Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package velociraptor for openSUSE:Factory
checked in at 2023-05-09 13:08:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/velociraptor (Old)
and /work/SRC/openSUSE:Factory/.velociraptor.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "velociraptor"
Tue May 9 13:08:33 2023 rev:4 rq:1085597 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/velociraptor/velociraptor.changes
2023-02-11 21:57:31.147695652 +0100
+++ /work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor.changes
2023-05-09 13:08:44.501522320 +0200
@@ -2 +2,67 @@
-Thu Jan 26 20:06:09 UTC 2023 - je...@suse.com
+Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Provide sysuser template for velociraptor user and group.
+
+-------------------------------------------------------------------
+Mon May 08 20:21:03 UTC 2023 - je...@suse.com
+
+- Update to version 0.6.7.5~git78.2bef6fc:
+ * bpf: fix path to vmlinux.h
+
+-------------------------------------------------------------------
+Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Update to version 0.6.7.5~git77.997aa73:
+ * file_store/test_utils/server_config.go: update test certificate
+ * Update bluemonday dependency.
+ * vql/functions/hash: cache results on Linux
+ * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
+ * logscale/backport: don't use networking.GetHttpTransport
+ * vql/tools/logscale: add plugin to post events to LogScale ingestion
endpoint
+ * file_store/directory: add ability to report pending size
+- Change clang dependency to clang16
+- Fix velociraptor-golang-mage-vendoring.diff to account for newer
+ 'go mod vendor' honoring build flags.
+- Fix update-vendoring.sh script to actually run the %setup part of
+ the spec.
+- Merge client package into server spec and use _multibuild to create
+ client package from same spec file.
+- Adjust changelog to retain changes for client package.
+- Fix building in static mode on earlier releases.
+ - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
+- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch
+
+-------------------------------------------------------------------
+Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert <mrueck...@suse.de>
+
+- Tightening the security of the services a bit:
+ - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
+ from /tmp
+ - run velociraptor server as user velociraptor instead of root
+ we do not really need root permissions here
+ - introduce /var/lib/velociraptor/filestore to make it easier to
+ split out large file upload
+ - change permissions for the data directory and subdirectories to
+ /var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor
+ /var/lib/velociraptor-client/ u=rwX,go= root:root
+ - change permissions of config directory to:
+ /etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor
+ /etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor
+ /etc/velociraptor/client.config u=rw,go= root:root
+
+-------------------------------------------------------------------
+Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Update to version 0.6.7.5~git6.73efb2a:
+ * libbpfgo: update submodule to require libzstd for newer libelf
+ * utils/time.js: fix handling of nanosecond-resolution timestamps
+ * libbpfgo: switch to using regular static builds
+ * Create a new 0.6.7-5 release (#2385)
+ - Verify FILESYSTEM_WRITE permission on copy() function (#2384)
(bsc#1207936, CVE-2023-0242)
+ - Also ensure client id is considered unsafe (bsc#1207937, CVE-2023-0290)
+ * github/workflows/linux: do apt-get update to refresh package lists
+- Remove unnecessary dependency on libtsan0.
+- Allow velociraptor and velociraptor-client packages to coexist.
+
+-------------------------------------------------------------------
+Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney <je...@suse.com>
@@ -15 +81 @@
-Tue Jan 24 15:07:09 UTC 2023 - je...@suse.com
+Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney <je...@suse.com>
@@ -51,0 +118,5 @@
+Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmuel...@suse.com>
+
+- client: add memory limit to systemd unit
+
+-------------------------------------------------------------------
@@ -80,0 +152,5 @@
+Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney <je...@suse.com>
+
+- Added Restart=on-failure to restart the client automatically.
+
+-------------------------------------------------------------------
@@ -1033 +1109,6 @@
-Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney <je...@suse.com>
+Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney <je...@suse.com>
+
+- client: Remove dependencies on nodejs since we don't use it in client mode.
+
+-------------------------------------------------------------------
+Thu Jan 6 20:14:39 UTC 2022 - Jeff Mahoney <je...@suse.com>
@@ -1058,0 +1140,2 @@
+ - Now building the client with linux_bare target that disables
+ the GUI for endpoint usage.
Old:
----
velociraptor-0.6.7.4~git63.4a1ed09d.obscpio
velociraptor-client.changes
velociraptor-client.spec
velociraptor-skip-git-submodule-import-for-OBS-build.patch
vendor-golang-0.6.7.4~git41.678ed56.tar.xz
vendor-golang-kafka-humio-gateway-0.6.7.4~git41.678ed56.tar.xz
vendor-nodejs-0.6.7.4~git41.678ed56.tar.xz
New:
----
_multibuild
sysconfig.velociraptor-kafka-humio-gateway
system-user-velociraptor.sysusers
velociraptor-0.6.7.5~git78.2bef6fc.obscpio
velociraptor-kafka-humio-gateway.service
velociraptor-kafka.sysusers
vendor-golang-0.6.7.5~git77.997aa73.tar.xz
vendor-golang-kafka-humio-gateway-0.6.7.5~git77.997aa73.tar.xz
vendor-nodejs-0.6.7.5~git77.997aa73.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ velociraptor.spec ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:47.857542295 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:47.861542319 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package velociraptor
+# spec file
#
# Copyright (c) 2023 SUSE LLC
#
@@ -16,8 +16,28 @@
#
+%define flavor @BUILD_FLAVOR@%{nil}
+
+%if "%{flavor}" == "client"
+%define build_client 1
+%define build_server 0
+%define build_kafka_humio_gateway 0
+%define name_suffix -client
+%define make_target linux_bare
+%define config_perms %attr(0600, root, root)
+%define state_dir_perms %attr(0700, root, root)
+%else
+%define build_kafka_humio_gateway 1
+%define build_server 1
+%define build_client 0
+%define name_suffix %{nil}
+%define make_target linux
+%define config_perms %attr(0640, root, velociraptor)
+%define state_dir_perms %attr(0700, velociraptor, velociraptor)
+%endif
+
%define projname velociraptor
-%define vendor_version 0.6.7.4~git41.678ed56
+%define vendor_version 0.6.7.5~git77.997aa73
%define vmlinux_h_version 5.14.21150400.22-150400-default
# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
@@ -39,10 +59,14 @@
%define _sharedstatedir /var/lib
%endif
-Name: velociraptor
-Version: 0.6.7.4~git63.4a1ed09d
+Name: velociraptor%{name_suffix}
+Version: 0.6.7.5~git78.2bef6fc
Release: 0
+%if %{build_server}
Summary: Endpoint visibility and collection tool
+%else
+Summary: Endpoint visibility and collection tool (endpoint only)
+%endif
Group: System/Monitoring
License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor
@@ -50,41 +74,51 @@
Source1: vendor-golang-%{vendor_version}.tar.xz
Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz
Source3: vendor-nodejs-%{vendor_version}.tar.xz
-Source4: %{name}.service
-Source5: %{name}-server.config.placeholder
-Source6: %{name}-client.service
-Source7: %{name}-client.config.placeholder
-Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz
+Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
+Source5: velociraptor.service
+Source6: velociraptor-server.config.placeholder
+Source7: velociraptor-client.service
+Source8: velociraptor-client.config.placeholder
Source9: update-vendoring.sh
-Source10: sysconfig.%{name}
-Source11: sysconfig.%{name}-client
+Source10: sysconfig.velociraptor
+Source11: sysconfig.velociraptor-client
Source12: %{projname}.obsinfo
+Source13: system-user-velociraptor.sysusers
+Source14: velociraptor-kafka.sysusers
+Source15: velociraptor-kafka-humio-gateway.service
+Source16: sysconfig.velociraptor-kafka-humio-gateway
Patch1: velociraptor-golang-mage-vendoring.diff
-Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
-Patch3: vendor-build-fixes-for-SLE12.patch
-Patch4: sdjournal-build-fix-for-SLE12.patch
-Patch5: velociraptor-reproducible-timestamp.diff
+Patch2: vendor-build-fixes-for-SLE12.patch
+Patch3: sdjournal-build-fix-for-SLE12.patch
+Patch4: velociraptor-reproducible-timestamp.diff
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.18
BuildRequires: pkgconfig(libsystemd)
-%ifarch x86_64
-BuildRequires: libtsan0
-%endif
+%if %{build_server}
BuildRequires: nodejs >= 16
BuildRequires: npm >= 16
+%endif
%if %{with bpf}
-# clang15 causes libbpfo to crash immediately
-BuildRequires: clang13
+# clang15 causes libbpfgo to crash immediately
+BuildRequires: clang16
BuildRequires: libelf-devel
-BuildRequires: llvm13
-BuildRequires: zlib-devel-static
+BuildRequires: libzstd-devel
+BuildRequires: libzstd-devel
+BuildRequires: llvm16
+BuildRequires: zlib-devel
%endif
-Conflicts: velociraptor-client
+Requires: group(velociraptor)
+Requires: user(velociraptor)
ExclusiveArch: x86_64 ppc64le aarch64 s390x
+%if %{build_server}
+BuildRequires: sysuser-tools
+%{?sysusers_requires}
+%endif
+%if %{build_server}
%description
Velociraptor is a tool for collecting host based state information
using The Velociraptor Query Language (VQL) queries.
@@ -93,19 +127,49 @@
https://docs.velociraptor.app/
-This package contains the endpoint agent and full console GUI.
+This package contains the velociraptor server and full console GUI.
For just the endpoint agent, please install the 'velociraptor-client' package.
+%package -n system-user-velociraptor
+Summary: System user and group 'velociraptor'
+Version: 1.0.0
+License: Apache-2.0
+Group: System/Monitoring
+Provides: group(velociraptor)
+Provides: user(velociraptor)
+
+%description -n system-user-velociraptor
+This package provides a shared system user for all velociraptor components
+
+%endif
+
+%if %{build_kafka_humio_gateway}
%package kafka-humio-gateway
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: 0.6.7.4~git63.4a1ed09d
+Version: 0.6.7.5~git78.2bef6fc
+Requires: group(velociraptor-kafka)
+Requires: user(velociraptor-kafka)
%description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin
and post them to a Humio cluster.
+%endif
+
+%if %{build_client}
+%description
+Velociraptor is a tool for collecting host based state information
+using The Velociraptor Query Language (VQL) queries.
+
+To learn more about Velociraptor, read the documentation on:
+
+https://docs.velociraptor.app/
+
+This package contains only the endpoint agent. For the full server and GUI
+console, please install the 'velociraptor' package.
+%endif
%prep
-%setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version}
+%setup -q -a 1 -a 2 -a 3 -a 4 -n %{projname}-%{version}
%autopatch -p1
# Set the version to something more specific than <next-tag>-dev
@@ -132,67 +196,119 @@
export VELOCIRAPTOR_BUILD_TIME=$timestamp
export VELOCIRAPTOR_GIT_HEAD=$git_commit
+%if %{build_server}
(cd gui/velociraptor ; npm run build)
-PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf}
+%sysusers_generate_pre %{SOURCE13} velociraptor-user
+%endif
+make %{make_target} BUILD_LIBBPFGO=%{with bpf} GIT=echo
+
+%if %{build_kafka_humio_gateway}
(cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
+%sysusers_generate_pre %{SOURCE16} kafka-user
+%endif
%install
-mkdir -p %buildroot/%{_bindir}
-mkdir -p %buildroot/%{_sysconfdir}/velociraptor
-mkdir -p %buildroot/%{_unitdir}
-mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/data
-mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/logs
-mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
-mkdir -p %buildroot/%{_datadir}/%{name}-kafka-humio-gateway
-install -m 0755 output/velociraptor-v%{version}-linux-*
%buildroot/%{_bindir}/velociraptor
-install -m 0755 contrib/kafka-humio-gateway/%{name}-kafka-humio-gateway
%buildroot/%{_bindir}
-install -m 0644 contrib/kafka-humio-gateway/sample-config.yml
%buildroot/%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml
-install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
-install -m 0600 %{SOURCE5}
%{buildroot}%{_sysconfdir}/velociraptor/server.config
-install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service
-install -m 0600 %{SOURCE7}
%{buildroot}%{_sysconfdir}/velociraptor/client.config
-install -d -m 755 %{buildroot}%{_fillupdir}
-install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}
-install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}
+install -D -d -m 0750 %buildroot/%{_sysconfdir}/velociraptor
+install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/data
+install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/logs
+install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/tmp
+
+%if %{build_server}
+service_file_source=%{SOURCE5}
+config_file_source=%{SOURCE6}
+sysconfig_file_source=%{SOURCE10}
+config_file=server.config
+
+install -D -m 0644 %{SOURCE13}
%{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
+%else
+service_file_source=%{SOURCE7}
+config_file_source=%{SOURCE8}
+sysconfig_file_source=%{SOURCE11}
+config_file=client.config
+%endif
+
+install -D -m 0644 "$service_file_source"
%{buildroot}%{_unitdir}/%{name}.service
+install -D -m 0644 "$sysconfig_file_source"
%{buildroot}%{_fillupdir}/sysconfig.%{name}
+install -D -m 0640 "$config_file_source"
"%{buildroot}%{_sysconfdir}/velociraptor/$config_file"
+install -D -m 0755 output/velociraptor-v%{version}-linux-*
%buildroot/%{_bindir}/%{name}
+
+%if %{build_kafka_humio_gateway}
+install -D -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/
+install -D -m 0644 %{SOURCE16} %{buildroot}%{_fillupdir}/
+install -D -m 0755
contrib/kafka-humio-gateway/velociraptor-kafka-humio-gateway
%buildroot/%{_bindir}
+install -D -m 0644 contrib/kafka-humio-gateway/sample-config.yml \
+
%buildroot/%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
+install -D -m 0644 %{SOURCE14}
%{buildroot}%{_sysusersdir}/velociraptor-kafka.conf
+install -D -d -m 0750
%{buildroot}%{_sysconfdir}/velociraptor-kafka-humio-gateway
+install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
+
%buildroot/%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
+%endif
%files
%defattr(-, root, root)
%license LICENSE
%doc README.md
-%dir %{_sysconfdir}/velociraptor
-%{_bindir}/velociraptor
-%config(noreplace) %{_sysconfdir}/velociraptor/server.config
-%config(noreplace) %{_sysconfdir}/velociraptor/client.config
+%{_bindir}/%{name}
%{_unitdir}/%{name}.service
-%{_unitdir}/%{name}-client.service
-%dir %{_sharedstatedir}/velociraptor
-%dir %{_sharedstatedir}/velociraptor/data
-%dir %{_sharedstatedir}/velociraptor/logs
-%dir %{_sharedstatedir}/velociraptor-client
%{_fillupdir}/sysconfig.%{name}
-%{_fillupdir}/sysconfig.%{name}-client
-%files kafka-humio-gateway
-%defattr(-, root, root)
-%license LICENSE
-%doc contrib/kafka-humio-gateway/README.md
-%{_bindir}/%{name}-kafka-humio-gateway
-%dir %{_datadir}/%{name}-kafka-humio-gateway
-%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml
+%dir %attr(-, root, velociraptor) %{_sysconfdir}/velociraptor
+
+%config(noreplace) %{config_perms} %{_sysconfdir}/velociraptor/*.config
+%dir %{state_dir_perms} %{_sharedstatedir}/%{name}
+%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/data
+%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/logs
+%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/tmp
%pre
-%service_add_pre %{name}.service %{name}-client.service
+%service_add_pre %{name}.service
%post
%{fillup_only}
-%{fillup_only -s client}
-%service_add_post %{name}.service %{name}-client.service
+%service_add_post %{name}.service
%preun
-%service_del_preun %{name}.service %{name}-client.service
+%service_del_preun %{name}.service
%postun
-%service_del_postun %{name}.service %{name}-client.service
+%service_del_postun %{name}.service
+
+%if %{build_server}
+%pre -n system-user-velociraptor -f velociraptor-user.pre
+
+%files -n system-user-velociraptor
+%defattr(-, root, root)
+%{_sysusersdir}/system-user-velociraptor.conf
+%endif
+
+%if %{build_kafka_humio_gateway}
+%files kafka-humio-gateway
+%defattr(-, root, root)
+%license LICENSE
+%doc contrib/kafka-humio-gateway/README.md
+%{_bindir}/velociraptor-kafka-humio-gateway
+%dir %{_datadir}/velociraptor-kafka-humio-gateway
+%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
+%{_sysusersdir}/velociraptor-kafka.conf
+%{_unitdir}/velociraptor-kafka-humio-gateway.service
+%{_fillupdir}/sysconfig.velociraptor-kafka-humio-gateway
+%dir %attr(750, root, velociraptor-kafka)
%{_sysconfdir}/velociraptor-kafka-humio-gateway
+%config(noreplace) %attr(0640, root, velociraptor-kafka)
%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
+
+%pre kafka-humio-gateway -f kafka-user.pre
+%service_add_pre velociraptor-kafka-humio-gateway.service
+
+%post kafka-humio-gateway
+%{fillup_only -s kafka-humio-gateway}
+%service_add_post velociraptor-kafka-humio-gateway.service
+
+%preun kafka-humio-gateway
+%service_del_preun velociraptor-kafka-humio-gateway.service
+
+%postun kafka-humio-gateway
+%service_del_postun velociraptor-kafka-humio-gateway.service
+
+%endif
%changelog
++++++ _multibuild ++++++
<multibuild>
<package>client</package>
</multibuild>
++++++ _service ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:47.921542676 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:47.925542700 +0200
@@ -5,8 +5,8 @@
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="revision">sensor-base-0.6.7</param>
<param name="scm">git</param>
- <param name="parent-tag">v0.6.7-4</param>
- <param name="versionrewrite-pattern">v([0-9\.]*)-(.*)</param>
+ <param name="parent-tag">v0.6.7-5</param>
+ <param name="versionrewrite-pattern">v([0-9\.\-]*)-(.*)</param>
<param name="versionrewrite-replacement">\1.\2</param>
<param name="changesgenerate">enable</param>
<param name="submodules">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:47.941542795 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:47.945542819 +0200
@@ -1,8 +1,8 @@
<servicedata>
<service name="tar_scm">
- <param
name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
- <param
name="changesrevision">0e858552af3d6ab57bae796cc3e50ccef36b4aff</param></service><service
name="tar_scm">
<param
name="url">https://github.com/SUSE/linux-security-sensor</param>
- <param
name="changesrevision">4a1ed09d50339b902c6446686bd16deedbb23804</param></service></servicedata>
+ <param
name="changesrevision">2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba</param></service><service
name="tar_scm">
+ <param
name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
+ <param
name="changesrevision">02020f9752134efd8a6a92ab83a7b55b498e1948</param></service></servicedata>
(No newline at EOF)
++++++ sysconfig.velociraptor-kafka-humio-gateway ++++++
## Path: Security/Monitoring
## Description: Velociraptor Kafka-Humio Gateway settings
## Type: string
## Default: ""
## ServiceRestart: velociraptor
#
# Options for velociraptor
#
KAFKA_HUMIO_GATEWAY_OPTIONS="--verbose"
#
# Location of configuration file
#
KAFKA_HUMIO_GATEWAY_CONFIG="/etc/velociraptor-kafka-humio-gateway/transport.yml"
++++++ system-user-velociraptor.sysusers ++++++
u velociraptor - "Velociraptor User" /var/lib/velociraptor
g velociraptor - -
++++++ update-vendoring.sh ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:48.021543271 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:48.021543271 +0200
@@ -21,20 +21,23 @@
dir="$(realpath "$(mktemp -d vendoring.XXXXXX)")"
topdir="$(realpath "$(dirname "$0")")"
-rpmspec -P velociraptor.spec --define "_sourcedir $PWD" | \
+# Pull the %prep section out of the spec file and replace the tarball with the
obscpio
+awk '
+BEGIN { go=1; };
+/^%build/ { go=0; };
+{ if (go) print };' < velociraptor.spec > ${dir}/velociraptor.spec
+
+rpmspec -P ${dir}/velociraptor.spec --define "_sourcedir $PWD" --define
"_builddir ${dir}"| \
awk '
BEGIN { go=0; };
/^%build/ { go=0; };
{ if (go) print };
-/^%setup/ { go=1 }' > ${dir}/setup.sh
-
-echo "Expanding archive..."
-cpio -D "${dir}" -id < velociraptor-${version}.obscpio
+/^%prep/ { go=1 }' | sed -e "/rpmuncompress.*velociraptor-.*.tar.xz/s#.*#cpio
-D . -id < $PWD/velociraptor-${version}.obscpio#" > ${dir}/setup.sh
echo "Running %prep"
+cd ${dir}
+sh -e ${dir}/setup.sh
cd "${dir}/velociraptor-${version}"
-tar Jxf ${topdir}/vmlinux.h-5.14.21150400.22-150400-default.tar.xz
-sh ${dir}/setup.sh
echo "Re-vendoring Go code..."
gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)"
++++++ velociraptor-0.6.7.4~git63.4a1ed09d.obscpio ->
velociraptor-0.6.7.5~git78.2bef6fc.obscpio ++++++
/work/SRC/openSUSE:Factory/velociraptor/velociraptor-0.6.7.4~git63.4a1ed09d.obscpio
/work/SRC/openSUSE:Factory/.velociraptor.new.1533/velociraptor-0.6.7.5~git78.2bef6fc.obscpio
differ: char 48, line 1
++++++ velociraptor-client.service ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:48.081543628 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:48.085543652 +0200
@@ -9,7 +9,8 @@
MemoryHigh=4G
MemoryMax=8G
EnvironmentFile=-/etc/sysconfig/velociraptor-client
-ExecStart=/usr/bin/velociraptor client --config
/etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS
+Environment=TMPDIR=/var/lib/velociraptor-client/tmp
+ExecStart=/usr/bin/velociraptor-client client --config
/etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS
PrivateTmp=true
PrivateDevices=true
++++++ velociraptor-golang-mage-vendoring.diff ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:48.101543748 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:48.101543748 +0200
@@ -1,23 +1,20 @@
From: Jeff Mahoney <je...@suse.com>
-Subject: [PATCH] velociraptor: add dummy main function for mage
+Subject: [PATCH] velociraptor: remove ignore tag to allow vendoring of mage
+
+The ignore tag in make.go means it won't be properly vendored.
-Mage won't pull in the full dependencies without there being a real
-import. This isn't used in the executable, since that's in bin/, but it
-will be used for 'go mod vendor'
---
- dummy.go | 9 +++++++++
- 1 file changed, 9 insertions(+)
+ make.go | 2 --
+ 1 file changed, 2 deletions(-)
---- /dev/null
-+++ b/dummy.go
-@@ -0,0 +1,9 @@
-+// +build useless
-+package main
-+
-+import (
-+ "github.com/magefile/mage"
-+)
-+
-+func main() {
-+}
+diff --git a/make.go b/make.go
+index 28b3e90..8fad8b9 100644
+--- a/make.go
++++ b/make.go
+@@ -1,5 +1,3 @@
+-// +build ignore
+-
+ /*
+ Velociraptor - Dig Deeper
+ Copyright (C) 2019-2022 Rapid7 Inc.
++++++ velociraptor-kafka-humio-gateway.service ++++++
[Unit]
Description=Velociraptor Kafka-Humio Gateway Service
[Service]
Type=simple
User=velociraptor-kafka
Group=velociraptor-kafka
UMask=0027
User=velociraptor
Group=velociraptor
EnvironmentFile=-/etc/sysconfig/velociraptor-kafka-humio-gateway
ExecStart=/usr/bin/velociraptor-kafka-humio-gateway $KAFKA_HUMIO_GATEWAY_OPTS
--config $KAFKA_HUMIO_GATEWAY_CONFIG
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
++++++ velociraptor-kafka.sysusers ++++++
u velociraptor-kafka - "User for velociraptor Kafka Humio Gateway"
/var/lib/velociraptor-kafka-humio-gateway
g velociraptor-kafka - -
++++++ velociraptor.obsinfo ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:48.177544200 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:48.181544224 +0200
@@ -1,5 +1,5 @@
name: velociraptor
-version: 0.6.7.4~git63.4a1ed09d
-mtime: 1674763484
-commit: 4a1ed09d50339b902c6446686bd16deedbb23804
+version: 0.6.7.5~git78.2bef6fc
+mtime: 1683577211
+commit: 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba
++++++ velociraptor.service ++++++
--- /var/tmp/diff_new_pack.qwBbh1/_old 2023-05-09 13:08:48.197544319 +0200
+++ /var/tmp/diff_new_pack.qwBbh1/_new 2023-05-09 13:08:48.201544343 +0200
@@ -3,10 +3,11 @@
[Service]
Type=simple
-User=root
-Group=root
UMask=0027
+User=velociraptor
+Group=velociraptor
EnvironmentFile=-/etc/sysconfig/velociraptor
+Environment=TMPDIR=/var/lib/velociraptor/tmp
ExecStart=/usr/bin/velociraptor frontend --verbose --config
/etc/velociraptor/server.config $VELOCIRAPTOR_OPTS
PrivateTmp=true
++++++ vendor-golang-0.6.7.4~git41.678ed56.tar.xz ->
vendor-golang-0.6.7.5~git77.997aa73.tar.xz ++++++
/work/SRC/openSUSE:Factory/velociraptor/vendor-golang-0.6.7.4~git41.678ed56.tar.xz
/work/SRC/openSUSE:Factory/.velociraptor.new.1533/vendor-golang-0.6.7.5~git77.997aa73.tar.xz
differ: char 26, line 1
++++++ vendor-golang-kafka-humio-gateway-0.6.7.4~git41.678ed56.tar.xz ->
vendor-golang-kafka-humio-gateway-0.6.7.5~git77.997aa73.tar.xz ++++++
++++++ vendor-nodejs-0.6.7.4~git41.678ed56.tar.xz ->
vendor-nodejs-0.6.7.5~git77.997aa73.tar.xz ++++++
/work/SRC/openSUSE:Factory/velociraptor/vendor-nodejs-0.6.7.4~git41.678ed56.tar.xz
/work/SRC/openSUSE:Factory/.velociraptor.new.1533/vendor-nodejs-0.6.7.5~git77.997aa73.tar.xz
differ: char 25, line 1
