From c75b920e884dde418406f19a88331a360b3b1679 Mon Sep 17 00:00:00 2001
From: Phil Rzewski <philrzewski@gmail.com>
Date: Tue, 16 Jan 2024 20:16:35 +0000
Subject: [PATCH] Add workaround for zeek/3534 on Windows (#7)

---
 .github/workflows/release.yml | 2 +-
 release.sh                    | 9 ++++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f12df32..4763da2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -109,7 +109,7 @@ jobs:
 
     - name: Finish packaging artifact
       run: ./release.sh
-      shell: sh
+      shell: bash
 
     - name: Upload artifact
       uses: actions/upload-artifact@v4
diff --git a/release.sh b/release.sh
index 1eadb1a..fbacfdd 100755
--- a/release.sh
+++ b/release.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -ex
+#!/bin/bash -ex
 
 case $(uname) in
     Darwin|Linux)
@@ -75,6 +75,13 @@ install_zeek_package salesforce/hassh 76a47abe9382109ce9ba530e7f1d7014a4a95209
 install_zeek_package salesforce/ja3 421dd4f3616b533e6971bb700289c6bb8355e707
 echo "@load policy/protocols/conn/community-id-logging" | $sudo tee -a /usr/local/zeek/share/zeek/site/local.zeek
 
+# Work around https://github.com/zeek/zeek/issues/3534 on Windows
+[[ $(uname) =~ "NT" ]] &&
+  sed -i \
+    -e 's|^@load protocols/ssh/interesting-hostnames|#\0 # https://github.com/zeek/zeek/issues/3534 workaround|' \
+    -e 's|^@load frameworks/files/detect-MHR|#\0 # https://github.com/zeek/zeek/issues/3534 workaround|' \
+    /usr/local/zeek/share/zeek/site/local.zeek
+
 #
 # Create zip file.
 #