pool/velociraptor
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
154074cae5
velociraptor/update-vendoring.sh
Jeff Mahoney 3a5ec10ba3 Accepting request 1085591 from home:jeff_mahoney:branches:security:sensor:updates 
- Update to version 0.6.7.5~git78.2bef6fc:
  * bpf: fix path to vmlinux.h

- Update to version 0.6.7.5~git77.997aa73:
  * file_store/test_utils/server_config.go: update test certificate
  * Update bluemonday dependency.
  * vql/functions/hash: cache results on Linux
  * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
  * logscale/backport: don't use networking.GetHttpTransport
  * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
  * file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
  'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
  the spec.
- Merge client package into server spec and use _multibuild to create
  client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
  - Added patch: velociraptor-libbpfgo-only-build-libbpf.patch

- Tightening the security of the services a bit:
  - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
    from /tmp
  - run velociraptor server as user velociraptor instead of root
    we do not really need root permissions here
  - introduce /var/lib/velociraptor/filestore to make it easier to
    split out large file upload
  - change permissions for the data directory and subdirectories to

OBS-URL: https://build.opensuse.org/request/show/1085591
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
2023-05-09 00:49:51 +00:00

88 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/bash
cleanup() {
test -n "${dir}" && rm -rf "${dir}"
if test -n "${gopathdir}"; then
chmod -R u+w "${gopathdir}"
rm -rf "${gopathdir}"
fi
}
error() {
echo "An error occurred. Exiting." >&2
}
trap error ERR SIGINT
trap cleanup EXIT
set -e
version=$(rpmspec -q --queryformat="%{VERSION}\n" velociraptor.spec|head -1)
dir="$(realpath "$(mktemp -d vendoring.XXXXXX)")"
topdir="$(realpath "$(dirname "$0")")"
# Pull the %prep section out of the spec file and replace the tarball with the obscpio
awk '
BEGIN { go=1; };
/^%build/ { go=0; };
{ if (go) print };' < velociraptor.spec > ${dir}/velociraptor.spec
rpmspec -P ${dir}/velociraptor.spec --define "_sourcedir $PWD" --define "_builddir ${dir}"| \
awk '
BEGIN { go=0; };
/^%build/ { go=0; };
{ if (go) print };
/^%prep/ { go=1 }' | sed -e "/rpmuncompress.*velociraptor-.*.tar.xz/s#.*#cpio -D . -id < $PWD/velociraptor-${version}.obscpio#" > ${dir}/setup.sh
echo "Running %prep"
cd ${dir}
sh -e ${dir}/setup.sh
cd "${dir}/velociraptor-${version}"
echo "Re-vendoring Go code..."
gopathdir="$(mktemp -d /tmp/gopath.XXXXXXX)"
rm -rf vendor
export GOPATH="$gopathdir"
# Vendoring doesn't get along with replaced modules, so symlink to those
go mod vendor
replace_module() {
local mod=$1
local path=$2
rm -rf "vendor/${mod}"
rel="$(echo $mod|tr A-Za-z0-9_- .|sed -e 's/\.\.\.*/../g')"
ln -s "${rel}/${path}" "vendor/${mod}"
set -x
ls -la vendor/${mod}/
set +x
}
replace_module github.com/aquasecurity/libbpfgo third_party/libbpfgo
tar Jcf ${dir}/vendor-golang-${version}.tar.xz vendor
cd "${dir}"
mv vendor-golang-*${version}.tar.xz ${topdir}
cd "${dir}/velociraptor-${version}/contrib/kafka-humio-gateway"
rm -rf vendor
go mod vendor
cd "${dir}/velociraptor-${version}"
tar Jcf "${dir}/vendor-golang-kafka-humio-gateway-${version}.tar.xz" "contrib/kafka-humio-gateway/vendor"
echo "Re-vendoring nodejs code..."
cd "${dir}/velociraptor-${version}/gui/velociraptor"
rm -rf node_modules
npm install
cd ../..
tar Jcf ${dir}/vendor-nodejs-${version}.tar.xz gui/velociraptor/node_modules
cd "${dir}"
mv vendor-golang-*${version}.tar.xz vendor-nodejs-${version}.tar.xz ${topdir}
for spec in ${topdir}/*.spec; do
sed -i "s/^%define vendor_version.*/%define vendor_version ${version}/" ${spec}
done
echo "Done"
Reference in New Issue View Git Blame Copy Permalink