- Update to version 0.6.3~git19.640f7a1c:

* Add tcpsnoop plugin - Update to version 0.6.3~git19.640f7a1c: * Add tcpsnoop plugin OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=13
2022-03-18 16:16:16 +00:00 · 2022-03-18 16:16:16 +00:00 · ae02f616a5
commit ae02f616a5
parent d4bba99e16
17 changed files with 100 additions and 21 deletions
--- a/1
+++ b/1
@ -8,6 +8,7 @@
    <param name="parent-tag">v0.6.3</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="changesgenerate">enable</param>
+    <param name="submodules">enable</param>
  </service>
  <service name="set_version" mode="manual" />
  <service mode="buildtime" name="tar"/>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">03bd1d74b26a6f6593068bb6a4e80782e9e690a9</param></service></servicedata>
+              <param name="changesrevision">0ed023e28e50d9ff4f6ef6b758618cf5a36667bd</param></service></servicedata>
--- a/velociraptor-0.6.3~git17.741ebb59.obscpio
+++ b/velociraptor-0.6.3~git17.741ebb59.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f7149284d357f1b69a40b4555342d698fc4e5cb474a0cacfc9ef127354992092
-size 19495949
--- a/velociraptor-0.6.3~git19.640f7a1c.obscpio
+++ b/velociraptor-0.6.3~git19.640f7a1c.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b08a8c85dceb85f51064a25fe549b5c1780f23984b08b5352d16640f15a33a88
+size 26367501
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.3~git19.640f7a1c:
+  * Add tcpsnoop plugin
+
 -------------------------------------------------------------------
 Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com

--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -19,7 +19,7 @@
 %define vendor_version %{version}

 Name:           velociraptor-client
-Version:        0.6.3~git17.741ebb59
+Version:        0.6.3~git19.640f7a1c
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)

@ -31,6 +31,8 @@ Source1:        vendor-golang-%{vendor_version}.tar.xz
 Source2:        %{name}.service
 Source3:        %{name}.config.placeholder
 Patch1:         velociraptor-golang-mage-vendoring.diff
+Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
+Patch3:		velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
@ -38,6 +40,10 @@ BuildRequires:  golang(API) >= 1.14
 BuildRequires:  fileb0x
 BuildRequires:  mage
 BuildRequires:  libtsan0
+BuildRequires:  clang13
+BuildRequires:  llvm13
+BuildRequires:  bpftool
+BuildRequires:	libelf-devel
 Conflicts:      velociraptor

 %description
@ -56,6 +62,9 @@ install the 'velociraptor' package.
 %setup -q -a 1 -n %{projname}-%{version}
 %autopatch -p1

+# The build process will do this too but it makes 'go mod vendor' easier
+rm -f third_party/libbpfgo/go.mod
+
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go

@ -63,7 +72,7 @@ sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go
 rm -rf artifacts/definitions/Windows

 %build
-make linux_bare
+PATH=$PATH:/usr/sbin make linux_bare

 %install
 mkdir -p %buildroot/%{_bindir}
--- a/velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
+++ b/velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
@ -0,0 +1,24 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: Makefile: add bpf rules to linux_bare
+
+The standalone client needs to have the vql implementation for bpf too
+
+Acked-by: Jeff Mahoney <jeffm@suse.com>
+---
+ Makefile |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/Makefile
+++ b/Makefile
+@@ -84,8 +84,8 @@ endif
+ 
+ linux: $(BPF_MODULES)
+ 	$(GOFLAGS) go run make.go -v linux
+-linux_bare:
+-	go run make.go -v linuxBare
+linux_bare: $(BPF_MODULES)
+	$(GOFLAGS) go run make.go -v linuxBare
+ 
+ freebsd:
+ 	go run make.go -v freebsd
+
--- a/velociraptor-skip-git-submodule-import-for-OBS-build.patch
+++ b/velociraptor-skip-git-submodule-import-for-OBS-build.patch
@ -0,0 +1,24 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: skip git submodule import for OBS build
+
+For OBS builds, the git submodule is imported during obs_scm.
+
+Signed-off-by: Jeff Mahoney <jeffm@suse.com>
+---
+ Makefile |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/Makefile
+++ b/Makefile
+@@ -61,8 +61,8 @@ ifeq ($(BUILD_LIBBPFGO), 1)
+ BPF_MODULES := vql/linux/tcpsnoop/tcpsnoop.bpf.o
+ 
+ $(LIBBPFGO_DIR): always-check
+-	echo "INFO: updating submodule 'libbpfgo'"
+-	$(GIT) submodule update --init --recursive $@
+#	echo "INFO: updating submodule 'libbpfgo'"
+#	$(GIT) submodule update --init --recursive $@
+ 	# Fake that it's an internal module
+ 	rm -f $@/go.mod
+ 	sed -e 's;"github.com/aquasecurity;"www.velocidex.com/golang/velociraptor/third_party;' -i $@/libbpfgo.go
+
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+
+- Update to version 0.6.3~git19.640f7a1c:
+  * Add tcpsnoop plugin
+
 -------------------------------------------------------------------
 Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com

--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.3~git17.741ebb59
-mtime: 1647349936
-commit: 741ebb59371cb031ae50997187d0497130a4bb5a
+version: 0.6.3~git19.640f7a1c
+mtime: 1647612684
+commit: 640f7a1c9256437f7824a897bdf7415be367dced
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -19,7 +19,7 @@
 %define vendor_version %{version}

 Name:           velociraptor
-Version:        0.6.3~git17.741ebb59
+Version:        0.6.3~git19.640f7a1c
 Release:        0
 Summary:	Endpoint visibility and collection tool

@ -35,6 +35,8 @@ Source5:        %{name}-server.config.placeholder
 Source6:        %{name}-client.service
 Source7:        %{name}-client.config.placeholder
 Patch1:		velociraptor-golang-mage-vendoring.diff
+Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
+Patch3:		velociraptor-makefile-add-bpf-rules-to-linux_bare.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
@ -44,6 +46,10 @@ BuildRequires:	mage
 BuildRequires:	libtsan0
 BuildRequires:	nodejs16
 BuildRequires:	npm16
+BuildRequires:  clang13
+BuildRequires:  llvm13
+BuildRequires:  bpftool
+BuildRequires:	libelf-devel
 Conflicts:	velociraptor-client

 %description
@ -59,7 +65,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.

 %package kafka-humio-gateway
 Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: %{version}
+Version: 0.6.3~git19.640f7a1c

 %description kafka-humio-gateway
 This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -69,6 +75,9 @@ and post them to a Humio cluster.
 %setup -q -a 1 -a 2 -a 3 -n %{projname}-%{version}
 %autopatch -p1

+# The build process will do this too but it makes 'go mod vendor' easier
+rm -f third_party/libbpfgo/go.mod
+
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go

@ -79,7 +88,7 @@ sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go

 %build
 (cd gui/velociraptor ; npm run build)
-make linux
+PATH=$PATH:/usr/sbin make linux

 (cd contrib/kafka-humio-gateway; go build -o velociraptor-kafka-humio-gateway)

--- a/vendor-golang-0.6.3~git17.741ebb59.tar.xz
+++ b/vendor-golang-0.6.3~git17.741ebb59.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8584a7f98f0c637ffb631c422bdc527a561ae0e3114bb76a8c80813ca270f136
-size 7686952
--- a/vendor-golang-0.6.3~git19.640f7a1c.tar.xz
+++ b/vendor-golang-0.6.3~git19.640f7a1c.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:04ec5de7b319ed2a0eb6831aee6c71847b855a449d23a0471ff4f02b18e1bb93
+size 7702152
--- a/vendor-golang-kafka-humio-gateway-0.6.3~git17.741ebb59.tar.xz
+++ b/vendor-golang-kafka-humio-gateway-0.6.3~git17.741ebb59.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:deb22198efcdcdab0e0c82773863545c2f67d6731fb39633915c982fccac4adf
-size 454276
--- a/vendor-golang-kafka-humio-gateway-0.6.3~git19.640f7a1c.tar.xz
+++ b/vendor-golang-kafka-humio-gateway-0.6.3~git19.640f7a1c.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:999be178a6d63c91d238c3784225cdf05548ae15408118820de2dbe094f1a1f1
+size 454412
--- a/vendor-nodejs-0.6.3~git17.741ebb59.tar.xz
+++ b/vendor-nodejs-0.6.3~git17.741ebb59.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4d2a53dcd319ff55664a8effb555efa6cea274bfedc99e3b8f713fd63018bc33
-size 56242852
--- a/vendor-nodejs-0.6.3~git19.640f7a1c.tar.xz
+++ b/vendor-nodejs-0.6.3~git19.640f7a1c.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:63726f09061a557ebe25527a94bb485df27c119b235786686ed4232518ad9560
+size 56292444