config/rootfiles/common/rust-wit-bindgen-core >>> create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust >>> create mode 100644 config/rootfiles/common/rust-wit-bindgen-rust-macro >>> create mode 100644 config/rootfiles/common/rust-wit-component >>> create mode 100644 config/rootfiles/common/rust-wit-parser >>> create mode 100644 config/rootfiles/common/rust-write16 >>> create mode 100644 config/rootfiles/common/rust-writeable >>> create mode 100644 config/rootfiles/common/rust-yoke >>> create mode 100644 config/rootfiles/common/rust-yoke-derive >>> create mode 100644 config/rootfiles/common/rust-zerofrom >>> create mode 100644 config/rootfiles/common/rust-zerofrom-derive >>> create mode 100644 config/rootfiles/common/rust-zerotrie >>> create mode 100644 config/rootfiles/common/rust-zerovec >>> create mode 100644 config/rootfiles/common/rust-zerovec-derive >>> create mode 100644 lfs/cbindgen >>> create mode 100644 lfs/rust-adler2 >>> create mode 100644 lfs/rust-anstream >>> create mode 100644 lfs/rust-anstyle >>> create mode 100644 lfs/rust-anstyle-parse >>> create mode 100644 lfs/rust-anstyle-query >>> create mode 100644 lfs/rust-anstyle-wincon >>> create mode 100644 lfs/rust-anyhow >>> create mode 100644 lfs/rust-auditable-serde >>> create mode 100644 lfs/rust-bitflags >>> create mode 100644 lfs/rust-clap >>> create mode 100644 lfs/rust-clap_builder >>> create mode 100644 lfs/rust-clap_lex >>> create mode 100644 lfs/rust-colorchoice >>> create mode 100644 lfs/rust-crc32fast >>> create mode 100644 lfs/rust-displaydoc >>> create mode 100644 lfs/rust-errno >>> create mode 100644 lfs/rust-fastrand >>> create mode 100644 lfs/rust-flate2 >>> create mode 100644 lfs/rust-form_urlencoded >>> create mode 100644 lfs/rust-getrandom-0.2.4 >>> create mode 100644 lfs/rust-heck >>> create mode 100644 lfs/rust-humantime >>> create mode 100644 lfs/rust-icu_collections >>> create mode 100644 lfs/rust-icu_locale_core >>> create mode 100644 lfs/rust-icu_normalizer >>> create mode 100644 lfs/rust-icu_normalizer_data >>> create mode 100644 lfs/rust-icu_properties >>> create mode 100644 lfs/rust-icu_properties_data >>> create mode 100644 lfs/rust-icu_provider >>> create mode 100644 lfs/rust-id-arena >>> create mode 100644 lfs/rust-idna >>> create mode 100644 lfs/rust-idna_adapter >>> create mode 100644 lfs/rust-is_terminal_polyfill >>> create mode 100644 lfs/rust-leb128fmt >>> create mode 100644 lfs/rust-libc-0.2.108 >>> create mode 100644 lfs/rust-linux-raw-sys >>> create mode 100644 lfs/rust-litemap >>> create mode 100644 lfs/rust-log-0.4.14 >>> create mode 100644 lfs/rust-miniz_oxide >>> create mode 100644 lfs/rust-once_cell-1.9.0 >>> create mode 100644 lfs/rust-once_cell_polyfill >>> create mode 100644 lfs/rust-percent-encoding >>> create mode 100644 lfs/rust-potential_utf >>> create mode 100644 lfs/rust-prettyplease >>> create mode 100644 lfs/rust-r-efi >>> create mode 100644 lfs/rust-rustix >>> create mode 100644 lfs/rust-semver-0.9.0 >>> create mode 100644 lfs/rust-semver-parser-0.7.0 >>> create mode 100644 lfs/rust-serde-1.0.216 >>> create mode 100644 lfs/rust-serde_core >>> create mode 100644 lfs/rust-serde_derive-1.0.216 >>> create mode 100644 lfs/rust-simd-adler32 >>> create mode 100644 lfs/rust-smallvec-1.8.0 >>> create mode 100644 lfs/rust-spdx >>> create mode 100644 lfs/rust-strsim >>> create mode 100644 lfs/rust-syn-2.0.90 >>> create mode 100644 lfs/rust-tempfile >>> create mode 100644 lfs/rust-tinystr >>> create mode 100644 lfs/rust-topological-sort >>> create mode 100644 lfs/rust-unicode-xid-0.2.1 >>> create mode 100644 lfs/rust-url >>> create mode 100644 lfs/rust-utf16_iter >>> create mode 100644 lfs/rust-utf8_iter >>> create mode 100644 lfs/rust-utf8parse >>> create mode 100644 lfs/rust-wasip2 >>> create mode 100644 lfs/rust-wasm-encoder >>> create mode 100644 lfs/rust-wasm-metadata >>> create mode 100644 lfs/rust-wasmparser >>> create mode 100644 lfs/rust-windows-link >>> create mode 100644 lfs/rust-windows-sys >>> create mode 100644 lfs/rust-wit-bindgen >>> create mode 100644 lfs/rust-wit-bindgen-core >>> create mode 100644 lfs/rust-wit-bindgen-rust >>> create mode 100644 lfs/rust-wit-bindgen-rust-macro >>> create mode 100644 lfs/rust-wit-component >>> create mode 100644 lfs/rust-wit-parser >>> create mode 100644 lfs/rust-write16 >>> create mode 100644 lfs/rust-writeable >>> create mode 100644 lfs/rust-yoke >>> create mode 100644 lfs/rust-yoke-derive >>> create mode 100644 lfs/rust-zerofrom >>> create mode 100644 lfs/rust-zerofrom-derive >>> create mode 100644 lfs/rust-zerotrie >>> create mode 100644 lfs/rust-zerovec >>> create mode 100644 lfs/rust-zerovec-derive >>> create mode 100644 src/patches/suricata/suricata-8.0.3-purge-hyperscan-cache.patch >>> >>> -- >>> 2.47.3 >>> >>> > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-22 17:38 Updating rust and eco system Stefan Schantl 2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl @ 2026-01-23 10:31 ` Michael Tremer 2026-01-23 11:06 ` Adolf Belka 1 sibling, 1 reply; 17+ messages in thread From: Michael Tremer @ 2026-01-23 10:31 UTC (permalink / raw) To: Stefan Schantl; +Cc: development Hello Stefan, Hello list, Thank you for looking at this. Of course it is very important that we are able to stay on the latest version of Suricata. I have merged your monster of a patch so that we can move on for now, but I have a couple of bigger questions that we all should have a look at: Adolf has in the past spent a lot of time on updating Rust. This is all tapping into Python - or rather python-cryptography - having some Rust code that has further dependencies. In essence, it has been a huge headache to update this. Maybe Adolf even has some other words for this all. Just building cbindgen has required a further ~98 Rust crates to be packaged. Often we have the same crate in different versions because other crates have pinned a specific version. In total, we currently have ~790 packages in IPFire. Out of those, there are 202 packages in the rust-* namespace. That is pretty much a quarter of the distribution. Although not a lot in size, this is a considerable maintenance burden. ClamAV and Suricata have (recently?) started to bundle all their Rust dependencies with their release tarballs. Although this is not a good thing for many other reasons, it will move the onus onto the upstream projects to provide whatever they need. If their dependencies (and the dependencies of their dependencies) explode, this is not really our problem any more as well as any supply chain problems. Great - within reason. That leaves us with only very few packages that would actually require any external Rust crates (Suricata is even configured to *exclusively* use their bundled crates): cbindgen as a new thing, python-cryptography, anything else? We might actually only need a fraction of the Rust crates that we currently have as the only packages that may actually tap into our locally built repository are only those two. Is anyone happy to give this all a try and cleanup any old Rust deps? That way, I hope we will have a much smoother ride moving forward with a Python update. All the best, -Michael > On 22 Jan 2026, at 17:38, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Hello list followers, > > I'm currently updating rust and affected modules. > > This happends mainly because I'm trying to fix the "suricata cache > grows infinite" problem, which a lot of people are affected. > > To archive this, I ported the patches from suricata main development > branch to our used suricata version (8.0.3). > > To perform a full build, a new tool called cbindgen - which is a rust > to c bindings generator, is required. > > Sadly this tool is also written in rust and requires some new > dependencies and a more up to date rust compiler. > > I hope to send a patchset for all this very soon to the mailing list. > > Best regards, > > -Stefan > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-23 10:31 ` Updating rust and eco system Michael Tremer @ 2026-01-23 11:06 ` Adolf Belka 2026-01-25 14:19 ` Michael Tremer 0 siblings, 1 reply; 17+ messages in thread From: Adolf Belka @ 2026-01-23 11:06 UTC (permalink / raw) To: Michael Tremer; +Cc: IPFire: Development-List Hi Michael, On 23/01/2026 11:31, Michael Tremer wrote: > Hello Stefan, > Hello list, > > Thank you for looking at this. Of course it is very important that we are able to stay on the latest version of Suricata. > > I have merged your monster of a patch so that we can move on for now, but I have a couple of bigger questions that we all should have a look at: > > Adolf has in the past spent a lot of time on updating Rust. This is all tapping into Python - or rather python-cryptography - having some Rust code that has further dependencies. In essence, it has been a huge headache to update this. Maybe Adolf even has some other words for this all. My words on this are that I have now tried multiple times to get a new python update built. Each time I have done it a bit different but the end result has been the same and that is that python-cryptography (which requires rust modules to be built) ends up requiring python-maturin that requires more rust modules but at the end of this the python-cryptography fails to find the built rust modules. I have been stuck at this last point so many times that I have realised that I am finding lots of reasons not to go and work on the python update. That is not a good position and also python has now moved from 3.13 to 3.14 so things are moving away from me. I have come to the conclusion that someone else, more capable than me needs to have a go at the python update, so I am giving up on it but will continue working on other things. > > Just building cbindgen has required a further ~98 Rust crates to be packaged. Often we have the same crate in different versions because other crates have pinned a specific version. In total, we currently have ~790 packages in IPFire. Out of those, there are 202 packages in the rust-* namespace. That is pretty much a quarter of the distribution. Although not a lot in size, this is a considerable maintenance burden. > > ClamAV and Suricata have (recently?) started to bundle all their Rust dependencies with their release tarballs. Although this is not a good thing for many other reasons, it will move the onus onto the upstream projects to provide whatever they need. If their dependencies (and the dependencies of their dependencies) explode, this is not really our problem any more as well as any supply chain problems. Great - within reason. > > That leaves us with only very few packages that would actually require any external Rust crates (Suricata is even configured to *exclusively* use their bundled crates): cbindgen as a new thing, python-cryptography, anything else? We might actually only need a fraction of the Rust crates that we currently have as the only packages that may actually tap into our locally built repository are only those two. Unfortunately there is the addon oci-python-sdk that uses python-cryptography. > > Is anyone happy to give this all a try and cleanup any old Rust deps? That way, I hope we will have a much smoother ride moving forward with a Python update. I can take the current status, before Stefan's patches, and see how many existing rust modules can be removed. Anything that can be removed is a step forward. I think a problem moving forward is that more python modules are ending up being a combination of python and rust as the cryptography and maturin modules have already done. I have also seen a lot of rust modules covering the same stuff as covered by python modules. So the future I think looks like it will continue to be very frustrating. Regards, Adolf. > > All the best, > -Michael > >> On 22 Jan 2026, at 17:38, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >> >> Hello list followers, >> >> I'm currently updating rust and affected modules. >> >> This happends mainly because I'm trying to fix the "suricata cache >> grows infinite" problem, which a lot of people are affected. >> >> To archive this, I ported the patches from suricata main development >> branch to our used suricata version (8.0.3). >> >> To perform a full build, a new tool called cbindgen - which is a rust >> to c bindings generator, is required. >> >> Sadly this tool is also written in rust and requires some new >> dependencies and a more up to date rust compiler. >> >> I hope to send a patchset for all this very soon to the mailing list. >> >> Best regards, >> >> -Stefan >> >> > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-23 11:06 ` Adolf Belka @ 2026-01-25 14:19 ` Michael Tremer 2026-01-25 17:46 ` Stefan Schantl [not found] ` <a7484943d784c0a6e2088b2354f08bfbf42658b2.camel@gmx.at> 0 siblings, 2 replies; 17+ messages in thread From: Michael Tremer @ 2026-01-25 14:19 UTC (permalink / raw) To: Adolf Belka; +Cc: IPFire: Development-List Hello Adolf, > On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> wrote: > > Hi Michael, > > On 23/01/2026 11:31, Michael Tremer wrote: >> Hello Stefan, >> Hello list, >> Thank you for looking at this. Of course it is very important that we are able to stay on the latest version of Suricata. >> I have merged your monster of a patch so that we can move on for now, but I have a couple of bigger questions that we all should have a look at: >> Adolf has in the past spent a lot of time on updating Rust. This is all tapping into Python - or rather python-cryptography - having some Rust code that has further dependencies. In essence, it has been a huge headache to update this. Maybe Adolf even has some other words for this all. > > My words on this are that I have now tried multiple times to get a new python update built. Each time I have done it a bit different but the end result has been the same and that is that python-cryptography (which requires rust modules to be built) ends up requiring python-maturin that requires more rust modules but at the end of this the python-cryptography fails to find the built rust modules. > > I have been stuck at this last point so many times that I have realised that I am finding lots of reasons not to go and work on the python update. > That is not a good position and also python has now moved from 3.13 to 3.14 so things are moving away from me. > > I have come to the conclusion that someone else, more capable than me needs to have a go at the python update, so I am giving up on it but will continue working on other things. Hmm okay, you sound like you are giving up on this :) I know how many hours (we probably need to measure those in days or even weeks) you have spent on this though. Let’s pool resources together and finally get this done. Hopefully this will be a smoother ride as a combined effort. >> Just building cbindgen has required a further ~98 Rust crates to be packaged. Often we have the same crate in different versions because other crates have pinned a specific version. In total, we currently have ~790 packages in IPFire. Out of those, there are 202 packages in the rust-* namespace. That is pretty much a quarter of the distribution. Although not a lot in size, this is a considerable maintenance burden. >> ClamAV and Suricata have (recently?) started to bundle all their Rust dependencies with their release tarballs. Although this is not a good thing for many other reasons, it will move the onus onto the upstream projects to provide whatever they need. If their dependencies (and the dependencies of their dependencies) explode, this is not really our problem any more as well as any supply chain problems. Great - within reason. >> That leaves us with only very few packages that would actually require any external Rust crates (Suricata is even configured to *exclusively* use their bundled crates): cbindgen as a new thing, python-cryptography, anything else? We might actually only need a fraction of the Rust crates that we currently have as the only packages that may actually tap into our locally built repository are only those two. > > Unfortunately there is the addon oci-python-sdk that uses python-cryptography. python-cryptography was on my list. oci-python-sdk only uses Rust indirectly through python-cryptography, right? >> Is anyone happy to give this all a try and cleanup any old Rust deps? That way, I hope we will have a much smoother ride moving forward with a Python update. > > I can take the current status, before Stefan's patches, and see how many existing rust modules can be removed. Anything that can be removed is a step forward. Yes, I think we should try to shrink what we have now if that is possible at all. As most packages are bundling all Rust deps, there should be some we won’t need any more in the system. Then, we hopefully have much less to update/worry about in any other way when we start touching python-cryptography. So who is volunteering to do this? Commenting out all Rust packages, then build python-cryptography which will fail as it requires some Rust crates. Those will be there so they will only have to be commented in again. Once the package builds, we should then have a couple of packages still commented that we can drop. > I think a problem moving forward is that more python modules are ending up being a combination of python and rust as the cryptography and maturin modules have already done. I have also seen a lot of rust modules covering the same stuff as covered by python modules. So the future I think looks like it will continue to be very frustrating. Yes it does, but we will have to find a way whether we want it or not. -Michael > Regards, > > Adolf. > > >> All the best, >> -Michael >>> On 22 Jan 2026, at 17:38, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >>> >>> Hello list followers, >>> >>> I'm currently updating rust and affected modules. >>> >>> This happends mainly because I'm trying to fix the "suricata cache >>> grows infinite" problem, which a lot of people are affected. >>> >>> To archive this, I ported the patches from suricata main development >>> branch to our used suricata version (8.0.3). >>> >>> To perform a full build, a new tool called cbindgen - which is a rust >>> to c bindings generator, is required. >>> >>> Sadly this tool is also written in rust and requires some new >>> dependencies and a more up to date rust compiler. >>> >>> I hope to send a patchset for all this very soon to the mailing list. >>> >>> Best regards, >>> >>> -Stefan ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-25 14:19 ` Michael Tremer @ 2026-01-25 17:46 ` Stefan Schantl [not found] ` <a7484943d784c0a6e2088b2354f08bfbf42658b2.camel@gmx.at> 1 sibling, 0 replies; 17+ messages in thread From: Stefan Schantl @ 2026-01-25 17:46 UTC (permalink / raw) To: development Hello Adolf, Hello Michael, I would give the rust cleanup a try in the next few days. Adolf may I can ask you to put your current state of the python update into a git repositry? Thanks in advance, -Stefan > Hello Adolf, > > > On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> > > wrote: > > > > Hi Michael, > > > > On 23/01/2026 11:31, Michael Tremer wrote: > > > Hello Stefan, > > > Hello list, > > > Thank you for looking at this. Of course it is very important > > > that we are able to stay on the latest version of Suricata. > > > I have merged your monster of a patch so that we can move on for > > > now, but I have a couple of bigger questions that we all should > > > have a look at: > > > Adolf has in the past spent a lot of time on updating Rust. This > > > is all tapping into Python - or rather python-cryptography - > > > having some Rust code that has further dependencies. In essence, > > > it has been a huge headache to update this. Maybe Adolf even has > > > some other words for this all. > > > > My words on this are that I have now tried multiple times to get a > > new python update built. Each time I have done it a bit different > > but the end result has been the same and that is that python- > > cryptography (which requires rust modules to be built) ends up > > requiring python-maturin that requires more rust modules but at the > > end of this the python-cryptography fails to find the built rust > > modules. > > > > I have been stuck at this last point so many times that I have > > realised that I am finding lots of reasons not to go and work on > > the python update. > > That is not a good position and also python has now moved from 3.13 > > to 3.14 so things are moving away from me. > > > > I have come to the conclusion that someone else, more capable than > > me needs to have a go at the python update, so I am giving up on it > > but will continue working on other things. > > Hmm okay, you sound like you are giving up on this :) I know how many > hours (we probably need to measure those in days or even weeks) you > have spent on this though. > > Let’s pool resources together and finally get this done. Hopefully > this will be a smoother ride as a combined effort. > > > > Just building cbindgen has required a further ~98 Rust crates to > > > be packaged. Often we have the same crate in different versions > > > because other crates have pinned a specific version. In total, we > > > currently have ~790 packages in IPFire. Out of those, there are > > > 202 packages in the rust-* namespace. That is pretty much a > > > quarter of the distribution. Although not a lot in size, this is > > > a considerable maintenance burden. > > > ClamAV and Suricata have (recently?) started to bundle all their > > > Rust dependencies with their release tarballs. Although this is > > > not a good thing for many other reasons, it will move the onus > > > onto the upstream projects to provide whatever they need. If > > > their dependencies (and the dependencies of their dependencies) > > > explode, this is not really our problem any more as well as any > > > supply chain problems. Great - within reason. > > > That leaves us with only very few packages that would actually > > > require any external Rust crates (Suricata is even configured to > > > *exclusively* use their bundled crates): cbindgen as a new thing, > > > python-cryptography, anything else? We might actually only need a > > > fraction of the Rust crates that we currently have as the only > > > packages that may actually tap into our locally built repository > > > are only those two. > > > > Unfortunately there is the addon oci-python-sdk that uses python- > > cryptography. > > python-cryptography was on my list. oci-python-sdk only uses Rust > indirectly through python-cryptography, right? > > > > Is anyone happy to give this all a try and cleanup any old Rust > > > deps? That way, I hope we will have a much smoother ride moving > > > forward with a Python update. > > > > I can take the current status, before Stefan's patches, and see how > > many existing rust modules can be removed. Anything that can be > > removed is a step forward. > > Yes, I think we should try to shrink what we have now if that is > possible at all. As most packages are bundling all Rust deps, there > should be some we won’t need any more in the system. > > Then, we hopefully have much less to update/worry about in any other > way when we start touching python-cryptography. > > So who is volunteering to do this? Commenting out all Rust packages, > then build python-cryptography which will fail as it requires some > Rust crates. Those will be there so they will only have to be > commented in again. Once the package builds, we should then have a > couple of packages still commented that we can drop. > > > I think a problem moving forward is that more python modules are > > ending up being a combination of python and rust as the > > cryptography and maturin modules have already done. I have also > > seen a lot of rust modules covering the same stuff as covered by > > python modules. So the future I think looks like it will continue > > to be very frustrating. > > Yes it does, but we will have to find a way whether we want it or > not. > > -Michael > > > Regards, > > > > Adolf. > > > > > > > All the best, > > > -Michael > > > > On 22 Jan 2026, at 17:38, Stefan Schantl > > > > <stefan.schantl@ipfire.org> wrote: > > > > > > > > Hello list followers, > > > > > > > > I'm currently updating rust and affected modules. > > > > > > > > This happends mainly because I'm trying to fix the "suricata > > > > cache > > > > grows infinite" problem, which a lot of people are affected. > > > > > > > > To archive this, I ported the patches from suricata main > > > > development > > > > branch to our used suricata version (8.0.3). > > > > > > > > To perform a full build, a new tool called cbindgen - which is > > > > a rust > > > > to c bindings generator, is required. > > > > > > > > Sadly this tool is also written in rust and requires some new > > > > dependencies and a more up to date rust compiler. > > > > > > > > I hope to send a patchset for all this very soon to the mailing > > > > list. > > > > > > > > Best regards, > > > > > > > > -Stefan > > ^ permalink raw reply [flat|nested] 17+ messages in thread
[parent not found: <a7484943d784c0a6e2088b2354f08bfbf42658b2.camel@gmx.at>]
* Re: Updating rust and eco system [not found] ` <a7484943d784c0a6e2088b2354f08bfbf42658b2.camel@gmx.at> @ 2026-01-26 13:54 ` Stefan Schantl 2026-01-26 15:31 ` Stefan Schantl 0 siblings, 1 reply; 17+ messages in thread From: Stefan Schantl @ 2026-01-26 13:54 UTC (permalink / raw) To: development Hello list, currently I'm working on cleaning up the rust packages. For these I disabled all rust modules in the make.sh file and perform a clean build as Michael suggested. At the moment I'm past the stage where "cbindgen" successfully has been build and have 103 rust modules (inlcluding there sub-dependencies) only for this one tool. An additional rust module is required to build suricata. This is because of patching the source code the required rust module is not part of their source tarball. This currently summs to 104 rust modules for the moment. I'm looking forward when python-cryptography kicks in its module whishes.... Best regards, -Stefan > Hello Adolf, > Hello Michael, > > I would give the rust cleanup a try in the next few days. > > Adolf may I can ask you to put your current state of the python > update > into a git repositry? > > Thanks in advance, > > -Stefan > > > Hello Adolf, > > > > > On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> > > > wrote: > > > > > > Hi Michael, > > > > > > On 23/01/2026 11:31, Michael Tremer wrote: > > > > Hello Stefan, > > > > Hello list, > > > > Thank you for looking at this. Of course it is very important > > > > that we are able to stay on the latest version of Suricata. > > > > I have merged your monster of a patch so that we can move on > > > > for > > > > now, but I have a couple of bigger questions that we all should > > > > have a look at: > > > > Adolf has in the past spent a lot of time on updating Rust. > > > > This > > > > is all tapping into Python - or rather python-cryptography - > > > > having some Rust code that has further dependencies. In > > > > essence, > > > > it has been a huge headache to update this. Maybe Adolf even > > > > has > > > > some other words for this all. > > > > > > My words on this are that I have now tried multiple times to get > > > a > > > new python update built. Each time I have done it a bit different > > > but the end result has been the same and that is that python- > > > cryptography (which requires rust modules to be built) ends up > > > requiring python-maturin that requires more rust modules but at > > > the > > > end of this the python-cryptography fails to find the built rust > > > modules. > > > > > > I have been stuck at this last point so many times that I have > > > realised that I am finding lots of reasons not to go and work on > > > the python update. > > > That is not a good position and also python has now moved from > > > 3.13 > > > to 3.14 so things are moving away from me. > > > > > > I have come to the conclusion that someone else, more capable > > > than > > > me needs to have a go at the python update, so I am giving up on > > > it > > > but will continue working on other things. > > > > Hmm okay, you sound like you are giving up on this :) I know how > > many > > hours (we probably need to measure those in days or even weeks) you > > have spent on this though. > > > > Let’s pool resources together and finally get this done. Hopefully > > this will be a smoother ride as a combined effort. > > > > > > Just building cbindgen has required a further ~98 Rust crates > > > > to > > > > be packaged. Often we have the same crate in different versions > > > > because other crates have pinned a specific version. In total, > > > > we > > > > currently have ~790 packages in IPFire. Out of those, there are > > > > 202 packages in the rust-* namespace. That is pretty much a > > > > quarter of the distribution. Although not a lot in size, this > > > > is > > > > a considerable maintenance burden. > > > > ClamAV and Suricata have (recently?) started to bundle all > > > > their > > > > Rust dependencies with their release tarballs. Although this is > > > > not a good thing for many other reasons, it will move the onus > > > > onto the upstream projects to provide whatever they need. If > > > > their dependencies (and the dependencies of their dependencies) > > > > explode, this is not really our problem any more as well as any > > > > supply chain problems. Great - within reason. > > > > That leaves us with only very few packages that would actually > > > > require any external Rust crates (Suricata is even configured > > > > to > > > > *exclusively* use their bundled crates): cbindgen as a new > > > > thing, > > > > python-cryptography, anything else? We might actually only need > > > > a > > > > fraction of the Rust crates that we currently have as the only > > > > packages that may actually tap into our locally built > > > > repository > > > > are only those two. > > > > > > Unfortunately there is the addon oci-python-sdk that uses python- > > > cryptography. > > > > python-cryptography was on my list. oci-python-sdk only uses Rust > > indirectly through python-cryptography, right? > > > > > > Is anyone happy to give this all a try and cleanup any old Rust > > > > deps? That way, I hope we will have a much smoother ride moving > > > > forward with a Python update. > > > > > > I can take the current status, before Stefan's patches, and see > > > how > > > many existing rust modules can be removed. Anything that can be > > > removed is a step forward. > > > > Yes, I think we should try to shrink what we have now if that is > > possible at all. As most packages are bundling all Rust deps, there > > should be some we won’t need any more in the system. > > > > Then, we hopefully have much less to update/worry about in any > > other > > way when we start touching python-cryptography. > > > > So who is volunteering to do this? Commenting out all Rust > > packages, > > then build python-cryptography which will fail as it requires some > > Rust crates. Those will be there so they will only have to be > > commented in again. Once the package builds, we should then have a > > couple of packages still commented that we can drop. > > > > > I think a problem moving forward is that more python modules are > > > ending up being a combination of python and rust as the > > > cryptography and maturin modules have already done. I have also > > > seen a lot of rust modules covering the same stuff as covered by > > > python modules. So the future I think looks like it will continue > > > to be very frustrating. > > > > Yes it does, but we will have to find a way whether we want it or > > not. > > > > -Michael > > > > > Regards, > > > > > > Adolf. > > > > > > > > > > All the best, > > > > -Michael > > > > > On 22 Jan 2026, at 17:38, Stefan Schantl > > > > > <stefan.schantl@ipfire.org> wrote: > > > > > > > > > > Hello list followers, > > > > > > > > > > I'm currently updating rust and affected modules. > > > > > > > > > > This happends mainly because I'm trying to fix the "suricata > > > > > cache > > > > > grows infinite" problem, which a lot of people are affected. > > > > > > > > > > To archive this, I ported the patches from suricata main > > > > > development > > > > > branch to our used suricata version (8.0.3). > > > > > > > > > > To perform a full build, a new tool called cbindgen - which > > > > > is > > > > > a rust > > > > > to c bindings generator, is required. > > > > > > > > > > Sadly this tool is also written in rust and requires some new > > > > > dependencies and a more up to date rust compiler. > > > > > > > > > > I hope to send a patchset for all this very soon to the > > > > > mailing > > > > > list. > > > > > > > > > > Best regards, > > > > > > > > > > -Stefan > > > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-26 13:54 ` Stefan Schantl @ 2026-01-26 15:31 ` Stefan Schantl 2026-01-26 17:23 ` Michael Tremer 0 siblings, 1 reply; 17+ messages in thread From: Stefan Schantl @ 2026-01-26 15:31 UTC (permalink / raw) To: development Hello list it's me again, the build process now reached python-cryptography which requires rust- asn1, which requires rust-ans1_derive, which did not build because of a to new version of rust-syn. rust-asn1_derive (0.12.2) [ 1 ][ FAIL ] make: Nothing to be done for 'download'. make: Leaving directory '/home/ipfire-2.x/lfs' make: Entering directory '/usr/src/lfs' toml-0.8.19.tar.gz checksum OK make: Nothing to be done for 'install'. make: Leaving directory '/usr/src/lfs' Jän 26 15:18:59: Building rust-asn1_derive make: Entering directory '/home/ipfire-2.x/lfs' make: Nothing to be done for 'download'. make: Leaving directory '/home/ipfire-2.x/lfs' make: Entering directory '/usr/src/lfs' asn1_derive-0.12.2.tar.gz checksum OK ====================================== Installing asn1_derive- 0.12.2 ... Install started; saving file list to /usr/src/lsalr ... cd /usr/src/asn1_derive-0.12.2 && if [ -f Cargo.toml.orig ]; then \ rm -f Cargo.toml.orig; \ fi; \ cd /usr/src/asn1_derive-0.12.2 && mkdir -p /usr/src/asn1_derive- 0.12.2/.cargo && echo "${CARGO_CONFIG}" > /usr/src/asn1_derive- 0.12.2/.cargo/config && rm -f Cargo.lock cd /usr/src/asn1_derive-0.12.2 && CARGOPATH=/usr/src/asn1_derive- 0.12.2/.cargo RUSTC_BOOTSTRAP=1 cargo --offline build --release -Z avoid-dev-deps -j12 warning: `/usr/src/asn1_derive-0.12.2/.cargo/config` is deprecated in favor of `config.toml` | = help: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml` error: failed to select a version for the requirement `syn = "^1.0.58"` candidate versions found which didn't match: 2.0.114 location searched: directory source `/usr/share/cargo/registry` (which is replacing registry `crates-io`) required by package `asn1_derive v0.12.2 (/usr/src/asn1_derive- 0.12.2)` perhaps a crate was updated and forgotten to be re-vendored? As a reminder, you're using offline mode (--offline) which can sometimes cause surprising resolution failures, if this error is too confusing you may wish to retry without `--offline`. make: *** [rust-asn1_derive:78: /usr/src/log/asn1_derive-0.12.2] Error 101 make: Leaving directory '/usr/src/lfs' ERROR: Building rust-asn1_derive [ FAIL ] Check /home/ipfire-2.x/log_x86_64/_build.ipfire.log for errors if applicable [ FAIL ] root@localhost:/home/ipfire-2.x# Currently there is an older version of the rust-syn packaged, which would allow me to bypass this issue, but would violence the goal of getting rid of unneccessary rust modules. Theoretically I also could update the asn1_derive crate to the latest version but this may break building the next modules. May this could act as starting point for the python update, where all the rust stuff also needs to be touched..... @Adolf, @Michael what do you think about that? Thanks in advance, -Stefan > Hello list, > > currently I'm working on cleaning up the rust packages. > > For these I disabled all rust modules in the make.sh file and perform > a > clean build as Michael suggested. > > At the moment I'm past the stage where "cbindgen" successfully has > been > build and have 103 rust modules (inlcluding there sub-dependencies) > only for this one tool. > > An additional rust module is required to build suricata. This is > because of patching the source code the required rust module is not > part of their source tarball. > > This currently summs to 104 rust modules for the moment. > > I'm looking forward when python-cryptography kicks in its module > whishes.... > > Best regards, > > -Stefan > > Hello Adolf, > > Hello Michael, > > > > I would give the rust cleanup a try in the next few days. > > > > Adolf may I can ask you to put your current state of the python > > update > > into a git repositry? > > > > Thanks in advance, > > > > -Stefan > > > > > Hello Adolf, > > > > > > > On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> > > > > wrote: > > > > > > > > Hi Michael, > > > > > > > > On 23/01/2026 11:31, Michael Tremer wrote: > > > > > Hello Stefan, > > > > > Hello list, > > > > > Thank you for looking at this. Of course it is very important > > > > > that we are able to stay on the latest version of Suricata. > > > > > I have merged your monster of a patch so that we can move on > > > > > for > > > > > now, but I have a couple of bigger questions that we all > > > > > should > > > > > have a look at: > > > > > Adolf has in the past spent a lot of time on updating Rust. > > > > > This > > > > > is all tapping into Python - or rather python-cryptography - > > > > > having some Rust code that has further dependencies. In > > > > > essence, > > > > > it has been a huge headache to update this. Maybe Adolf even > > > > > has > > > > > some other words for this all. > > > > > > > > My words on this are that I have now tried multiple times to > > > > get > > > > a > > > > new python update built. Each time I have done it a bit > > > > different > > > > but the end result has been the same and that is that python- > > > > cryptography (which requires rust modules to be built) ends up > > > > requiring python-maturin that requires more rust modules but at > > > > the > > > > end of this the python-cryptography fails to find the built > > > > rust > > > > modules. > > > > > > > > I have been stuck at this last point so many times that I have > > > > realised that I am finding lots of reasons not to go and work > > > > on > > > > the python update. > > > > That is not a good position and also python has now moved from > > > > 3.13 > > > > to 3.14 so things are moving away from me. > > > > > > > > I have come to the conclusion that someone else, more capable > > > > than > > > > me needs to have a go at the python update, so I am giving up > > > > on > > > > it > > > > but will continue working on other things. > > > > > > Hmm okay, you sound like you are giving up on this :) I know how > > > many > > > hours (we probably need to measure those in days or even weeks) > > > you > > > have spent on this though. > > > > > > Let’s pool resources together and finally get this done. > > > Hopefully > > > this will be a smoother ride as a combined effort. > > > > > > > > Just building cbindgen has required a further ~98 Rust crates > > > > > to > > > > > be packaged. Often we have the same crate in different > > > > > versions > > > > > because other crates have pinned a specific version. In > > > > > total, > > > > > we > > > > > currently have ~790 packages in IPFire. Out of those, there > > > > > are > > > > > 202 packages in the rust-* namespace. That is pretty much a > > > > > quarter of the distribution. Although not a lot in size, this > > > > > is > > > > > a considerable maintenance burden. > > > > > ClamAV and Suricata have (recently?) started to bundle all > > > > > their > > > > > Rust dependencies with their release tarballs. Although this > > > > > is > > > > > not a good thing for many other reasons, it will move the > > > > > onus > > > > > onto the upstream projects to provide whatever they need. If > > > > > their dependencies (and the dependencies of their > > > > > dependencies) > > > > > explode, this is not really our problem any more as well as > > > > > any > > > > > supply chain problems. Great - within reason. > > > > > That leaves us with only very few packages that would > > > > > actually > > > > > require any external Rust crates (Suricata is even configured > > > > > to > > > > > *exclusively* use their bundled crates): cbindgen as a new > > > > > thing, > > > > > python-cryptography, anything else? We might actually only > > > > > need > > > > > a > > > > > fraction of the Rust crates that we currently have as the > > > > > only > > > > > packages that may actually tap into our locally built > > > > > repository > > > > > are only those two. > > > > > > > > Unfortunately there is the addon oci-python-sdk that uses > > > > python- > > > > cryptography. > > > > > > python-cryptography was on my list. oci-python-sdk only uses Rust > > > indirectly through python-cryptography, right? > > > > > > > > Is anyone happy to give this all a try and cleanup any old > > > > > Rust > > > > > deps? That way, I hope we will have a much smoother ride > > > > > moving > > > > > forward with a Python update. > > > > > > > > I can take the current status, before Stefan's patches, and see > > > > how > > > > many existing rust modules can be removed. Anything that can be > > > > removed is a step forward. > > > > > > Yes, I think we should try to shrink what we have now if that is > > > possible at all. As most packages are bundling all Rust deps, > > > there > > > should be some we won’t need any more in the system. > > > > > > Then, we hopefully have much less to update/worry about in any > > > other > > > way when we start touching python-cryptography. > > > > > > So who is volunteering to do this? Commenting out all Rust > > > packages, > > > then build python-cryptography which will fail as it requires > > > some > > > Rust crates. Those will be there so they will only have to be > > > commented in again. Once the package builds, we should then have > > > a > > > couple of packages still commented that we can drop. > > > > > > > I think a problem moving forward is that more python modules > > > > are > > > > ending up being a combination of python and rust as the > > > > cryptography and maturin modules have already done. I have also > > > > seen a lot of rust modules covering the same stuff as covered > > > > by > > > > python modules. So the future I think looks like it will > > > > continue > > > > to be very frustrating. > > > > > > Yes it does, but we will have to find a way whether we want it or > > > not. > > > > > > -Michael > > > > > > > Regards, > > > > > > > > Adolf. > > > > > > > > > > > > > All the best, > > > > > -Michael > > > > > > On 22 Jan 2026, at 17:38, Stefan Schantl > > > > > > <stefan.schantl@ipfire.org> wrote: > > > > > > > > > > > > Hello list followers, > > > > > > > > > > > > I'm currently updating rust and affected modules. > > > > > > > > > > > > This happends mainly because I'm trying to fix the > > > > > > "suricata > > > > > > cache > > > > > > grows infinite" problem, which a lot of people are > > > > > > affected. > > > > > > > > > > > > To archive this, I ported the patches from suricata main > > > > > > development > > > > > > branch to our used suricata version (8.0.3). > > > > > > > > > > > > To perform a full build, a new tool called cbindgen - which > > > > > > is > > > > > > a rust > > > > > > to c bindings generator, is required. > > > > > > > > > > > > Sadly this tool is also written in rust and requires some > > > > > > new > > > > > > dependencies and a more up to date rust compiler. > > > > > > > > > > > > I hope to send a patchset for all this very soon to the > > > > > > mailing > > > > > > list. > > > > > > > > > > > > Best regards, > > > > > > > > > > > > -Stefan > > > > > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-26 15:31 ` Stefan Schantl @ 2026-01-26 17:23 ` Michael Tremer 2026-01-26 19:07 ` Adolf Belka 0 siblings, 1 reply; 17+ messages in thread From: Michael Tremer @ 2026-01-26 17:23 UTC (permalink / raw) To: Stefan Schantl; +Cc: development Hello Stefan, Thanks for looking into this. I would suggest that for the cleanup project, it would be best to keep two versions of rust-syn. Obviously this will inflate the number of packages for now, but actually starting to update and therefore potentially add more dependencies does not sounds wise to me. We would mix up too many changes into one which is never good. Please start a list with all those packages that we would have to have a look at once the cleanup has been completed and we will start with updating them. That way we should be able keep this cleaner and hopefully won’t introduce too many new dependencies. In the end, I guess we will have to run this cleanup more than just this time, because we never know which package has dropped any dependencies. This is however rather unlikely. Best, -Michael > On 26 Jan 2026, at 15:31, Stefan Schantl <stefan.schantl@ipfire.org> wrote: > > Hello list it's me again, > > the build process now reached python-cryptography which requires rust- > asn1, which requires rust-ans1_derive, which did not build because of a > to new version of rust-syn. > > rust-asn1_derive (0.12.2) > [ 1 ][ FAIL ] > > make: Nothing to be done for 'download'. > make: Leaving directory '/home/ipfire-2.x/lfs' > make: Entering directory '/usr/src/lfs' > toml-0.8.19.tar.gz checksum OK > make: Nothing to be done for 'install'. > make: Leaving directory '/usr/src/lfs' > Jän 26 15:18:59: Building rust-asn1_derive make: Entering directory > '/home/ipfire-2.x/lfs' > make: Nothing to be done for 'download'. > make: Leaving directory '/home/ipfire-2.x/lfs' > make: Entering directory '/usr/src/lfs' > asn1_derive-0.12.2.tar.gz checksum OK > ====================================== Installing asn1_derive- > 0.12.2 ... > Install started; saving file list to /usr/src/lsalr ... > cd /usr/src/asn1_derive-0.12.2 && if [ -f Cargo.toml.orig ]; then \ > rm -f Cargo.toml.orig; \ > fi; \ > > cd /usr/src/asn1_derive-0.12.2 && mkdir -p /usr/src/asn1_derive- > 0.12.2/.cargo && echo "${CARGO_CONFIG}" > /usr/src/asn1_derive- > 0.12.2/.cargo/config && rm -f Cargo.lock > cd /usr/src/asn1_derive-0.12.2 && CARGOPATH=/usr/src/asn1_derive- > 0.12.2/.cargo RUSTC_BOOTSTRAP=1 cargo --offline build --release -Z > avoid-dev-deps -j12 > warning: `/usr/src/asn1_derive-0.12.2/.cargo/config` is deprecated > in favor of `config.toml` > | > = help: if you need to support cargo 1.38 or earlier, you can > symlink `config` to `config.toml` > error: failed to select a version for the requirement `syn = > "^1.0.58"` > candidate versions found which didn't match: 2.0.114 > location searched: directory source `/usr/share/cargo/registry` > (which is replacing registry `crates-io`) > required by package `asn1_derive v0.12.2 (/usr/src/asn1_derive- > 0.12.2)` > perhaps a crate was updated and forgotten to be re-vendored? > As a reminder, you're using offline mode (--offline) which can > sometimes cause surprising resolution failures, if this error is too > confusing you may wish to retry without `--offline`. > make: *** [rust-asn1_derive:78: /usr/src/log/asn1_derive-0.12.2] > Error 101 > make: Leaving directory '/usr/src/lfs' > > ERROR: Building rust-asn1_derive > [ FAIL ] > Check /home/ipfire-2.x/log_x86_64/_build.ipfire.log for errors if > applicable > [ FAIL ] > root@localhost:/home/ipfire-2.x# > > Currently there is an older version of the rust-syn packaged, which > would allow me to bypass this issue, but would violence the goal of > getting rid of unneccessary rust modules. > > Theoretically I also could update the asn1_derive crate to the latest > version but this may break building the next modules. > > May this could act as starting point for the python update, where all > the rust stuff also needs to be touched..... > > @Adolf, @Michael what do you think about that? > > Thanks in advance, > > -Stefan > > > >> Hello list, >> >> currently I'm working on cleaning up the rust packages. >> >> For these I disabled all rust modules in the make.sh file and perform >> a >> clean build as Michael suggested. >> >> At the moment I'm past the stage where "cbindgen" successfully has >> been >> build and have 103 rust modules (inlcluding there sub-dependencies) >> only for this one tool. >> >> An additional rust module is required to build suricata. This is >> because of patching the source code the required rust module is not >> part of their source tarball. >> >> This currently summs to 104 rust modules for the moment. >> >> I'm looking forward when python-cryptography kicks in its module >> whishes.... >> >> Best regards, >> >> -Stefan >>> Hello Adolf, >>> Hello Michael, >>> >>> I would give the rust cleanup a try in the next few days. >>> >>> Adolf may I can ask you to put your current state of the python >>> update >>> into a git repositry? >>> >>> Thanks in advance, >>> >>> -Stefan >>> >>>> Hello Adolf, >>>> >>>>> On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> >>>>> wrote: >>>>> >>>>> Hi Michael, >>>>> >>>>> On 23/01/2026 11:31, Michael Tremer wrote: >>>>>> Hello Stefan, >>>>>> Hello list, >>>>>> Thank you for looking at this. Of course it is very important >>>>>> that we are able to stay on the latest version of Suricata. >>>>>> I have merged your monster of a patch so that we can move on >>>>>> for >>>>>> now, but I have a couple of bigger questions that we all >>>>>> should >>>>>> have a look at: >>>>>> Adolf has in the past spent a lot of time on updating Rust. >>>>>> This >>>>>> is all tapping into Python - or rather python-cryptography - >>>>>> having some Rust code that has further dependencies. In >>>>>> essence, >>>>>> it has been a huge headache to update this. Maybe Adolf even >>>>>> has >>>>>> some other words for this all. >>>>> >>>>> My words on this are that I have now tried multiple times to >>>>> get >>>>> a >>>>> new python update built. Each time I have done it a bit >>>>> different >>>>> but the end result has been the same and that is that python- >>>>> cryptography (which requires rust modules to be built) ends up >>>>> requiring python-maturin that requires more rust modules but at >>>>> the >>>>> end of this the python-cryptography fails to find the built >>>>> rust >>>>> modules. >>>>> >>>>> I have been stuck at this last point so many times that I have >>>>> realised that I am finding lots of reasons not to go and work >>>>> on >>>>> the python update. >>>>> That is not a good position and also python has now moved from >>>>> 3.13 >>>>> to 3.14 so things are moving away from me. >>>>> >>>>> I have come to the conclusion that someone else, more capable >>>>> than >>>>> me needs to have a go at the python update, so I am giving up >>>>> on >>>>> it >>>>> but will continue working on other things. >>>> >>>> Hmm okay, you sound like you are giving up on this :) I know how >>>> many >>>> hours (we probably need to measure those in days or even weeks) >>>> you >>>> have spent on this though. >>>> >>>> Let’s pool resources together and finally get this done. >>>> Hopefully >>>> this will be a smoother ride as a combined effort. >>>> >>>>>> Just building cbindgen has required a further ~98 Rust crates >>>>>> to >>>>>> be packaged. Often we have the same crate in different >>>>>> versions >>>>>> because other crates have pinned a specific version. In >>>>>> total, >>>>>> we >>>>>> currently have ~790 packages in IPFire. Out of those, there >>>>>> are >>>>>> 202 packages in the rust-* namespace. That is pretty much a >>>>>> quarter of the distribution. Although not a lot in size, this >>>>>> is >>>>>> a considerable maintenance burden. >>>>>> ClamAV and Suricata have (recently?) started to bundle all >>>>>> their >>>>>> Rust dependencies with their release tarballs. Although this >>>>>> is >>>>>> not a good thing for many other reasons, it will move the >>>>>> onus >>>>>> onto the upstream projects to provide whatever they need. If >>>>>> their dependencies (and the dependencies of their >>>>>> dependencies) >>>>>> explode, this is not really our problem any more as well as >>>>>> any >>>>>> supply chain problems. Great - within reason. >>>>>> That leaves us with only very few packages that would >>>>>> actually >>>>>> require any external Rust crates (Suricata is even configured >>>>>> to >>>>>> *exclusively* use their bundled crates): cbindgen as a new >>>>>> thing, >>>>>> python-cryptography, anything else? We might actually only >>>>>> need >>>>>> a >>>>>> fraction of the Rust crates that we currently have as the >>>>>> only >>>>>> packages that may actually tap into our locally built >>>>>> repository >>>>>> are only those two. >>>>> >>>>> Unfortunately there is the addon oci-python-sdk that uses >>>>> python- >>>>> cryptography. >>>> >>>> python-cryptography was on my list. oci-python-sdk only uses Rust >>>> indirectly through python-cryptography, right? >>>> >>>>>> Is anyone happy to give this all a try and cleanup any old >>>>>> Rust >>>>>> deps? That way, I hope we will have a much smoother ride >>>>>> moving >>>>>> forward with a Python update. >>>>> >>>>> I can take the current status, before Stefan's patches, and see >>>>> how >>>>> many existing rust modules can be removed. Anything that can be >>>>> removed is a step forward. >>>> >>>> Yes, I think we should try to shrink what we have now if that is >>>> possible at all. As most packages are bundling all Rust deps, >>>> there >>>> should be some we won’t need any more in the system. >>>> >>>> Then, we hopefully have much less to update/worry about in any >>>> other >>>> way when we start touching python-cryptography. >>>> >>>> So who is volunteering to do this? Commenting out all Rust >>>> packages, >>>> then build python-cryptography which will fail as it requires >>>> some >>>> Rust crates. Those will be there so they will only have to be >>>> commented in again. Once the package builds, we should then have >>>> a >>>> couple of packages still commented that we can drop. >>>> >>>>> I think a problem moving forward is that more python modules >>>>> are >>>>> ending up being a combination of python and rust as the >>>>> cryptography and maturin modules have already done. I have also >>>>> seen a lot of rust modules covering the same stuff as covered >>>>> by >>>>> python modules. So the future I think looks like it will >>>>> continue >>>>> to be very frustrating. >>>> >>>> Yes it does, but we will have to find a way whether we want it or >>>> not. >>>> >>>> -Michael >>>> >>>>> Regards, >>>>> >>>>> Adolf. >>>>> >>>>> >>>>>> All the best, >>>>>> -Michael >>>>>>> On 22 Jan 2026, at 17:38, Stefan Schantl >>>>>>> <stefan.schantl@ipfire.org> wrote: >>>>>>> >>>>>>> Hello list followers, >>>>>>> >>>>>>> I'm currently updating rust and affected modules. >>>>>>> >>>>>>> This happends mainly because I'm trying to fix the >>>>>>> "suricata >>>>>>> cache >>>>>>> grows infinite" problem, which a lot of people are >>>>>>> affected. >>>>>>> >>>>>>> To archive this, I ported the patches from suricata main >>>>>>> development >>>>>>> branch to our used suricata version (8.0.3). >>>>>>> >>>>>>> To perform a full build, a new tool called cbindgen - which >>>>>>> is >>>>>>> a rust >>>>>>> to c bindings generator, is required. >>>>>>> >>>>>>> Sadly this tool is also written in rust and requires some >>>>>>> new >>>>>>> dependencies and a more up to date rust compiler. >>>>>>> >>>>>>> I hope to send a patchset for all this very soon to the >>>>>>> mailing >>>>>>> list. >>>>>>> >>>>>>> Best regards, >>>>>>> >>>>>>> -Stefan >>>> >>>> > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-26 17:23 ` Michael Tremer @ 2026-01-26 19:07 ` Adolf Belka 2026-01-27 10:36 ` Michael Tremer 0 siblings, 1 reply; 17+ messages in thread From: Adolf Belka @ 2026-01-26 19:07 UTC (permalink / raw) To: Michael Tremer; +Cc: Stefan Schantl, IPFire: Development-List Hi Michael & Stefan, On 26/01/2026 18:23, Michael Tremer wrote: > Hello Stefan, > > Thanks for looking into this. > > I would suggest that for the cleanup project, it would be best to keep two versions of rust-syn. Obviously this will inflate the number of packages for now, but actually starting to update and therefore potentially add more dependencies does not sounds wise to me. We would mix up too many changes into one which is never good. I am pretty certain from my work on the python update, which required rust updates, that you will find that you will need two different versions of rust-syn as one rust module will require an older version and another rust module will require a newer version and the two won't overlap. In my work there were even some rust modules where I ended up with the latest version plus two older versions being required. > > Please start a list with all those packages that we would have to have a look at once the cleanup has been completed and we will start with updating them. That way we should be able keep this cleaner and hopefully won’t introduce too many new dependencies. > > In the end, I guess we will have to run this cleanup more than just this time, because we never know which package has dropped any dependencies. This is however rather unlikely. > > Best, > -Michael > >> On 26 Jan 2026, at 15:31, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >> >> Hello list it's me again, >> >> the build process now reached python-cryptography which requires rust- >> asn1, which requires rust-ans1_derive, which did not build because of a >> to new version of rust-syn. >> >> rust-asn1_derive (0.12.2) >> [ 1 ][ FAIL ] >> >> make: Nothing to be done for 'download'. >> make: Leaving directory '/home/ipfire-2.x/lfs' >> make: Entering directory '/usr/src/lfs' >> toml-0.8.19.tar.gz checksum OK >> make: Nothing to be done for 'install'. >> make: Leaving directory '/usr/src/lfs' >> Jän 26 15:18:59: Building rust-asn1_derive make: Entering directory >> '/home/ipfire-2.x/lfs' >> make: Nothing to be done for 'download'. >> make: Leaving directory '/home/ipfire-2.x/lfs' >> make: Entering directory '/usr/src/lfs' >> asn1_derive-0.12.2.tar.gz checksum OK >> ====================================== Installing asn1_derive- >> 0.12.2 ... >> Install started; saving file list to /usr/src/lsalr ... >> cd /usr/src/asn1_derive-0.12.2 && if [ -f Cargo.toml.orig ]; then \ >> rm -f Cargo.toml.orig; \ >> fi; \ >> >> cd /usr/src/asn1_derive-0.12.2 && mkdir -p /usr/src/asn1_derive- >> 0.12.2/.cargo && echo "${CARGO_CONFIG}" > /usr/src/asn1_derive- >> 0.12.2/.cargo/config && rm -f Cargo.lock >> cd /usr/src/asn1_derive-0.12.2 && CARGOPATH=/usr/src/asn1_derive- >> 0.12.2/.cargo RUSTC_BOOTSTRAP=1 cargo --offline build --release -Z >> avoid-dev-deps -j12 >> warning: `/usr/src/asn1_derive-0.12.2/.cargo/config` is deprecated >> in favor of `config.toml` >> | >> = help: if you need to support cargo 1.38 or earlier, you can >> symlink `config` to `config.toml` >> error: failed to select a version for the requirement `syn = >> "^1.0.58"` >> candidate versions found which didn't match: 2.0.114 >> location searched: directory source `/usr/share/cargo/registry` >> (which is replacing registry `crates-io`) >> required by package `asn1_derive v0.12.2 (/usr/src/asn1_derive- >> 0.12.2)` >> perhaps a crate was updated and forgotten to be re-vendored? >> As a reminder, you're using offline mode (--offline) which can >> sometimes cause surprising resolution failures, if this error is too >> confusing you may wish to retry without `--offline`. >> make: *** [rust-asn1_derive:78: /usr/src/log/asn1_derive-0.12.2] >> Error 101 >> make: Leaving directory '/usr/src/lfs' >> >> ERROR: Building rust-asn1_derive >> [ FAIL ] >> Check /home/ipfire-2.x/log_x86_64/_build.ipfire.log for errors if >> applicable >> [ FAIL ] >> root@localhost:/home/ipfire-2.x# >> >> Currently there is an older version of the rust-syn packaged, which >> would allow me to bypass this issue, but would violence the goal of >> getting rid of unneccessary rust modules. >> >> Theoretically I also could update the asn1_derive crate to the latest >> version but this may break building the next modules. >> >> May this could act as starting point for the python update, where all >> the rust stuff also needs to be touched..... >> >> @Adolf, @Michael what do you think about that? >> >> Thanks in advance, >> >> -Stefan >> >> >> >>> Hello list, >>> >>> currently I'm working on cleaning up the rust packages. >>> >>> For these I disabled all rust modules in the make.sh file and perform >>> a >>> clean build as Michael suggested. >>> >>> At the moment I'm past the stage where "cbindgen" successfully has >>> been >>> build and have 103 rust modules (inlcluding there sub-dependencies) >>> only for this one tool. >>> >>> An additional rust module is required to build suricata. This is >>> because of patching the source code the required rust module is not >>> part of their source tarball. >>> >>> This currently summs to 104 rust modules for the moment. >>> >>> I'm looking forward when python-cryptography kicks in its module >>> whishes.... >>> >>> Best regards, >>> >>> -Stefan >>>> Hello Adolf, >>>> Hello Michael, >>>> >>>> I would give the rust cleanup a try in the next few days. >>>> >>>> Adolf may I can ask you to put your current state of the python >>>> update >>>> into a git repositry? As my last work from November last year was not completed and is based on an older status now and also on python3.13 vs the current 3.14, I think it makes more sense that once Stefan has completed the clean up of the rust modules, I then take that as the starting point and go through all my changes as done before until I get to the problem I experience with python-cryptography not being able to find any of the rust modules required by python-maturin. That has always been the point where I got stuck. At that time I will then put that git branch I am working on into my personal IPFire git repo so that the two of you can look at it to see what I am doing wrong at that stage. That way, I can still contribute with all the update steps that I can do but hand it over when it gets to the step that has consistently beat me. Regards, Adolf. >>>> >>>> Thanks in advance, >>>> >>>> -Stefan >>>> >>>>> Hello Adolf, >>>>> >>>>>> On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> >>>>>> wrote: >>>>>> >>>>>> Hi Michael, >>>>>> >>>>>> On 23/01/2026 11:31, Michael Tremer wrote: >>>>>>> Hello Stefan, >>>>>>> Hello list, >>>>>>> Thank you for looking at this. Of course it is very important >>>>>>> that we are able to stay on the latest version of Suricata. >>>>>>> I have merged your monster of a patch so that we can move on >>>>>>> for >>>>>>> now, but I have a couple of bigger questions that we all >>>>>>> should >>>>>>> have a look at: >>>>>>> Adolf has in the past spent a lot of time on updating Rust. >>>>>>> This >>>>>>> is all tapping into Python - or rather python-cryptography - >>>>>>> having some Rust code that has further dependencies. In >>>>>>> essence, >>>>>>> it has been a huge headache to update this. Maybe Adolf even >>>>>>> has >>>>>>> some other words for this all. >>>>>> >>>>>> My words on this are that I have now tried multiple times to >>>>>> get >>>>>> a >>>>>> new python update built. Each time I have done it a bit >>>>>> different >>>>>> but the end result has been the same and that is that python- >>>>>> cryptography (which requires rust modules to be built) ends up >>>>>> requiring python-maturin that requires more rust modules but at >>>>>> the >>>>>> end of this the python-cryptography fails to find the built >>>>>> rust >>>>>> modules. >>>>>> >>>>>> I have been stuck at this last point so many times that I have >>>>>> realised that I am finding lots of reasons not to go and work >>>>>> on >>>>>> the python update. >>>>>> That is not a good position and also python has now moved from >>>>>> 3.13 >>>>>> to 3.14 so things are moving away from me. >>>>>> >>>>>> I have come to the conclusion that someone else, more capable >>>>>> than >>>>>> me needs to have a go at the python update, so I am giving up >>>>>> on >>>>>> it >>>>>> but will continue working on other things. >>>>> >>>>> Hmm okay, you sound like you are giving up on this :) I know how >>>>> many >>>>> hours (we probably need to measure those in days or even weeks) >>>>> you >>>>> have spent on this though. >>>>> >>>>> Let’s pool resources together and finally get this done. >>>>> Hopefully >>>>> this will be a smoother ride as a combined effort. >>>>> >>>>>>> Just building cbindgen has required a further ~98 Rust crates >>>>>>> to >>>>>>> be packaged. Often we have the same crate in different >>>>>>> versions >>>>>>> because other crates have pinned a specific version. In >>>>>>> total, >>>>>>> we >>>>>>> currently have ~790 packages in IPFire. Out of those, there >>>>>>> are >>>>>>> 202 packages in the rust-* namespace. That is pretty much a >>>>>>> quarter of the distribution. Although not a lot in size, this >>>>>>> is >>>>>>> a considerable maintenance burden. >>>>>>> ClamAV and Suricata have (recently?) started to bundle all >>>>>>> their >>>>>>> Rust dependencies with their release tarballs. Although this >>>>>>> is >>>>>>> not a good thing for many other reasons, it will move the >>>>>>> onus >>>>>>> onto the upstream projects to provide whatever they need. If >>>>>>> their dependencies (and the dependencies of their >>>>>>> dependencies) >>>>>>> explode, this is not really our problem any more as well as >>>>>>> any >>>>>>> supply chain problems. Great - within reason. >>>>>>> That leaves us with only very few packages that would >>>>>>> actually >>>>>>> require any external Rust crates (Suricata is even configured >>>>>>> to >>>>>>> *exclusively* use their bundled crates): cbindgen as a new >>>>>>> thing, >>>>>>> python-cryptography, anything else? We might actually only >>>>>>> need >>>>>>> a >>>>>>> fraction of the Rust crates that we currently have as the >>>>>>> only >>>>>>> packages that may actually tap into our locally built >>>>>>> repository >>>>>>> are only those two. >>>>>> >>>>>> Unfortunately there is the addon oci-python-sdk that uses >>>>>> python- >>>>>> cryptography. >>>>> >>>>> python-cryptography was on my list. oci-python-sdk only uses Rust >>>>> indirectly through python-cryptography, right? >>>>> >>>>>>> Is anyone happy to give this all a try and cleanup any old >>>>>>> Rust >>>>>>> deps? That way, I hope we will have a much smoother ride >>>>>>> moving >>>>>>> forward with a Python update. >>>>>> >>>>>> I can take the current status, before Stefan's patches, and see >>>>>> how >>>>>> many existing rust modules can be removed. Anything that can be >>>>>> removed is a step forward. >>>>> >>>>> Yes, I think we should try to shrink what we have now if that is >>>>> possible at all. As most packages are bundling all Rust deps, >>>>> there >>>>> should be some we won’t need any more in the system. >>>>> >>>>> Then, we hopefully have much less to update/worry about in any >>>>> other >>>>> way when we start touching python-cryptography. >>>>> >>>>> So who is volunteering to do this? Commenting out all Rust >>>>> packages, >>>>> then build python-cryptography which will fail as it requires >>>>> some >>>>> Rust crates. Those will be there so they will only have to be >>>>> commented in again. Once the package builds, we should then have >>>>> a >>>>> couple of packages still commented that we can drop. >>>>> >>>>>> I think a problem moving forward is that more python modules >>>>>> are >>>>>> ending up being a combination of python and rust as the >>>>>> cryptography and maturin modules have already done. I have also >>>>>> seen a lot of rust modules covering the same stuff as covered >>>>>> by >>>>>> python modules. So the future I think looks like it will >>>>>> continue >>>>>> to be very frustrating. >>>>> >>>>> Yes it does, but we will have to find a way whether we want it or >>>>> not. >>>>> >>>>> -Michael >>>>> >>>>>> Regards, >>>>>> >>>>>> Adolf. >>>>>> >>>>>> >>>>>>> All the best, >>>>>>> -Michael >>>>>>>> On 22 Jan 2026, at 17:38, Stefan Schantl >>>>>>>> <stefan.schantl@ipfire.org> wrote: >>>>>>>> >>>>>>>> Hello list followers, >>>>>>>> >>>>>>>> I'm currently updating rust and affected modules. >>>>>>>> >>>>>>>> This happends mainly because I'm trying to fix the >>>>>>>> "suricata >>>>>>>> cache >>>>>>>> grows infinite" problem, which a lot of people are >>>>>>>> affected. >>>>>>>> >>>>>>>> To archive this, I ported the patches from suricata main >>>>>>>> development >>>>>>>> branch to our used suricata version (8.0.3). >>>>>>>> >>>>>>>> To perform a full build, a new tool called cbindgen - which >>>>>>>> is >>>>>>>> a rust >>>>>>>> to c bindings generator, is required. >>>>>>>> >>>>>>>> Sadly this tool is also written in rust and requires some >>>>>>>> new >>>>>>>> dependencies and a more up to date rust compiler. >>>>>>>> >>>>>>>> I hope to send a patchset for all this very soon to the >>>>>>>> mailing >>>>>>>> list. >>>>>>>> >>>>>>>> Best regards, >>>>>>>> >>>>>>>> -Stefan >>>>> >>>>> >> > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-26 19:07 ` Adolf Belka @ 2026-01-27 10:36 ` Michael Tremer 2026-01-27 15:45 ` Adolf Belka 0 siblings, 1 reply; 17+ messages in thread From: Michael Tremer @ 2026-01-27 10:36 UTC (permalink / raw) To: Adolf Belka; +Cc: Stefan Schantl, IPFire: Development-List Hello Adolf, > On 26 Jan 2026, at 19:07, Adolf Belka <adolf.belka@ipfire.org> wrote: > > Hi Michael & Stefan, > > On 26/01/2026 18:23, Michael Tremer wrote: >> Hello Stefan, >> Thanks for looking into this. >> I would suggest that for the cleanup project, it would be best to keep two versions of rust-syn. Obviously this will inflate the number of packages for now, but actually starting to update and therefore potentially add more dependencies does not sounds wise to me. We would mix up too many changes into one which is never good. > > I am pretty certain from my work on the python update, which required rust updates, that you will find that you will need two different versions of rust-syn as one rust module will require an older version and another rust module will require a newer version and the two won't overlap. In my work there were even some rust modules where I ended up with the latest version plus two older versions being required. I hope that at some point someone will be able to explain to me what the benefit is to ship an older version of a crate that will have some bugs that have been fixed in the newer version. And if this is regarding LTS or breaking changes, other libraries totally manage this... >> Please start a list with all those packages that we would have to have a look at once the cleanup has been completed and we will start with updating them. That way we should be able keep this cleaner and hopefully won’t introduce too many new dependencies. >> In the end, I guess we will have to run this cleanup more than just this time, because we never know which package has dropped any dependencies. This is however rather unlikely. >> Best, >> -Michael >>> On 26 Jan 2026, at 15:31, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >>> >>> Hello list it's me again, >>> >>> the build process now reached python-cryptography which requires rust- >>> asn1, which requires rust-ans1_derive, which did not build because of a >>> to new version of rust-syn. >>> >>> rust-asn1_derive (0.12.2) >>> [ 1 ][ FAIL ] >>> >>> make: Nothing to be done for 'download'. >>> make: Leaving directory '/home/ipfire-2.x/lfs' >>> make: Entering directory '/usr/src/lfs' >>> toml-0.8.19.tar.gz checksum OK >>> make: Nothing to be done for 'install'. >>> make: Leaving directory '/usr/src/lfs' >>> Jän 26 15:18:59: Building rust-asn1_derive make: Entering directory >>> '/home/ipfire-2.x/lfs' >>> make: Nothing to be done for 'download'. >>> make: Leaving directory '/home/ipfire-2.x/lfs' >>> make: Entering directory '/usr/src/lfs' >>> asn1_derive-0.12.2.tar.gz checksum OK >>> ====================================== Installing asn1_derive- >>> 0.12.2 ... >>> Install started; saving file list to /usr/src/lsalr ... >>> cd /usr/src/asn1_derive-0.12.2 && if [ -f Cargo.toml.orig ]; then \ >>> rm -f Cargo.toml.orig; \ >>> fi; \ >>> >>> cd /usr/src/asn1_derive-0.12.2 && mkdir -p /usr/src/asn1_derive- >>> 0.12.2/.cargo && echo "${CARGO_CONFIG}" > /usr/src/asn1_derive- >>> 0.12.2/.cargo/config && rm -f Cargo.lock >>> cd /usr/src/asn1_derive-0.12.2 && CARGOPATH=/usr/src/asn1_derive- >>> 0.12.2/.cargo RUSTC_BOOTSTRAP=1 cargo --offline build --release -Z >>> avoid-dev-deps -j12 >>> warning: `/usr/src/asn1_derive-0.12.2/.cargo/config` is deprecated >>> in favor of `config.toml` >>> | >>> = help: if you need to support cargo 1.38 or earlier, you can >>> symlink `config` to `config.toml` >>> error: failed to select a version for the requirement `syn = >>> "^1.0.58"` >>> candidate versions found which didn't match: 2.0.114 >>> location searched: directory source `/usr/share/cargo/registry` >>> (which is replacing registry `crates-io`) >>> required by package `asn1_derive v0.12.2 (/usr/src/asn1_derive- >>> 0.12.2)` >>> perhaps a crate was updated and forgotten to be re-vendored? >>> As a reminder, you're using offline mode (--offline) which can >>> sometimes cause surprising resolution failures, if this error is too >>> confusing you may wish to retry without `--offline`. >>> make: *** [rust-asn1_derive:78: /usr/src/log/asn1_derive-0.12.2] >>> Error 101 >>> make: Leaving directory '/usr/src/lfs' >>> >>> ERROR: Building rust-asn1_derive >>> [ FAIL ] >>> Check /home/ipfire-2.x/log_x86_64/_build.ipfire.log for errors if >>> applicable >>> [ FAIL ] >>> root@localhost:/home/ipfire-2.x# >>> >>> Currently there is an older version of the rust-syn packaged, which >>> would allow me to bypass this issue, but would violence the goal of >>> getting rid of unneccessary rust modules. >>> >>> Theoretically I also could update the asn1_derive crate to the latest >>> version but this may break building the next modules. >>> >>> May this could act as starting point for the python update, where all >>> the rust stuff also needs to be touched..... >>> >>> @Adolf, @Michael what do you think about that? >>> >>> Thanks in advance, >>> >>> -Stefan >>> >>> >>> >>>> Hello list, >>>> >>>> currently I'm working on cleaning up the rust packages. >>>> >>>> For these I disabled all rust modules in the make.sh file and perform >>>> a >>>> clean build as Michael suggested. >>>> >>>> At the moment I'm past the stage where "cbindgen" successfully has >>>> been >>>> build and have 103 rust modules (inlcluding there sub-dependencies) >>>> only for this one tool. >>>> >>>> An additional rust module is required to build suricata. This is >>>> because of patching the source code the required rust module is not >>>> part of their source tarball. >>>> >>>> This currently summs to 104 rust modules for the moment. >>>> >>>> I'm looking forward when python-cryptography kicks in its module >>>> whishes.... >>>> >>>> Best regards, >>>> >>>> -Stefan >>>>> Hello Adolf, >>>>> Hello Michael, >>>>> >>>>> I would give the rust cleanup a try in the next few days. >>>>> >>>>> Adolf may I can ask you to put your current state of the python >>>>> update >>>>> into a git repositry? > > As my last work from November last year was not completed and is based on an older status now and also on python3.13 vs the current 3.14, I think it makes more sense that once Stefan has completed the clean up of the rust modules, I then take that as the starting point and go through all my changes as done before until I get to the problem I experience with python-cryptography not being able to find any of the rust modules required by python-maturin. That has always been the point where I got stuck. Did you try to update python-cryptography first without touching Python and after that try the Python update? > At that time I will then put that git branch I am working on into my personal IPFire git repo so that the two of you can look at it to see what I am doing wrong at that stage. > > That way, I can still contribute with all the update steps that I can do but hand it over when it gets to the step that has consistently beat me. > > Regards, > > Adolf. > > >>>>> >>>>> Thanks in advance, >>>>> >>>>> -Stefan >>>>> >>>>>> Hello Adolf, >>>>>> >>>>>>> On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> >>>>>>> wrote: >>>>>>> >>>>>>> Hi Michael, >>>>>>> >>>>>>> On 23/01/2026 11:31, Michael Tremer wrote: >>>>>>>> Hello Stefan, >>>>>>>> Hello list, >>>>>>>> Thank you for looking at this. Of course it is very important >>>>>>>> that we are able to stay on the latest version of Suricata. >>>>>>>> I have merged your monster of a patch so that we can move on >>>>>>>> for >>>>>>>> now, but I have a couple of bigger questions that we all >>>>>>>> should >>>>>>>> have a look at: >>>>>>>> Adolf has in the past spent a lot of time on updating Rust. >>>>>>>> This >>>>>>>> is all tapping into Python - or rather python-cryptography - >>>>>>>> having some Rust code that has further dependencies. In >>>>>>>> essence, >>>>>>>> it has been a huge headache to update this. Maybe Adolf even >>>>>>>> has >>>>>>>> some other words for this all. >>>>>>> >>>>>>> My words on this are that I have now tried multiple times to >>>>>>> get >>>>>>> a >>>>>>> new python update built. Each time I have done it a bit >>>>>>> different >>>>>>> but the end result has been the same and that is that python- >>>>>>> cryptography (which requires rust modules to be built) ends up >>>>>>> requiring python-maturin that requires more rust modules but at >>>>>>> the >>>>>>> end of this the python-cryptography fails to find the built >>>>>>> rust >>>>>>> modules. >>>>>>> >>>>>>> I have been stuck at this last point so many times that I have >>>>>>> realised that I am finding lots of reasons not to go and work >>>>>>> on >>>>>>> the python update. >>>>>>> That is not a good position and also python has now moved from >>>>>>> 3.13 >>>>>>> to 3.14 so things are moving away from me. >>>>>>> >>>>>>> I have come to the conclusion that someone else, more capable >>>>>>> than >>>>>>> me needs to have a go at the python update, so I am giving up >>>>>>> on >>>>>>> it >>>>>>> but will continue working on other things. >>>>>> >>>>>> Hmm okay, you sound like you are giving up on this :) I know how >>>>>> many >>>>>> hours (we probably need to measure those in days or even weeks) >>>>>> you >>>>>> have spent on this though. >>>>>> >>>>>> Let’s pool resources together and finally get this done. >>>>>> Hopefully >>>>>> this will be a smoother ride as a combined effort. >>>>>> >>>>>>>> Just building cbindgen has required a further ~98 Rust crates >>>>>>>> to >>>>>>>> be packaged. Often we have the same crate in different >>>>>>>> versions >>>>>>>> because other crates have pinned a specific version. In >>>>>>>> total, >>>>>>>> we >>>>>>>> currently have ~790 packages in IPFire. Out of those, there >>>>>>>> are >>>>>>>> 202 packages in the rust-* namespace. That is pretty much a >>>>>>>> quarter of the distribution. Although not a lot in size, this >>>>>>>> is >>>>>>>> a considerable maintenance burden. >>>>>>>> ClamAV and Suricata have (recently?) started to bundle all >>>>>>>> their >>>>>>>> Rust dependencies with their release tarballs. Although this >>>>>>>> is >>>>>>>> not a good thing for many other reasons, it will move the >>>>>>>> onus >>>>>>>> onto the upstream projects to provide whatever they need. If >>>>>>>> their dependencies (and the dependencies of their >>>>>>>> dependencies) >>>>>>>> explode, this is not really our problem any more as well as >>>>>>>> any >>>>>>>> supply chain problems. Great - within reason. >>>>>>>> That leaves us with only very few packages that would >>>>>>>> actually >>>>>>>> require any external Rust crates (Suricata is even configured >>>>>>>> to >>>>>>>> *exclusively* use their bundled crates): cbindgen as a new >>>>>>>> thing, >>>>>>>> python-cryptography, anything else? We might actually only >>>>>>>> need >>>>>>>> a >>>>>>>> fraction of the Rust crates that we currently have as the >>>>>>>> only >>>>>>>> packages that may actually tap into our locally built >>>>>>>> repository >>>>>>>> are only those two. >>>>>>> >>>>>>> Unfortunately there is the addon oci-python-sdk that uses >>>>>>> python- >>>>>>> cryptography. >>>>>> >>>>>> python-cryptography was on my list. oci-python-sdk only uses Rust >>>>>> indirectly through python-cryptography, right? >>>>>> >>>>>>>> Is anyone happy to give this all a try and cleanup any old >>>>>>>> Rust >>>>>>>> deps? That way, I hope we will have a much smoother ride >>>>>>>> moving >>>>>>>> forward with a Python update. >>>>>>> >>>>>>> I can take the current status, before Stefan's patches, and see >>>>>>> how >>>>>>> many existing rust modules can be removed. Anything that can be >>>>>>> removed is a step forward. >>>>>> >>>>>> Yes, I think we should try to shrink what we have now if that is >>>>>> possible at all. As most packages are bundling all Rust deps, >>>>>> there >>>>>> should be some we won’t need any more in the system. >>>>>> >>>>>> Then, we hopefully have much less to update/worry about in any >>>>>> other >>>>>> way when we start touching python-cryptography. >>>>>> >>>>>> So who is volunteering to do this? Commenting out all Rust >>>>>> packages, >>>>>> then build python-cryptography which will fail as it requires >>>>>> some >>>>>> Rust crates. Those will be there so they will only have to be >>>>>> commented in again. Once the package builds, we should then have >>>>>> a >>>>>> couple of packages still commented that we can drop. >>>>>> >>>>>>> I think a problem moving forward is that more python modules >>>>>>> are >>>>>>> ending up being a combination of python and rust as the >>>>>>> cryptography and maturin modules have already done. I have also >>>>>>> seen a lot of rust modules covering the same stuff as covered >>>>>>> by >>>>>>> python modules. So the future I think looks like it will >>>>>>> continue >>>>>>> to be very frustrating. >>>>>> >>>>>> Yes it does, but we will have to find a way whether we want it or >>>>>> not. >>>>>> >>>>>> -Michael >>>>>> >>>>>>> Regards, >>>>>>> >>>>>>> Adolf. >>>>>>> >>>>>>> >>>>>>>> All the best, >>>>>>>> -Michael >>>>>>>>> On 22 Jan 2026, at 17:38, Stefan Schantl >>>>>>>>> <stefan.schantl@ipfire.org> wrote: >>>>>>>>> >>>>>>>>> Hello list followers, >>>>>>>>> >>>>>>>>> I'm currently updating rust and affected modules. >>>>>>>>> >>>>>>>>> This happends mainly because I'm trying to fix the >>>>>>>>> "suricata >>>>>>>>> cache >>>>>>>>> grows infinite" problem, which a lot of people are >>>>>>>>> affected. >>>>>>>>> >>>>>>>>> To archive this, I ported the patches from suricata main >>>>>>>>> development >>>>>>>>> branch to our used suricata version (8.0.3). >>>>>>>>> >>>>>>>>> To perform a full build, a new tool called cbindgen - which >>>>>>>>> is >>>>>>>>> a rust >>>>>>>>> to c bindings generator, is required. >>>>>>>>> >>>>>>>>> Sadly this tool is also written in rust and requires some >>>>>>>>> new >>>>>>>>> dependencies and a more up to date rust compiler. >>>>>>>>> >>>>>>>>> I hope to send a patchset for all this very soon to the >>>>>>>>> mailing >>>>>>>>> list. >>>>>>>>> >>>>>>>>> Best regards, >>>>>>>>> >>>>>>>>> -Stefan ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: Updating rust and eco system 2026-01-27 10:36 ` Michael Tremer @ 2026-01-27 15:45 ` Adolf Belka 0 siblings, 0 replies; 17+ messages in thread From: Adolf Belka @ 2026-01-27 15:45 UTC (permalink / raw) To: Michael Tremer; +Cc: Stefan Schantl, IPFire: Development-List Hi Michael, On 27/01/2026 11:36, Michael Tremer wrote: > Hello Adolf, > >> On 26 Jan 2026, at 19:07, Adolf Belka <adolf.belka@ipfire.org> wrote: >> >> Hi Michael & Stefan, >> >> On 26/01/2026 18:23, Michael Tremer wrote: >>> Hello Stefan, >>> Thanks for looking into this. >>> I would suggest that for the cleanup project, it would be best to keep two versions of rust-syn. Obviously this will inflate the number of packages for now, but actually starting to update and therefore potentially add more dependencies does not sounds wise to me. We would mix up too many changes into one which is never good. >> >> I am pretty certain from my work on the python update, which required rust updates, that you will find that you will need two different versions of rust-syn as one rust module will require an older version and another rust module will require a newer version and the two won't overlap. In my work there were even some rust modules where I ended up with the latest version plus two older versions being required. > > I hope that at some point someone will be able to explain to me what the benefit is to ship an older version of a crate that will have some bugs that have been fixed in the newer version. And if this is regarding LTS or breaking changes, other libraries totally manage this... I believe this is due to some packages that use another rust module not having been updated for some time (1 or 2 years) and the module build is linked to the older version of the additional required module. It might be as simple as a rust module just being updated to use the new other modules or there might be some work to make them work but the original module developer needs to do the update. I just did a search for option-ext and crates.io came up with 5 results. Th oldest last updated is almost 5 years (works with a 2018 edition of Rust) and the youngest updated is over 1 year ago (works with a 2021 edition of Rust, which is not particularly recent). Being tied to an older edition of Rust doesn't mean it won't build but it increases the chances of the module needing to be re-written to be updated and work with the latest Rust edition. Searching for rust modules with the search text of option found 46425 results and on the first page there is one module updated 13 days ago and another that was updated almost 8 years ago. From my work on adding required rust modules for the python build it is not clear to me that a module developer ensures they are using other up to date rust modules. I think they find they need a rust module and that might be up to date but it might be using other modules that are quite old and that large chain of dependencies can easily end up with requiring different versions of some other modules than another module that also requires the same dependency. Regards, Adolf. > >>> Please start a list with all those packages that we would have to have a look at once the cleanup has been completed and we will start with updating them. That way we should be able keep this cleaner and hopefully won’t introduce too many new dependencies. >>> In the end, I guess we will have to run this cleanup more than just this time, because we never know which package has dropped any dependencies. This is however rather unlikely. >>> Best, >>> -Michael >>>> On 26 Jan 2026, at 15:31, Stefan Schantl <stefan.schantl@ipfire.org> wrote: >>>> >>>> Hello list it's me again, >>>> >>>> the build process now reached python-cryptography which requires rust- >>>> asn1, which requires rust-ans1_derive, which did not build because of a >>>> to new version of rust-syn. >>>> >>>> rust-asn1_derive (0.12.2) >>>> [ 1 ][ FAIL ] >>>> >>>> make: Nothing to be done for 'download'. >>>> make: Leaving directory '/home/ipfire-2.x/lfs' >>>> make: Entering directory '/usr/src/lfs' >>>> toml-0.8.19.tar.gz checksum OK >>>> make: Nothing to be done for 'install'. >>>> make: Leaving directory '/usr/src/lfs' >>>> Jän 26 15:18:59: Building rust-asn1_derive make: Entering directory >>>> '/home/ipfire-2.x/lfs' >>>> make: Nothing to be done for 'download'. >>>> make: Leaving directory '/home/ipfire-2.x/lfs' >>>> make: Entering directory '/usr/src/lfs' >>>> asn1_derive-0.12.2.tar.gz checksum OK >>>> ====================================== Installing asn1_derive- >>>> 0.12.2 ... >>>> Install started; saving file list to /usr/src/lsalr ... >>>> cd /usr/src/asn1_derive-0.12.2 && if [ -f Cargo.toml.orig ]; then \ >>>> rm -f Cargo.toml.orig; \ >>>> fi; \ >>>> >>>> cd /usr/src/asn1_derive-0.12.2 && mkdir -p /usr/src/asn1_derive- >>>> 0.12.2/.cargo && echo "${CARGO_CONFIG}" > /usr/src/asn1_derive- >>>> 0.12.2/.cargo/config && rm -f Cargo.lock >>>> cd /usr/src/asn1_derive-0.12.2 && CARGOPATH=/usr/src/asn1_derive- >>>> 0.12.2/.cargo RUSTC_BOOTSTRAP=1 cargo --offline build --release -Z >>>> avoid-dev-deps -j12 >>>> warning: `/usr/src/asn1_derive-0.12.2/.cargo/config` is deprecated >>>> in favor of `config.toml` >>>> | >>>> = help: if you need to support cargo 1.38 or earlier, you can >>>> symlink `config` to `config.toml` >>>> error: failed to select a version for the requirement `syn = >>>> "^1.0.58"` >>>> candidate versions found which didn't match: 2.0.114 >>>> location searched: directory source `/usr/share/cargo/registry` >>>> (which is replacing registry `crates-io`) >>>> required by package `asn1_derive v0.12.2 (/usr/src/asn1_derive- >>>> 0.12.2)` >>>> perhaps a crate was updated and forgotten to be re-vendored? >>>> As a reminder, you're using offline mode (--offline) which can >>>> sometimes cause surprising resolution failures, if this error is too >>>> confusing you may wish to retry without `--offline`. >>>> make: *** [rust-asn1_derive:78: /usr/src/log/asn1_derive-0.12.2] >>>> Error 101 >>>> make: Leaving directory '/usr/src/lfs' >>>> >>>> ERROR: Building rust-asn1_derive >>>> [ FAIL ] >>>> Check /home/ipfire-2.x/log_x86_64/_build.ipfire.log for errors if >>>> applicable >>>> [ FAIL ] >>>> root@localhost:/home/ipfire-2.x# >>>> >>>> Currently there is an older version of the rust-syn packaged, which >>>> would allow me to bypass this issue, but would violence the goal of >>>> getting rid of unneccessary rust modules. >>>> >>>> Theoretically I also could update the asn1_derive crate to the latest >>>> version but this may break building the next modules. >>>> >>>> May this could act as starting point for the python update, where all >>>> the rust stuff also needs to be touched..... >>>> >>>> @Adolf, @Michael what do you think about that? >>>> >>>> Thanks in advance, >>>> >>>> -Stefan >>>> >>>> >>>> >>>>> Hello list, >>>>> >>>>> currently I'm working on cleaning up the rust packages. >>>>> >>>>> For these I disabled all rust modules in the make.sh file and perform >>>>> a >>>>> clean build as Michael suggested. >>>>> >>>>> At the moment I'm past the stage where "cbindgen" successfully has >>>>> been >>>>> build and have 103 rust modules (inlcluding there sub-dependencies) >>>>> only for this one tool. >>>>> >>>>> An additional rust module is required to build suricata. This is >>>>> because of patching the source code the required rust module is not >>>>> part of their source tarball. >>>>> >>>>> This currently summs to 104 rust modules for the moment. >>>>> >>>>> I'm looking forward when python-cryptography kicks in its module >>>>> whishes.... >>>>> >>>>> Best regards, >>>>> >>>>> -Stefan >>>>>> Hello Adolf, >>>>>> Hello Michael, >>>>>> >>>>>> I would give the rust cleanup a try in the next few days. >>>>>> >>>>>> Adolf may I can ask you to put your current state of the python >>>>>> update >>>>>> into a git repositry? >> >> As my last work from November last year was not completed and is based on an older status now and also on python3.13 vs the current 3.14, I think it makes more sense that once Stefan has completed the clean up of the rust modules, I then take that as the starting point and go through all my changes as done before until I get to the problem I experience with python-cryptography not being able to find any of the rust modules required by python-maturin. That has always been the point where I got stuck. > > Did you try to update python-cryptography first without touching Python and after that try the Python update? > >> At that time I will then put that git branch I am working on into my personal IPFire git repo so that the two of you can look at it to see what I am doing wrong at that stage. >> >> That way, I can still contribute with all the update steps that I can do but hand it over when it gets to the step that has consistently beat me. >> >> Regards, >> >> Adolf. >> >> >>>>>> >>>>>> Thanks in advance, >>>>>> >>>>>> -Stefan >>>>>> >>>>>>> Hello Adolf, >>>>>>> >>>>>>>> On 23 Jan 2026, at 11:06, Adolf Belka <adolf.belka@ipfire.org> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi Michael, >>>>>>>> >>>>>>>> On 23/01/2026 11:31, Michael Tremer wrote: >>>>>>>>> Hello Stefan, >>>>>>>>> Hello list, >>>>>>>>> Thank you for looking at this. Of course it is very important >>>>>>>>> that we are able to stay on the latest version of Suricata. >>>>>>>>> I have merged your monster of a patch so that we can move on >>>>>>>>> for >>>>>>>>> now, but I have a couple of bigger questions that we all >>>>>>>>> should >>>>>>>>> have a look at: >>>>>>>>> Adolf has in the past spent a lot of time on updating Rust. >>>>>>>>> This >>>>>>>>> is all tapping into Python - or rather python-cryptography - >>>>>>>>> having some Rust code that has further dependencies. In >>>>>>>>> essence, >>>>>>>>> it has been a huge headache to update this. Maybe Adolf even >>>>>>>>> has >>>>>>>>> some other words for this all. >>>>>>>> >>>>>>>> My words on this are that I have now tried multiple times to >>>>>>>> get >>>>>>>> a >>>>>>>> new python update built. Each time I have done it a bit >>>>>>>> different >>>>>>>> but the end result has been the same and that is that python- >>>>>>>> cryptography (which requires rust modules to be built) ends up >>>>>>>> requiring python-maturin that requires more rust modules but at >>>>>>>> the >>>>>>>> end of this the python-cryptography fails to find the built >>>>>>>> rust >>>>>>>> modules. >>>>>>>> >>>>>>>> I have been stuck at this last point so many times that I have >>>>>>>> realised that I am finding lots of reasons not to go and work >>>>>>>> on >>>>>>>> the python update. >>>>>>>> That is not a good position and also python has now moved from >>>>>>>> 3.13 >>>>>>>> to 3.14 so things are moving away from me. >>>>>>>> >>>>>>>> I have come to the conclusion that someone else, more capable >>>>>>>> than >>>>>>>> me needs to have a go at the python update, so I am giving up >>>>>>>> on >>>>>>>> it >>>>>>>> but will continue working on other things. >>>>>>> >>>>>>> Hmm okay, you sound like you are giving up on this :) I know how >>>>>>> many >>>>>>> hours (we probably need to measure those in days or even weeks) >>>>>>> you >>>>>>> have spent on this though. >>>>>>> >>>>>>> Let’s pool resources together and finally get this done. >>>>>>> Hopefully >>>>>>> this will be a smoother ride as a combined effort. >>>>>>> >>>>>>>>> Just building cbindgen has required a further ~98 Rust crates >>>>>>>>> to >>>>>>>>> be packaged. Often we have the same crate in different >>>>>>>>> versions >>>>>>>>> because other crates have pinned a specific version. In >>>>>>>>> total, >>>>>>>>> we >>>>>>>>> currently have ~790 packages in IPFire. Out of those, there >>>>>>>>> are >>>>>>>>> 202 packages in the rust-* namespace. That is pretty much a >>>>>>>>> quarter of the distribution. Although not a lot in size, this >>>>>>>>> is >>>>>>>>> a considerable maintenance burden. >>>>>>>>> ClamAV and Suricata have (recently?) started to bundle all >>>>>>>>> their >>>>>>>>> Rust dependencies with their release tarballs. Although this >>>>>>>>> is >>>>>>>>> not a good thing for many other reasons, it will move the >>>>>>>>> onus >>>>>>>>> onto the upstream projects to provide whatever they need. If >>>>>>>>> their dependencies (and the dependencies of their >>>>>>>>> dependencies) >>>>>>>>> explode, this is not really our problem any more as well as >>>>>>>>> any >>>>>>>>> supply chain problems. Great - within reason. >>>>>>>>> That leaves us with only very few packages that would >>>>>>>>> actually >>>>>>>>> require any external Rust crates (Suricata is even configured >>>>>>>>> to >>>>>>>>> *exclusively* use their bundled crates): cbindgen as a new >>>>>>>>> thing, >>>>>>>>> python-cryptography, anything else? We might actually only >>>>>>>>> need >>>>>>>>> a >>>>>>>>> fraction of the Rust crates that we currently have as the >>>>>>>>> only >>>>>>>>> packages that may actually tap into our locally built >>>>>>>>> repository >>>>>>>>> are only those two. >>>>>>>> >>>>>>>> Unfortunately there is the addon oci-python-sdk that uses >>>>>>>> python- >>>>>>>> cryptography. >>>>>>> >>>>>>> python-cryptography was on my list. oci-python-sdk only uses Rust >>>>>>> indirectly through python-cryptography, right? >>>>>>> >>>>>>>>> Is anyone happy to give this all a try and cleanup any old >>>>>>>>> Rust >>>>>>>>> deps? That way, I hope we will have a much smoother ride >>>>>>>>> moving >>>>>>>>> forward with a Python update. >>>>>>>> >>>>>>>> I can take the current status, before Stefan's patches, and see >>>>>>>> how >>>>>>>> many existing rust modules can be removed. Anything that can be >>>>>>>> removed is a step forward. >>>>>>> >>>>>>> Yes, I think we should try to shrink what we have now if that is >>>>>>> possible at all. As most packages are bundling all Rust deps, >>>>>>> there >>>>>>> should be some we won’t need any more in the system. >>>>>>> >>>>>>> Then, we hopefully have much less to update/worry about in any >>>>>>> other >>>>>>> way when we start touching python-cryptography. >>>>>>> >>>>>>> So who is volunteering to do this? Commenting out all Rust >>>>>>> packages, >>>>>>> then build python-cryptography which will fail as it requires >>>>>>> some >>>>>>> Rust crates. Those will be there so they will only have to be >>>>>>> commented in again. Once the package builds, we should then have >>>>>>> a >>>>>>> couple of packages still commented that we can drop. >>>>>>> >>>>>>>> I think a problem moving forward is that more python modules >>>>>>>> are >>>>>>>> ending up being a combination of python and rust as the >>>>>>>> cryptography and maturin modules have already done. I have also >>>>>>>> seen a lot of rust modules covering the same stuff as covered >>>>>>>> by >>>>>>>> python modules. So the future I think looks like it will >>>>>>>> continue >>>>>>>> to be very frustrating. >>>>>>> >>>>>>> Yes it does, but we will have to find a way whether we want it or >>>>>>> not. >>>>>>> >>>>>>> -Michael >>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>>> Adolf. >>>>>>>> >>>>>>>> >>>>>>>>> All the best, >>>>>>>>> -Michael >>>>>>>>>> On 22 Jan 2026, at 17:38, Stefan Schantl >>>>>>>>>> <stefan.schantl@ipfire.org> wrote: >>>>>>>>>> >>>>>>>>>> Hello list followers, >>>>>>>>>> >>>>>>>>>> I'm currently updating rust and affected modules. >>>>>>>>>> >>>>>>>>>> This happends mainly because I'm trying to fix the >>>>>>>>>> "suricata >>>>>>>>>> cache >>>>>>>>>> grows infinite" problem, which a lot of people are >>>>>>>>>> affected. >>>>>>>>>> >>>>>>>>>> To archive this, I ported the patches from suricata main >>>>>>>>>> development >>>>>>>>>> branch to our used suricata version (8.0.3). >>>>>>>>>> >>>>>>>>>> To perform a full build, a new tool called cbindgen - which >>>>>>>>>> is >>>>>>>>>> a rust >>>>>>>>>> to c bindings generator, is required. >>>>>>>>>> >>>>>>>>>> Sadly this tool is also written in rust and requires some >>>>>>>>>> new >>>>>>>>>> dependencies and a more up to date rust compiler. >>>>>>>>>> >>>>>>>>>> I hope to send a patchset for all this very soon to the >>>>>>>>>> mailing >>>>>>>>>> list. >>>>>>>>>> >>>>>>>>>> Best regards, >>>>>>>>>> >>>>>>>>>> -Stefan > > ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2026-01-27 15:46 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-01-22 17:38 Updating rust and eco system Stefan Schantl
2026-01-23 5:26 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Stefan Schantl
2026-01-23 5:26 ` [PATCH 1/3] suricata: Add upstream patch to purge sgh-mpm-caches Stefan Schantl
2026-01-23 5:26 ` [PATCH 2/3] rust: Update to 1.92.0 Stefan Schantl
2026-01-23 10:09 ` [PATCH 0/3] suricata: Add ability to purge the sgh cache Michael Tremer
2026-01-23 10:33 ` Adolf Belka
2026-01-23 10:43 ` Michael Tremer
2026-01-23 10:31 ` Updating rust and eco system Michael Tremer
2026-01-23 11:06 ` Adolf Belka
2026-01-25 14:19 ` Michael Tremer
2026-01-25 17:46 ` Stefan Schantl
[not found] ` <a7484943d784c0a6e2088b2354f08bfbf42658b2.camel@gmx.at>
2026-01-26 13:54 ` Stefan Schantl
2026-01-26 15:31 ` Stefan Schantl
2026-01-26 17:23 ` Michael Tremer
2026-01-26 19:07 ` Adolf Belka
2026-01-27 10:36 ` Michael Tremer
2026-01-27 15:45 ` Adolf Belka
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox