suricata is build with "GCC march native" by default. This create problem if package are build on ATOM server but installed on AMD procs by example: suricata will simply generate an "Illegal instruction" and refuse to start. Adding "--disable-gccmarch-native" solve the problem: Index: security/suricata/Makefile =================================================================== --- security/suricata/Makefile (revision 397232) +++ security/suricata/Makefile (working copy) @@ -3,7 +3,7 @@ PORTNAME= suricata PORTVERSION= 2.0.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ \ http://mirrors.rit.edu/zi/ @@ -105,6 +105,7 @@ --with-libnet-libraries=${LOCALBASE}/lib/libnet11 \ --with-libhtp-includes=${LOCALBASE}/include/ \ --with-libhtp-libraries=${LOCALBASE}/lib \ + --disable-gccmarch-native \ --localstatedir=/var/ LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet11-config
Thanks Olivier, I knew about this but it fell off the radar. Can you please include your diff as an attachment, and also add poudriere output to confirm QA results if you'd like me to commit this as soon as possible, as I wont have time in the next two days to test it myself.
Created attachment 161321 [details] suricata patch for disabling GCC march native
Created attachment 161322 [details] poudriere build log Notice the line: GCC march native enabled: no during the build.
A commit references this bug: Author: koobs Date: Mon Sep 28 08:25:45 UTC 2015 New revision: 398101 URL: https://svnweb.freebsd.org/changeset/ports/398101 Log: security/suricata: Disable -march=native Suricata currently builds with GCC -march=native by default. This can create problems if, for example, packages of this port are built on ATOM servers but installed on AMD processors. In these and other cases where the build host is not equal to the target host, suricata can generate an Illegal instruction and refuse to start. It is ultimately preferable to explicitly cross-build and/or optimize compilation for target architectures and processors. See: PEP20. PR: 203296 Submitted by: Olivier Cochard <olivier cochard me> Tested by: Olivier Cochard <olivier cochard me> MFH: 2015Q3 Changes: head/security/suricata/Makefile
Committed with a tiny (tab alignment) change. Thank you Olivier
A commit references this bug: Author: koobs Date: Tue Sep 29 03:30:54 UTC 2015 New revision: 398152 URL: https://svnweb.freebsd.org/changeset/ports/398152 Log: MFH: r398101: security/suricata: Disable -march=native Suricata currently builds with GCC -march=native by default. This can create problems if, for example, packages of this port are built on ATOM servers but installed on AMD processors. In these and other cases where the build host is not equal to the target host, suricata can generate an Illegal instruction and refuse to start. It is ultimately preferable to explicitly cross-build and/or optimize compilation for target architectures and processors. See: PEP20. PR: 203296 Submitted by: Olivier Cochard <olivier cochard me> Tested by: Olivier Cochard <olivier cochard me> Approved by: portmgr (feld) Changes: _U branches/2015Q3/ branches/2015Q3/security/suricata/Makefile