diff --git a/.gitattributes b/.gitattributes
index b7c7636..9b03811 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -21,5 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
-## Specific LFS patterns
-velociraptor-go_modules.tar filter=lfs diff=lfs merge=lfs -text
diff --git a/_service b/_service
index b1b32c7..403d54e 100644
--- a/_service
+++ b/_service
@@ -18,7 +18,7 @@
package-lock.json
- tar
+ zst
velociraptor-0*.obscpio
velociraptor-go_modules
diff --git a/velociraptor-go_modules.tar b/velociraptor-go_modules.tar
deleted file mode 100644
index 25d1ee3..0000000
--- a/velociraptor-go_modules.tar
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:398922fb2716302075f2d8f86417bafbec7dcf121a3a9e6f830713c18ce714e4
-size 259306496
diff --git a/velociraptor-go_modules.tar.zst b/velociraptor-go_modules.tar.zst
new file mode 100644
index 0000000..212af57
--- /dev/null
+++ b/velociraptor-go_modules.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5c00d92d32e9ec68fabd40fb09aa460a02fb746971c84c65940eeefe12a16d47
+size 29079417
diff --git a/velociraptor.changes b/velociraptor.changes
index 5e17b98..bed191b 100644
--- a/velociraptor.changes
+++ b/velociraptor.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Feb 27 22:37:09 UTC 2024 - Antonio Teixeira
+
+- Obsolete old system-user-velociraptor package.
+- Use zst compression for go modules.
+
-------------------------------------------------------------------
Thu Feb 22 20:11:34 UTC 2024 - doreilly@suse.com
@@ -82,15 +88,17 @@ Fri Dec 15 22:35:01 UTC 2023 - Jeff Mahoney
service due to a bug in debbuild preventing Debian builds from succeeding.
-------------------------------------------------------------------
-Fri Dec 15 19:32:04 UTC 2023 - Jeff Mahoney - 0.7.0.4.git4.c1b68a5b
+Fri Dec 15 19:32:04 UTC 2023 - Jeff Mahoney
- Update to version 0.7.0.4.git4.c1b68a5b:
* hash: fix nil pointer dereference panic
* velociraptor: add dummy main function for mage
- Removed patch:
* velociraptor-golang-mage-vendoring.diff
+- Rebased patch:
+ * velociraptor-reproducible-timestamp.diff
- Switched to using go_modules and node_modules source services
- - Eliminated bespoke vendoring scripts.
+ * Eliminated bespoke vendoring scripts.
- Pulled sysuser definition into the velociraptor package.
-------------------------------------------------------------------
@@ -99,7 +107,7 @@ Tue Dec 5 13:54:03 UTC 2023 - Darragh O'Reilly
- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70)
-------------------------------------------------------------------
-Wed Nov 15 18:17:04 UTC 2023 - jeffm@suse.com - 0.7.0.4.git0.e09a0df8
+Wed Nov 15 18:17:04 UTC 2023 - Jeff Mahoney
- Update to version 0.7.0.4.git0.e09a0df8:
* Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950)
@@ -139,7 +147,7 @@ Fri Nov 3 01:36:35 UTC 2023 - Jeff Mahoney
- Limit server builds to x86_64 until esbuild issue is sorted
-------------------------------------------------------------------
-Tue Oct 31 20:07:16 UTC 2023 - jeffm@suse.com - 0.7.0~git0.602f673
+Tue Oct 31 20:07:16 UTC 2023 - Jeff Mahoney
- Update to version sensor-base-0.7.0~git0.602f673:
* vql/linux/audit: fix staticcheck checks
@@ -653,12 +661,21 @@ Tue Oct 31 20:07:16 UTC 2023 - jeffm@suse.com - 0.7.0~git0.602f673
* Add Provider and ProviderRegex (#2198)
* Bugfix: sparse files were not properly detected. (#2200)
* Add timestamp_field, hostname_field, and hostname param to splunk_upload (#2187)
+- Removed velociraptor-kafka-humio-gateway package.
+ * kafka-humio-gateway was dropped in favor of the new upstream LogScale plugin
-------------------------------------------------------------------
Tue Jul 18 09:31:19 UTC 2023 - Marcus Meissner
- require the group / user only in the server build
+-------------------------------------------------------------------
+Wed May 10 00:49:09 UTC 2023 - jeffm@suse.com
+
+- Update to version 0.6.7.5~git81.01be570:
+ * libbpfgo: pull fix for double-free
+ * logscale: add documentation for plugin
+
-------------------------------------------------------------------
Tue May 9 14:10:31 UTC 2023 - Marcus Rueckert
@@ -671,26 +688,33 @@ Tue May 9 01:25:01 UTC 2023 - Jeff Mahoney
- Provide sysuser template for velociraptor user and group.
-------------------------------------------------------------------
-Mon Mar 13 20:50:12 UTC 2023 - Jeff Mahoney
+Mon May 08 20:21:03 UTC 2023 - Jeff Mahoney
-- Test implementation for hash caching.
-- Added patches:
- * 0001-vql-functions-hash-cache-results-on-Linux.patch
+- Update to version 0.6.7.5~git78.2bef6fc:
+ * bpf: fix path to vmlinux.h
-------------------------------------------------------------------
-Mon Mar 13 20:47:05 UTC 2023 - Jeff Mahoney
-
-- Build client for Debian-based distros using debbuild.
- Only build server on SUSE releases.
-
--------------------------------------------------------------------
-Sat Mar 11 03:11:19 UTC 2023 - Jeff Mahoney
+Mon May 08 19:42:58 UTC 2023 - Jeff Mahoney
+- Update to version 0.6.7.5~git77.997aa73:
+ * file_store/test_utils/server_config.go: update test certificate
+ * Update bluemonday dependency.
+ * vql/functions/hash: cache results on Linux
+ * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
+ * logscale/backport: don't use networking.GetHttpTransport
+ * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
+ * file_store/directory: add ability to report pending size
+- Change clang dependency to clang16
+- Fix velociraptor-golang-mage-vendoring.diff to account for newer
+ 'go mod vendor' honoring build flags.
+- Fix update-vendoring.sh script to actually run the %setup part of
+ the spec.
- Merge client package into server spec and use _multibuild to create
client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
- Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
+- Removed patch: velociraptor-skip-git-submodule-import-for-OBS-build.patch
-------------------------------------------------------------------
Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert
@@ -711,7 +735,7 @@ Fri Mar 10 18:54:37 UTC 2023 - Marcus Rueckert
/etc/velociraptor/client.config u=rw,go= root:root
-------------------------------------------------------------------
-Fri Mar 10 15:36:18 UTC 2023 - jeffm@suse.com - 0.6.7.5~git6.73efb2a
+Fri Mar 10 15:36:18 UTC 2023 - Jeff Mahoney
- Update to version 0.6.7.5~git6.73efb2a:
* libbpfgo: update submodule to require libzstd for newer libelf
@@ -725,7 +749,7 @@ Fri Mar 10 15:36:18 UTC 2023 - jeffm@suse.com - 0.6.7.5~git6.73efb2a
- Allow velociraptor and velociraptor-client packages to coexist.
-------------------------------------------------------------------
-Thu Jan 26 20:06:09 UTC 2023 - jeffm@suse.com - 0.6.7.4~git63.4a1ed09d
+Thu Jan 26 20:06:09 UTC 2023 - Jeff Mahoney
- Update to version 0.6.7.4~git63.4a1ed09d:
* utils/time.js: fix handling of nanosecond-resolution timestamps
@@ -738,7 +762,7 @@ Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney
- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
-------------------------------------------------------------------
-Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com - 0.6.7.4~git60.8abed37a:
+Tue Jan 24 15:07:09 UTC 2023 - Jeff Mahoney
- Update to version 0.6.7.4~git60.8abed37a:
* http_comms: create ring buffer temporary file in the same directory
@@ -791,7 +815,7 @@ Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney
- Added support for setting command line options via sysconfig
-------------------------------------------------------------------
-Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney - 0.6.7.4~git53.0e85855
+Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney
- Update to version 0.6.7.4~git53.0e85855:
* sdjournal: work around missing _SYSTEMD_UNIT fields
@@ -814,7 +838,7 @@ Mon Jan 9 16:01:44 UTC 2023 - Jeff Mahoney
- Added Restart=on-failure to restart the client automatically.
-------------------------------------------------------------------
-Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney - 0.6.7.4~git51.a588d6e4
+Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git51.a588d6e4:
* magefile.go: use current architecture for Linux builds
@@ -822,7 +846,7 @@ Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney - 0.6.7.4~git51.a58
* bpf: bpf expects s390 instead of s390x
-------------------------------------------------------------------
-Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney - 0.6.7.4~git46.5d88d80:
+Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git46.5d88d80:
* contrib/kafka-humio-gateway: add new debug option for noisy events
@@ -832,7 +856,7 @@ Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney - 0.6.7.4~git46.5d8
* vql/server/kafka: set appropriate ClientID
-------------------------------------------------------------------
-Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney - 0.6.7.4~git41.678ed56:
+Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.4~git41.678ed56:
* rpm: introduce rpm vql plugin
@@ -880,7 +904,7 @@ Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney - 0.6.7.4~git41.678
* Bugfix: When org is not specified this JS code raised (#2315) (#2316)
-------------------------------------------------------------------
-Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney - 0.6.7.3~git41.fa6afa7:
+Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney
- Update to version 0.6.7.3~git41.fa6afa7:
* rpm: introduce rpm vql plugin
@@ -1231,7 +1255,7 @@ Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney - 0.6.7.3~git41.fa6
* Update FilenameSearch.yaml (#1741)
-------------------------------------------------------------------
-Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney - 0.6.4.2~git86.b5931f7
+Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git86.b5931f7:
* cleanup: go mod tidy
@@ -1240,7 +1264,7 @@ Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney - 0.6.4.2~git86.b59
- Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist
-------------------------------------------------------------------
-Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney - 0.6.4.2~git84.1b38fda
+Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git84.1b38fda:
* Clean up libbpfgo mess
@@ -1257,7 +1281,7 @@ Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney - 0.6.4.2~git84.1b3
* SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()
-------------------------------------------------------------------
-Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney - 0.6.4.2~git67.85b608e
+Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git67.85b608e:
* clients/host-info.js: add MAC addresses to client dashboard
@@ -1287,13 +1311,13 @@ Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney - 0.6.4.2~git67.85b
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney - 0.6.4.2~git70.b7df8172
+Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git70.b7df8172:
* file_store: handle watching artifacts with named sources
-------------------------------------------------------------------
-Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney - 0.6.4.2~git68.5226b23b
+Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git68.5226b23b:
* api/authenticators/basic: fix logoff endpoint
@@ -1310,13 +1334,13 @@ Fri Aug 19 21:07:15 UTC 2022 - Jeff Mahoney
- Fixed update-vendoring script to use an independent go module cache.
-------------------------------------------------------------------
-Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney - 0.6.4.2~git59.5ebb49db
+Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git59.5ebb49db:
* api/authenticators: fix handling of missing oauthstate cookie for OAUTH2
-------------------------------------------------------------------
-Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney - 0.6.4.2~git57.fcb11adf
+Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git57.fcb11adf:
* kafka-humio-gateway: add sample config file
@@ -1332,7 +1356,7 @@ Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney
- Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)
-------------------------------------------------------------------
-Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney - 0.6.4.2~git56.47b4adb4
+Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4.2~git56.47b4adb4:
* Updating the NewFiles and ProcessStatuses Artifacts
@@ -1355,7 +1379,7 @@ Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney - 0.6.4.2~git56.47b
* shell-viewer: default to Bash on non-Windows clients
-------------------------------------------------------------------
-Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney - 0.6.4.2~git16.e1b7fc0
+Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney
- Update to upstream 0.6.4.2~git16.e1b7fc0:
* Rebase on 0.6.4-2
@@ -1379,7 +1403,7 @@ Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney - 0.6.4.2~git16.e1b
- Revendored dependencies.
-------------------------------------------------------------------
-Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney - 0.6.4~git31.4298eab0:
+Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git31.4298eab0:
* Elastic.Events.Client: Update to use new artifactset type
@@ -1388,7 +1412,7 @@ Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney - 0.6.4~git31.4298e
* api: add type and description fields to v1/GetArtifacts endpoint
-------------------------------------------------------------------
-Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney - 0.6.4~git26.4407b9b7
+Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney
- Update to version 0.6.4~git26.4407b9b7:
* Add artifact for chattrsnoop plugin
diff --git a/velociraptor.spec b/velociraptor.spec
index c2921bf..48da178 100644
--- a/velociraptor.spec
+++ b/velociraptor.spec
@@ -77,7 +77,7 @@ Group: System/Monitoring
License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor
Source: %{projname}-%{version}.tar.gz
-Source1: velociraptor-go_modules.tar
+Source1: velociraptor-go_modules.tar.zst
Source2: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source3: velociraptor.service
Source4: velociraptor-server.config.placeholder
@@ -1037,6 +1037,8 @@ BuildRequires: zlib-devel
BuildRequires: sysuser-tools
Requires: group(velociraptor)
Requires: user(velociraptor)
+Provides: system-user-velociraptor = 1.0.1
+Obsoletes: system-user-velociraptor < 1.0.1
%{?sysusers_requires}
%endif