Accepting request 1085597 from security:sensor

- Provide sysuser template for velociraptor user and group. (forwarded request 1085596 from jeff_mahoney)

OBS-URL: https://build.opensuse.org/request/show/1085597
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/velociraptor?expand=0&rev=4
This commit is contained in:
Dominique Leuenberger 2023-05-09 11:08:33 +00:00 committed by Git OBS Bridge
commit 116b27c951
25 changed files with 368 additions and 1397 deletions

4
_multibuild Normal file
View File

@ -0,0 +1,4 @@
<multibuild>
<package>client</package>
</multibuild>

View File

@ -5,8 +5,8 @@
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="revision">sensor-base-0.6.7</param> <param name="revision">sensor-base-0.6.7</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="parent-tag">v0.6.7-4</param> <param name="parent-tag">v0.6.7-5</param>
<param name="versionrewrite-pattern">v([0-9\.]*)-(.*)</param> <param name="versionrewrite-pattern">v([0-9\.\-]*)-(.*)</param>
<param name="versionrewrite-replacement">\1.\2</param> <param name="versionrewrite-replacement">\1.\2</param>
<param name="changesgenerate">enable</param> <param name="changesgenerate">enable</param>
<param name="submodules">enable</param> <param name="submodules">enable</param>

View File

@ -1,6 +1,6 @@
<servicedata> <servicedata>
<service name="tar_scm"> <service name="tar_scm">
<param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
<param name="changesrevision">0e858552af3d6ab57bae796cc3e50ccef36b4aff</param></service><service name="tar_scm">
<param name="url">https://github.com/SUSE/linux-security-sensor</param> <param name="url">https://github.com/SUSE/linux-security-sensor</param>
<param name="changesrevision">4a1ed09d50339b902c6446686bd16deedbb23804</param></service></servicedata> <param name="changesrevision">2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba</param></service><service name="tar_scm">
<param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
<param name="changesrevision">02020f9752134efd8a6a92ab83a7b55b498e1948</param></service></servicedata>

View File

@ -0,0 +1,15 @@
## Path: Security/Monitoring
## Description: Velociraptor Kafka-Humio Gateway settings
## Type: string
## Default: ""
## ServiceRestart: velociraptor
#
# Options for velociraptor
#
KAFKA_HUMIO_GATEWAY_OPTIONS="--verbose"
#
# Location of configuration file
#
KAFKA_HUMIO_GATEWAY_CONFIG="/etc/velociraptor-kafka-humio-gateway/transport.yml"

View File

@ -0,0 +1,2 @@
u velociraptor - "Velociraptor User" /var/lib/velociraptor
g velociraptor - -

View File

@ -21,20 +21,23 @@ version=$(rpmspec -q --queryformat="%{VERSION}\n" velociraptor.spec|head -1)
dir="$(realpath "$(mktemp -d vendoring.XXXXXX)")" dir="$(realpath "$(mktemp -d vendoring.XXXXXX)")"
topdir="$(realpath "$(dirname "$0")")" topdir="$(realpath "$(dirname "$0")")"
rpmspec -P velociraptor.spec --define "_sourcedir $PWD" | \ # Pull the %prep section out of the spec file and replace the tarball with the obscpio
awk '
BEGIN { go=1; };
/^%build/ { go=0; };
{ if (go) print };' < velociraptor.spec > ${dir}/velociraptor.spec
rpmspec -P ${dir}/velociraptor.spec --define "_sourcedir $PWD" --define "_builddir ${dir}"| \
awk ' awk '
BEGIN { go=0; }; BEGIN { go=0; };
/^%build/ { go=0; }; /^%build/ { go=0; };
{ if (go) print }; { if (go) print };
/^%setup/ { go=1 }' > ${dir}/setup.sh /^%prep/ { go=1 }' | sed -e "/rpmuncompress.*velociraptor-.*.tar.xz/s#.*#cpio -D . -id < $PWD/velociraptor-${version}.obscpio#" > ${dir}/setup.sh
echo "Expanding archive..."
cpio -D "${dir}" -id < velociraptor-${version}.obscpio
echo "Running %prep" echo "Running %prep"
cd ${dir}
sh -e ${dir}/setup.sh
cd "${dir}/velociraptor-${version}" cd "${dir}/velociraptor-${version}"
tar Jxf ${topdir}/vmlinux.h-5.14.21150400.22-150400-default.tar.xz
sh ${dir}/setup.sh
echo "Re-vendoring Go code..." echo "Re-vendoring Go code..."
gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)" gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)"

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7fb845e3c71742cdfd51fd4b7eb0587c9a8ba9894874a5d6353fbf375a733f6d
size 127596558

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:638b6e6ef4d9146cd59ba9252358f1605b64af59ab902f1b919be6e6fe8c38e4
size 130006542

File diff suppressed because it is too large Load Diff

View File

@ -9,7 +9,8 @@ UMask=0027
MemoryHigh=4G MemoryHigh=4G
MemoryMax=8G MemoryMax=8G
EnvironmentFile=-/etc/sysconfig/velociraptor-client EnvironmentFile=-/etc/sysconfig/velociraptor-client
ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS Environment=TMPDIR=/var/lib/velociraptor-client/tmp
ExecStart=/usr/bin/velociraptor-client client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS
PrivateTmp=true PrivateTmp=true
PrivateDevices=true PrivateDevices=true

View File

@ -1,157 +0,0 @@
#
# spec file for package velociraptor-client
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf
%else
%bcond_with bpf
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# SLE12 has _sharedstatedir in an odd place
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
%define _sharedstatedir /var/lib
%endif
Name: velociraptor-client
Version: 0.6.7.4~git63.4a1ed09d
Release: 0
Summary: Endpoint visibility and collection tool (endpoint only)
Group: System/Monitoring
License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor
Source: %{projname}-%{version}.tar.xz
Source1: vendor-golang-%{vendor_version}.tar.xz
Source2: %{name}.service
Source3: %{name}.config.placeholder
Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source5: update-vendoring.sh
Source6: sysconfig.%{name}
Source7: %{projname}.obsinfo
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
Patch5: velociraptor-reproducible-timestamp.diff
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.19
BuildRequires: pkgconfig(libsystemd)
%ifarch x86_64
BuildRequires: libtsan0
%endif
%if %{with bpf}
# clang15 causes libbpfo to crash immediately
BuildRequires: clang13
BuildRequires: libelf-devel
BuildRequires: llvm13
BuildRequires: zlib-devel-static
%endif
Conflicts: velociraptor
ExclusiveArch: x86_64 ppc64le aarch64 s390x
%description
Velociraptor is a tool for collecting host based state information
using The Velociraptor Query Language (VQL) queries.
To learn more about Velociraptor, read the documentation on:
https://docs.velociraptor.app/
This package contains only the endpoint agent. For the full console, please
install the 'velociraptor' package.
%prep
%setup -q -a 1 -a 4 -n %{projname}-%{version}
%autopatch -p1
# Set the version to something more specific than <next-tag>-dev
sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
%if %{with bpf}
mkdir -p third_party/libbpfgo/output
cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
third_party/libbpfgo/output/vmlinux.h
%endif
# These just clutter the GUI and we don't have Windows clients
# Note: There are dependencies on these that need to be resolved before
# removing them outright.
# rm -rf artifacts/definitions/Windows
%build
# Reproductible builds need stable timestamps
timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE7}|sed -e 's/mtime: //'))
git_commit=$(grep commit: %{SOURCE7}|sed -e 's/commit: //g')
export VELOCIRAPTOR_BUILD_TIME=$timestamp
export VELOCIRAPTOR_GIT_HEAD=$git_commit
PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}
%install
mkdir -p %buildroot/%{_bindir}
mkdir -p %buildroot/%{_sysconfdir}/velociraptor
mkdir -p %buildroot/%{_unitdir}
mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
install -d -m 755 %{buildroot}%{_fillupdir}
install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir}
%files
%defattr(-, root, root)
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/velociraptor
%{_bindir}/velociraptor
%config(noreplace) %{_sysconfdir}/velociraptor/client.config
%{_unitdir}/%{name}.service
%dir %{_sharedstatedir}/velociraptor-client
%{_fillupdir}/sysconfig.%{name}
%pre
%service_add_pre %{name}.service
%post
%{fillup_only}
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%changelog

View File

@ -1,22 +1,19 @@
From: Jeff Mahoney <jeffm@suse.com> From: Jeff Mahoney <jeffm@suse.com>
Subject: [PATCH] velociraptor: add dummy main function for mage Subject: [PATCH] velociraptor: remove ignore tag to allow vendoring of mage
The ignore tag in make.go means it won't be properly vendored.
Mage won't pull in the full dependencies without there being a real
import. This isn't used in the executable, since that's in bin/, but it
will be used for 'go mod vendor'
--- ---
dummy.go | 9 +++++++++ make.go | 2 --
1 file changed, 9 insertions(+) 1 file changed, 2 deletions(-)
--- /dev/null diff --git a/make.go b/make.go
+++ b/dummy.go index 28b3e90..8fad8b9 100644
@@ -0,0 +1,9 @@ --- a/make.go
+// +build useless +++ b/make.go
+package main @@ -1,5 +1,3 @@
+ -// +build ignore
+import ( -
+ "github.com/magefile/mage" /*
+) Velociraptor - Dig Deeper
+ Copyright (C) 2019-2022 Rapid7 Inc.
+func main() {
+}

View File

@ -0,0 +1,24 @@
[Unit]
Description=Velociraptor Kafka-Humio Gateway Service
[Service]
Type=simple
User=velociraptor-kafka
Group=velociraptor-kafka
UMask=0027
User=velociraptor
Group=velociraptor
EnvironmentFile=-/etc/sysconfig/velociraptor-kafka-humio-gateway
ExecStart=/usr/bin/velociraptor-kafka-humio-gateway $KAFKA_HUMIO_GATEWAY_OPTS --config $KAFKA_HUMIO_GATEWAY_CONFIG
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,2 @@
u velociraptor-kafka - "User for velociraptor Kafka Humio Gateway" /var/lib/velociraptor-kafka-humio-gateway
g velociraptor-kafka - -

View File

@ -1,23 +0,0 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: skip git submodule import for OBS build
For OBS builds, the git submodule is imported during obs_scm.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -61,8 +61,8 @@ ifeq ($(BUILD_LIBBPFGO), 1)
vql/linux/chattrsnoop/chattrsnoop.bpf.o
$(LIBBPFGO_DIR): always-check
- echo "INFO: updating submodule 'libbpfgo'"
- $(GIT) submodule update --init --recursive $@
+# echo "INFO: updating submodule 'libbpfgo'"
+# $(GIT) submodule update --init --recursive $@
$(LIBBPF_LIB): $(LIBBPFGO_DIR)
make -C $(LIBBPFGO_DIR) libbpfgo-full-static

View File

@ -1,5 +1,71 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 26 20:06:09 UTC 2023 - jeffm@suse.com Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Provide sysuser template for velociraptor user and group.
-------------------------------------------------------------------
Mon May 08 20:21:03 UTC 2023 - jeffm@suse.com
- Update to version 0.6.7.5~git78.2bef6fc:
* bpf: fix path to vmlinux.h
-------------------------------------------------------------------
Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.5~git77.997aa73:
* file_store/test_utils/server_config.go: update test certificate
* Update bluemonday dependency.
* vql/functions/hash: cache results on Linux
* libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
* logscale/backport: don't use networking.GetHttpTransport
* vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
* file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
the spec.
- Merge client package into server spec and use _multibuild to create
client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
- Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch
-------------------------------------------------------------------
Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert <mrueckert@suse.de>
- Tightening the security of the services a bit:
- tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
from /tmp
- run velociraptor server as user velociraptor instead of root
we do not really need root permissions here
- introduce /var/lib/velociraptor/filestore to make it easier to
split out large file upload
- change permissions for the data directory and subdirectories to
/var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor
/var/lib/velociraptor-client/ u=rwX,go= root:root
- change permissions of config directory to:
/etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor
/etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor
/etc/velociraptor/client.config u=rw,go= root:root
-------------------------------------------------------------------
Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.5~git6.73efb2a:
* libbpfgo: update submodule to require libzstd for newer libelf
* utils/time.js: fix handling of nanosecond-resolution timestamps
* libbpfgo: switch to using regular static builds
* Create a new 0.6.7-5 release (#2385)
- Verify FILESYSTEM_WRITE permission on copy() function (#2384) (bsc#1207936, CVE-2023-0242)
- Also ensure client id is considered unsafe (bsc#1207937, CVE-2023-0290)
* github/workflows/linux: do apt-get update to refresh package lists
- Remove unnecessary dependency on libtsan0.
- Allow velociraptor and velociraptor-client packages to coexist.
-------------------------------------------------------------------
Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git63.4a1ed09d: - Update to version 0.6.7.4~git63.4a1ed09d:
* utils/time.js: fix handling of nanosecond-resolution timestamps * utils/time.js: fix handling of nanosecond-resolution timestamps
@ -12,7 +78,7 @@ Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.7.4~git60.8abed37a: - Update to version 0.6.7.4~git60.8abed37a:
* http_comms: create ring buffer temporary file in the same directory * http_comms: create ring buffer temporary file in the same directory
@ -48,6 +114,11 @@ Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- vendor-build-fixes-for-SLE12.patch - vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch - sdjournal-build-fix-for-SLE12.patch
-------------------------------------------------------------------
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- client: add memory limit to systemd unit
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com> Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
@ -77,6 +148,11 @@ Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
Neither the client or server builds on ix86. Neither the client or server builds on ix86.
-------------------------------------------------------------------
Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Added Restart=on-failure to restart the client automatically.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney <jeffm@suse.com> Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
@ -1030,7 +1106,12 @@ Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
* Propagate column types from artifact to flow notebook. (#1346) * Propagate column types from artifact to flow notebook. (#1346)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com> Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- client: Remove dependencies on nodejs since we don't use it in client mode.
-------------------------------------------------------------------
Thu Jan 6 20:14:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
- Update to version 0.6.2~git73.dc02b45e: - Update to version 0.6.2~git73.dc02b45e:
* Update PrivateKeys.yaml (#1459) * Update PrivateKeys.yaml (#1459)
@ -1056,6 +1137,8 @@ Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney <jeffm@suse.com>
- Switch to using master branch via service files. - Switch to using master branch via service files.
- Added update-vendoring.sh to update the nodejs and go dependencies - Added update-vendoring.sh to update the nodejs and go dependencies
after version update. after version update.
- Now building the client with linux_bare target that disables
the GUI for endpoint usage.
- Patch the version string to reflect the package version instead - Patch the version string to reflect the package version instead
of an indistinguishable <next-tag>-dev. of an indistinguishable <next-tag>-dev.

View File

@ -1,4 +1,4 @@
name: velociraptor name: velociraptor
version: 0.6.7.4~git63.4a1ed09d version: 0.6.7.5~git78.2bef6fc
mtime: 1674763484 mtime: 1683577211
commit: 4a1ed09d50339b902c6446686bd16deedbb23804 commit: 2bef6fce8e26733a13a3bbfeaa8c4828db1a99ba

View File

@ -3,10 +3,11 @@ Description=Velociraptor Server Service
[Service] [Service]
Type=simple Type=simple
User=root
Group=root
UMask=0027 UMask=0027
User=velociraptor
Group=velociraptor
EnvironmentFile=-/etc/sysconfig/velociraptor EnvironmentFile=-/etc/sysconfig/velociraptor
Environment=TMPDIR=/var/lib/velociraptor/tmp
ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS
PrivateTmp=true PrivateTmp=true

View File

@ -1,5 +1,5 @@
# #
# spec file for package velociraptor # spec file
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
@ -16,8 +16,28 @@
# #
%define flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "client"
%define build_client 1
%define build_server 0
%define build_kafka_humio_gateway 0
%define name_suffix -client
%define make_target linux_bare
%define config_perms %attr(0600, root, root)
%define state_dir_perms %attr(0700, root, root)
%else
%define build_kafka_humio_gateway 1
%define build_server 1
%define build_client 0
%define name_suffix %{nil}
%define make_target linux
%define config_perms %attr(0640, root, velociraptor)
%define state_dir_perms %attr(0700, velociraptor, velociraptor)
%endif
%define projname velociraptor %define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56 %define vendor_version 0.6.7.5~git77.997aa73
%define vmlinux_h_version 5.14.21150400.22-150400-default %define vmlinux_h_version 5.14.21150400.22-150400-default
# SLE 15 SP2 / Leap 15.2 or newer gets eBPF # SLE 15 SP2 / Leap 15.2 or newer gets eBPF
@ -39,10 +59,14 @@
%define _sharedstatedir /var/lib %define _sharedstatedir /var/lib
%endif %endif
Name: velociraptor Name: velociraptor%{name_suffix}
Version: 0.6.7.4~git63.4a1ed09d Version: 0.6.7.5~git78.2bef6fc
Release: 0 Release: 0
%if %{build_server}
Summary: Endpoint visibility and collection tool Summary: Endpoint visibility and collection tool
%else
Summary: Endpoint visibility and collection tool (endpoint only)
%endif
Group: System/Monitoring Group: System/Monitoring
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor URL: https://github.com/Velocidex/velociraptor
@ -50,41 +74,51 @@ Source: %{projname}-%{version}.tar.xz
Source1: vendor-golang-%{vendor_version}.tar.xz Source1: vendor-golang-%{vendor_version}.tar.xz
Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz
Source3: vendor-nodejs-%{vendor_version}.tar.xz Source3: vendor-nodejs-%{vendor_version}.tar.xz
Source4: %{name}.service Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source5: %{name}-server.config.placeholder Source5: velociraptor.service
Source6: %{name}-client.service Source6: velociraptor-server.config.placeholder
Source7: %{name}-client.config.placeholder Source7: velociraptor-client.service
Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz Source8: velociraptor-client.config.placeholder
Source9: update-vendoring.sh Source9: update-vendoring.sh
Source10: sysconfig.%{name} Source10: sysconfig.velociraptor
Source11: sysconfig.%{name}-client Source11: sysconfig.velociraptor-client
Source12: %{projname}.obsinfo Source12: %{projname}.obsinfo
Source13: system-user-velociraptor.sysusers
Source14: velociraptor-kafka.sysusers
Source15: velociraptor-kafka-humio-gateway.service
Source16: sysconfig.velociraptor-kafka-humio-gateway
Patch1: velociraptor-golang-mage-vendoring.diff Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch2: vendor-build-fixes-for-SLE12.patch
Patch3: vendor-build-fixes-for-SLE12.patch Patch3: sdjournal-build-fix-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch Patch4: velociraptor-reproducible-timestamp.diff
Patch5: velociraptor-reproducible-timestamp.diff
BuildRequires: fileb0x BuildRequires: fileb0x
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: mage BuildRequires: mage
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.18 BuildRequires: golang(API) >= 1.18
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
%ifarch x86_64 %if %{build_server}
BuildRequires: libtsan0
%endif
BuildRequires: nodejs >= 16 BuildRequires: nodejs >= 16
BuildRequires: npm >= 16 BuildRequires: npm >= 16
%if %{with bpf}
# clang15 causes libbpfo to crash immediately
BuildRequires: clang13
BuildRequires: libelf-devel
BuildRequires: llvm13
BuildRequires: zlib-devel-static
%endif %endif
Conflicts: velociraptor-client %if %{with bpf}
# clang15 causes libbpfgo to crash immediately
BuildRequires: clang16
BuildRequires: libelf-devel
BuildRequires: libzstd-devel
BuildRequires: libzstd-devel
BuildRequires: llvm16
BuildRequires: zlib-devel
%endif
Requires: group(velociraptor)
Requires: user(velociraptor)
ExclusiveArch: x86_64 ppc64le aarch64 s390x ExclusiveArch: x86_64 ppc64le aarch64 s390x
%if %{build_server}
BuildRequires: sysuser-tools
%{?sysusers_requires}
%endif
%if %{build_server}
%description %description
Velociraptor is a tool for collecting host based state information Velociraptor is a tool for collecting host based state information
using The Velociraptor Query Language (VQL) queries. using The Velociraptor Query Language (VQL) queries.
@ -93,19 +127,49 @@ To learn more about Velociraptor, read the documentation on:
https://docs.velociraptor.app/ https://docs.velociraptor.app/
This package contains the endpoint agent and full console GUI. This package contains the velociraptor server and full console GUI.
For just the endpoint agent, please install the 'velociraptor-client' package. For just the endpoint agent, please install the 'velociraptor-client' package.
%package -n system-user-velociraptor
Summary: System user and group 'velociraptor'
Version: 1.0.0
License: Apache-2.0
Group: System/Monitoring
Provides: group(velociraptor)
Provides: user(velociraptor)
%description -n system-user-velociraptor
This package provides a shared system user for all velociraptor components
%endif
%if %{build_kafka_humio_gateway}
%package kafka-humio-gateway %package kafka-humio-gateway
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
Version: 0.6.7.4~git63.4a1ed09d Version: 0.6.7.5~git78.2bef6fc
Requires: group(velociraptor-kafka)
Requires: user(velociraptor-kafka)
%description kafka-humio-gateway %description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin This tool is used to consume events generated by the Kafka Velociraptor plugin
and post them to a Humio cluster. and post them to a Humio cluster.
%endif
%if %{build_client}
%description
Velociraptor is a tool for collecting host based state information
using The Velociraptor Query Language (VQL) queries.
To learn more about Velociraptor, read the documentation on:
https://docs.velociraptor.app/
This package contains only the endpoint agent. For the full server and GUI
console, please install the 'velociraptor' package.
%endif
%prep %prep
%setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version} %setup -q -a 1 -a 2 -a 3 -a 4 -n %{projname}-%{version}
%autopatch -p1 %autopatch -p1
# Set the version to something more specific than <next-tag>-dev # Set the version to something more specific than <next-tag>-dev
@ -132,67 +196,119 @@ git_commit=$(grep commit: %{SOURCE12}|sed -e 's/commit: //g')
export VELOCIRAPTOR_BUILD_TIME=$timestamp export VELOCIRAPTOR_BUILD_TIME=$timestamp
export VELOCIRAPTOR_GIT_HEAD=$git_commit export VELOCIRAPTOR_GIT_HEAD=$git_commit
%if %{build_server}
(cd gui/velociraptor ; npm run build) (cd gui/velociraptor ; npm run build)
PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf} %sysusers_generate_pre %{SOURCE13} velociraptor-user
%endif
make %{make_target} BUILD_LIBBPFGO=%{with bpf} GIT=echo
%if %{build_kafka_humio_gateway}
(cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway) (cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
%sysusers_generate_pre %{SOURCE16} kafka-user
%endif
%install %install
mkdir -p %buildroot/%{_bindir} install -D -d -m 0750 %buildroot/%{_sysconfdir}/velociraptor
mkdir -p %buildroot/%{_sysconfdir}/velociraptor install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/data
mkdir -p %buildroot/%{_unitdir} install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/logs
mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/data install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/tmp
mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/logs
mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client %if %{build_server}
mkdir -p %buildroot/%{_datadir}/%{name}-kafka-humio-gateway service_file_source=%{SOURCE5}
install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor config_file_source=%{SOURCE6}
install -m 0755 contrib/kafka-humio-gateway/%{name}-kafka-humio-gateway %buildroot/%{_bindir} sysconfig_file_source=%{SOURCE10}
install -m 0644 contrib/kafka-humio-gateway/sample-config.yml %buildroot/%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml config_file=server.config
install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
install -m 0600 %{SOURCE5} %{buildroot}%{_sysconfdir}/velociraptor/server.config install -D -m 0644 %{SOURCE13} %{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service %else
install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config service_file_source=%{SOURCE7}
install -d -m 755 %{buildroot}%{_fillupdir} config_file_source=%{SOURCE8}
install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir} sysconfig_file_source=%{SOURCE11}
install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir} config_file=client.config
%endif
install -D -m 0644 "$service_file_source" %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 "$sysconfig_file_source" %{buildroot}%{_fillupdir}/sysconfig.%{name}
install -D -m 0640 "$config_file_source" "%{buildroot}%{_sysconfdir}/velociraptor/$config_file"
install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/%{name}
%if %{build_kafka_humio_gateway}
install -D -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/
install -D -m 0644 %{SOURCE16} %{buildroot}%{_fillupdir}/
install -D -m 0755 contrib/kafka-humio-gateway/velociraptor-kafka-humio-gateway %buildroot/%{_bindir}
install -D -m 0644 contrib/kafka-humio-gateway/sample-config.yml \
%buildroot/%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
install -D -m 0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/velociraptor-kafka.conf
install -D -d -m 0750 %{buildroot}%{_sysconfdir}/velociraptor-kafka-humio-gateway
install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
%buildroot/%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
%endif
%files %files
%defattr(-, root, root) %defattr(-, root, root)
%license LICENSE %license LICENSE
%doc README.md %doc README.md
%dir %{_sysconfdir}/velociraptor %{_bindir}/%{name}
%{_bindir}/velociraptor
%config(noreplace) %{_sysconfdir}/velociraptor/server.config
%config(noreplace) %{_sysconfdir}/velociraptor/client.config
%{_unitdir}/%{name}.service %{_unitdir}/%{name}.service
%{_unitdir}/%{name}-client.service
%dir %{_sharedstatedir}/velociraptor
%dir %{_sharedstatedir}/velociraptor/data
%dir %{_sharedstatedir}/velociraptor/logs
%dir %{_sharedstatedir}/velociraptor-client
%{_fillupdir}/sysconfig.%{name} %{_fillupdir}/sysconfig.%{name}
%{_fillupdir}/sysconfig.%{name}-client
%dir %attr(-, root, velociraptor) %{_sysconfdir}/velociraptor
%config(noreplace) %{config_perms} %{_sysconfdir}/velociraptor/*.config
%dir %{state_dir_perms} %{_sharedstatedir}/%{name}
%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/data
%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/logs
%dir %{state_dir_perms} %{_sharedstatedir}/%{name}/tmp
%pre
%service_add_pre %{name}.service
%post
%{fillup_only}
%service_add_post %{name}.service
%preun
%service_del_preun %{name}.service
%postun
%service_del_postun %{name}.service
%if %{build_server}
%pre -n system-user-velociraptor -f velociraptor-user.pre
%files -n system-user-velociraptor
%defattr(-, root, root)
%{_sysusersdir}/system-user-velociraptor.conf
%endif
%if %{build_kafka_humio_gateway}
%files kafka-humio-gateway %files kafka-humio-gateway
%defattr(-, root, root) %defattr(-, root, root)
%license LICENSE %license LICENSE
%doc contrib/kafka-humio-gateway/README.md %doc contrib/kafka-humio-gateway/README.md
%{_bindir}/%{name}-kafka-humio-gateway %{_bindir}/velociraptor-kafka-humio-gateway
%dir %{_datadir}/%{name}-kafka-humio-gateway %dir %{_datadir}/velociraptor-kafka-humio-gateway
%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml %{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
%{_sysusersdir}/velociraptor-kafka.conf
%{_unitdir}/velociraptor-kafka-humio-gateway.service
%{_fillupdir}/sysconfig.velociraptor-kafka-humio-gateway
%dir %attr(750, root, velociraptor-kafka) %{_sysconfdir}/velociraptor-kafka-humio-gateway
%config(noreplace) %attr(0640, root, velociraptor-kafka) %{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
%pre %pre kafka-humio-gateway -f kafka-user.pre
%service_add_pre %{name}.service %{name}-client.service %service_add_pre velociraptor-kafka-humio-gateway.service
%post %post kafka-humio-gateway
%{fillup_only} %{fillup_only -s kafka-humio-gateway}
%{fillup_only -s client} %service_add_post velociraptor-kafka-humio-gateway.service
%service_add_post %{name}.service %{name}-client.service
%preun %preun kafka-humio-gateway
%service_del_preun %{name}.service %{name}-client.service %service_del_preun velociraptor-kafka-humio-gateway.service
%postun %postun kafka-humio-gateway
%service_del_postun %{name}.service %{name}-client.service %service_del_postun velociraptor-kafka-humio-gateway.service
%endif
%changelog %changelog

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d0e93278e02bdcba1d6f81dc318ae07131c1f8492dc5db7340ddd8f3841d31f4
size 27825180

BIN
vendor-golang-0.6.7.5~git77.997aa73.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:73c425c59d06d58c64c5f0f45e4211f9d9f51e8e1e688e070ccf53a8eb9bbc6f
size 454256

Binary file not shown.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8734e871d5df2ccfd120ab591ed195fcb2b111ee7cc41378e5c29b68c3e83cb
size 37872364

BIN
vendor-nodejs-0.6.7.5~git77.997aa73.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.