Accepting request 1060080 from security:sensor

- Fixed release detection to include Tumblweed (forwarded request 1060079 from jeff_mahoney)

OBS-URL: https://build.opensuse.org/request/show/1060080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/velociraptor?expand=0&rev=2
This commit is contained in:
Dominique Leuenberger 2023-01-21 18:10:27 +00:00 committed by Git OBS Bridge
commit 6404b5dcb9
7 changed files with 298 additions and 43 deletions

View File

@ -0,0 +1,18 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: third_party/sdjournal: remove enums missing on SLE-12
The version of systemd on SLE-12 is older and doesn't have these enums. We
don't use them, so it's safe to remove them.
--- a/third_party/sdjournal/journal_linux.go
+++ b/third_party/sdjournal/journal_linux.go
@@ -380,9 +380,6 @@ const (
SD_JOURNAL_RUNTIME_ONLY = int(C.SD_JOURNAL_RUNTIME_ONLY)
SD_JOURNAL_SYSTEM = int(C.SD_JOURNAL_SYSTEM)
SD_JOURNAL_CURRENT_USER = int(C.SD_JOURNAL_CURRENT_USER)
- SD_JOURNAL_OS_ROOT = int(C.SD_JOURNAL_OS_ROOT)
- SD_JOURNAL_ALL_NAMESPACES = int(C.SD_JOURNAL_ALL_NAMESPACES)
- SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE = int(C.SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE)
)
// Journal event constants

View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Fixed release detection to include Tumblweed
-------------------------------------------------------------------
Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Increase required release to enable eBPF to SLE 15 SP2 and
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
and can't easily build llvm13.
-------------------------------------------------------------------
Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Remove dependency on bpftool. We use the vmlinux.h archive
to provide vmlinux.h.
-------------------------------------------------------------------
Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
- vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch
-------------------------------------------------------------------
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add memory limit to systemd unit
---------------------------------------------------------------------
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add memory limit to systemd unit
---------------------------------------------------------------------
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

View File

@ -6,6 +6,8 @@ Type=simple
User=root
Group=root
UMask=0027
MemoryHigh=4G
MemoryMax=8G
EnvironmentFile=-/etc/sysconfig/velociraptor-client
ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS

View File

@ -1,7 +1,7 @@
#
# spec file for package velociraptor
# spec file for package velociraptor-client
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -15,16 +15,30 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
%if 0%{?suse_version} >= 1500
# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf
%else
%bcond_with bpf
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# SLE12 has _sharedstatedir in an odd place
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
%define _sharedstatedir /var/lib
%endif
Name: velociraptor-client
Version: 0.6.7.4~git53.0e85855
Release: 0
@ -41,21 +55,22 @@ Source5: update-vendoring.sh
Source6: sysconfig.%{name}
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd)
BuildRequires: golang(API) >= 1.19
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.19
BuildRequires: pkgconfig(libsystemd)
%ifarch x86_64
BuildRequires: libtsan0
%endif
%if %{with bpf}
# clang15 causes libbpfo to crash immediately
BuildRequires: clang13
BuildRequires: llvm13
BuildRequires: bpftool
BuildRequires: libelf-devel
BuildRequires: llvm13
BuildRequires: zlib-devel-static
%endif
Conflicts: velociraptor
@ -72,7 +87,6 @@ https://docs.velociraptor.app/
This package contains only the endpoint agent. For the full console, please
install the 'velociraptor' package.
%prep
%setup -q -a 1 -a 4 -n %{projname}-%{version}
%autopatch -p1
@ -107,6 +121,7 @@ install -d -m 755 %{buildroot}%{_fillupdir}
install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir}
%files
%defattr(-, root, root)
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/velociraptor

View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Fixed release detection to include Tumblweed
-------------------------------------------------------------------
Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Increase required release to enable eBPF to SLE 15 SP2 and
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
and can't easily build llvm13.
-------------------------------------------------------------------
Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Remove dependency on bpftool. We use the vmlinux.h archive
to provide vmlinux.h.
-------------------------------------------------------------------
Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
- vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch
-------------------------------------------------------------------
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package velociraptor
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -15,16 +15,30 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default
%if 0%{?suse_version} >= 1500
# SLE 15 SP2 / Leap 15.2 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf
%else
%bcond_with bpf
%endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# SLE12 has _sharedstatedir in an odd place
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
%define _sharedstatedir /var/lib
%endif
Name: velociraptor
Version: 0.6.7.4~git53.0e85855
Release: 0
@ -46,12 +60,14 @@ Source10: sysconfig.%{name}
Source11: sysconfig.%{name}-client
Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
BuildRequires: golang-packaging
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd)
BuildRequires: golang(API) >= 1.18
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.18
BuildRequires: pkgconfig(libsystemd)
%ifarch x86_64
BuildRequires: libtsan0
%endif
@ -60,9 +76,8 @@ BuildRequires: npm >= 16
%if %{with bpf}
# clang15 causes libbpfo to crash immediately
BuildRequires: clang13
BuildRequires: llvm13
BuildRequires: bpftool
BuildRequires: libelf-devel
BuildRequires: llvm13
BuildRequires: zlib-devel-static
%endif
Conflicts: velociraptor-client
@ -132,6 +147,7 @@ install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}
install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}
%files
%defattr(-, root, root)
%license LICENSE
%doc README.md
%dir %{_sysconfdir}/velociraptor
@ -148,6 +164,7 @@ install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}
%{_fillupdir}/sysconfig.%{name}-client
%files kafka-humio-gateway
%defattr(-, root, root)
%license LICENSE
%doc contrib/kafka-humio-gateway/README.md
%{_bindir}/%{name}-kafka-humio-gateway

View File

@ -0,0 +1,137 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: vendor: build fixes for SLE-12
SLE-12 uses gcc 4.8 and as a result requires definition
of _GNU_SOURCE and -std=c99 to build properly.
--- a/vendor/github.com/Velocidex/go-magic/magic/magic.go
+++ b/vendor/github.com/Velocidex/go-magic/magic/magic.go
@@ -1,7 +1,7 @@
package magic
/*
- #cgo CFLAGS: -DHAVE_CONFIG_H
+ #cgo CFLAGS: -DHAVE_CONFIG_H -std=c99 -D_GNU_SOURCE -DHAVE_STRNDUP
#include <magic.h>
#include <stdlib.h>
*/
--- a/vendor/github.com/Velocidex/go-magic/magic/regex.c
+++ b/vendor/github.com/Velocidex/go-magic/magic/regex.c
@@ -24,8 +24,6 @@
#pragma alloca
#endif
-#define _GNU_SOURCE
-
/* We need this for `regex.h', and perhaps for the Emacs include files. */
#include <sys/types.h>
--- a/vendor/github.com/Velocidex/go-yara/cgo.go
+++ b/vendor/github.com/Velocidex/go-yara/cgo.go
@@ -6,6 +6,6 @@
package yara
-// #cgo CFLAGS: -D_FILE_OFFSET_BITS=64
+// #cgo CFLAGS: -D_FILE_OFFSET_BITS=64 -std=c99 -D_GNU_SOURCE
// #cgo LDFLAGS:
import "C"
--- a/vendor/github.com/Velocidex/go-yara/endian.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
-Copyright (c) 2016. The YARA Authors. All Rights Reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation and/or
-other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its contributors
-may be used to endorse or promote products derived from this software without
-specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef YR_ENDIAN_H
-#define YR_ENDIAN_H
-
-#include <yara_integers.h>
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap16)
-#define yr_bswap16(x) __builtin_bswap16(x)
-#endif
-#endif
-
-#if !defined(yr_bswap16) && defined(_MSC_VER)
-#define yr_bswap16(x) _byteswap_ushort(x)
-#endif
-
-#if !defined(yr_bswap16)
-uint16_t _yr_bswap16(uint16_t x);
-#define yr_bswap16(x) _yr_bswap16(x)
-#endif
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap32)
-#define yr_bswap32(x) __builtin_bswap32(x)
-#endif
-#endif
-
-#if !defined(yr_bswap32) && defined(_MSC_VER)
-#define yr_bswap32(x) _byteswap_ulong(x)
-#endif
-
-#if !defined(yr_bswap32)
-uint32_t _yr_bswap32(uint32_t x);
-#define yr_bswap32(x) _yr_bswap32(x)
-#endif
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap64)
-#define yr_bswap64(x) __builtin_bswap64(x)
-#endif
-#endif
-
-#if !defined(yr_bswap64) && defined(_MSC_VER)
-#define yr_bswap64(x) _byteswap_uint64(x)
-#endif
-
-#if !defined(yr_bswap64)
-uint64_t _yr_bswap64(uint64_t x);
-#define yr_bswap64(x) _yr_bswap64(x)
-#endif
-
-#if defined(WORDS_BIGENDIAN)
-#define yr_le16toh(x) yr_bswap16(x)
-#define yr_le32toh(x) yr_bswap32(x)
-#define yr_le64toh(x) yr_bswap64(x)
-#define yr_be16toh(x) (x)
-#define yr_be32toh(x) (x)
-#define yr_be64toh(x) (x)
-#else
-#define yr_le16toh(x) (x)
-#define yr_le32toh(x) (x)
-#define yr_le64toh(x) (x)
-#define yr_be16toh(x) yr_bswap16(x)
-#define yr_be32toh(x) yr_bswap32(x)
-#define yr_be64toh(x) yr_bswap64(x)
-#endif
-
-#endif