osquery: 3.2.9 -> 3.3.2 (#62099)

osquery: 3.2.9 -> 3.3.2
This commit is contained in:
Silvan Mosberger 2019-05-28 03:09:45 +02:00 committed by GitHub
commit 2762950a8a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 246 additions and 238 deletions

View File

@ -0,0 +1,72 @@
From 77a34d31695e02bc3d06b68c7ca3ff9c3cb67844 Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sun, 26 May 2019 19:46:27 +0200
Subject: [PATCH] Don't detect package version with Git
This will build in a Nix-based build environment. Instead we ismply
replace `@version@` using `substituteAll`.
---
dwarf/Makefile | 19 +++++++++----------
elf/Makefile | 15 +++++++--------
2 files changed, 16 insertions(+), 18 deletions(-)
diff --git a/dwarf/Makefile b/dwarf/Makefile
index 71456bd..f871227 100644
--- a/dwarf/Makefile
+++ b/dwarf/Makefile
@@ -43,16 +43,15 @@ CLEAN += libdwarf++.so
# Create pkg-config for local library and headers. This will be
# transformed in to the correct global pkg-config by install.
libdwarf++.pc: always
- @(VER=$$(git describe --match 'v*' | sed -e s/^v//); \
- echo "libdir=$$PWD"; \
- echo "includedir=$$PWD"; \
- echo ""; \
- echo "Name: libdwarf++"; \
- echo "Description: C++11 DWARF library"; \
- echo "Version: $$VER"; \
- echo "Requires: libelf++ = $$VER"; \
- echo "Libs: -L\$${libdir} -ldwarf++"; \
- echo "Cflags: -I\$${includedir}") > $@
+ @(echo "libdir=$$PWD"; \
+ echo "includedir=$$PWD"; \
+ echo ""; \
+ echo "Name: libdwarf++"; \
+ echo "Description: C++11 DWARF library"; \
+ echo "Version: @version@"; \
+ echo "Requires: libelf++ = @version@"; \
+ echo "Libs: -L\$${libdir} -ldwarf++"; \
+ echo "Cflags: -I\$${includedir}") > $@
CLEAN += libdwarf++.pc
.PHONY: always
diff --git a/elf/Makefile b/elf/Makefile
index 9c7c224..50630a7 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -42,15 +42,14 @@ CLEAN += libelf++.so
# Create pkg-config for local library and headers. This will be
# transformed in to the correct global pkg-config by install.
libelf++.pc: always
- @(VER=$$(git describe --match 'v*' | sed -e s/^v//); \
- echo "libdir=$$PWD"; \
+ @(echo "libdir=$$PWD"; \
echo "includedir=$$PWD"; \
- echo ""; \
- echo "Name: libelf++"; \
- echo "Description: C++11 ELF library"; \
- echo "Version: $$VER"; \
- echo "Libs: -L\$${libdir} -lelf++"; \
- echo "Cflags: -I\$${includedir}") > $@
+ echo ""; \
+ echo "Name: libelf++"; \
+ echo "Description: C++11 ELF library"; \
+ echo "Version: @version@"; \
+ echo "Libs: -L\$${libdir} -lelf++"; \
+ echo "Cflags: -I\$${includedir}") > $@
CLEAN += libelf++.pc
.PHONY: always
--
2.19.2

View File

@ -0,0 +1,32 @@
{ stdenv, fetchFromGitHub, python3, substituteAll }:
stdenv.mkDerivation rec {
pname = "libelfin";
version = "unstable-2018-08-25";
src = fetchFromGitHub {
owner = "aclements";
repo = pname;
rev = "ac45a094fadba77ad840063fb7aab82571546be0";
sha256 = "143x680c6hsy51kngs04ypg4ql3lp498llcwj4lh1v0qp5qvjhyz";
};
patches = [
(substituteAll {
src = ./0001-Don-t-detect-package-version-with-Git.patch;
inherit version;
})
];
nativeBuildInputs = [ python3 ];
makeFlags = [ "PREFIX=${placeholder "out"}" ];
meta = with stdenv.lib; {
homepage = https://github.com/aclements/libelfin/;
license = licenses.mit;
description = "C++11 ELF/DWARF parser";
maintainers = with maintainers; [ ma27 ];
platforms = platforms.linux;
};
}

View File

@ -0,0 +1,41 @@
From 511400b8ec0794588df88e2bb1c45cc6a4a51b1e Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sun, 26 May 2019 23:10:02 +0200
Subject: [PATCH] Fix CMake configuration for Nix
* -fno-limit-debug-info: CLang specific, patch away to support both
CLang and GCC.
* Dropped unnecessary `lvm-internal` and `daemonclient` references.
---
CMakeLists.txt | 1 -
osquery/tables/CMakeLists.txt | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f545d6c9..cfe68ddb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -328,7 +328,6 @@ if (POSIX)
# To be safe, only include them when building 'release' outputs.
add_compile_options(
"$<$<CONFIG:RELEASE>:-g>"
- "$<$<CONFIG:RELEASE>:-fno-limit-debug-info>"
"$<$<CONFIG:RELEASE>:-fPIE>"
"$<$<CONFIG:RELEASE>:-fpie>"
"$<$<CONFIG:RELEASE>:-fPIC>"
diff --git a/osquery/tables/CMakeLists.txt b/osquery/tables/CMakeLists.txt
index 470bdf1d..caa6ab6f 100644
--- a/osquery/tables/CMakeLists.txt
+++ b/osquery/tables/CMakeLists.txt
@@ -68,7 +68,7 @@ if(LINUX)
set(TABLE_PLATFORM "linux")
ADD_OSQUERY_LINK_ADDITIONAL("libresolv.so")
- ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app lvm-internal daemonclient")
+ ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app")
ADD_OSQUERY_LINK_ADDITIONAL("gcrypt gpg-error")
ADD_OSQUERY_LINK_ADDITIONAL("blkid")
ADD_OSQUERY_LINK_ADDITIONAL("ip4tc")
--
2.19.2

View File

@ -1,58 +1,20 @@
{ stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages { stdenv, lib, fetchFromGitHub, pkgconfig, cmake, python
, udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive , udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm , libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm
, beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags , beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags
, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy , thrift, boost, rocksdb_lite, glog, gbenchmark, snappy
, openssl, file, doxygen , openssl, file, doxygen
, gtest, sqlite, fpm, zstd, rdkafka, rapidjson, fetchgit, fetchurl , gtest, sqlite, fpm, zstd, rdkafka, rapidjson, fetchgit, fetchurl, libelfin
, smartmontools, which, git, cscope, ctags, ssdeep
}: }:
let let
overrides = {
thirdparty = fetchFromGitHub {
owner = "osquery";
repo = "third-party";
rev = "32e01462fbea75d3b1904693f937dfd62eaced15";
sha256 = "0va24gmgk43a1lyjs63q9qrhvpv8gmqjzpjr5595vhr16idv8wyf";
};
in
stdenv.mkDerivation rec {
name = "osquery-${version}";
version = "3.2.9";
# this is what `osquery --help` will show as the version.
OSQUERY_BUILD_VERSION = version;
OSQUERY_PLATFORM = "NixOS;";
src = fetchFromGitHub {
owner = "facebook";
repo = "osquery";
rev = version;
sha256 = "1fac0yj1701469qhbsp38ab2fmavm3jw6x278bf78yvxdi99ivai";
};
patches = [ ./misc.patch ];
nativeBuildInputs = [
pkgconfig cmake pythonPackages.python pythonPackages.jinja2 doxygen fpm
];
NIX_LDFLAGS = [
"-lcrypto"
];
buildInputs = let
gflags' = google-gflags.overrideAttrs (old: {
cmakeFlags = stdenv.lib.filter (f: (builtins.match ".*STATIC.*" f) == null) old.cmakeFlags;
});
# use older `lvm2` source for osquery, the 2.03 sourcetree # use older `lvm2` source for osquery, the 2.03 sourcetree
# will break osquery due to the lacking header `lvm2app.h`. # will break osquery due to the lacking header `lvm2app.h`.
# #
# https://github.com/NixOS/nixpkgs/pull/51756#issuecomment-446035295 # https://github.com/NixOS/nixpkgs/pull/51756#issuecomment-446035295
lvm2' = lvm2.overrideAttrs (old: rec { lvm2 = lvm2.overrideAttrs (old: rec {
name = "lvm2-${version}"; name = "lvm2-${version}";
version = "2.02.183"; version = "2.02.183";
src = fetchgit { src = fetchgit {
@ -62,8 +24,25 @@ stdenv.mkDerivation rec {
}; };
}); });
# use smartmontools fork to programatically retrieve SMART information.
# https://github.com/facebook/osquery/pull/4133
smartmontools = smartmontools.overrideAttrs (old: rec {
name = "smartmontools-${version}";
version = "0.3.1";
src = fetchFromGitHub {
owner = "allanliu";
repo = "smartmontools";
rev = "v${version}";
sha256 = "1i72fk2ranrky02h7nh9l3va4kjzj0lx1gr477zkxd44wf3w0pjf";
};
# Apple build fix doesn't apply here and isn't needed as we
# only support `osquery` on Linux.
patches = [];
});
# dpkg 1.19.2 dropped api in `<dpkg/dpkg-db.h>` which breaks compilation. # dpkg 1.19.2 dropped api in `<dpkg/dpkg-db.h>` which breaks compilation.
dpkg' = dpkg.overrideAttrs (old: rec { dpkg = dpkg.overrideAttrs (old: rec {
name = "dpkg-${version}"; name = "dpkg-${version}";
version = "1.19.0.5"; version = "1.19.0.5";
src = fetchurl { src = fetchurl {
@ -71,33 +50,92 @@ stdenv.mkDerivation rec {
sha256 = "1dc5kp3fqy1k66fly6jfxkkg7w6d0jy8szddpfyc2xvzga94d041"; sha256 = "1dc5kp3fqy1k66fly6jfxkkg7w6d0jy8szddpfyc2xvzga94d041";
}; };
}); });
in [
udev audit
# filter out static linking configuration to avoid that the library will
# be linked both statically and dynamically.
gflags = google-gflags.overrideAttrs (old: {
cmakeFlags = stdenv.lib.filter (f: (builtins.match ".*STATIC.*" f) == null) old.cmakeFlags;
});
};
in
stdenv.mkDerivation rec {
pname = "osquery";
version = "3.3.2";
# this is what `osquery --help` will show as the version.
OSQUERY_BUILD_VERSION = version;
OSQUERY_PLATFORM = "NixOS;";
src = fetchFromGitHub {
owner = "facebook";
repo = pname;
rev = version;
sha256 = "0nrwmzmbziacs3y0nljyc73bibr3w68myjpfwkicg9zgkq4qihij";
};
patches = [ ./0001-Fix-CMake-configuration-for-Nix.patch ];
NIX_CFLAGS_COMPILE = [
"-I${libxml2.dev}/include/libxml2"
];
nativeBuildInputs = [ python which git cscope ctags cmake pkgconfig doxygen fpm ]
++ (with python.pkgs; [ jinja2 ]);
buildInputs = [
udev
audit
(aws-sdk-cpp.override { (aws-sdk-cpp.override {
apis = [ "firehose" "kinesis" "sts" "ec2" ]; apis = [ "firehose" "kinesis" "sts" "ec2" ];
customMemoryManagement = false; customMemoryManagement = false;
}) })
overrides.lvm2
lvm2' libgcrypt libarchive libgpgerror libuuid iptables dpkg' libgcrypt
lzma bzip2 rpm beecrypt augeas libxml2 sleuthkit libarchive
yara lldpd gflags' thrift boost libgpgerror
glog gbenchmark snappy openssl libuuid
file cryptsetup iptables
gtest sqlite zstd rdkafka rapidjson rocksdb_lite overrides.dpkg
lzma
bzip2
rpm
beecrypt
augeas
libxml2
sleuthkit
yara
lldpd
overrides.gflags
thrift
boost
glog
gbenchmark
snappy
openssl
file
cryptsetup
gtest
zstd
rdkafka
rapidjson
rocksdb_lite
libelfin
ssdeep
overrides.smartmontools
]; ];
cmakeFlags = [ "-DSKIP_TESTS=1" ];
preConfigure = '' preConfigure = ''
export NIX_CFLAGS_COMPILE="-I${libxml2.dev}/include/libxml2 $NIX_CFLAGS_COMPILE" cp -r ${fetchFromGitHub {
owner = "osquery";
repo = "third-party";
rev = "32e01462fbea75d3b1904693f937dfd62eaced15";
sha256 = "0va24gmgk43a1lyjs63q9qrhvpv8gmqjzpjr5595vhr16idv8wyf";
}}/* third-party
cmakeFlagsArray+=(
-DCMAKE_LIBRARY_PATH=${cryptsetup}/lib
-DCMAKE_VERBOSE_MAKEFILE=OFF
)
cp -r ${thirdparty}/* third-party
chmod +w -R third-party chmod +w -R third-party
rm -r third-party/{googletest,sqlite3}
''; '';
meta = with lib; { meta = with lib; {

View File

@ -1,177 +0,0 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0242fb71..5007aace 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -304,7 +304,6 @@ else()
# To be safe, only include them when building 'release' outputs.
add_compile_options(
-g
- -fno-limit-debug-info
-fPIE
-fpie
-fPIC
@@ -449,12 +448,6 @@ elseif(CLANG AND DEPS AND NOT FREEBSD)
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -flto=thin")
endif()
-if(NOT IS_DIRECTORY "${CMAKE_SOURCE_DIR}/third-party/sqlite3")
- WARNING_LOG("Cannot find git submodule third-party/sqlite3 directory")
- WARNING_LOG("Please run: make deps or git submodule update --init")
- message(FATAL_ERROR "No sqlite3 directory")
-endif()
-
# Make sure deps were built before compiling (else show warning).
execute_process(
COMMAND "${CMAKE_SOURCE_DIR}/tools/provision.sh" check "${CMAKE_BINARY_DIR}"
@@ -521,6 +514,8 @@ endif()
if(APPLE)
LOG_PLATFORM("OS X")
+elseif(OSQUERY_BUILD_PLATFORM STREQUAL "nixos")
+ LOG_PLATFORM("NixOS")
elseif(OSQUERY_BUILD_PLATFORM STREQUAL "debian")
LOG_PLATFORM("Debian")
elseif(OSQUERY_BUILD_PLATFORM STREQUAL "ubuntu")
@@ -570,7 +565,6 @@ if(POSIX AND DEPS)
endif()
endif()
-include_directories("${CMAKE_SOURCE_DIR}/third-party/sqlite3")
include_directories("${CMAKE_SOURCE_DIR}/include")
include_directories("${CMAKE_SOURCE_DIR}")
@@ -661,18 +655,6 @@ if(FREEBSD OR "${HAVE_TR1_TUPLE}" STREQUAL "")
add_definitions(-DGTEST_USE_OWN_TR1_TUPLE=0)
endif()
-set(GTEST_FLAGS
- "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googletest/include"
- "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googlemock/include"
-)
-join("${GTEST_FLAGS}" " " GTEST_FLAGS)
-
-if(NOT SKIP_TESTS)
- add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/googletest")
-endif()
-
-add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/sqlite3")
-
if(NOT FREEBSD)
add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/linenoise-ng")
endif()
diff --git a/osquery/CMakeLists.txt b/osquery/CMakeLists.txt
index e3842962..f405503d 100644
--- a/osquery/CMakeLists.txt
+++ b/osquery/CMakeLists.txt
@@ -33,8 +33,6 @@ if(CLANG AND POSIX)
-Wextra
-pedantic
-Wuseless-cast
- -Wno-c99-extensions
- -Wno-zero-length-array
-Wno-unused-parameter
-Wno-gnu-case-range
-Weffc++
@@ -63,14 +61,7 @@ endif()
# Construct a set of all object files, starting with third-party and all
# of the osquery core objects (sources from ADD_CORE_LIBRARY macros).
-if(FREEBSD)
- set(OSQUERY_OBJECTS $<TARGET_OBJECTS:osquery_sqlite>)
-else()
- set(OSQUERY_OBJECTS
- $<TARGET_OBJECTS:osquery_sqlite>
- $<TARGET_OBJECTS:linenoise-ng>
- )
-endif()
+set(OSQUERY_OBJECTS $<TARGET_OBJECTS:linenoise-ng>)
# Add subdirectories
add_subdirectory(config)
@@ -151,10 +142,11 @@ if(APPLE OR LINUX)
ADD_OSQUERY_LINK_ADDITIONAL("rocksdb_lite")
elseif(FREEBSD)
ADD_OSQUERY_LINK_CORE("icuuc")
- ADD_OSQUERY_LINK_CORE("linenoise")
ADD_OSQUERY_LINK_ADDITIONAL("rocksdb-lite")
endif()
+ADD_OSQUERY_LINK_CORE("sqlite3")
+
if(POSIX)
ADD_OSQUERY_LINK_CORE("boost_system")
ADD_OSQUERY_LINK_CORE("boost_filesystem")
@@ -172,10 +164,10 @@ endif()
ADD_OSQUERY_LINK_CORE("glog${WO_KEY}")
if(POSIX)
- # Hashing methods in core use libcrypto.
- ADD_OSQUERY_LINK_CORE("crypto")
-
+ ADD_OSQUERY_LINK_ADDITIONAL("benchmark")
+ ADD_OSQUERY_LINK_ADDITIONAL("snappy")
ADD_OSQUERY_LINK_ADDITIONAL("ssl")
+ ADD_OSQUERY_LINK_ADDITIONAL("crypto")
ADD_OSQUERY_LINK_ADDITIONAL("libpthread")
ADD_OSQUERY_LINK_ADDITIONAL("magic")
endif()
diff --git a/osquery/extensions/CMakeLists.txt b/osquery/extensions/CMakeLists.txt
index 52f3bf80..066ed1c0 100644
--- a/osquery/extensions/CMakeLists.txt
+++ b/osquery/extensions/CMakeLists.txt
@@ -60,12 +60,6 @@ else()
)
endif()
-if(NOT WINDOWS)
- add_compile_options(
- -Wno-macro-redefined
- )
-endif()
-
ADD_OSQUERY_LIBRARY(TRUE osquery_extensions
${THRIFT_GENERATED_FILES}
${THRIFT_IMPL_FILE}
diff --git a/osquery/logger/CMakeLists.txt b/osquery/logger/CMakeLists.txt
index ab91bd24..d8364991 100644
--- a/osquery/logger/CMakeLists.txt
+++ b/osquery/logger/CMakeLists.txt
@@ -55,9 +55,9 @@ if(NOT SKIP_KAFKA AND NOT WINDOWS AND NOT FREEBSD)
ADD_OSQUERY_LINK_ADDITIONAL("rdkafka")
- set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS
- "logger/plugins/tests/kafka_producer_tests.cpp"
- )
+ #set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS
+ # "logger/plugins/tests/kafka_producer_tests.cpp"
+ #)
ADD_OSQUERY_TEST_ADDITIONAL(${OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS})
endif()
diff --git a/osquery/tables/CMakeLists.txt b/osquery/tables/CMakeLists.txt
index 3ecbb711..af7220d3 100644
--- a/osquery/tables/CMakeLists.txt
+++ b/osquery/tables/CMakeLists.txt
@@ -68,7 +68,7 @@ if(LINUX)
set(TABLE_PLATFORM "linux")
ADD_OSQUERY_LINK_ADDITIONAL("libresolv.so")
- ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app lvm-internal daemonclient")
+ ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app")
ADD_OSQUERY_LINK_ADDITIONAL("gcrypt gpg-error")
ADD_OSQUERY_LINK_ADDITIONAL("blkid")
ADD_OSQUERY_LINK_ADDITIONAL("ip4tc")
diff --git a/specs/windows/services.table b/specs/windows/services.table
index 4ac24ee9..657d8b99 100644
--- a/specs/windows/services.table
+++ b/specs/windows/services.table
@@ -12,7 +12,7 @@ schema([
Column("path", TEXT, "Path to Service Executable"),
Column("module_path", TEXT, "Path to ServiceDll"),
Column("description", TEXT, "Service Description"),
- Column("user_account", TEXT, "The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\UserName. If the account belongs to the built-in domain, the name can be of the form .\UserName."),
+ Column("user_account", TEXT, "The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName."),
])
implementation("system/windows/services@genServices")
examples([

View File

@ -11330,6 +11330,8 @@ in
then callPackage ../development/libraries/libelf-freebsd { } then callPackage ../development/libraries/libelf-freebsd { }
else callPackage ../development/libraries/libelf { }; else callPackage ../development/libraries/libelf { };
libelfin = callPackage ../development/libraries/libelfin { };
libetpan = callPackage ../development/libraries/libetpan { }; libetpan = callPackage ../development/libraries/libetpan { };
libexecinfo = callPackage ../development/libraries/libexecinfo { }; libexecinfo = callPackage ../development/libraries/libexecinfo { };