# # spec file for package velociraptor # # Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define projname velociraptor %define vendor_version 0.6.4.2~git56.47b4adb4 %define vmlinux_h_version 5.18.9-2-default Name: velociraptor Version: 0.6.4.2~git59.5ebb49db Release: 0 Summary: Endpoint visibility and collection tool Group: System/Monitoring License: AGPL-3.0-only URL: https://github.com/Velocidex/velociraptor Source: %{projname}-%{version}.tar.xz Source1: vendor-golang-%{vendor_version}.tar.xz Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz Source3: vendor-nodejs-%{vendor_version}.tar.xz Source4: %{name}.service Source5: %{name}-server.config.placeholder Source6: %{name}-client.service Source7: %{name}-client.config.placeholder Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch Patch4: make-libbpfgo-vendorable.patch BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros BuildRequires: systemd-devel # We actually only require >= 1.17 BuildRequires: golang(API) = 1.17 BuildRequires: fileb0x BuildRequires: mage BuildRequires: libtsan0 BuildRequires: nodejs16 BuildRequires: npm16 BuildRequires: clang13 BuildRequires: llvm13 BuildRequires: bpftool BuildRequires: libelf-devel Conflicts: velociraptor-client %description Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://docs.velociraptor.app/ This package contains the endpoint agent and full console GUI. For just the endpoint agent, please install the 'velociraptor-client' package. %package kafka-humio-gateway Summary: Gateway between Kafka and Humio for Velociraptor Artifacts Version: 0.6.4.2~git59.5ebb49db %description kafka-humio-gateway This tool is used to consume events generated by the Kafka Velociraptor plugin and post them to a Humio cluster. %prep %setup -q -a 1 -a 2 -a 3 -a 8 -n %{projname}-%{version} %autopatch -p1 # Without this, the libbpfgo tests want to vendor the external version rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracelisten_test.go # Set the version to something more specific than -dev sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go mkdir -p third_party/libbpfgo/output cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \ third_party/libbpfgo/output/vmlinux.h # These just clutter the GUI and we don't have Windows clients # Note: There are dependencies on these that need to be resolved before # removing them outright. # rm -rf artifacts/definitions/Windows %build (cd gui/velociraptor ; npm run build) PATH=$PATH:/usr/sbin make linux (cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway) %install mkdir -p %buildroot/%{_bindir} mkdir -p %buildroot/%{_sysconfdir}/velociraptor mkdir -p %buildroot/%{_unitdir} mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/data mkdir -p %buildroot/%{_sharedstatedir}/velociraptor/logs mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client mkdir -p %buildroot/%{_datadir}/%{name}-kafka-humio-gateway install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor install -m 0755 contrib/kafka-humio-gateway/%{name}-kafka-humio-gateway %buildroot/%{_bindir} install -m 0644 contrib/kafka-humio-gateway/sample-config.yml %buildroot/%{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service install -m 0600 %{SOURCE5} %{buildroot}%{_sysconfdir}/velociraptor/server.config install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config %files %defattr(-, root, root) %license LICENSE %doc README.md %dir %{_sysconfdir}/velociraptor %{_bindir}/velociraptor %config(noreplace) %{_sysconfdir}/velociraptor/server.config %config(noreplace) %{_sysconfdir}/velociraptor/client.config %{_unitdir}/%{name}.service %{_unitdir}/%{name}-client.service %dir %{_sharedstatedir}/velociraptor %dir %{_sharedstatedir}/velociraptor/data %dir %{_sharedstatedir}/velociraptor/logs %dir %{_sharedstatedir}/velociraptor-client %files kafka-humio-gateway %defattr(-, root, root) %license LICENSE %doc contrib/kafka-humio-gateway/README.md %{_bindir}/%{name}-kafka-humio-gateway %dir %{_datadir}/%{name}-kafka-humio-gateway %{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml %pre %service_add_pre %{name}.service %service_add_pre %{name}-client.service %post %service_add_post %{name}.service %service_add_post %{name}-client.service %preun %service_del_preun %{name}.service %service_del_preun %{name}-client.service %postun %service_del_postun %{name}.service %service_del_postun %{name}-client.service %changelog