Date: Friday, August 12, 2022 @ 23:25:33 Author: anatolik Revision: 1265834
Switch to osquery upstream repo store the https://github.com/anatol/osquery patches as .patch files here, at the Arch repo Added: osquery/trunk/fixes.patch osquery/trunk/rocksdb.patch Modified: osquery/trunk/PKGBUILD ---------------+ PKGBUILD | 15 +- fixes.patch | 347 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ rocksdb.patch | 117 ++++++++++++++++++ 3 files changed, 476 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-08-12 22:12:38 UTC (rev 1265833) +++ PKGBUILD 2022-08-12 23:25:33 UTC (rev 1265834) @@ -10,12 +10,14 @@ depends=() makedepends=(cmake ninja clang python gcc-libs git libunwind) options=(!strip) -# following commit represents osquery $pkgver with some Arch-specific patches -_commit=d98afcb43ded6bfb27e6f86c2861447a27c647d5 -source=(git+https://github.com/anatol/osquery.git#commit=$_commit +source=(git+https://github.com/osquery/osquery.git#tag=$pkgver + fixes.patch + rocksdb.patch ebpf-common.patch libaudit.patch) sha256sums=('SKIP' + '3ecea1c2f6d082d7bc15f4010db716dc76c03c959c8356a3d901d0230bf6b74f' + 'fa259e94effbf3d415974045409bfef8ae19c6a96eea888991759ef4bbf6963b' '88cba2eebd12079bf3a4a8c5ba4ed34b1b5ccd9f9ac3fa518f1591396176666d' '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8') @@ -22,6 +24,13 @@ prepare() { cd osquery + # the patches come from https://github.com/anatol/osquery + patch -p1 < ../fixes.patch + patch -p1 < ../rocksdb.patch + # git does not pick .gitmodules changes for some reason. add the submodule explicitly. + #mkdir libraries/cmake/source/snappy/src + git submodule add https://github.com/google/snappy libraries/cmake/source/snappy/src + git submodule update --init --recursive (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && patch -p1 < $srcdir/libaudit.patch) Added: fixes.patch =================================================================== --- fixes.patch (rev 0) +++ fixes.patch 2022-08-12 23:25:33 UTC (rev 1265834) @@ -0,0 +1,347 @@ +commit a9532e1b3191b41595e0f205187b03918ec2bc0a +Author: Anatol Pomozov <[email protected]> +Date: Tue Sep 21 09:46:53 2021 -0700 + + Arch Linux specific fixes + +diff --git a/cmake/flags.cmake b/cmake/flags.cmake +index fddf045fa..87906c42e 100644 +--- a/cmake/flags.cmake ++++ b/cmake/flags.cmake +@@ -84,11 +84,9 @@ function(setupBuildFlags) + -Woverloaded-virtual + -Wnon-virtual-dtor + -Weffc++ +- -stdlib=libc++ + ) + + set(posix_cxx_link_options +- -stdlib=libc++ + -ldl + ) + +@@ -179,7 +177,6 @@ function(setupBuildFlags) + ) + + set(linux_cxx_link_libraries +- c++abi + rt + dl + ) +@@ -228,7 +225,6 @@ function(setupBuildFlags) + ) + + set(macos_cxx_link_options +- -stdlib=libc++ + -lresolv + ) + +@@ -237,7 +233,6 @@ function(setupBuildFlags) + cups + bsm + xar +- c++abi + "-framework AppKit" + "-framework Foundation" + "-framework CoreServices" +diff --git a/libraries/cmake/source/augeas/generated/linux/x86_64/config/config.h b/libraries/cmake/source/augeas/generated/linux/x86_64/config/config.h +index 412fea1cd..3bafa9462 100644 +--- a/libraries/cmake/source/augeas/generated/linux/x86_64/config/config.h ++++ b/libraries/cmake/source/augeas/generated/linux/x86_64/config/config.h +@@ -914,9 +914,6 @@ + /* Define to 1 if you have the <ws2tcpip.h> header file. */ + /* #undef HAVE_WS2TCPIP_H */ + +-/* Define to 1 if you have the <xlocale.h> header file. */ +-#define HAVE_XLOCALE_H 1 +- + /* Define to 1 if the system has the type `_Bool'. */ + #define HAVE__BOOL 1 + +@@ -1570,4 +1567,4 @@ + + + /* Define to an unsigned 32-bit type if <sys/types.h> lacks this type. */ +-/* #undef useconds_t */ +\ No newline at end of file ++/* #undef useconds_t */ +diff --git a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/config/config.h b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/config/config.h +index 412fea1cd..3bafa9462 100644 +--- a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/config/config.h ++++ b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/config/config.h +@@ -914,9 +914,6 @@ + /* Define to 1 if you have the <ws2tcpip.h> header file. */ + /* #undef HAVE_WS2TCPIP_H */ + +-/* Define to 1 if you have the <xlocale.h> header file. */ +-#define HAVE_XLOCALE_H 1 +- + /* Define to 1 if the system has the type `_Bool'. */ + #define HAVE__BOOL 1 + +@@ -1570,4 +1567,4 @@ + + + /* Define to an unsigned 32-bit type if <sys/types.h> lacks this type. */ +-/* #undef useconds_t */ +\ No newline at end of file ++/* #undef useconds_t */ +diff --git a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h +index 4f9baece2..0230ce625 100644 +--- a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h ++++ b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h +@@ -48,11 +48,6 @@ + /* NetBSD 5.0 mis-defines NULL. */ + #include <stddef.h> + +-/* Mac OS X 10.5 defines the locale_t type in <xlocale.h>. */ +-#if 1 +-# include <xlocale.h> +-#endif +- + /* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ + /* C++ compatible function declaration macros. + Copyright (C) 2010-2019 Free Software Foundation, Inc. +diff --git a/libraries/cmake/source/libarchive/config/linux/aarch64/config.h b/libraries/cmake/source/libarchive/config/linux/aarch64/config.h +index cd7c19e26..93e4da8cb 100644 +--- a/libraries/cmake/source/libarchive/config/linux/aarch64/config.h ++++ b/libraries/cmake/source/libarchive/config/linux/aarch64/config.h +@@ -361,7 +361,7 @@ typedef uint64_t uintmax_t; + /* #undef HAVE_ACL_SET_FILE */ + + /* Define to 1 if you have the `arc4random_buf' function. */ +-/* #undef HAVE_ARC4RANDOM_BUF */ ++#define HAVE_ARC4RANDOM_BUF 1 + + /* Define to 1 if you have the <attr/xattr.h> header file. */ + /* #undef HAVE_ATTR_XATTR_H */ +diff --git a/libraries/cmake/source/libarchive/config/linux/x86_64/config.h b/libraries/cmake/source/libarchive/config/linux/x86_64/config.h +index d90397f25..03b6000dd 100644 +--- a/libraries/cmake/source/libarchive/config/linux/x86_64/config.h ++++ b/libraries/cmake/source/libarchive/config/linux/x86_64/config.h +@@ -361,7 +361,7 @@ typedef uint64_t uintmax_t; + /* #undef HAVE_ACL_SET_FILE */ + + /* Define to 1 if you have the `arc4random_buf' function. */ +-/* #undef HAVE_ARC4RANDOM_BUF */ ++#define HAVE_ARC4RANDOM_BUF 1 + + /* Define to 1 if you have the <attr/xattr.h> header file. */ + /* #undef HAVE_ATTR_XATTR_H */ +diff --git a/libraries/cmake/source/libdpkg/config/x86_64/config.h b/libraries/cmake/source/libdpkg/config/x86_64/config.h +index eafef658b..51c4e6a91 100644 +--- a/libraries/cmake/source/libdpkg/config/x86_64/config.h ++++ b/libraries/cmake/source/libdpkg/config/x86_64/config.h +@@ -296,9 +296,6 @@ + /* Define to 1 if 'WCOREDUMP' is declared in <sys/wait.h> */ + #define HAVE_WCOREDUMP 1 + +-/* Define to 1 if you have the <xlocale.h> header file. */ +-#define HAVE_XLOCALE_H 1 +- + /* Define to 1 if you have the `__cxa_pure_virtual' function. */ + /* #undef HAVE___CXA_PURE_VIRTUAL */ + +diff --git a/libraries/cmake/source/libmagic/config/linux/x86_64/config.h b/libraries/cmake/source/libmagic/config/linux/x86_64/config.h +index 759ba47d2..4f8fbe63c 100644 +--- a/libraries/cmake/source/libmagic/config/linux/x86_64/config.h ++++ b/libraries/cmake/source/libmagic/config/linux/x86_64/config.h +@@ -249,9 +249,6 @@ + /* Define to 1 if `vfork' works. */ + #define HAVE_WORKING_VFORK 1 + +-/* Define to 1 if you have the <xlocale.h> header file. */ +-#define HAVE_XLOCALE_H 1 +- + /* Define to 1 if you have the <zlib.h> header file. */ + #define HAVE_ZLIB_H 1 + +diff --git a/libraries/cmake/source/thrift/CMakeLists.txt b/libraries/cmake/source/thrift/CMakeLists.txt +index 0b224a159..6f0d824dd 100644 +--- a/libraries/cmake/source/thrift/CMakeLists.txt ++++ b/libraries/cmake/source/thrift/CMakeLists.txt +@@ -83,13 +83,6 @@ function(thriftMain) + "${library_root}/src/thrift/transport/TWebSocketServer.h" + ) + +- if(PLATFORM_POSIX) +- set(tsocket_pool_compile_options "-include;random_shuffle.h") +- +- elseif(PLATFORM_WINDOWS) +- set(tsocket_pool_compile_options "/FIrandom_shuffle.h") +- endif() +- + set_source_files_properties("${library_root}/src/thrift/transport/TSocketPool.cpp" PROPERTIES + COMPILE_OPTIONS + "${tsocket_pool_compile_options}" +diff --git a/osquery/core/shutdown.cpp b/osquery/core/shutdown.cpp +index 522bde887..9812ebf44 100644 +--- a/osquery/core/shutdown.cpp ++++ b/osquery/core/shutdown.cpp +@@ -11,6 +11,7 @@ + #include <osquery/logger/data_logger.h> + + #include <atomic> ++#include <condition_variable> + #include <mutex> + #include <string> + +diff --git a/osquery/logger/logger.cpp b/osquery/logger/logger.cpp +index ed8391f48..9702f203c 100644 +--- a/osquery/logger/logger.cpp ++++ b/osquery/logger/logger.cpp +@@ -13,6 +13,7 @@ + + #include <algorithm> + #include <future> ++#include <iomanip> + #include <optional> + #include <queue> + #include <thread> +diff --git a/osquery/tables/networking/CMakeLists.txt b/osquery/tables/networking/CMakeLists.txt +index 0f0ef1fc1..fb06352fc 100644 +--- a/osquery/tables/networking/CMakeLists.txt ++++ b/osquery/tables/networking/CMakeLists.txt +@@ -30,6 +30,10 @@ function(generateOsqueryTablesNetworking) + posix/interfaces.cpp + posix/utils.cpp + ) ++ ++ list(APPEND platform_deps ++ resolv ++ ) + endif() + + if(DEFINED PLATFORM_LINUX) +diff --git a/osquery/tables/system/linux/sysctl_utils.cpp b/osquery/tables/system/linux/sysctl_utils.cpp +index 1ff3e0b00..b66ecc79e 100644 +--- a/osquery/tables/system/linux/sysctl_utils.cpp ++++ b/osquery/tables/system/linux/sysctl_utils.cpp +@@ -7,8 +7,6 @@ + * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) + */ + +-#include <sys/sysctl.h> +- + #include <boost/algorithm/string/trim.hpp> + + #include <osquery/core/tables.h> +@@ -73,10 +71,8 @@ void genControlInfo(int* oid, + // Get control size + size_t response_size = CTL_MAX_VALUE; + char response[CTL_MAX_VALUE + 1] = {0}; +- if (sysctl(oid, oid_size, response, &response_size, 0, 0) != 0) { +- // Cannot request MIB data. +- return; +- } ++ // Cannot request MIB data. ++ return; + + // Data is output, but no way to determine type (long, int, string, struct). + Row r; +diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp +index fb09411d8..615f7adea 100644 +--- a/osquery/tables/system/posix/augeas.cpp ++++ b/osquery/tables/system/posix/augeas.cpp +@@ -35,7 +35,7 @@ FLAG(string, + #else + FLAG(string, + augeas_lenses, +- "/opt/osquery/share/osquery/lenses", ++ "/usr/share/osquery/lenses", + "Directory that contains augeas lenses files"); + #endif + +diff --git a/osquery/tables/system/posix/openssl_utils.cpp b/osquery/tables/system/posix/openssl_utils.cpp +index 9d4734c3c..37bb4857f 100644 +--- a/osquery/tables/system/posix/openssl_utils.cpp ++++ b/osquery/tables/system/posix/openssl_utils.cpp +@@ -12,7 +12,9 @@ + #include <array> + #include <ctime> + #include <iomanip> ++#include <memory> + #include <sstream> ++#include <cstring> + #include <string> + + #include <osquery/core/core.h> +diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h +index e119f8a9e..0d4a399e4 100644 +--- a/osquery/tables/system/posix/sysctl_utils.h ++++ b/osquery/tables/system/posix/sysctl_utils.h +@@ -9,8 +9,6 @@ + + #pragma once + +-#include <sys/sysctl.h> +- + #include <osquery/core/tables.h> + + namespace osquery { +@@ -18,6 +16,8 @@ namespace tables { + + #define CTL_MAX_VALUE 128 + ++#define CTL_MAXNAME 12 ++ + #ifndef CTL_DEBUG_MAXID + #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2) + #endif +diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h +index cda34298e..1c45718f3 100644 +--- a/osquery/utils/config/default_paths.h ++++ b/osquery/utils/config/default_paths.h +@@ -26,7 +26,7 @@ + #define OSQUERY_SOCKET OSQUERY_DB_HOME + #define OSQUERY_PIDFILE "/var/run/" + #define OSQUERY_LOG_HOME "/var/log/osquery/" +-#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/" ++#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/" + #elif defined(WIN32) + #define OSQUERY_HOME "\\Program Files\\osquery\\" + #define OSQUERY_DB_HOME OSQUERY_HOME +diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service +index 6aa42752f..7bb3b3dc9 100644 +--- a/tools/deployment/linux_packaging/rpm/osqueryd.service ++++ b/tools/deployment/linux_packaging/rpm/osqueryd.service +@@ -7,7 +7,7 @@ TimeoutStartSec=0 + EnvironmentFile=/etc/sysconfig/osqueryd + ExecStartPre=/bin/sh -c "if [ ! -f $FLAG_FILE ]; then touch $FLAG_FILE; fi" + ExecStartPre=/bin/sh -c "if [ -f $LOCAL_PIDFILE ]; then mv $LOCAL_PIDFILE $PIDFILE; fi" +-ExecStart=/opt/osquery/bin/osqueryd \ ++ExecStart=/usr/bin/osqueryd \ + --flagfile $FLAG_FILE \ + --config_path $CONFIG_FILE + Restart=on-failure +diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf +index 6fd3594ea..1b2b888ca 100644 +--- a/tools/deployment/osquery.example.conf ++++ b/tools/deployment/osquery.example.conf +@@ -41,19 +41,19 @@ + // There are several 'default' packs installed via + // packages and/or Homebrew. + // +- // Linux: /opt/osquery/share/osquery/packs ++ // Linux: /usr/share/osquery/packs + // OS X: /var/osquery/packs + // Homebrew: /usr/local/share/osquery/packs + // make install: {PREFIX}/share/osquery/packs + // + "packs": { +- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf", +- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf", +- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf", ++ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf", ++ // "incident-response": "/usr/share/osquery/packs/incident-response.conf", ++ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf", + // "osx-attacks": "/var/osquery/packs/osx-attacks.conf", +- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf", +- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf", +- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf", ++ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf", ++ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf", ++ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf", + // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf", + // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf" + }, Added: rocksdb.patch =================================================================== --- rocksdb.patch (rev 0) +++ rocksdb.patch 2022-08-12 23:25:33 UTC (rev 1265834) @@ -0,0 +1,117 @@ +commit d98afcb43ded6bfb27e6f86c2861447a27c647d5 +Author: Martin Pöhlmann <[email protected]> +Date: Sat Oct 2 11:11:23 2021 +0200 + + Compile RocksDB with snappy 1.1.9 support enabled + + This allows us to load existing osquery db files created on Arch Linux. + See: https://bugs.archlinux.org/task/72251 + +diff --git a/.gitmodules b/.gitmodules +index a1e1de71b..cfcaee966 100644 +--- a/.gitmodules ++++ b/.gitmodules +@@ -151,3 +151,6 @@ + [submodule "libraries/cmake/source/aws-sdk-cpp/src/aws-sdk-cpp"] + path = libraries/cmake/source/aws-sdk-cpp/src/aws-sdk-cpp + url = https://github.com/aws/aws-sdk-cpp ++[submodule "libraries/cmake/source/snappy/src"] ++ path = libraries/cmake/source/snappy/src ++ url = https://github.com/google/snappy +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 225397101..a53c8c744 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -109,6 +109,7 @@ function(importLibraries) + "Linux,Darwin:popt" + "Linux,Darwin,Windows:rapidjson" + "Linux,Darwin,Windows:rocksdb" ++ "Linux,Darwin,Windows:snappy" + "Linux,Darwin,Windows:sleuthkit" + "Linux,Darwin,Windows:sqlite" + "Linux,Darwin,Windows:thrift" +diff --git a/libraries/cmake/source/modules/Findsnappy.cmake b/libraries/cmake/source/modules/Findsnappy.cmake +new file mode 100644 +index 000000000..32c9f911e +--- /dev/null ++++ b/libraries/cmake/source/modules/Findsnappy.cmake +@@ -0,0 +1,15 @@ ++# Copyright (c) 2014-present, The osquery authors ++# ++# This source code is licensed as defined by the LICENSE file found in the ++# root directory of this source tree. ++# ++# SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) ++ ++include("${CMAKE_CURRENT_LIST_DIR}/utils.cmake") ++ ++importSourceSubmodule( ++ NAME "snappy" ++ ++ SHALLOW_SUBMODULES ++ "src" ++) +diff --git a/libraries/cmake/source/rocksdb/CMakeLists.txt b/libraries/cmake/source/rocksdb/CMakeLists.txt +index 0e4129cc2..688fc4052 100644 +--- a/libraries/cmake/source/rocksdb/CMakeLists.txt ++++ b/libraries/cmake/source/rocksdb/CMakeLists.txt +@@ -370,6 +370,7 @@ function(rocksdbMain) + ROCKSDB_PTHREAD_ADAPTIVE_MUTEX + ROCKSDB_RANGESYNC_PRESENT + ROCKSDB_SCHED_GETCPU_PRESENT ++ SNAPPY + ) + + elseif(TARGET_PROCESSOR STREQUAL "aarch64") +@@ -444,6 +445,7 @@ function(rocksdbMain) + target_link_libraries(thirdparty_rocksdb + PRIVATE + thirdparty_cxx_settings ++ thirdparty_snappy + + PUBLIC + ${library_list} +diff --git a/libraries/cmake/source/snappy/CMakeLists.txt b/libraries/cmake/source/snappy/CMakeLists.txt +new file mode 100644 +index 000000000..47eeb853f +--- /dev/null ++++ b/libraries/cmake/source/snappy/CMakeLists.txt +@@ -0,0 +1,38 @@ ++# Copyright (c) 2014-present, Facebook, Inc. ++# All rights reserved. ++# ++# This source code is licensed in accordance with the terms specified in ++# the LICENSE file found in the root directory of this source tree. ++ ++function(snappyMain) ++ set(library_root "${CMAKE_CURRENT_SOURCE_DIR}/src") ++ ++ set(HAVE_SYS_UIO_H_01 1) ++ configure_file( ++ "${library_root}/snappy-stubs-public.h.in" ++ "${library_root}/snappy-stubs-public.h") ++ ++ add_library(thirdparty_snappy ++ "${library_root}/snappy-internal.h" ++ "${library_root}/snappy-stubs-internal.h" ++ "${library_root}/snappy-stubs-public.h" ++ "${library_root}/snappy-c.cc" ++ "${library_root}/snappy-sinksource.cc" ++ "${library_root}/snappy-stubs-internal.cc" ++ "${library_root}/snappy.cc" ++ ) ++ ++ target_link_libraries(thirdparty_snappy PRIVATE ++ thirdparty_c_settings ++ ) ++ ++ target_include_directories(thirdparty_snappy PRIVATE ++ "${library_root}" ++ ) ++ ++ target_include_directories(thirdparty_snappy SYSTEM INTERFACE ++ "${library_root}" ++ ) ++endfunction() ++ ++snappyMain()
