diff --git a/pkgs/tools/system/osquery/default.nix b/pkgs/tools/system/osquery/default.nix index 44d5bcf5f38a0..2a719efd79b3a 100644 --- a/pkgs/tools/system/osquery/default.nix +++ b/pkgs/tools/system/osquery/default.nix @@ -1,59 +1,62 @@ { stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages , udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive -, libgpgerror, libuuid, iptables, apt, dpkg, lzma, lz4, bzip2, rpm +, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm , beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags -, thrift, boost, rocksdb_lite, cpp-netlib, glog, gbenchmark, snappy -, openssl, linenoise-ng, file, doxygen, devicemapper -, gtest, sqlite +, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy +, openssl, file, doxygen +, gtest, sqlite, fpm, zstd, rdkafka, rapidjson, path }: let + thirdparty = fetchFromGitHub { owner = "osquery"; repo = "third-party"; - rev = "6919841175b2c9cb2dee8986e0cfe49191ecb868"; - sha256 = "1kjxrky586jd1b2z1vs9cm7x1dxw51cizpys9kddiarapc2ih65j"; + rev = "4ef099c31a1165c5e7e3a699f9e4b3eb68c3c3d9"; + sha256 = "1vm0prw4dix0m51vkw9z0vwfd8698gqjw499q8h604hs1rvn6132"; }; in stdenv.mkDerivation rec { name = "osquery-${version}"; - version = "2.5.2"; + version = "3.2.2"; # this is what `osquery --help` will show as the version. OSQUERY_BUILD_VERSION = version; + OSQUERY_PLATFORM = "nixos;${builtins.readFile "${toString path}/.version"}"; src = fetchFromGitHub { owner = "facebook"; repo = "osquery"; rev = version; - sha256 = "16isplk66qpvhrf041l0lxb4z6k7wwd1sg7kpsw2q6kivkxpnk3z"; + sha256 = "0qwj4cy6m25sqwb0irqfqinipx50l4imnz1gqxx147vzfwb52jlq"; }; - patches = [ ./misc.patch ] ++ lib.optional stdenv.isLinux ./platform-nixos.patch; + patches = [ ./misc.patch ]; nativeBuildInputs = [ - pkgconfig cmake pythonPackages.python pythonPackages.jinja2 + pkgconfig cmake pythonPackages.python pythonPackages.jinja2 doxygen fpm ]; - buildInputs = [ + buildInputs = let + gflags' = google-gflags.overrideAttrs (old: { + cmakeFlags = stdenv.lib.filter (f: isNull (builtins.match ".*STATIC.*" f)) old.cmakeFlags; + }); + in [ udev audit (aws-sdk-cpp.override { - apis = [ "firehose" "kinesis" "sts" ]; + apis = [ "firehose" "kinesis" "sts" "ec2" ]; customMemoryManagement = false; }) - lvm2 libgcrypt libarchive libgpgerror libuuid iptables.dev apt dpkg - lzma lz4 bzip2 rpm beecrypt augeas libxml2 sleuthkit - yara lldpd google-gflags thrift boost - cpp-netlib glog gbenchmark snappy openssl linenoise-ng - file doxygen devicemapper cryptsetup - gtest sqlite - - # need to be consistent about the malloc implementation - (rocksdb_lite.override { jemalloc = null; gperftools = null; }) + lvm2 libgcrypt libarchive libgpgerror libuuid iptables dpkg + lzma bzip2 rpm beecrypt augeas libxml2 sleuthkit + yara lldpd gflags' thrift boost + glog gbenchmark snappy openssl + file cryptsetup + gtest sqlite zstd rdkafka rapidjson rocksdb_lite ]; preConfigure = '' @@ -74,7 +77,6 @@ stdenv.mkDerivation rec { homepage = https://osquery.io/; license = licenses.bsd3; platforms = platforms.linux; - maintainers = with maintainers; [ cstrahan ]; - broken = true; # 2018-04-11 + maintainers = with maintainers; [ cstrahan ma27 ]; }; } diff --git a/pkgs/tools/system/osquery/misc.patch b/pkgs/tools/system/osquery/misc.patch index 1a0ef267f0df3..acdbf6346c83c 100644 --- a/pkgs/tools/system/osquery/misc.patch +++ b/pkgs/tools/system/osquery/misc.patch @@ -1,33 +1,9 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index a976a46d..408ac308 100644 +index b8eb5a16..319d81dc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -125,14 +125,13 @@ else() - set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libc++") - else() - set(LINUX TRUE) -- set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libstdc++") -+ set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14") - endif() - set(POSIX TRUE) - endif() - - if(POSIX) - add_compile_options( -- -Qunused-arguments - -Wstrict-aliasing - -Wno-missing-field-initializers - -Wno-unused-local-typedef -@@ -154,7 +153,6 @@ if(POSIX) - ) - if(NOT FREEBSD) - add_compile_options( -- -Werror=shadow - -fvisibility=hidden - -fvisibility-inlines-hidden - ) -@@ -372,12 +370,6 @@ elseif(NOT FREEBSD) - endif() +@@ -447,12 +447,6 @@ elseif(CLANG AND DEPS AND NOT FREEBSD) + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -flto=thin") endif() -if(NOT IS_DIRECTORY "${CMAKE_SOURCE_DIR}/third-party/sqlite3") @@ -39,7 +15,7 @@ index a976a46d..408ac308 100644 # Make sure deps were built before compiling (else show warning). execute_process( COMMAND "${CMAKE_SOURCE_DIR}/tools/provision.sh" check "${CMAKE_BINARY_DIR}" -@@ -439,6 +431,8 @@ endif() +@@ -518,6 +512,8 @@ endif() if(APPLE) LOG_PLATFORM("OS X") @@ -48,87 +24,67 @@ index a976a46d..408ac308 100644 elseif(OSQUERY_BUILD_PLATFORM STREQUAL "debian") LOG_PLATFORM("Debian") elseif(OSQUERY_BUILD_PLATFORM STREQUAL "ubuntu") -@@ -477,7 +471,6 @@ if(POSIX) - include_directories("${BUILD_DEPS}/include/openssl") +@@ -567,7 +563,6 @@ if(POSIX AND DEPS) + endif() endif() -include_directories("${CMAKE_SOURCE_DIR}/third-party/sqlite3") include_directories("${CMAKE_SOURCE_DIR}/include") include_directories("${CMAKE_SOURCE_DIR}") -@@ -559,21 +552,10 @@ else() - set(GTEST_FLAGS "-DGTEST_USE_OWN_TR1_TUPLE=0") +@@ -655,18 +650,6 @@ if(FREEBSD OR "${HAVE_TR1_TUPLE}" STREQUAL "") + add_definitions(-DGTEST_USE_OWN_TR1_TUPLE=0) endif() -set(GTEST_FLAGS -- ${GTEST_FLAGS} - "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googletest/include" - "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googlemock/include" -) -join("${GTEST_FLAGS}" " " GTEST_FLAGS) - - set(BUILD_GTEST TRUE) - --add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/googletest") +-if(NOT SKIP_TESTS) +- add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/googletest") +-endif() - - include(Thrift) - -add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/sqlite3") - - add_subdirectory(osquery) - add_subdirectory(tools/tests) - -diff --git a/include/osquery/core.h b/include/osquery/core.h -index b597edee..b0628037 100644 ---- a/include/osquery/core.h -+++ b/include/osquery/core.h -@@ -15,8 +15,9 @@ - #include - #include - --#if defined(__APPLE__) || defined(__FreeBSD__) -+#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__) - #include -+#include - #else - #include - #endif -@@ -188,7 +189,7 @@ inline bool isPlatform(PlatformType a, const PlatformType& t = kPlatformType) { - return (static_cast(t) & static_cast(a)) != 0; - } - --#if defined(__APPLE__) || defined(__FreeBSD__) -+#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__) - #define MUTEX_IMPL boost - #else - #define MUTEX_IMPL std -@@ -204,10 +205,10 @@ using WriteLock = MUTEX_IMPL::unique_lock; - using ReadLock = MUTEX_IMPL::shared_lock; - - /// Helper alias for defining recursive mutexes. --using RecursiveMutex = std::recursive_mutex; -+using RecursiveMutex = MUTEX_IMPL::recursive_mutex; - - /// Helper alias for write locking a recursive mutex. --using RecursiveLock = std::lock_guard; -+using RecursiveLock = MUTEX_IMPL::lock_guard; - } - - /** + if(NOT FREEBSD) + add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/linenoise-ng") + endif() diff --git a/osquery/CMakeLists.txt b/osquery/CMakeLists.txt -index 77913d31..671b20d4 100644 +index 1c8201ee..a89e6821 100644 --- a/osquery/CMakeLists.txt +++ b/osquery/CMakeLists.txt -@@ -57,7 +57,7 @@ endif() +@@ -35,8 +35,6 @@ if(CLANG AND POSIX) + -Wextra + -pedantic + -Wuseless-cast +- -Wno-c99-extensions +- -Wno-zero-length-array + -Wno-unused-parameter + -Wno-gnu-case-range + -Weffc++ +@@ -61,14 +59,7 @@ endif() # Construct a set of all object files, starting with third-party and all # of the osquery core objects (sources from ADD_CORE_LIBRARY macros). --set(OSQUERY_OBJECTS $) -+set(OSQUERY_OBJECTS "") +-if(FREEBSD) +- set(OSQUERY_OBJECTS $) +-else() +- set(OSQUERY_OBJECTS +- $ +- $ +- ) +-endif() ++set(OSQUERY_OBJECTS $) # Add subdirectories add_subdirectory(config) -@@ -138,6 +138,8 @@ elseif(FREEBSD) +@@ -147,10 +138,11 @@ if(APPLE OR LINUX) + ADD_OSQUERY_LINK_ADDITIONAL("rocksdb_lite") + elseif(FREEBSD) + ADD_OSQUERY_LINK_CORE("icuuc") +- ADD_OSQUERY_LINK_CORE("linenoise") ADD_OSQUERY_LINK_ADDITIONAL("rocksdb-lite") endif() @@ -137,41 +93,62 @@ index 77913d31..671b20d4 100644 if(POSIX) ADD_OSQUERY_LINK_CORE("boost_system") ADD_OSQUERY_LINK_CORE("boost_filesystem") -@@ -157,6 +159,7 @@ ADD_OSQUERY_LINK_ADDITIONAL("cppnetlib-client-connections${WO_KEY}") +@@ -168,6 +160,8 @@ endif() ADD_OSQUERY_LINK_CORE("glog${WO_KEY}") if(POSIX) + ADD_OSQUERY_LINK_ADDITIONAL("benchmark") - ADD_OSQUERY_LINK_ADDITIONAL("snappy") ++ ADD_OSQUERY_LINK_ADDITIONAL("snappy") ADD_OSQUERY_LINK_ADDITIONAL("ssl") ADD_OSQUERY_LINK_ADDITIONAL("crypto") -@@ -336,13 +339,6 @@ if(NOT OSQUERY_BUILD_SDK_ONLY) - - install(DIRECTORY "${CMAKE_SOURCE_DIR}/packs/" - DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/packs" COMPONENT main) -- if(APPLE) -- install(FILES "${CMAKE_SOURCE_DIR}/tools/deployment/com.facebook.osqueryd.plist" -- DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/" COMPONENT main) -- else() -- install(PROGRAMS "${CMAKE_SOURCE_DIR}/tools/deployment/osqueryd.initd" -- DESTINATION "/etc/init.d/" RENAME "osqueryd" COMPONENT main) -- endif() + ADD_OSQUERY_LINK_ADDITIONAL("libpthread") +diff --git a/osquery/extensions/CMakeLists.txt b/osquery/extensions/CMakeLists.txt +index 52f3bf80..066ed1c0 100644 +--- a/osquery/extensions/CMakeLists.txt ++++ b/osquery/extensions/CMakeLists.txt +@@ -60,12 +60,6 @@ else() + ) endif() - if(NOT SKIP_TESTS) -diff --git a/osquery/tables/system/linux/tests/md_tables_tests.cpp b/osquery/tables/system/linux/tests/md_tables_tests.cpp -index 126be362..119d361d 100644 ---- a/osquery/tables/system/linux/tests/md_tables_tests.cpp -+++ b/osquery/tables/system/linux/tests/md_tables_tests.cpp -@@ -72,7 +72,7 @@ void GetDrivesForArrayTestHarness(std::string arrayName, - EXPECT_CALL(md, getArrayInfo(arrayDevPath, _)) - .WillOnce(DoAll(SetArgReferee<1>(arrayInfo), Return(true))); - -- Sequence::Sequence s1; -+ Sequence s1; - for (int i = 0; i < MD_SB_DISKS; i++) { - mdu_disk_info_t diskInfo; - diskInfo.number = i; +-if(NOT WINDOWS) +- add_compile_options( +- -Wno-macro-redefined +- ) +-endif() +- + ADD_OSQUERY_LIBRARY(TRUE osquery_extensions + ${THRIFT_GENERATED_FILES} + ${THRIFT_IMPL_FILE} +diff --git a/osquery/logger/CMakeLists.txt b/osquery/logger/CMakeLists.txt +index ab91bd24..d8364991 100644 +--- a/osquery/logger/CMakeLists.txt ++++ b/osquery/logger/CMakeLists.txt +@@ -55,9 +55,9 @@ if(NOT SKIP_KAFKA AND NOT WINDOWS AND NOT FREEBSD) + + ADD_OSQUERY_LINK_ADDITIONAL("rdkafka") + +- set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS +- "logger/plugins/tests/kafka_producer_tests.cpp" +- ) ++ #set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS ++ # "logger/plugins/tests/kafka_producer_tests.cpp" ++ #) + + ADD_OSQUERY_TEST_ADDITIONAL(${OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS}) + endif() +diff --git a/osquery/tables/CMakeLists.txt b/osquery/tables/CMakeLists.txt +index dd78084f..158758e1 100644 +--- a/osquery/tables/CMakeLists.txt ++++ b/osquery/tables/CMakeLists.txt +@@ -68,7 +68,7 @@ if(LINUX) + set(TABLE_PLATFORM "linux") + + ADD_OSQUERY_LINK_ADDITIONAL("libresolv.so") +- ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app lvm-internal daemonclient") ++ ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app") + ADD_OSQUERY_LINK_ADDITIONAL("gcrypt gpg-error") + ADD_OSQUERY_LINK_ADDITIONAL("blkid") + ADD_OSQUERY_LINK_ADDITIONAL("ip4tc") diff --git a/specs/windows/services.table b/specs/windows/services.table index 4ac24ee9..657d8b99 100644 --- a/specs/windows/services.table diff --git a/pkgs/tools/system/osquery/platform-nixos.patch b/pkgs/tools/system/osquery/platform-nixos.patch deleted file mode 100644 index 7e1afcb640b3d..0000000000000 --- a/pkgs/tools/system/osquery/platform-nixos.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/tools/get_platform.py b/tools/get_platform.py -index 3dd34516..f53ca83a 100644 ---- a/tools/get_platform.py -+++ b/tools/get_platform.py -@@ -26,6 +26,8 @@ DEBIAN_VERSION = "/etc/debian_version" - GENTOO_RELEASE = "/etc/gentoo-release" - - def _platform(): -+ return ("nixos", "nixos") -+ - osType, _, _, _, _, _ = platform.uname() - - if osType == "Windows": -@@ -75,6 +77,8 @@ def _platform(): - return (None, osType.lower()) - - def _distro(osType): -+ return "unknown_version" -+ - def getRedhatDistroVersion(pattern): - with open(SYSTEM_RELEASE, "r") as fd: - contents = fd.read()