commit 13a001b73e9a5f631b534217a29b2cb74bd915d490fea81c4bea13dc44ac0002 Author: Jeff Mahoney Date: Fri Jan 21 17:45:44 2022 +0000 osc copypac from project:home:jeff_mahoney:security:sensor package:velociraptor revision:2 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..9a0fd18 --- /dev/null +++ b/_service @@ -0,0 +1,18 @@ + + + https://github.com/jeffmahoney/velociraptor + @PARENT_TAG@~git@TAG_OFFSET@.%h + v0.6.3 + git + v0.6.2 + v(.*) + enable + + + + + *.tar + xz + + + diff --git a/update-vendoring.sh b/update-vendoring.sh new file mode 100644 index 0000000..441aae6 --- /dev/null +++ b/update-vendoring.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +cleanup() { + test -n "$dir" && rm -rf "$dir" +} + +error() { + echo "An error occurred. Exiting." >&2 +} + +trap error ERR SIGINT +trap cleanup EXIT +set -e + +version=$(rpmspec -q --queryformat="%{VERSION}" velociraptor.spec) + +dir="$(realpath "$(mktemp -d vendoring.XXXXXX)")" + +rpmspec -P velociraptor.spec --define "_sourcedir $PWD" | \ +awk ' +BEGIN { go=0; }; +/^%build/ { go=0; }; +{ if (go) print }; +/^%setup/ { go=1 }' > $dir/setup.sh + +echo "Expanding archive..." +cpio -D "$dir" -id < velociraptor-${version}.obscpio + +echo "Running %prep" +cd "$dir/velociraptor-${version}" +sh ../setup.sh + +echo "Re-vendoring Go code..." +rm -rf vendor +go mod vendor +tar Jcf ../vendor-golang-${version}.tar.xz vendor + +echo "Re-vendoring nodejs code..." +cd gui/velociraptor +rm -rf node_modules +npm install +cd ../.. +tar Jcf ../vendor-nodejs-${version}.tar.xz gui/velociraptor/node_modules + +cd .. +mv vendor-golang-${version}.tar.xz vendor-nodejs-${version}.tar.xz .. + +echo "Done" diff --git a/velociraptor-0.6.2~git73.dc02b45e.obscpio b/velociraptor-0.6.2~git73.dc02b45e.obscpio new file mode 100644 index 0000000..00c0484 --- /dev/null +++ b/velociraptor-0.6.2~git73.dc02b45e.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f84140992149c016b693a8b03ed53caf47e94188810529aa6f68e1f64d9c9274 +size 19303437 diff --git a/velociraptor-client.changes b/velociraptor-client.changes new file mode 100644 index 0000000..0a138aa --- /dev/null +++ b/velociraptor-client.changes @@ -0,0 +1,41 @@ +------------------------------------------------------------------- +Thu Jan 6 21:50:43 UTC 2022 - Jeff Mahoney + +- Remove dependencies on nodejs since we don't use it in client mode. + +------------------------------------------------------------------- +Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com + +- Update to version 0.6.2~git73.dc02b45e: + * Update PrivateKeys.yaml (#1459) + * Added recursion_callback option to the glob plugin (#1461) + * Added config wizard for multi-frontend configuration (#1460) + * Calculate the sha256 hash of the offline container. (#1458) + * Artifact inspection GUI now allows pivot. (#1457) + * Client certs can now be specified in the config file. (#1456) + * New Upload File Form element (#1455) + * Added a sparse accessor (#1453) + * Hunt wizard estimates clients affected (#1452) + * Make the interrogation process customizable. (#1451) + +------------------------------------------------------------------- +Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney + +- Disable Windows artifacts. We don't target Windows endpoints and + the queries clutter the GUI. + +------------------------------------------------------------------- +Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney + +- Switch to using master branch via service files. + - Added update-vendoring.sh to update the nodejs and go dependencies + after version update. + - Now building with linux_bare target that disables the GUI for + endpoint usage. + - Patch the version string to reflect the package version instead + of an indistinguishable -dev. + +------------------------------------------------------------------- +Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney + +- Initial packaging. diff --git a/velociraptor-client.spec b/velociraptor-client.spec new file mode 100644 index 0000000..5bab1eb --- /dev/null +++ b/velociraptor-client.spec @@ -0,0 +1,73 @@ +# +# spec file for package velociraptor +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%define projname velociraptor + +Name: velociraptor-client +Version: 0.6.2~git73.dc02b45e +Release: 0 +Summary: Endpoint visibility and collection tool (endpoint only) + +# FIXME: Select a correct license from https://github.com/openSUSE/spec-cleaner#spdx-licenses +License: AGPL-3.0-only +URL: https://github.com/Velocidex/velociraptor +Source: %{projname}-%{version}.tar.xz +Source1: vendor-golang-%{version}.tar.xz +Patch1: velociraptor-golang-mage-vendoring.diff +BuildRequires: golang-packaging +BuildRequires: systemd-rpm-macros +BuildRequires: golang(API) >= 1.14 +BuildRequires: fileb0x +BuildRequires: mage +BuildRequires: libtsan0 +Conflicts: velociraptor + +%description +Velociraptor is a tool for collecting host based state information +using The Velociraptor Query Language (VQL) queries. + +To learn more about Velociraptor, read the documentation on: + +https://docs.velociraptor.app/ + +This package contains only the endpoint agent. For the full console, please +install the 'velociraptor' package. + + +%prep +%setup -q -a 1 -n %{projname}-%{version} +%autopatch -p1 + +# Set the version to something more specific than -dev +sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go + +# These just clutter the GUI and we don't have Windows clients +rm -rf artifacts/definitions/Windows + +%build +make linux_bare + +%install +mkdir -p %buildroot/%{_bindir} +install -m 755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor + +%files +%license LICENSE +%doc README.md +%{_bindir}/velociraptor + +%changelog diff --git a/velociraptor-golang-mage-vendoring.diff b/velociraptor-golang-mage-vendoring.diff new file mode 100644 index 0000000..87cfb9b --- /dev/null +++ b/velociraptor-golang-mage-vendoring.diff @@ -0,0 +1,22 @@ +From: Jeff Mahoney +Subject: [PATCH] velociraptor: add dummy main function for mage + +Mage won't pull in the full dependencies without there being a real +import. This isn't used in the executable, since that's in bin/, but it +will be used for 'go mod vendor' +--- + dummy.go | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- /dev/null ++++ b/dummy.go +@@ -0,0 +1,9 @@ ++// +build useless ++package main ++ ++import ( ++ "github.com/magefile/mage" ++) ++ ++func main() { ++} diff --git a/velociraptor.changes b/velociraptor.changes new file mode 100644 index 0000000..9d3e914 --- /dev/null +++ b/velociraptor.changes @@ -0,0 +1,34 @@ +------------------------------------------------------------------- +Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com + +- Update to version 0.6.2~git73.dc02b45e: + * Update PrivateKeys.yaml (#1459) + * Added recursion_callback option to the glob plugin (#1461) + * Added config wizard for multi-frontend configuration (#1460) + * Calculate the sha256 hash of the offline container. (#1458) + * Artifact inspection GUI now allows pivot. (#1457) + * Client certs can now be specified in the config file. (#1456) + * New Upload File Form element (#1455) + * Added a sparse accessor (#1453) + * Hunt wizard estimates clients affected (#1452) + * Make the interrogation process customizable. (#1451) + +------------------------------------------------------------------- +Tue Dec 21 20:25:43 UTC 2021 - Jeff Mahoney + +- Disable Windows artifacts. We don't target Windows endpoints and + the queries clutter the GUI. + +------------------------------------------------------------------- +Thu Dec 16 14:12:05 UTC 2021 - Jeff Mahoney + +- Switch to using master branch via service files. + - Added update-vendoring.sh to update the nodejs and go dependencies + after version update. + - Patch the version string to reflect the package version instead + of an indistinguishable -dev. + +------------------------------------------------------------------- +Thu Dec 2 01:46:34 UTC 2021 - Jeff Mahoney + +- Initial packaging. diff --git a/velociraptor.obsinfo b/velociraptor.obsinfo new file mode 100644 index 0000000..cc1fbb8 --- /dev/null +++ b/velociraptor.obsinfo @@ -0,0 +1,5 @@ +name: velociraptor +version: 0.6.2~git73.dc02b45e +mtime: 1641209811 +commit: dc02b45e1ca5c75f7e5d9d5d2e35a3addac26c84 + diff --git a/velociraptor.spec b/velociraptor.spec new file mode 100644 index 0000000..9eee728 --- /dev/null +++ b/velociraptor.spec @@ -0,0 +1,78 @@ +# +# spec file for package velociraptor +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%define projname velociraptor + +Name: velociraptor +Version: 0.6.2~git73.dc02b45e +Release: 0 +Summary: Endpoint visibility and collection tool + +# FIXME: Select a correct license from https://github.com/openSUSE/spec-cleaner#spdx-licenses +License: AGPL-3.0-only +URL: https://github.com/Velocidex/velociraptor +Source: %{projname}-%{version}.tar.xz +Source1: vendor-golang-%{version}.tar.xz +Source2: vendor-nodejs-%{version}.tar.xz +Patch1: velociraptor-golang-mage-vendoring.diff +BuildRequires: golang-packaging +BuildRequires: systemd-rpm-macros +BuildRequires: golang(API) >= 1.14 +BuildRequires: fileb0x +BuildRequires: mage +BuildRequires: libtsan0 +BuildRequires: nodejs16 +BuildRequires: npm16 +Conflicts: velociraptor-client +Obsoletes: velociraptor-console + +%description +Velociraptor is a tool for collecting host based state information +using The Velociraptor Query Language (VQL) queries. + +To learn more about Velociraptor, read the documentation on: + +https://docs.velociraptor.app/ + +This package contains the endpoint agent and full console GUI. +For just the endpoint agent, please install the 'velociraptor-client' package. + + +%prep +%setup -q -a 1 -a 2 -n %{projname}-%{version} +%autopatch -p1 + +# Set the version to something more specific than -dev +sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go + +# These just clutter the GUI and we don't have Windows clients +rm -rf artifacts/definitions/Windows + +%build +(cd gui/velociraptor ; npm run build) +make linux + +%install +mkdir -p %buildroot/%{_bindir} +install -m 755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor + +%files +%license LICENSE +%doc README.md +%{_bindir}/velociraptor + +%changelog diff --git a/vendor-golang-0.6.2~git73.dc02b45e.tar.xz b/vendor-golang-0.6.2~git73.dc02b45e.tar.xz new file mode 100644 index 0000000..ec7c011 --- /dev/null +++ b/vendor-golang-0.6.2~git73.dc02b45e.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eb73a988803b463c2e81d855e704f56ce532bb8369446f777f9c2c1e8c130c98 +size 7357072 diff --git a/vendor-nodejs-0.6.2~git73.dc02b45e.tar.xz b/vendor-nodejs-0.6.2~git73.dc02b45e.tar.xz new file mode 100644 index 0000000..758e6c3 --- /dev/null +++ b/vendor-nodejs-0.6.2~git73.dc02b45e.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:31aecd0eabb2859a5daa73a654fa935ce1ccdf7c9ce6dba84bcaa8c89c278d65 +size 30936988