Add Osquery Package

[nidhin077]

Project description
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.
I'm interested in using the Osquery in Nixos. I see that you removed the osquery package from Nix. Please include that as well. Therefore, it's beneficial to me.

Metadata

*homepage URL: https://osquery.io/
*source URL: https://github.com/osquery/osquery
*license: Apache-2.0 and GPL-2.0
*platforms: Linux, macOS, Windows, and FreeBSD

[fabaff]

Duplicate of #121745

[Ma27]

Last time we packaged it it was a pain maintain it. So even if somebody is willing to write a package definition, I'd be against merging it unless someone is willing to actually maintain it.

[znewman01]

I'm happy to step up as a maintainer. If I sent a PR and promised to maintain it, would it be accepted?

I am required to have Osquery installed for work, so I have a pretty strong incentive to keep maintaining it (I just install from the .deb right now, but would be much happier to not do that). I bet many other NixOS users are in the same situation.

CC @patflynn

[Taneb]

I'm happy to comaintain this! I need to use Kolide for work, so I have a vested interest in keeping it working

[madonius]

I would be happy to assist as well

[jdbaldry]

I'd also happily help with maintenance. I also need to run Kolide for work and there are at least a few of us there that run NixOS or use Nixpkgs.

[madonius]

So, how do we proceed from here?
@jdbaldry @Taneb @znewman01 @Ma27

[znewman01]

This hasn't been my top priority because I have a hacked-together solution that's sufficient for now. Even when I get some time to work on this project, I will probably prioritize work on Kolide itself (#195965) first.

If someone else wants to take a shot at packaging OSQuery, comment on this issue. I'd be happy to help (though not drive it forward immediately), and once it gets merged I'm committed to maintaining it.

Otherwise, my travel schedule at work is calming down so I would hopefully get to this in the next month-ish.

[jdbaldry]

I'll give it a crack this week but I'm no expert when it comes to writing Nix packages so expect it to require some rounds of review :)

[jdbaldry]

Started this in #201562.

I'm even less of an expert when it comes to building C++ projects. If anyone has more experience, I would love some pointers for how to proceed.

[jdbaldry]

Think I have it all working at least for x86_64 linux, I did have to sacrifice the system controls table to compile against glibc 2.34 but I don't think that's the worst for now. I am not sure I have will have the time soon to put together the changes to read directly from /proc/sys rather than using the removed sysctl.h library.