Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add librpm.so.9 to the names dlopen searches #19275

Merged
merged 1 commit into from
Jun 18, 2020
Merged

Add librpm.so.9 to the names dlopen searches #19275

merged 1 commit into from
Jun 18, 2020

Conversation

andrewkroh
Copy link
Member

What does this PR do?

Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Why is it important?

It makes the system/package dataset work on newer Fedora releases.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

@andrewkroh
Add librpm.so.9 to the names dlopen searches
4d7f176 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes elastic#19253
@andrewkroh andrewkroh requested a review from a team as a code owner June 18, 2020 14:49
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jun 18, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jun 18, 2020
@andrewkroh andrewkroh added the needs_backport PR is waiting to be backported to other branches. label Jun 18, 2020
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #19275 opened]

  • Start Time: 2020-06-18T14:49:25.540+0000

  • Duration: 40 min 44 sec

Test stats 🧪

Test Results
Failed 0
Passed 766
Skipped 176
Total 942

leehinman
leehinman approved these changes Jun 18, 2020
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Long term I'm wondering if we should take advantage of ldconfig, something along the lines of

ldconfig -p | grep "librpm\.so"

@andrewkroh
Copy link
Member Author

Yes, I totally agree a solution like that is the optimal path. I'm just not sure what the right way to make that work is. In general search the library paths for librpm and prefer the newest (or newest that Auditbeat is compatible with).

ldconfig -p | grep -i rpm didn't actually find librpm for me on Fedora 31 (from beats vagrantfile).

@leehinman
Copy link
Contributor

Yes, I totally agree a solution like that is the optimal path. I'm just not sure what the right way to make that work is. In general search the library paths for librpm and prefer the newest (or newest that Auditbeat is compatible with).

ldconfig -p | grep -i rpm didn't actually find librpm for me on Fedora 31 (from beats vagrantfile).

We should probably open a new Issue for tracking the improvement. I'm totally fine with the current fix.

That's weird, I was testing on Fedora31 from beats vagrant file too and got:

[vagrant@localhost ~]$ ldconfig -p | grep "librpm\.so"
	librpm.so.9 (libc6,x86-64) => /lib64/librpm.so.9
	librpm.so (libc6,x86-64) => /lib64/librpm.so
[vagrant@localhost ~]$

I wonder what is different? Suggests this isn't robust enough. Maybe

rpm -ql rpm-libs | grep "librpm\.so"

is more reliable.

@andrewkroh
Copy link
Member Author

I had two windows open testing auditbeat related stuff and I must have got them confused. It works for too when I use the right OS 🤦 .

@andrewkroh andrewkroh merged commit 6fedaef into elastic:master Jun 18, 2020
andrewkroh added a commit to andrewkroh/beats that referenced this pull request Jun 18, 2020
@andrewkroh
Add librpm.so.9 to the names dlopen searches (elastic#19275)
27b0ca0 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes elastic#19253

(cherry picked from commit 6fedaef)
@andrewkroh andrewkroh mentioned this pull request Jun 18, 2020
Merged
6 tasks
@andrewkroh andrewkroh added v7.9.0 and removed needs_backport PR is waiting to be backported to other branches. labels Jun 18, 2020
andrewkroh added a commit to andrewkroh/beats that referenced this pull request Jun 18, 2020
@andrewkroh
Add librpm.so.9 to the names dlopen searches (elastic#19275)
cec69df 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes elastic#19253

(cherry picked from commit 6fedaef)
@andrewkroh andrewkroh mentioned this pull request Jun 18, 2020
Merged
6 tasks
@andrewkroh andrewkroh mentioned this pull request Jun 18, 2020
Closed
@andrewkroh
Copy link
Member Author

@leehinman Issue created: #19287

andrewkroh added a commit that referenced this pull request Jun 18, 2020
@andrewkroh
Add librpm.so.9 to the names dlopen searches (#19275) (#19285)
5a066ac 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes #19253

(cherry picked from commit 6fedaef)
andrewkroh added a commit that referenced this pull request Jun 18, 2020
@andrewkroh
Add librpm.so.9 to the names dlopen searches (#19275) (#19286)
cc95c44 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes #19253

(cherry picked from commit 6fedaef)
melchiormoulin pushed a commit to melchiormoulin/beats that referenced this pull request Oct 14, 2020
@andrewkroh @melchiormoulin
Add librpm.so.9 to the names dlopen searches (elastic#19275)
8e95b9d 
Fedora 31 and 32 use librpm.so.9, but Auditbeat's system/package dataset doesn't try to load
this version of the library.

Fixes elastic#19253
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leehinman leehinman leehinman approved these changes

Assignees
No one assigned
Labels
Auditbeat bug v7.8.1 v7.9.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Auditbeat] system/package failing on Fedora 31+
3 participants
@andrewkroh @elasticmachine @leehinman