Date: Wednesday, September 29, 2021 @ 16:34:44 Author: anatolik Revision: 1025958
archrelease: copy trunk to community-testing-x86_64 Added: osquery/repos/community-testing-x86_64/ osquery/repos/community-testing-x86_64/PKGBUILD (from rev 1025957, osquery/trunk/PKGBUILD) osquery/repos/community-testing-x86_64/libaudit.patch (from rev 1025957, osquery/trunk/libaudit.patch) osquery/repos/community-testing-x86_64/osquery.patch (from rev 1025957, osquery/trunk/osquery.patch) ----------------+ PKGBUILD | 48 +++++++++++ libaudit.patch | 12 ++ osquery.patch | 236 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 296 insertions(+) Copied: osquery/repos/community-testing-x86_64/PKGBUILD (from rev 1025957, osquery/trunk/PKGBUILD) =================================================================== --- community-testing-x86_64/PKGBUILD (rev 0) +++ community-testing-x86_64/PKGBUILD 2021-09-29 16:34:44 UTC (rev 1025958) @@ -0,0 +1,48 @@ +# Maintainer: Anatol Pomozov + +pkgname=osquery +pkgver=5.0.1 +pkgrel=2 +pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics' +arch=(x86_64) +url='https://osquery.io' +license=(Apache GPL2) +depends=(zlib) +makedepends=(cmake ninja clang python gcc-libs git libunwind) +options=(!strip) +source=(git+https://github.com/osquery/osquery.git#tag=$pkgver + osquery.patch + libaudit.patch) +sha256sums=('SKIP' + '6c6b87a1b473abdb8b895a3cd4f8839b6b19add6937134c620fddb845d7f8969' + '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8') + +prepare() { + cd $srcdir/osquery + patch -p1 < $srcdir/osquery.patch +} + +build() { + cd osquery + + CC=clang CXX=clang++ cmake \ + -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \ + -DOSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE \ + -G Ninja -S . -B build + + # submodules are checked out by cmake, patch it after it were checked out + (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && git reset --hard && patch -p1 < $srcdir/libaudit.patch) + + ninja -C build +} + +package() { + cd osquery + + DESTDIR="${pkgdir}" ninja -C build install + install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + install -Dm644 tools/deployment/osquery.example.conf "$pkgdir/etc/osquery/osquery.conf" + install -Dm644 tools/deployment/linux_packaging/osqueryd.sysconfig "$pkgdir/etc/sysconfig/osqueryd" + install -Dm644 tools/deployment/linux_packaging/rpm/osqueryd.service "$pkgdir/usr/lib/systemd/system/osqueryd.service" + rm -r $pkgdir/control +} Copied: osquery/repos/community-testing-x86_64/libaudit.patch (from rev 1025957, osquery/trunk/libaudit.patch) =================================================================== --- community-testing-x86_64/libaudit.patch (rev 0) +++ community-testing-x86_64/libaudit.patch 2021-09-29 16:34:44 UTC (rev 1025958) @@ -0,0 +1,12 @@ +diff --git a/lib/libaudit.h b/lib/libaudit.h +index 05ee91e..2ee3842 100644 +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -260,7 +260,6 @@ extern "C" { + #define AUDIT_KEY_SEPARATOR 0x01 + + /* These are used in filter control */ +-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE + #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ + #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ + Copied: osquery/repos/community-testing-x86_64/osquery.patch (from rev 1025957, osquery/trunk/osquery.patch) =================================================================== --- community-testing-x86_64/osquery.patch (rev 0) +++ community-testing-x86_64/osquery.patch 2021-09-29 16:34:44 UTC (rev 1025958) @@ -0,0 +1,236 @@ +commit 6b69f04e9d4164130c15f9203e20159af69ecdc1 +Author: Anatol Pomozov <anatol.pomo...@gmail.com> +Date: Tue Sep 21 09:46:53 2021 -0700 + + Arch Linux specific fixes + +diff --git a/cmake/flags.cmake b/cmake/flags.cmake +index e046e8b8d..76e7f20c1 100644 +--- a/cmake/flags.cmake ++++ b/cmake/flags.cmake +@@ -79,11 +79,9 @@ function(setupBuildFlags) + -Woverloaded-virtual + -Wnon-virtual-dtor + -Weffc++ +- -stdlib=libc++ + ) + + set(posix_cxx_link_options +- -stdlib=libc++ + -ldl + ) + +@@ -131,7 +129,6 @@ function(setupBuildFlags) + ) + + set(linux_cxx_link_libraries +- c++abi + rt + dl + ) +@@ -157,7 +154,6 @@ function(setupBuildFlags) + ) + + set(macos_cxx_link_options +- -stdlib=libc++ + -lresolv + ) + +@@ -166,7 +162,6 @@ function(setupBuildFlags) + cups + bsm + xar +- c++abi + "-framework AppKit" + "-framework Foundation" + "-framework CoreServices" +diff --git a/libraries/cmake/source/libmagic/config/linux/config.h b/libraries/cmake/source/libmagic/config/linux/config.h +index 42be099c8..7054c73b9 100644 +--- a/libraries/cmake/source/libmagic/config/linux/config.h ++++ b/libraries/cmake/source/libmagic/config/linux/config.h +@@ -247,9 +247,6 @@ + /* Define to 1 if `vfork' works. */ + #define HAVE_WORKING_VFORK 1 + +-/* Define to 1 if you have the <xlocale.h> header file. */ +-#define HAVE_XLOCALE_H 1 +- + /* Define to 1 if you have the <zlib.h> header file. */ + #define HAVE_ZLIB_H 1 + +diff --git a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h +index 7041c46fb..9288df900 100644 +--- a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h ++++ b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h +@@ -300,9 +300,6 @@ + /* Define to 1 if you have the <sys/stat.h> header file. */ + #define _EVENT_HAVE_SYS_STAT_H 1 + +-/* Define to 1 if you have the <sys/sysctl.h> header file. */ +-#define _EVENT_HAVE_SYS_SYSCTL_H 1 +- + /* Define to 1 if you have the <sys/time.h> header file. */ + #define _EVENT_HAVE_SYS_TIME_H 1 + +diff --git a/libraries/cmake/source/thrift/CMakeLists.txt b/libraries/cmake/source/thrift/CMakeLists.txt +index 0389d0507..a4c3d55ec 100644 +--- a/libraries/cmake/source/thrift/CMakeLists.txt ++++ b/libraries/cmake/source/thrift/CMakeLists.txt +@@ -82,12 +82,6 @@ function(thriftMain) + set(forced_include_file_flag "--include") + endif() + +- # C++17 dropped support for random_shuffle. Add it back with a +- # custom header +- target_compile_options(thirdparty_thrift PRIVATE +- "${forced_include_file_flag}${CMAKE_CURRENT_SOURCE_DIR}/patches/random_shuffle.h" +- ) +- + target_compile_definitions(thirdparty_thrift PUBLIC + THRIFT_STATIC_DEFINE + ) +diff --git a/osquery/core/shutdown.cpp b/osquery/core/shutdown.cpp +index 3cb863d9b..7f93210f6 100644 +--- a/osquery/core/shutdown.cpp ++++ b/osquery/core/shutdown.cpp +@@ -11,6 +11,7 @@ + #include <osquery/logger/data_logger.h> + + #include <atomic> ++#include <condition_variable> + #include <mutex> + #include <string> + +diff --git a/osquery/tables/networking/CMakeLists.txt b/osquery/tables/networking/CMakeLists.txt +index 70b7079ee..7a42d068a 100644 +--- a/osquery/tables/networking/CMakeLists.txt ++++ b/osquery/tables/networking/CMakeLists.txt +@@ -30,6 +30,10 @@ function(generateOsqueryTablesNetworking) + posix/interfaces.cpp + posix/utils.cpp + ) ++ ++ list(APPEND platform_deps ++ resolv ++ ) + endif() + + if(DEFINED PLATFORM_LINUX) +diff --git a/osquery/tables/system/linux/sysctl_utils.cpp b/osquery/tables/system/linux/sysctl_utils.cpp +index 1ff3e0b00..b66ecc79e 100644 +--- a/osquery/tables/system/linux/sysctl_utils.cpp ++++ b/osquery/tables/system/linux/sysctl_utils.cpp +@@ -7,8 +7,6 @@ + * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) + */ + +-#include <sys/sysctl.h> +- + #include <boost/algorithm/string/trim.hpp> + + #include <osquery/core/tables.h> +@@ -73,10 +71,8 @@ void genControlInfo(int* oid, + // Get control size + size_t response_size = CTL_MAX_VALUE; + char response[CTL_MAX_VALUE + 1] = {0}; +- if (sysctl(oid, oid_size, response, &response_size, 0, 0) != 0) { +- // Cannot request MIB data. +- return; +- } ++ // Cannot request MIB data. ++ return; + + // Data is output, but no way to determine type (long, int, string, struct). + Row r; +diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp +index fb09411d8..615f7adea 100644 +--- a/osquery/tables/system/posix/augeas.cpp ++++ b/osquery/tables/system/posix/augeas.cpp +@@ -35,7 +35,7 @@ FLAG(string, + #else + FLAG(string, + augeas_lenses, +- "/opt/osquery/share/osquery/lenses", ++ "/usr/share/osquery/lenses", + "Directory that contains augeas lenses files"); + #endif + +diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h +index e119f8a9e..0d4a399e4 100644 +--- a/osquery/tables/system/posix/sysctl_utils.h ++++ b/osquery/tables/system/posix/sysctl_utils.h +@@ -9,8 +9,6 @@ + + #pragma once + +-#include <sys/sysctl.h> +- + #include <osquery/core/tables.h> + + namespace osquery { +@@ -18,6 +16,8 @@ namespace tables { + + #define CTL_MAX_VALUE 128 + ++#define CTL_MAXNAME 12 ++ + #ifndef CTL_DEBUG_MAXID + #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2) + #endif +diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h +index cda34298e..1c45718f3 100644 +--- a/osquery/utils/config/default_paths.h ++++ b/osquery/utils/config/default_paths.h +@@ -26,7 +26,7 @@ + #define OSQUERY_SOCKET OSQUERY_DB_HOME + #define OSQUERY_PIDFILE "/var/run/" + #define OSQUERY_LOG_HOME "/var/log/osquery/" +-#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/" ++#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/" + #elif defined(WIN32) + #define OSQUERY_HOME "\\Program Files\\osquery\\" + #define OSQUERY_DB_HOME OSQUERY_HOME +diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service +index 6aa42752f..7bb3b3dc9 100644 +--- a/tools/deployment/linux_packaging/rpm/osqueryd.service ++++ b/tools/deployment/linux_packaging/rpm/osqueryd.service +@@ -7,7 +7,7 @@ TimeoutStartSec=0 + EnvironmentFile=/etc/sysconfig/osqueryd + ExecStartPre=/bin/sh -c "if [ ! -f $FLAG_FILE ]; then touch $FLAG_FILE; fi" + ExecStartPre=/bin/sh -c "if [ -f $LOCAL_PIDFILE ]; then mv $LOCAL_PIDFILE $PIDFILE; fi" +-ExecStart=/opt/osquery/bin/osqueryd \ ++ExecStart=/usr/bin/osqueryd \ + --flagfile $FLAG_FILE \ + --config_path $CONFIG_FILE + Restart=on-failure +diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf +index 96320e2d4..5af675dac 100644 +--- a/tools/deployment/osquery.example.conf ++++ b/tools/deployment/osquery.example.conf +@@ -60,19 +60,19 @@ + // There are several 'default' packs installed via + // packages and/or Homebrew. + // +- // Linux: /opt/osquery/share/osquery/packs ++ // Linux: /usr/share/osquery/packs + // OS X: /var/osquery/packs + // Homebrew: /usr/local/share/osquery/packs + // make install: {PREFIX}/share/osquery/packs + // + "packs": { +- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf", +- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf", +- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf", ++ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf", ++ // "incident-response": "/usr/share/osquery/packs/incident-response.conf", ++ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf", + // "osx-attacks": "/var/osquery/packs/osx-attacks.conf", +- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf", +- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf", +- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf", ++ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf", ++ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf", ++ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf", + // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf", + // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf" + },