My Suricata development build script.

build.sh

#! /usr/bin/env bash
#
# https://gist.github.com/jasonish/5d810cb5eb4eae68147126c2d40823a5
#
# This is my script for building and developing Suricata on my
# personal computers, which are almost always Fedora or a RedHat
# derivative.  YMMV on other systems.
#
# This script will build Suricata with a useful developer configuration:
# - ASAN (so asan libs are required on your system)
# - Install location of /opt/suricata/<VERSION>
#
# Drop this script outside of your Suricata source directory and run like:
#   ../build.sh
# Or something like that...

set -e

VERSION=$(expr $(grep AC_INIT configure.ac) : ".*\[\(.*\)\].*")
LDFLAGS=()

mode=dev
use_asan=""

# Bundle libhtp (TODO: caching)
if ! test -e ./libhtp; then
    ./scripts/bundle.sh libhtp
fi

# Bundle suricata-update (TODO: caching)
if ! test -e suricata-update/setup.py; then
    ./scripts/bundle.sh suricata-update
fi

CONFIGURE_ARGS=(
    --enable-unix-socket
    --enable-nfqueue
    --disable-silent-rules
    --disable-shared
)

for arg in $@; do
    case "${arg}" in
        -*)
            echo "Adding configure arg: ${arg}"
            CONFIGURE_ARGS+=(${arg})
            ;;
        dev)
            mode=dev
            ;;
        rel*)
            CONFIGURE_ARGS+=(--prefix=/usr)
            CONFIGURE_ARGS+=(--sysconfdir=/etc)
            CONFIGURE_ARGS+=(--localstatedir=/var)
            mode=release
            ;;
        asan)
            use_asan=yes
            ;;
        no-asan)
            use_asan=no
            ;;
        *)
            echo "error: bad argument: ${arg}"
            exit 1
            ;;
    esac
done

# Add --enable-lua if not already added.  This allows me to "build.sh
# --enable-luajit" at the command line, but still default to normal
# lua.
if ! echo "${CONFIGURE_ARGS[@]}" | grep -q -- "--enable-lua"; then
    CONFIGURE_ARGS+=(--enable-lua)
fi

# If not already set, set the prefix to /opt/suricata/<version>
if ! echo "${CONFIGURE_ARGS[@]}" | grep -q -- "--prefix"; then
    CONFIGURE_ARGS+=(--prefix=/opt/suricata/${VERSION})
fi

CFLAGS=(
    -fno-common
    -Wall
    -Wextra
    -Werror
    -Wshadow
    -Wchar-subscripts
    -Wno-unused-parameter
    -Wno-unused-function
)

CXXFLAGS=()

if [ "${mode}" = "dev" ]; then
    echo "Enabling developer mode"

    CONFIGURE_ARGS+=(--enable-unittests)
    #CONFIGURE_ARGS+=(--enable-debug-validation)

    #CONFIGURE_ARGS+=(--enable-profiling)
    CONFIGURE_ARGS+=(--enable-profiling-lite)
    #CONFIGURE_ARGS+=(--enable-profiling-locks)
    CONFIGURE_ARGS+=(--enable-debug)
    #CONFIGURE_ARGS+=(--enable-rust-strict)

    CFLAGS+=(-ggdb3)
    CFLAGS+=(-O0)
    if [ "${use_asan}" != "no" ]; then
        use_asan="yes"
    fi
fi

if [ "${mode}" = "release" ]; then
    echo "===> Enabling release mode"
    CFLAGS+=(-O3)
fi

if [ "${use_asan}" = "yes" ]; then
    echo "===> Enabling ASAN."
    export ac_cv_func_malloc_0_nonnull=yes
    export ac_cv_func_realloc_0_nonnull=yes
    CFLAGS+=(-fsanitize=address)
    CFLAGS+=(-fno-omit-frame-pointer)
    CFLAGS+=(-fno-inline)
    LDFLAGS+=(-fsanitize=address)
fi    

if ! test -e ./configure; then
    ./autogen.sh
fi

LDFLAGS="${LDFLAGS[@]}" CFLAGS="${CFLAGS[@]}" CXXFLAGS="${CFLAGS[@]}" \
      ./configure "${CONFIGURE_ARGS[@]}"

for i in 3 2 1; do
    echo "===> Will build in $i seconds: mode=${mode}..."
    sleep 1
done

cores=$(cat /proc/cpuinfo | grep ^processor | wc -l)

make -j "${cores}"