[arch-commits] Commit in osquery/repos (4 files)
Anatol Pomozov
anatolik at gemini.archlinux.org
Wed Sep 29 16:34:44 UTC 2021
Date: Wednesday, September 29, 2021 @ 16:34:44
Author: anatolik
Revision: 1025958
archrelease: copy trunk to community-testing-x86_64
Added:
osquery/repos/community-testing-x86_64/
osquery/repos/community-testing-x86_64/PKGBUILD
(from rev 1025957, osquery/trunk/PKGBUILD)
osquery/repos/community-testing-x86_64/libaudit.patch
(from rev 1025957, osquery/trunk/libaudit.patch)
osquery/repos/community-testing-x86_64/osquery.patch
(from rev 1025957, osquery/trunk/osquery.patch)
----------------+
PKGBUILD | 48 +++++++++++
libaudit.patch | 12 ++
osquery.patch | 236 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 296 insertions(+)
Copied: osquery/repos/community-testing-x86_64/PKGBUILD (from rev 1025957, osquery/trunk/PKGBUILD)
===================================================================
--- community-testing-x86_64/PKGBUILD (rev 0)
+++ community-testing-x86_64/PKGBUILD 2021-09-29 16:34:44 UTC (rev 1025958)
@@ -0,0 +1,48 @@
+# Maintainer: Anatol Pomozov
+
+pkgname=osquery
+pkgver=5.0.1
+pkgrel=2
+pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics'
+arch=(x86_64)
+url='https://osquery.io'
+license=(Apache GPL2)
+depends=(zlib)
+makedepends=(cmake ninja clang python gcc-libs git libunwind)
+options=(!strip)
+source=(git+https://github.com/osquery/osquery.git#tag=$pkgver
+ osquery.patch
+ libaudit.patch)
+sha256sums=('SKIP'
+ '6c6b87a1b473abdb8b895a3cd4f8839b6b19add6937134c620fddb845d7f8969'
+ '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8')
+
+prepare() {
+ cd $srcdir/osquery
+ patch -p1 < $srcdir/osquery.patch
+}
+
+build() {
+ cd osquery
+
+ CC=clang CXX=clang++ cmake \
+ -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \
+ -DOSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE \
+ -G Ninja -S . -B build
+
+ # submodules are checked out by cmake, patch it after it were checked out
+ (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && git reset --hard && patch -p1 < $srcdir/libaudit.patch)
+
+ ninja -C build
+}
+
+package() {
+ cd osquery
+
+ DESTDIR="${pkgdir}" ninja -C build install
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ install -Dm644 tools/deployment/osquery.example.conf "$pkgdir/etc/osquery/osquery.conf"
+ install -Dm644 tools/deployment/linux_packaging/osqueryd.sysconfig "$pkgdir/etc/sysconfig/osqueryd"
+ install -Dm644 tools/deployment/linux_packaging/rpm/osqueryd.service "$pkgdir/usr/lib/systemd/system/osqueryd.service"
+ rm -r $pkgdir/control
+}
Copied: osquery/repos/community-testing-x86_64/libaudit.patch (from rev 1025957, osquery/trunk/libaudit.patch)
===================================================================
--- community-testing-x86_64/libaudit.patch (rev 0)
+++ community-testing-x86_64/libaudit.patch 2021-09-29 16:34:44 UTC (rev 1025958)
@@ -0,0 +1,12 @@
+diff --git a/lib/libaudit.h b/lib/libaudit.h
+index 05ee91e..2ee3842 100644
+--- a/lib/libaudit.h
++++ b/lib/libaudit.h
+@@ -260,7 +260,6 @@ extern "C" {
+ #define AUDIT_KEY_SEPARATOR 0x01
+
+ /* These are used in filter control */
+-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE
+ #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */
+ #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */
+
Copied: osquery/repos/community-testing-x86_64/osquery.patch (from rev 1025957, osquery/trunk/osquery.patch)
===================================================================
--- community-testing-x86_64/osquery.patch (rev 0)
+++ community-testing-x86_64/osquery.patch 2021-09-29 16:34:44 UTC (rev 1025958)
@@ -0,0 +1,236 @@
+commit 6b69f04e9d4164130c15f9203e20159af69ecdc1
+Author: Anatol Pomozov <anatol.pomozov at gmail.com>
+Date: Tue Sep 21 09:46:53 2021 -0700
+
+ Arch Linux specific fixes
+
+diff --git a/cmake/flags.cmake b/cmake/flags.cmake
+index e046e8b8d..76e7f20c1 100644
+--- a/cmake/flags.cmake
++++ b/cmake/flags.cmake
+@@ -79,11 +79,9 @@ function(setupBuildFlags)
+ -Woverloaded-virtual
+ -Wnon-virtual-dtor
+ -Weffc++
+- -stdlib=libc++
+ )
+
+ set(posix_cxx_link_options
+- -stdlib=libc++
+ -ldl
+ )
+
+@@ -131,7 +129,6 @@ function(setupBuildFlags)
+ )
+
+ set(linux_cxx_link_libraries
+- c++abi
+ rt
+ dl
+ )
+@@ -157,7 +154,6 @@ function(setupBuildFlags)
+ )
+
+ set(macos_cxx_link_options
+- -stdlib=libc++
+ -lresolv
+ )
+
+@@ -166,7 +162,6 @@ function(setupBuildFlags)
+ cups
+ bsm
+ xar
+- c++abi
+ "-framework AppKit"
+ "-framework Foundation"
+ "-framework CoreServices"
+diff --git a/libraries/cmake/source/libmagic/config/linux/config.h b/libraries/cmake/source/libmagic/config/linux/config.h
+index 42be099c8..7054c73b9 100644
+--- a/libraries/cmake/source/libmagic/config/linux/config.h
++++ b/libraries/cmake/source/libmagic/config/linux/config.h
+@@ -247,9 +247,6 @@
+ /* Define to 1 if `vfork' works. */
+ #define HAVE_WORKING_VFORK 1
+
+-/* Define to 1 if you have the <xlocale.h> header file. */
+-#define HAVE_XLOCALE_H 1
+-
+ /* Define to 1 if you have the <zlib.h> header file. */
+ #define HAVE_ZLIB_H 1
+
+diff --git a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
+index 7041c46fb..9288df900 100644
+--- a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
++++ b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h
+@@ -300,9 +300,6 @@
+ /* Define to 1 if you have the <sys/stat.h> header file. */
+ #define _EVENT_HAVE_SYS_STAT_H 1
+
+-/* Define to 1 if you have the <sys/sysctl.h> header file. */
+-#define _EVENT_HAVE_SYS_SYSCTL_H 1
+-
+ /* Define to 1 if you have the <sys/time.h> header file. */
+ #define _EVENT_HAVE_SYS_TIME_H 1
+
+diff --git a/libraries/cmake/source/thrift/CMakeLists.txt b/libraries/cmake/source/thrift/CMakeLists.txt
+index 0389d0507..a4c3d55ec 100644
+--- a/libraries/cmake/source/thrift/CMakeLists.txt
++++ b/libraries/cmake/source/thrift/CMakeLists.txt
+@@ -82,12 +82,6 @@ function(thriftMain)
+ set(forced_include_file_flag "--include")
+ endif()
+
+- # C++17 dropped support for random_shuffle. Add it back with a
+- # custom header
+- target_compile_options(thirdparty_thrift PRIVATE
+- "${forced_include_file_flag}${CMAKE_CURRENT_SOURCE_DIR}/patches/random_shuffle.h"
+- )
+-
+ target_compile_definitions(thirdparty_thrift PUBLIC
+ THRIFT_STATIC_DEFINE
+ )
+diff --git a/osquery/core/shutdown.cpp b/osquery/core/shutdown.cpp
+index 3cb863d9b..7f93210f6 100644
+--- a/osquery/core/shutdown.cpp
++++ b/osquery/core/shutdown.cpp
+@@ -11,6 +11,7 @@
+ #include <osquery/logger/data_logger.h>
+
+ #include <atomic>
++#include <condition_variable>
+ #include <mutex>
+ #include <string>
+
+diff --git a/osquery/tables/networking/CMakeLists.txt b/osquery/tables/networking/CMakeLists.txt
+index 70b7079ee..7a42d068a 100644
+--- a/osquery/tables/networking/CMakeLists.txt
++++ b/osquery/tables/networking/CMakeLists.txt
+@@ -30,6 +30,10 @@ function(generateOsqueryTablesNetworking)
+ posix/interfaces.cpp
+ posix/utils.cpp
+ )
++
++ list(APPEND platform_deps
++ resolv
++ )
+ endif()
+
+ if(DEFINED PLATFORM_LINUX)
+diff --git a/osquery/tables/system/linux/sysctl_utils.cpp b/osquery/tables/system/linux/sysctl_utils.cpp
+index 1ff3e0b00..b66ecc79e 100644
+--- a/osquery/tables/system/linux/sysctl_utils.cpp
++++ b/osquery/tables/system/linux/sysctl_utils.cpp
+@@ -7,8 +7,6 @@
+ * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
+ */
+
+-#include <sys/sysctl.h>
+-
+ #include <boost/algorithm/string/trim.hpp>
+
+ #include <osquery/core/tables.h>
+@@ -73,10 +71,8 @@ void genControlInfo(int* oid,
+ // Get control size
+ size_t response_size = CTL_MAX_VALUE;
+ char response[CTL_MAX_VALUE + 1] = {0};
+- if (sysctl(oid, oid_size, response, &response_size, 0, 0) != 0) {
+- // Cannot request MIB data.
+- return;
+- }
++ // Cannot request MIB data.
++ return;
+
+ // Data is output, but no way to determine type (long, int, string, struct).
+ Row r;
+diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp
+index fb09411d8..615f7adea 100644
+--- a/osquery/tables/system/posix/augeas.cpp
++++ b/osquery/tables/system/posix/augeas.cpp
+@@ -35,7 +35,7 @@ FLAG(string,
+ #else
+ FLAG(string,
+ augeas_lenses,
+- "/opt/osquery/share/osquery/lenses",
++ "/usr/share/osquery/lenses",
+ "Directory that contains augeas lenses files");
+ #endif
+
+diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h
+index e119f8a9e..0d4a399e4 100644
+--- a/osquery/tables/system/posix/sysctl_utils.h
++++ b/osquery/tables/system/posix/sysctl_utils.h
+@@ -9,8 +9,6 @@
+
+ #pragma once
+
+-#include <sys/sysctl.h>
+-
+ #include <osquery/core/tables.h>
+
+ namespace osquery {
+@@ -18,6 +16,8 @@ namespace tables {
+
+ #define CTL_MAX_VALUE 128
+
++#define CTL_MAXNAME 12
++
+ #ifndef CTL_DEBUG_MAXID
+ #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2)
+ #endif
+diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h
+index cda34298e..1c45718f3 100644
+--- a/osquery/utils/config/default_paths.h
++++ b/osquery/utils/config/default_paths.h
+@@ -26,7 +26,7 @@
+ #define OSQUERY_SOCKET OSQUERY_DB_HOME
+ #define OSQUERY_PIDFILE "/var/run/"
+ #define OSQUERY_LOG_HOME "/var/log/osquery/"
+-#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/"
++#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/"
+ #elif defined(WIN32)
+ #define OSQUERY_HOME "\\Program Files\\osquery\\"
+ #define OSQUERY_DB_HOME OSQUERY_HOME
+diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service
+index 6aa42752f..7bb3b3dc9 100644
+--- a/tools/deployment/linux_packaging/rpm/osqueryd.service
++++ b/tools/deployment/linux_packaging/rpm/osqueryd.service
+@@ -7,7 +7,7 @@ TimeoutStartSec=0
+ EnvironmentFile=/etc/sysconfig/osqueryd
+ ExecStartPre=/bin/sh -c "if [ ! -f $FLAG_FILE ]; then touch $FLAG_FILE; fi"
+ ExecStartPre=/bin/sh -c "if [ -f $LOCAL_PIDFILE ]; then mv $LOCAL_PIDFILE $PIDFILE; fi"
+-ExecStart=/opt/osquery/bin/osqueryd \
++ExecStart=/usr/bin/osqueryd \
+ --flagfile $FLAG_FILE \
+ --config_path $CONFIG_FILE
+ Restart=on-failure
+diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf
+index 96320e2d4..5af675dac 100644
+--- a/tools/deployment/osquery.example.conf
++++ b/tools/deployment/osquery.example.conf
+@@ -60,19 +60,19 @@
+ // There are several 'default' packs installed via
+ // packages and/or Homebrew.
+ //
+- // Linux: /opt/osquery/share/osquery/packs
++ // Linux: /usr/share/osquery/packs
+ // OS X: /var/osquery/packs
+ // Homebrew: /usr/local/share/osquery/packs
+ // make install: {PREFIX}/share/osquery/packs
+ //
+ "packs": {
+- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
+- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
+- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
++ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf",
++ // "incident-response": "/usr/share/osquery/packs/incident-response.conf",
++ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf",
+ // "osx-attacks": "/var/osquery/packs/osx-attacks.conf",
+- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
+- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
+- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf",
++ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf",
++ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf",
++ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf",
+ // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf",
+ // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf"
+ },
More information about the arch-commits
mailing list