Date: Sunday, October 3, 2021 @ 17:45:17 Author: anatolik Revision: 1027215
archrelease: copy trunk to community-testing-x86_64 Added: osquery/repos/community-testing-x86_64/PKGBUILD (from rev 1027214, osquery/trunk/PKGBUILD) osquery/repos/community-testing-x86_64/libaudit.patch (from rev 1027214, osquery/trunk/libaudit.patch) Deleted: osquery/repos/community-testing-x86_64/PKGBUILD osquery/repos/community-testing-x86_64/libaudit.patch osquery/repos/community-testing-x86_64/osquery.patch ----------------+ PKGBUILD | 91 ++++++++++----------- libaudit.patch | 24 ++--- osquery.patch | 236 ------------------------------------------------------- 3 files changed, 55 insertions(+), 296 deletions(-) Deleted: PKGBUILD =================================================================== --- PKGBUILD 2021-10-03 17:44:51 UTC (rev 1027214) +++ PKGBUILD 2021-10-03 17:45:17 UTC (rev 1027215) @@ -1,48 +0,0 @@ -# Maintainer: Anatol Pomozov - -pkgname=osquery -pkgver=5.0.1 -pkgrel=2 -pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics' -arch=(x86_64) -url='https://osquery.io' -license=(Apache GPL2) -depends=(zlib) -makedepends=(cmake ninja clang python gcc-libs git libunwind) -options=(!strip) -source=(git+https://github.com/osquery/osquery.git#tag=$pkgver - osquery.patch - libaudit.patch) -sha256sums=('SKIP' - '6c6b87a1b473abdb8b895a3cd4f8839b6b19add6937134c620fddb845d7f8969' - '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8') - -prepare() { - cd $srcdir/osquery - patch -p1 < $srcdir/osquery.patch -} - -build() { - cd osquery - - CC=clang CXX=clang++ cmake \ - -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \ - -DOSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE \ - -G Ninja -S . -B build - - # submodules are checked out by cmake, patch it after it were checked out - (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && git reset --hard && patch -p1 < $srcdir/libaudit.patch) - - ninja -C build -} - -package() { - cd osquery - - DESTDIR="${pkgdir}" ninja -C build install - install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" - install -Dm644 tools/deployment/osquery.example.conf "$pkgdir/etc/osquery/osquery.conf" - install -Dm644 tools/deployment/linux_packaging/osqueryd.sysconfig "$pkgdir/etc/sysconfig/osqueryd" - install -Dm644 tools/deployment/linux_packaging/rpm/osqueryd.service "$pkgdir/usr/lib/systemd/system/osqueryd.service" - rm -r $pkgdir/control -} Copied: osquery/repos/community-testing-x86_64/PKGBUILD (from rev 1027214, osquery/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2021-10-03 17:45:17 UTC (rev 1027215) @@ -0,0 +1,43 @@ +# Maintainer: Anatol Pomozov + +pkgname=osquery +pkgver=5.0.1 +pkgrel=3 +pkgdesc='SQL powered operating system instrumentation, monitoring, and analytics' +arch=(x86_64) +url='https://osquery.io' +license=(Apache GPL2) +depends=(zlib) +makedepends=(cmake ninja clang python gcc-libs git libunwind) +options=(!strip) +# following commit represents osquery $pkgver with some Arch-specific patches +_commit=4261097abb7505403966a6e45a2526f2abb2aac9 +source=(git+https://github.com/anatol/osquery.git#commit=$_commit + libaudit.patch) +sha256sums=('SKIP' + '96218ef5b7d6d6deb3a7b4b3dfed8068b7e4d10acd5b19372b9882f89d4478a8') + +build() { + cd osquery + + CC=clang CXX=clang++ cmake \ + -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr -DOSQUERY_VERSION=$pkgver \ + -DOSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE \ + -G Ninja -S . -B build + + # submodules are checked out by cmake, patch it after it were checked out + (cd $srcdir/osquery/libraries/cmake/source/libaudit/src && git reset --hard && patch -p1 < $srcdir/libaudit.patch) + + ninja -C build +} + +package() { + cd osquery + + DESTDIR="${pkgdir}" ninja -C build install + install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE" + install -Dm644 tools/deployment/osquery.example.conf "$pkgdir/etc/osquery/osquery.conf" + install -Dm644 tools/deployment/linux_packaging/osqueryd.sysconfig "$pkgdir/etc/sysconfig/osqueryd" + install -Dm644 tools/deployment/linux_packaging/rpm/osqueryd.service "$pkgdir/usr/lib/systemd/system/osqueryd.service" + rm -r $pkgdir/control +} Deleted: libaudit.patch =================================================================== --- libaudit.patch 2021-10-03 17:44:51 UTC (rev 1027214) +++ libaudit.patch 2021-10-03 17:45:17 UTC (rev 1027215) @@ -1,12 +0,0 @@ -diff --git a/lib/libaudit.h b/lib/libaudit.h -index 05ee91e..2ee3842 100644 ---- a/lib/libaudit.h -+++ b/lib/libaudit.h -@@ -260,7 +260,6 @@ extern "C" { - #define AUDIT_KEY_SEPARATOR 0x01 - - /* These are used in filter control */ --#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE - #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ - #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ - Copied: osquery/repos/community-testing-x86_64/libaudit.patch (from rev 1027214, osquery/trunk/libaudit.patch) =================================================================== --- libaudit.patch (rev 0) +++ libaudit.patch 2021-10-03 17:45:17 UTC (rev 1027215) @@ -0,0 +1,12 @@ +diff --git a/lib/libaudit.h b/lib/libaudit.h +index 05ee91e..2ee3842 100644 +--- a/lib/libaudit.h ++++ b/lib/libaudit.h +@@ -260,7 +260,6 @@ extern "C" { + #define AUDIT_KEY_SEPARATOR 0x01 + + /* These are used in filter control */ +-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE + #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ + #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ + Deleted: osquery.patch =================================================================== --- osquery.patch 2021-10-03 17:44:51 UTC (rev 1027214) +++ osquery.patch 2021-10-03 17:45:17 UTC (rev 1027215) @@ -1,236 +0,0 @@ -commit 6b69f04e9d4164130c15f9203e20159af69ecdc1 -Author: Anatol Pomozov <anatol.pomo...@gmail.com> -Date: Tue Sep 21 09:46:53 2021 -0700 - - Arch Linux specific fixes - -diff --git a/cmake/flags.cmake b/cmake/flags.cmake -index e046e8b8d..76e7f20c1 100644 ---- a/cmake/flags.cmake -+++ b/cmake/flags.cmake -@@ -79,11 +79,9 @@ function(setupBuildFlags) - -Woverloaded-virtual - -Wnon-virtual-dtor - -Weffc++ -- -stdlib=libc++ - ) - - set(posix_cxx_link_options -- -stdlib=libc++ - -ldl - ) - -@@ -131,7 +129,6 @@ function(setupBuildFlags) - ) - - set(linux_cxx_link_libraries -- c++abi - rt - dl - ) -@@ -157,7 +154,6 @@ function(setupBuildFlags) - ) - - set(macos_cxx_link_options -- -stdlib=libc++ - -lresolv - ) - -@@ -166,7 +162,6 @@ function(setupBuildFlags) - cups - bsm - xar -- c++abi - "-framework AppKit" - "-framework Foundation" - "-framework CoreServices" -diff --git a/libraries/cmake/source/libmagic/config/linux/config.h b/libraries/cmake/source/libmagic/config/linux/config.h -index 42be099c8..7054c73b9 100644 ---- a/libraries/cmake/source/libmagic/config/linux/config.h -+++ b/libraries/cmake/source/libmagic/config/linux/config.h -@@ -247,9 +247,6 @@ - /* Define to 1 if `vfork' works. */ - #define HAVE_WORKING_VFORK 1 - --/* Define to 1 if you have the <xlocale.h> header file. */ --#define HAVE_XLOCALE_H 1 -- - /* Define to 1 if you have the <zlib.h> header file. */ - #define HAVE_ZLIB_H 1 - -diff --git a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h -index 7041c46fb..9288df900 100644 ---- a/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h -+++ b/libraries/cmake/source/lldpd/config/x86_64/linux/libevent/event2/event-config.h -@@ -300,9 +300,6 @@ - /* Define to 1 if you have the <sys/stat.h> header file. */ - #define _EVENT_HAVE_SYS_STAT_H 1 - --/* Define to 1 if you have the <sys/sysctl.h> header file. */ --#define _EVENT_HAVE_SYS_SYSCTL_H 1 -- - /* Define to 1 if you have the <sys/time.h> header file. */ - #define _EVENT_HAVE_SYS_TIME_H 1 - -diff --git a/libraries/cmake/source/thrift/CMakeLists.txt b/libraries/cmake/source/thrift/CMakeLists.txt -index 0389d0507..a4c3d55ec 100644 ---- a/libraries/cmake/source/thrift/CMakeLists.txt -+++ b/libraries/cmake/source/thrift/CMakeLists.txt -@@ -82,12 +82,6 @@ function(thriftMain) - set(forced_include_file_flag "--include") - endif() - -- # C++17 dropped support for random_shuffle. Add it back with a -- # custom header -- target_compile_options(thirdparty_thrift PRIVATE -- "${forced_include_file_flag}${CMAKE_CURRENT_SOURCE_DIR}/patches/random_shuffle.h" -- ) -- - target_compile_definitions(thirdparty_thrift PUBLIC - THRIFT_STATIC_DEFINE - ) -diff --git a/osquery/core/shutdown.cpp b/osquery/core/shutdown.cpp -index 3cb863d9b..7f93210f6 100644 ---- a/osquery/core/shutdown.cpp -+++ b/osquery/core/shutdown.cpp -@@ -11,6 +11,7 @@ - #include <osquery/logger/data_logger.h> - - #include <atomic> -+#include <condition_variable> - #include <mutex> - #include <string> - -diff --git a/osquery/tables/networking/CMakeLists.txt b/osquery/tables/networking/CMakeLists.txt -index 70b7079ee..7a42d068a 100644 ---- a/osquery/tables/networking/CMakeLists.txt -+++ b/osquery/tables/networking/CMakeLists.txt -@@ -30,6 +30,10 @@ function(generateOsqueryTablesNetworking) - posix/interfaces.cpp - posix/utils.cpp - ) -+ -+ list(APPEND platform_deps -+ resolv -+ ) - endif() - - if(DEFINED PLATFORM_LINUX) -diff --git a/osquery/tables/system/linux/sysctl_utils.cpp b/osquery/tables/system/linux/sysctl_utils.cpp -index 1ff3e0b00..b66ecc79e 100644 ---- a/osquery/tables/system/linux/sysctl_utils.cpp -+++ b/osquery/tables/system/linux/sysctl_utils.cpp -@@ -7,8 +7,6 @@ - * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) - */ - --#include <sys/sysctl.h> -- - #include <boost/algorithm/string/trim.hpp> - - #include <osquery/core/tables.h> -@@ -73,10 +71,8 @@ void genControlInfo(int* oid, - // Get control size - size_t response_size = CTL_MAX_VALUE; - char response[CTL_MAX_VALUE + 1] = {0}; -- if (sysctl(oid, oid_size, response, &response_size, 0, 0) != 0) { -- // Cannot request MIB data. -- return; -- } -+ // Cannot request MIB data. -+ return; - - // Data is output, but no way to determine type (long, int, string, struct). - Row r; -diff --git a/osquery/tables/system/posix/augeas.cpp b/osquery/tables/system/posix/augeas.cpp -index fb09411d8..615f7adea 100644 ---- a/osquery/tables/system/posix/augeas.cpp -+++ b/osquery/tables/system/posix/augeas.cpp -@@ -35,7 +35,7 @@ FLAG(string, - #else - FLAG(string, - augeas_lenses, -- "/opt/osquery/share/osquery/lenses", -+ "/usr/share/osquery/lenses", - "Directory that contains augeas lenses files"); - #endif - -diff --git a/osquery/tables/system/posix/sysctl_utils.h b/osquery/tables/system/posix/sysctl_utils.h -index e119f8a9e..0d4a399e4 100644 ---- a/osquery/tables/system/posix/sysctl_utils.h -+++ b/osquery/tables/system/posix/sysctl_utils.h -@@ -9,8 +9,6 @@ - - #pragma once - --#include <sys/sysctl.h> -- - #include <osquery/core/tables.h> - - namespace osquery { -@@ -18,6 +16,8 @@ namespace tables { - - #define CTL_MAX_VALUE 128 - -+#define CTL_MAXNAME 12 -+ - #ifndef CTL_DEBUG_MAXID - #define CTL_DEBUG_MAXID (CTL_MAXNAME * 2) - #endif -diff --git a/osquery/utils/config/default_paths.h b/osquery/utils/config/default_paths.h -index cda34298e..1c45718f3 100644 ---- a/osquery/utils/config/default_paths.h -+++ b/osquery/utils/config/default_paths.h -@@ -26,7 +26,7 @@ - #define OSQUERY_SOCKET OSQUERY_DB_HOME - #define OSQUERY_PIDFILE "/var/run/" - #define OSQUERY_LOG_HOME "/var/log/osquery/" --#define OSQUERY_CERTS_HOME "/opt/osquery/share/osquery/certs/" -+#define OSQUERY_CERTS_HOME "/usr/share/osquery/certs/" - #elif defined(WIN32) - #define OSQUERY_HOME "\\Program Files\\osquery\\" - #define OSQUERY_DB_HOME OSQUERY_HOME -diff --git a/tools/deployment/linux_packaging/rpm/osqueryd.service b/tools/deployment/linux_packaging/rpm/osqueryd.service -index 6aa42752f..7bb3b3dc9 100644 ---- a/tools/deployment/linux_packaging/rpm/osqueryd.service -+++ b/tools/deployment/linux_packaging/rpm/osqueryd.service -@@ -7,7 +7,7 @@ TimeoutStartSec=0 - EnvironmentFile=/etc/sysconfig/osqueryd - ExecStartPre=/bin/sh -c "if [ ! -f $FLAG_FILE ]; then touch $FLAG_FILE; fi" - ExecStartPre=/bin/sh -c "if [ -f $LOCAL_PIDFILE ]; then mv $LOCAL_PIDFILE $PIDFILE; fi" --ExecStart=/opt/osquery/bin/osqueryd \ -+ExecStart=/usr/bin/osqueryd \ - --flagfile $FLAG_FILE \ - --config_path $CONFIG_FILE - Restart=on-failure -diff --git a/tools/deployment/osquery.example.conf b/tools/deployment/osquery.example.conf -index 96320e2d4..5af675dac 100644 ---- a/tools/deployment/osquery.example.conf -+++ b/tools/deployment/osquery.example.conf -@@ -60,19 +60,19 @@ - // There are several 'default' packs installed via - // packages and/or Homebrew. - // -- // Linux: /opt/osquery/share/osquery/packs -+ // Linux: /usr/share/osquery/packs - // OS X: /var/osquery/packs - // Homebrew: /usr/local/share/osquery/packs - // make install: {PREFIX}/share/osquery/packs - // - "packs": { -- // "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf", -- // "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf", -- // "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf", -+ // "osquery-monitoring": "/usr/share/osquery/packs/osquery-monitoring.conf", -+ // "incident-response": "/usr/share/osquery/packs/incident-response.conf", -+ // "it-compliance": "/usr/share/osquery/packs/it-compliance.conf", - // "osx-attacks": "/var/osquery/packs/osx-attacks.conf", -- // "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf", -- // "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf", -- // "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf", -+ // "vuln-management": "/usr/share/osquery/packs/vuln-management.conf", -+ // "hardware-monitoring": "/usr/share/osquery/packs/hardware-monitoring.conf", -+ // "ossec-rootkit": "/usr/share/osquery/packs/ossec-rootkit.conf", - // "windows-hardening": "C:\\Program Files\\osquery\\packs\\windows-hardening.conf", - // "windows-attacks": "C:\\Program Files\\osquery\\packs\\windows-attacks.conf" - },