[arch-commits] Commit in osquery/trunk (PKGBUILD libaudit.patch osquery.patch)

Anatol Pomozov anatolik at gemini.archlinux.org
Tue Sep 21 19:10:31 UTC 2021 

    Date: Tuesday, September 21, 2021 @ 19:10:31
  Author: anatolik
Revision: 1020720

upgpkg: osquery 5.0.1-1

osquery devendorizing activity did not go anywhere [1].

Maitaining a large patch and porting it to the new osquery releases is a tremendous work.
Rather spending time on the huge patch we switch to more upstream-like static build.

The cmake build pulls all the dependencies and builds it itself.
The main difference is that we do not use libc++ (as libLLVM does not work well with it)
and instead use the default library from gcc.


[1] https://github.com/osquery/osquery/issues/6286

Added:
  osquery/trunk/libaudit.patch
  osquery/trunk/osquery.patch
Modified:
  osquery/trunk/PKGBUILD

----------------+
 PKGBUILD       |   51 +++++++--------
 libaudit.patch |   12 +++
 osquery.patch  |  179 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 215 insertions(+), 27 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2021-09-21 19:10:13 UTC (rev 1020719)
+++ PKGBUILD	2021-09-21 19:10:31 UTC (rev 1020720)
@@ -1,51 +1,48 @@
 # Maintainer: Anatol Pomozov
 
 pkgname=osquery
-pkgver=4.6.0
-pkgrel=8
+pkgver=5.0.1
+pkgrel=1
 pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics'
 arch=(x86_64)
 url='https://osquery.io'
 license=(Apache GPL2)
-depends=(augeas boost-libs gflags google-glog aws-sdk-cpp librdkafka rocksdb gtest device-mapper rpm-tools dpkg pacman libelfin lldpd rapidjson sleuthkit ssdeep thrift yara lmdb iptables)
-makedepends=(cmake python boost linenoise-ng ninja)
+depends=(zlib)
+makedepends=(cmake ninja clang python gcc-libs git libunwind)
 options=(!strip)
-# patched version of smartools that we need to build statically to avoid collision with the upstream version
-_smartmontools_commit=6afcf545d2ab86d13a3ecb9f656aa81622031f2a
-_patched_osquery_commit=4.6.0-archlinux-1
-source=(osquery-$pkgver.zip::https://github.com/osquery/osquery/archive/$pkgver.zip
-	smartmontools-$_smartmontools_commit.zip::https://github.com/osquery/third-party-smartmontools/archive/$_smartmontools_commit.zip
-	devendorize.patch::https://github.com/anatol/osquery/compare/$pkgver...$_patched_osquery_commit.patch
-	tls_crash.patch::https://github.com/osquery/osquery/commit/d69380cb7713dd5f7f48849a028a7723e7a619bf.patch)
-sha256sums=('59dc5fce0f09133e17b8e4a5d2497ef3efd6c01243abf32564cf9ba1caa7fc44'
-            '191848bf04ca6fe14a9634bdcff6f6e851aa59526f1f3fb168ad7c8c6d9b1d00'
-            '833dbba19f278cc11de55f7e855fa3996b30f13faa8058d6fed1267758c075b2'
-            '02b61783880147b914088f2a75c086ac5adc3e4646287d03c36b7ad5d267977b')
+source=(git+https://github.com/osquery/osquery.git#tag=$pkgver
+        osquery.patch
+        libaudit.patch)
+sha256sums=('SKIP'
+            '5b73f732648752c7adf374a9d088d1486129eb6a41664ecd48634ecf1d6f91c7'
+            '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8')
 
 prepare() {
-  cd osquery-$pkgver
-  patch -p1 < ../devendorize.patch
-  patch -p1 < ../tls_crash.patch
-
-  rm -rf libraries/cmake/source/smartmontools/src
-  ln -sf `pwd`/../third-party-smartmontools-$_smartmontools_commit libraries/cmake/source/smartmontools/src
+  cd $srcdir/osquery
+  patch -p1 < $srcdir/osquery.patch
 }
 
 build() {
-  cd osquery-$pkgver
+  cd osquery
 
-  # disable ebpfpub dependency as https://github.com/trailofbits/ebpfpub is not in community repo yet
-  cmake -DCMAKE_BUILD_TYPE=Release -DOSQUERY_STATIC_BUILD=OFF -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \
+  CC=clang CXX=clang++ cmake \
+      -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \
       -DOSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE \
-      -DOSQUERY_BUILD_BPF=OFF \
       -G Ninja -S . -B build
+
+  # submodules are checked out by cmake, patch it after it were checked out
+  (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && git reset --hard && patch -p1 < $srcdir/libaudit.patch)
+
   ninja -C build
 }
 
 package() {
-  cd osquery-$pkgver
+  cd osquery
 
   DESTDIR="${pkgdir}" ninja -C build install
   install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
-  rm -r "$pkgdir/etc/init.d/"
+  install -Dm644 tools/deployment/osquery.example.conf "$pkgdir/etc/osquery/osquery.conf"
+  install -Dm644 tools/deployment/linux_packaging/osqueryd.sysconfig "$pkgdir/etc/sysconfig/osqueryd"
+  install -Dm644 tools/deployment/linux_packaging/rpm/osqueryd.service "$pkgdir/usr/lib/systemd/system/osqueryd.service"
+  rm -r $pkgdir/control
 }

Added: libaudit.patch
===================================================================
--- libaudit.patch	                        (rev 0)
+++ libaudit.patch	2021-09-21 19:10:31 UTC (rev 1020720)
@@ -0,0 +1,12 @@
+diff --git a/lib/libaudit.h b/lib/libaudit.h
+index 05ee91e..2ee3842 100644
+--- a/lib/libaudit.h
++++ b/lib/libaudit.h
+@@ -260,7 +260,6 @@ extern "C" {
+ #define AUDIT_KEY_SEPARATOR 0x01
+ 
+ /* These are used in filter control */
+-#define AUDIT_FILTER_EXCLUDE	AUDIT_FILTER_TYPE
+ #define AUDIT_FILTER_MASK	0x07	/* Mask to get actual filter */
+ #define AUDIT_FILTER_UNSET	0x80	/* This value means filter is unset */
+ 

Added: osquery.patch
===================================================================
--- osquery.patch	                        (rev 0)
+++ osquery.patch	2021-09-21 19:10:31 UTC (rev 1020720)
@@ -0,0 +1,179 @@
+commit 4e9200ae92bf4d873ec7ba4309f8c718fa029bc7
+Author: Anatol Pomozov <anatol.pomozov at gmail.com>
+Date:   Tue Sep 21 09:46:53 2021 -0700
+
+    Arch Linux specific fixes
+
+diff --git a/cmake/flags.cmake b/cmake/flags.cmake
+index e046e8b8d..76e7f20c1 100644
+--- a/cmake/flags.cmake
++++ b/cmake/flags.cmake
+@@ -79,11 +79,9 @@ function(setupBuildFlags)
+       -Woverloaded-virtual
+       -Wnon-virtual-dtor
+       -Weffc++
+-      -stdlib=libc++
+     )
+ 
+     set(posix_cxx_link_options
+-      -stdlib=libc++
+       -ldl
+     )
+ 
+@@ -131,7 +129,6 @@ function(setupBuildFlags)
+       )
+ 
+       set(linux_cxx_link_libraries
+-        c++abi
+         rt
+         dl
+       )
+@@ -157,7 +154,6 @@ function(setupBuildFlags)
+       )
+ 
+       set(macos_cxx_link_options
+-        -stdlib=libc++
+         -lresolv
+       )
+ 
+@@ -166,7 +162,6 @@ function(setupBuildFlags)
+         cups
+         bsm
+         xar
+-        c++abi
+         "-framework AppKit"
+         "-framework Foundation"
+         "-framework CoreServices"
+diff --git a/libraries/cmake/source/libmagic/config/linux/config.h b/libraries/cmake/source/libmagic/config/linux/config.h
+index 42be099c8..7054c73b9 100644
+--- a/libraries/cmake/source/libmagic/config/linux/config.h
++++ b/libraries/cmake/source/libmagic/config/linux/config.h
+@@ -247,9 +247,6 @@
+ /* Define to 1 if `vfork' works. */
+ #define HAVE_WORKING_VFORK 1
+ 
+-/* Define to 1 if you have the <xlocale.h> header file. */
+-#define HAVE_XLOCALE_H 1
+-
+ /* Define to 1 if you have the <zlib.h> header file. */
+ #define HAVE_ZLIB_H 1
+ 
+diff --git a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
+index 7041c46fb..9288df900 100644
+--- a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
++++ b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
+@@ -300,9 +300,6 @@
+ /* Define to 1 if you have the <sys/stat.h> header file. */
+ #define _EVENT_HAVE_SYS_STAT_H 1
+ 
+-/* Define to 1 if you have the <sys/sysctl.h> header file. */
+-#define _EVENT_HAVE_SYS_SYSCTL_H 1
+-
+ /* Define to 1 if you have the <sys/time.h> header file. */
+ #define _EVENT_HAVE_SYS_TIME_H 1
+ 
+diff --git a/libraries/cmake/source/thrift/CMakeLists.txt b/libraries/cmake/source/thrift/CMakeLists.txt
+index 0389d0507..a4c3d55ec 100644
+--- a/libraries/cmake/source/thrift/CMakeLists.txt
++++ b/libraries/cmake/source/thrift/CMakeLists.txt
+@@ -82,12 +82,6 @@ function(thriftMain)
+     set(forced_include_file_flag "--include")
+   endif()
+ 
+-  # C++17 dropped support for random_shuffle. Add it back with a
+-  # custom header
+-  target_compile_options(thirdparty_thrift PRIVATE
+-    "${forced_include_file_flag}${CMAKE_CURRENT_SOURCE_DIR}/patches/random_shuffle.h"
+-  )
+-
+   target_compile_definitions(thirdparty_thrift PUBLIC
+     THRIFT_STATIC_DEFINE
+   )
+diff --git a/osquery/core/shutdown.cpp b/osquery/core/shutdown.cpp
+index 3cb863d9b..7f93210f6 100644
+--- a/osquery/core/shutdown.cpp
++++ b/osquery/core/shutdown.cpp
+@@ -11,6 +11,7 @@
+ #include <osquery/logger/data_logger.h>
+ 
+ #include <atomic>
++#include <condition_variable>
+ #include <mutex>
+ #include <string>
+ 
+diff --git a/osquery/tables/networking/CMakeLists.txt b/osquery/tables/networking/CMakeLists.txt
+index 70b7079ee..7a42d068a 100644
+--- a/osquery/tables/networking/CMakeLists.txt
++++ b/osquery/tables/networking/CMakeLists.txt
+@@ -30,6 +30,10 @@ function(generateOsqueryTablesNetworking)
+       posix/interfaces.cpp
+       posix/utils.cpp
+     )
++
++    list(APPEND platform_deps
++      resolv
++    )
+   endif()
+ 
+   if(DEFINED PLATFORM_LINUX)
+diff --git a/osquery/tables/system/linux/sysctl_utils.cpp b/osquery/tables/system/linux/sysctl_utils.cpp
+index 1ff3e0b00..b66ecc79e 100644
+--- a/osquery/tables/system/linux/sysctl_utils.cpp
++++ b/osquery/tables/system/linux/sysctl_utils.cpp
+@@ -7,8 +7,6 @@
+  * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
+  */
+ 
+-#include <sys/sysctl.h>
+-
+ #include <boost/algorithm/string/trim.hpp>
+ 
+ #include <osquery/core/tables.h>
+@@ -73,10 +71,8 @@ void genControlInfo(int* oid,
+   // Get control size
+   size_t response_size = CTL_MAX_VALUE;
+   char response[CTL_MAX_VALUE + 1] = {0};
+-  if (sysctl(oid, oid_size, response, &response_size, 0, 0) != 0) {
+-    // Cannot request MIB data.
+-    return;
+-  }
++  // Cannot request MIB data.
++  return;
+ 
+   // Data is output, but no way to determine type (long, int, string, struct).
+   Row r;
+diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h
+index e119f8a9e..0d4a399e4 100644
+--- a/osquery/tables/system/posix/sysctl_utils.h
++++ b/osquery/tables/system/posix/sysctl_utils.h
+@@ -9,8 +9,6 @@
+ 
+ #pragma once
+ 
+-#include <sys/sysctl.h>
+-
+ #include <osquery/core/tables.h>
+ 
+ namespace osquery {
+@@ -18,6 +16,8 @@ namespace tables {
+ 
+ #define CTL_MAX_VALUE 128
+ 
++#define CTL_MAXNAME	12
++
+ #ifndef CTL_DEBUG_MAXID
+ #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2)
+ #endif
+diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service
+index 6aa42752f..7bb3b3dc9 100644
+--- a/tools/deployment/linux_packaging/rpm/osqueryd.service
++++ b/tools/deployment/linux_packaging/rpm/osqueryd.service
+@@ -7,7 +7,7 @@ TimeoutStartSec=0
+ EnvironmentFile=/etc/sysconfig/osqueryd
+ ExecStartPre=/bin/sh -c "if [ ! -f $FLAG_FILE ]; then touch $FLAG_FILE; fi"
+ ExecStartPre=/bin/sh -c "if [ -f $LOCAL_PIDFILE ]; then mv $LOCAL_PIDFILE $PIDFILE; fi"
+-ExecStart=/opt/osquery/bin/osqueryd \
++ExecStart=/usr/bin/osqueryd \
+   --flagfile $FLAG_FILE \
+   --config_path $CONFIG_FILE
+ Restart=on-failure

More information about the arch-commits mailing list