colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

osquery: init at 5.5.1

Browse Source
This commit is contained in:
Jack Baldry 2023-07-19 11:56:57 +02:00 committed by Antoine Eiche
parent 3940a4c9b4
commit a0393ca30c
7 changed files with 341 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
maintainers/maintainer-list.nix
View File

@ -18445,6 +18445,12 @@
github = "zmitchell";
githubId = 10246891;
};
znewman01 = {
email = "znewman01@gmail.com";
github = "znewman01";
githubId = 873857;
name = "Zack Newman";
};
zoedsoupe = {
github = "zoedsoupe";
githubId = 44469426;

25
pkgs/tools/system/osquery/Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch Normal file
View File

@ -0,0 +1,25 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 15:40:31 -0400
Subject: [PATCH] Remove circular definition of AUDIT_FILTER_EXCLUDE
https://github.com/osquery/osquery/issues/6551
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/libaudit/src/lib/libaudit.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/libraries/cmake/source/libaudit/src/lib/libaudit.h b/libraries/cmake/source/libaudit/src/libaudit.h
--- a/libraries/cmake/source/libaudit/src/lib/libaudit.h
+++ b/libraries/cmake/source/libaudit/src/lib/libaudit.h
@@ -260,7 +260,6 @@ extern "C" {
#define AUDIT_KEY_SEPARATOR 0x01
/* These are used in filter control */
-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE
#define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */
#define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */
--
2.38.1

37
pkgs/tools/system/osquery/Remove-git-reset.patch Normal file
View File

@ -0,0 +1,37 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 13:48:07 -0400
Subject: [PATCH] Remove git reset
This is not required for nixpkgs builds because we are not working in
the source repository and therefore do not need to be careful about
updating submodule content.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/modules/utils.cmake | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/libraries/cmake/source/modules/utils.cmake b/libraries/cmake/source/modules/utils.cmake
--- a/libraries/cmake/source/modules/utils.cmake
+++ b/libraries/cmake/source/modules/utils.cmake
@@ -102,17 +102,6 @@ function(patchSubmoduleSourceCode library_name patches_dir source_dir apply_to_d
file(COPY "${source_dir}" DESTINATION "${parent_dir}")
endif()
- # We need to restore the source code to its original state, pre patch
- execute_process(
- COMMAND "${GIT_EXECUTABLE}" reset --hard HEAD
- RESULT_VARIABLE process_exit_code
- WORKING_DIRECTORY "${source_dir}"
- )
-
- if(NOT ${process_exit_code} EQUAL 0)
- message(FATAL_ERROR "Failed to git reset the following submodule: \"${source_dir}\"")
- endif()
-
set(patchSubmoduleSourceCode_Patched TRUE PARENT_SCOPE)
endfunction()
--
2.38.1

157
pkgs/tools/system/osquery/Remove-system-controls-table.patch Normal file
View File

@ -0,0 +1,157 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Wed, 16 Nov 2022 22:00:06 -0400
Subject: [PATCH] Remove system controls table
Relies on <sys/sysctl.h> which is not present in glibc since 2.32.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
osquery/tables/system/CMakeLists.txt | 4 --
specs/CMakeLists.txt | 1 -
specs/posix/system_controls.table | 21 -------
tests/integration/tables/system_controls.cpp | 61 --------------------
4 files changed, 87 deletions(-)
delete mode 100644 specs/posix/system_controls.table
delete mode 100644 tests/integration/tables/system_controls.cpp
diff --git a/osquery/tables/system/CMakeLists.txt b/osquery/tables/system/CMakeLists.txt
--- a/osquery/tables/system/CMakeLists.txt
+++ b/osquery/tables/system/CMakeLists.txt
@@ -43,7 +43,6 @@ function(generateOsqueryTablesSystemSystemtable)
posix/smbios_utils.cpp
posix/sudoers.cpp
posix/suid_bin.cpp
- posix/system_controls.cpp
posix/ulimit_info.cpp
)
endif()
@@ -82,7 +81,6 @@ function(generateOsqueryTablesSystemSystemtable)
linux/shared_memory.cpp
linux/smbios_tables.cpp
linux/startup_items.cpp
- linux/sysctl_utils.cpp
linux/system_info.cpp
linux/usb_devices.cpp
linux/user_groups.cpp
@@ -156,7 +154,6 @@ function(generateOsqueryTablesSystemSystemtable)
darwin/smbios_tables.cpp
darwin/smc_keys.cpp
darwin/startup_items.cpp
- darwin/sysctl_utils.cpp
darwin/system_extensions.mm
darwin/system_info.cpp
darwin/time_machine.cpp
@@ -326,7 +323,6 @@ function(generateOsqueryTablesSystemSystemtable)
posix/shell_history.h
posix/ssh_keys.h
posix/sudoers.h
- posix/sysctl_utils.h
posix/last.h
posix/openssl_utils.h
posix/authorized_keys.h
diff --git a/specs/CMakeLists.txt b/specs/CMakeLists.txt
--- a/specs/CMakeLists.txt
+++ b/specs/CMakeLists.txt
@@ -246,7 +246,6 @@ function(generateNativeTables)
"posix/socket_events.table:linux,macos"
"posix/sudoers.table:linux,macos,freebsd"
"posix/suid_bin.table:linux,macos,freebsd"
- "posix/system_controls.table:linux,macos,freebsd"
"posix/ulimit_info.table:linux,macos,freebsd"
"posix/usb_devices.table:linux,macos"
"posix/user_events.table:linux,macos,freebsd"
diff --git a/specs/posix/system_controls.table b/specs/posix/system_controls.table
deleted file mode 100644
--- a/specs/posix/system_controls.table
+++ /dev/null
@@ -1,21 +0,0 @@
-table_name("system_controls")
-description("sysctl names, values, and settings information.")
-schema([
- Column("name", TEXT, "Full sysctl MIB name", index=True),
- Column("oid", TEXT, "Control MIB", additional=True),
- Column("subsystem", TEXT, "Subsystem ID, control type", additional=True),
- Column("current_value", TEXT, "Value of setting"),
- Column("config_value", TEXT, "The MIB value set in /etc/sysctl.conf"),
- Column("type", TEXT, "Data type"),
-])
-extended_schema(DARWIN, [
- Column("field_name", TEXT, "Specific attribute of opaque type"),
-])
-
-implementation("system_controls@genSystemControls")
-fuzz_paths([
- "/run/sysctl.d/",
- "/usr/lib/sysctl.d/",
- "/lib/sysctl.d/",
- "/sys"
-])
diff --git a/tests/integration/tables/system_controls.cpp b/tests/integration/tables/system_controls.cpp
deleted file mode 100644
--- a/tests/integration/tables/system_controls.cpp
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (c) 2014-present, The osquery authors
- *
- * This source code is licensed as defined by the LICENSE file found in the
- * root directory of this source tree.
- *
- * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
- */
-
-// Sanity check integration test for system_controls
-// Spec file: specs/posix/system_controls.table
-
-#include <osquery/tests/integration/tables/helper.h>
-
-namespace osquery {
-namespace table_tests {
-namespace {
-
-class SystemControlsTest : public testing::Test {
- protected:
- void SetUp() override {
- setUpEnvironment();
- }
-};
-
-TEST_F(SystemControlsTest, test_sanity) {
- auto const rows = execute_query("select * from system_controls");
- auto const row_map = ValidationMap{
- {"name", NonEmptyString},
- {"oid", NormalType},
- {"subsystem",
- SpecificValuesCheck{"",
- "abi",
- "debug",
- "dev",
- "fs",
- "fscache",
- "hw",
- "kern",
- "kernel",
- "machdep",
- "net",
- "sunrpc",
- "user",
- "vfs",
- "vm"}},
- {"current_value", NormalType},
- {"config_value", NormalType},
- {"type",
- SpecificValuesCheck{
- "", "node", "int", "string", "quad", "opaque", "struct"}},
-#ifdef __APPLE__
- {"field_name", NormalType},
-#endif
- };
- validate_rows(rows, row_map);
-}
-
-} // namespace
-} // namespace table_tests
-} // namespace osquery
--
2.38.1

29
pkgs/tools/system/osquery/Use-locale.h-instead-of-removed-xlocale.h-header.patch Normal file
View File

@ -0,0 +1,29 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 14:34:33 -0400
Subject: [PATCH] Use locale.h instead of removed xlocale.h header
https://sourceware.org/glibc/wiki/Release/2.26#Removal_of_.27xlocale.h.27
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
--- a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
+++ b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
@@ -48,9 +48,9 @@
/* NetBSD 5.0 mis-defines NULL. */
#include <stddef.h>
-/* Mac OS X 10.5 defines the locale_t type in <xlocale.h>. */
+/* Mac OS X 10.5 defines the locale_t type in <locale.h>. */
#if 1
-# include <xlocale.h>
+# include <locale.h>
#endif
/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
--
2.38.1

85
pkgs/tools/system/osquery/default.nix Normal file
View File

@ -0,0 +1,85 @@
{ lib
, cmake
, fetchFromGitHub
, git
, llvmPackages
, nixosTests
, overrideCC
, perl
, python3
, stdenv
, openssl_1_1
}:
let
buildStdenv = overrideCC stdenv llvmPackages.clangUseLLVM;
in
buildStdenv.mkDerivation rec {
pname = "osquery";
version = "5.5.1";
src = fetchFromGitHub {
owner = "osquery";
repo = "osquery";
rev = version;
fetchSubmodules = true;
sha256 = "sha256-Q6PQVnBjAjAlR725fyny+RhQFUNwxWGjLDuS5p9JKlU=";
};
patches = [
./Remove-git-reset.patch
./Use-locale.h-instead-of-removed-xlocale.h-header.patch
./Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch
# For current state of compilation against glibc in the clangWithLLVM toolchain, refer to the upstream issue in https://github.com/osquery/osquery/issues/7823.
./Remove-system-controls-table.patch
];
buildInputs = [
llvmPackages.libunwind
];
nativeBuildInputs = [
cmake
git
perl
python3
];
postPatch = ''
substituteInPlace cmake/install_directives.cmake --replace "/control" "control"
# This is required to build libarchive with our glibc version
# which provides the ARC4RANDOM_BUF function
substituteInPlace libraries/cmake/source/libarchive/CMakeLists.txt --replace " target_compile_definitions(thirdparty_libarchive PRIVATE" " target_compile_definitions(thirdparty_libarchive PRIVATE HAVE_ARC4RANDOM_BUF"
# We need to override this hash because we use our own openssl 1.1 version
substituteInPlace libraries/cmake/formula/openssl/CMakeLists.txt --replace "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" "e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6"
cat libraries/cmake/formula/openssl/CMakeLists.txt
'';
# For explanation of these deletions, refer to the ./Use-locale.h-instead-of-removed-xlocale.h-header.patch file.
preConfigure = ''
find libraries/cmake/source -name 'config.h' -exec sed -i '/#define HAVE_XLOCALE_H 1/d' {} \;
'';
cmakeFlags = [
"-DOSQUERY_VERSION=${version}"
"-DOSQUERY_OPENSSL_ARCHIVE_PATH=${openssl_1_1.src}"
];
postFixup = ''
patchelf --set-rpath "${llvmPackages.libunwind}/lib:$(patchelf --print-rpath $out/bin/osqueryd)" "$out/bin/osqueryd"
'';
passthru.tests.osquery = nixosTests.osquery;
meta = with lib; {
description = "SQL powered operating system instrumentation, monitoring, and analytics.";
longDescription = ''
The system controls table is not included as it does not presently compile with glibc >= 2.32.
For more information, refer to https://github.com/osquery/osquery/issues/7823
'';
homepage = "https://osquery.io";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ znewman01 lewo ];
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -1785,6 +1785,8 @@ with pkgs;
openbugs = pkgsi686Linux.callPackage ../applications/science/machine-learning/openbugs { };
osquery = callPackage ../tools/system/osquery { };
paperview = callPackage ../tools/X11/paperview { };
pferd = callPackage ../tools/misc/pferd { };