Accepting request 1064242 from security:sensor

- Update to version 0.6.7.4~git63.4a1ed09d: * utils/time.js: fix handling of nanosecond-resolution timestamps - Added patches: * velociraptor-reproducible-timestamp.diff - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo - Update to version 0.6.7.4~git63.4a1ed09d: * utils/time.js: fix handling of nanosecond-resolution timestamps - Added patches: * velociraptor-reproducible-timestamp.diff - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo OBS-URL: https://build.opensuse.org/request/show/1064242 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/velociraptor?expand=0&rev=3
2023-02-11 20:56:34 +00:00 · 2023-02-11 20:56:34 +00:00 · 333e9f40ae
commit 333e9f40ae
parent 6404b5dcb9 bfb6d78d98
10 changed files with 105 additions and 16 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <services>
  <service mode="manual" name="obs_scm">
-    <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
+    <param name="url">https://github.com/SUSE/linux-security-sensor</param>
    <param name="filename">velociraptor</param>
    <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
    <param name="revision">sensor-base-0.6.7</param>
--- a/2
+++ b/2
@ -3,4 +3,4 @@
                <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
              <param name="changesrevision">0e858552af3d6ab57bae796cc3e50ccef36b4aff</param></service><service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">b5931f73eb6c171a558d09d4ef8b3d4d7292d519</param></service></servicedata>
+              <param name="changesrevision">4a1ed09d50339b902c6446686bd16deedbb23804</param></service></servicedata>
--- a/velociraptor-0.6.7.4~git53.0e85855.obscpio
+++ b/velociraptor-0.6.7.4~git53.0e85855.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9fb0aab829afab06e59851f025e2024d4266e0f19bc8180caad8dc050656cdc8
-size 127591950
--- a/velociraptor-0.6.7.4~git63.4a1ed09d.obscpio
+++ b/velociraptor-0.6.7.4~git63.4a1ed09d.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7fb845e3c71742cdfd51fd4b7eb0587c9a8ba9894874a5d6353fbf375a733f6d
+size 127596558
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu Jan 26 20:06:09 UTC 2023 - jeffm@suse.com
+
+- Update to version 0.6.7.4~git63.4a1ed09d:
+  * utils/time.js: fix handling of nanosecond-resolution timestamps
+- Added patches:
+  * velociraptor-reproducible-timestamp.diff
+
+-------------------------------------------------------------------
+Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
+
+-------------------------------------------------------------------
+Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com
+
+- Update to version 0.6.7.4~git60.8abed37a:
+  * http_comms: create ring buffer temporary file in the same directory
+  * cronsnoop: plumb in real scope logging
+  * cronsnoop: don't treat routine errors as fatal
+  * cronsnoop: fix typo
+
 -------------------------------------------------------------------
 Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

@ -31,11 +53,6 @@ Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>

 - add memory limit to systemd unit

---------------------------------------------------------------------
-Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
-
- add memory limit to systemd unit
-
 ---------------------------------------------------------------------
 Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -40,7 +40,7 @@
 %endif

 Name:           velociraptor-client
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git63.4a1ed09d
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)
 Group:          System/Monitoring
@ -53,10 +53,12 @@ Source3:        %{name}.config.placeholder
 Source4:        vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source5:        update-vendoring.sh
 Source6:        sysconfig.%{name}
+Source7:        %{projname}.obsinfo
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:         velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:         vendor-build-fixes-for-SLE12.patch
 Patch4:         sdjournal-build-fix-for-SLE12.patch
+Patch5:         velociraptor-reproducible-timestamp.diff
 BuildRequires:  fileb0x
 BuildRequires:  golang-packaging
 BuildRequires:  mage
@ -107,6 +109,14 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
 # rm -rf artifacts/definitions/Windows

 %build
+
+# Reproductible builds need stable timestamps
+timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE7}|sed -e 's/mtime: //'))
+git_commit=$(grep commit: %{SOURCE7}|sed -e 's/commit: //g')
+
+export VELOCIRAPTOR_BUILD_TIME=$timestamp
+export VELOCIRAPTOR_GIT_HEAD=$git_commit
+
 PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}

 %install
--- a/velociraptor-reproducible-timestamp.diff
+++ b/velociraptor-reproducible-timestamp.diff
@ -0,0 +1,30 @@
+From: Jeff Mahoney <jeffm@suse.com>
+Subject: magefile: use stable timestamps for build
+
+In order to create reprodicible builds, we can't have timestamps that vary
+without anything else changing.
+diff --git a/magefile.go b/magefile.go
+index 16badc2b..76011657 100644
+--- a/magefile.go
+++ b/magefile.go
+@@ -428,10 +428,18 @@ func build_gui_files() error {
+ }
+ 
+ func flags() string {
+-	timestamp := time.Now().Format(time.RFC3339)
+	timestamp := os.Getenv("VELOCIRAPTOR_BUILD_TIME")
+	if timestamp == "" {
+		timestamp = time.Now().Format(time.RFC3339)
+	}
+ 	flags := fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.build_time=%s"`, timestamp)
+ 
+-	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, hash())
+	head := os.Getenv("VELOCIRAPTOR_GIT_HEAD")
+	if head == "" {
+		head = hash()
+	}
+
+	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, head)
+ 
+ 	// If we are running on the CI pipeline we need to know the run
+ 	// number and URL so we can report them.
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Thu Jan 26 20:06:09 UTC 2023 - jeffm@suse.com
+
+- Update to version 0.6.7.4~git63.4a1ed09d:
+  * utils/time.js: fix handling of nanosecond-resolution timestamps
+- Added patches:
+  * velociraptor-reproducible-timestamp.diff
+
+-------------------------------------------------------------------
+Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
+
+-------------------------------------------------------------------
+Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com
+
+- Update to version 0.6.7.4~git60.8abed37a:
+  * http_comms: create ring buffer temporary file in the same directory
+  * cronsnoop: plumb in real scope logging
+  * cronsnoop: don't treat routine errors as fatal
+  * cronsnoop: fix typo
+
 -------------------------------------------------------------------
 Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.7.4~git53.0e85855
-mtime: 1674098741
-commit: 0e858552af3d6ab57bae796cc3e50ccef36b4aff
+version: 0.6.7.4~git63.4a1ed09d
+mtime: 1674763484
+commit: 4a1ed09d50339b902c6446686bd16deedbb23804
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -40,7 +40,7 @@
 %endif

 Name:           velociraptor
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git63.4a1ed09d
 Release:        0
 Summary:        Endpoint visibility and collection tool
 Group:          System/Monitoring
@ -58,10 +58,12 @@ Source8:        vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source9:        update-vendoring.sh
 Source10:       sysconfig.%{name}
 Source11:       sysconfig.%{name}-client
+Source12:       %{projname}.obsinfo
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:         velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:         vendor-build-fixes-for-SLE12.patch
 Patch4:         sdjournal-build-fix-for-SLE12.patch
+Patch5:         velociraptor-reproducible-timestamp.diff
 BuildRequires:  fileb0x
 BuildRequires:  golang-packaging
 BuildRequires:  mage
@ -96,7 +98,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.

 %package kafka-humio-gateway
 Summary:        Gateway between Kafka and Humio for Velociraptor Artifacts
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git63.4a1ed09d

 %description kafka-humio-gateway
 This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -122,6 +124,14 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
 # rm -rf artifacts/definitions/Windows

 %build
+
+# Reproductible builds need stable timestamps
+timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE12}|sed -e 's/mtime: //'))
+git_commit=$(grep commit: %{SOURCE12}|sed -e 's/commit: //g')
+
+export VELOCIRAPTOR_BUILD_TIME=$timestamp
+export VELOCIRAPTOR_GIT_HEAD=$git_commit
+
 (cd gui/velociraptor ; npm run build)
 PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf}