Accepting request 1059461 from home:jeff_mahoney:branches:security:sensor

- Clean up for Factory submission: - Make bpf-enabled builds conditional - Removed %defattr and combined service lines. - Change clang and llvm dependencies to use >= 13 - Newer versions of clang hit a DWARF parsing bug in go < 1.19, so increase go version dependecy - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86. - Added Restart=on-failure to restart the client automatically. - Update to version 0.6.7.4~git51.a588d6e4: * magefile.go: use current architecture for Linux builds * Update libbpfgo submodule to include non-AMD64 build fixes * bpf: bpf expects s390 instead of s390x - Clean up for Factory submission: - Make bpf-enabled builds conditional - Removed %defattr and combined service lines. - Change clang and llvm dependencies to use >= 13 - Newer versions of clang hit a DWARF parsing bug in go < 1.19, so increase go version dependecy - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x Neither the client or server builds on ix86. - Update to version 0.6.7.4~git51.a588d6e4: * magefile.go: use current architecture for Linux builds * Update libbpfgo submodule to include non-AMD64 build fixes * bpf: bpf expects s390 instead of s390x OBS-URL: https://build.opensuse.org/request/show/1059461 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=30
2023-01-19 01:05:43 +00:00 · 2023-01-19 01:05:43 +00:00 · 3f054c52ce
commit 3f054c52ce
parent 74851609fb
11 changed files with 134 additions and 97 deletions
--- a/7
+++ b/7
@ -0,0 +1,7 @@
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">10</size>
+    </disk>
+  </hardware>
+</constraints>
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
-              <param name="changesrevision">5d88d8095b52fea3fd0c30ad1f8673ffabd1d63c</param></service><service name="tar_scm">
+              <param name="changesrevision">a588d6e4e6191afe15dc0755fe1562cadd7af636</param></service><service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
              <param name="changesrevision">b5931f73eb6c171a558d09d4ef8b3d4d7292d519</param></service></servicedata>
--- a/libbpfgo-i386.patch
+++ b/libbpfgo-i386.patch
@ -1,15 +0,0 @@
---
- third_party/libbpfgo/Makefile |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
--- a/third_party/libbpfgo/Makefile
-+++ b/third_party/libbpfgo/Makefile
-@@ -15,7 +15,7 @@ VAGRANT = vagrant
- CLANG_FMT = clang-format
- 
- HOSTOS = $(shell uname)
-ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g')
-+ARCH ?= $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g; s/i.86/386/g')
- 
- BTFFILE = /sys/kernel/btf/vmlinux
- BPFTOOL = $(shell which bpftool || /bin/false)
--- a/velociraptor-0.6.7.4~git46.5d88d80.obscpio
+++ b/velociraptor-0.6.7.4~git46.5d88d80.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bd2c70fec3076bf0e467f2ced43d2fe6ecba51ab5541d72f1cac6bc2dd4564cd
-size 127591438
--- a/velociraptor-0.6.7.4~git51.a588d6e4.obscpio
+++ b/velociraptor-0.6.7.4~git51.a588d6e4.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3db17d9852160d1db093ef7eeb25a3b5e72282ba58bcb11446562de76007aeca
+size 127595022
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,11 +1,30 @@
 -------------------------------------------------------------------
-Wed Jan 18 15:50:30 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x                     
-  Neither the client or server builds on ix86.
+- Clean up for Factory submission:
+  - Make bpf-enabled builds conditional
+  - Removed %defattr and combined service lines.
+  - Change clang and llvm dependencies to use >= 13
+  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
+    so increase go version dependecy
+  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
+    Neither the client or server builds on ix86.

 -------------------------------------------------------------------
-Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
+Mon Jan  9 16:01:44 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Added Restart=on-failure to restart the client automatically.
+
+-------------------------------------------------------------------
+Mon Dec 12 20:03:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Update to version 0.6.7.4~git51.a588d6e4:
+  * magefile.go: use current architecture for Linux builds
+  * Update libbpfgo submodule to include non-AMD64 build fixes
+  * bpf: bpf expects s390 instead of s390x
+
+-------------------------------------------------------------------
+Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git46.5d88d80:
  * contrib/kafka-humio-gateway: add new debug option for noisy events
@ -15,7 +34,7 @@ Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
  * vql/server/kafka: set appropriate ClientID

 -------------------------------------------------------------------
-Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
+Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git41.678ed56:
  * rpm: introduce rpm vql plugin
@ -63,7 +82,7 @@ Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
  * Bugfix: When org is not specified this JS code raised (#2315) (#2316)

 -------------------------------------------------------------------
-Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
+Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.3~git41.fa6afa7:
  * rpm: introduce rpm vql plugin
@ -414,7 +433,7 @@ Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
  * Update FilenameSearch.yaml (#1741)

 -------------------------------------------------------------------
-Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
+Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git86.b5931f7:
  * cleanup: go mod tidy
@ -423,7 +442,7 @@ Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
 - Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist

 -------------------------------------------------------------------
-Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git84.1b38fda:
  * Clean up libbpfgo mess
@ -440,7 +459,7 @@ Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()

 -------------------------------------------------------------------
-Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git67.85b608e:
  * clients/host-info.js: add MAC addresses to client dashboard
@ -470,13 +489,13 @@ Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
  * shell-viewer: default to Bash on non-Windows clients

 -------------------------------------------------------------------
-Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com
+Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git70.b7df8172:
  * file_store: handle watching artifacts with named sources

 -------------------------------------------------------------------
-Thu Sep 29 14:16:05 UTC 2022 - jeffm@suse.com
+Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git68.5226b23b:
  * api/authenticators/basic: fix logoff endpoint
@ -493,13 +512,13 @@ Fri Aug 19 21:07:30 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Fixed update-vendoring script to use an independent go module cache.

 -------------------------------------------------------------------
-Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git59.5ebb49db:
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2

 -------------------------------------------------------------------
-Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git57.fcb11adf:
  * kafka-humio-gateway: add sample config file
@ -515,7 +534,7 @@ Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)

 -------------------------------------------------------------------
-Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git56.47b4adb4:
  * Updating the NewFiles and ProcessStatuses Artifacts
@ -538,7 +557,7 @@ Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
  * shell-viewer: default to Bash on non-Windows clients

 -------------------------------------------------------------------
-Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
+Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to upstream 0.6.4-2:
  * Reset nanny when client connection failed. (#1780)
@ -561,7 +580,7 @@ Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
 - Revendored dependencies.

 -------------------------------------------------------------------
-Thu May 12 19:21:56 UTC 2022 - jeffm@suse.com
+Thu May 12 19:21:56 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4~git31.4298eab0:
  * Add artifact for chattrsnoop plugin
@ -577,7 +596,7 @@ Thu May 12 19:21:56 UTC 2022 - jeffm@suse.com
  * dnssnoop: Add timestamp to generated events

 -------------------------------------------------------------------
-Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
+Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
@ -586,7 +605,7 @@ Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
  * api: add type and description fields to v1/GetArtifacts endpoint

 -------------------------------------------------------------------
-Thu May 12 13:30:42 UTC 2022 - jeffm@suse.com
+Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
@ -772,7 +791,7 @@ Tue May  3 13:45:09 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
  * fix APIConfigLoader not applying command line args (#1463)

 -------------------------------------------------------------------
-Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
+Mon May 02 14:55:07 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Resync with git repository:
  * Add artifact to monitor user group updates (#24)
@ -781,13 +800,13 @@ Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
  * Add custom artifacts for login and logout attempts recorded by auditd

 -------------------------------------------------------------------
-Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+Fri Mar 18 14:12:59 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git19.640f7a1c:
  * Add tcpsnoop plugin

 -------------------------------------------------------------------
-Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
+Tue Mar 15 13:31:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git17.741ebb59:
  * kafka-humio-gateway: update README.md
@ -795,7 +814,7 @@ Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

 -------------------------------------------------------------------
-Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
+Tue Mar 15 01:04:29 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git13.af7fdb00:
  * SUSE: Add SSHLogin artifacts
@ -804,7 +823,7 @@ Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
  * Add systemd-dev as build dependency for github workflow

 -------------------------------------------------------------------
-Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
+Fri Feb 18 00:52:01 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git6.d95ed32e:
  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
@ -830,7 +849,7 @@ Wed Feb  2 04:44:49 UTC 2022 - William Brown <william.brown@suse.com>
 - Add client service file

 -------------------------------------------------------------------
-Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:33:45 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git0.69e0fffa:
  * Prepare for 0.6.3 release (#1515)
@ -949,7 +968,7 @@ Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
  * Fixed bug in CSS (#1337)

 -------------------------------------------------------------------
-Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.2~git0.8dd598b2:
  * Update ese parser to fix timestamp bug
@ -969,7 +988,7 @@ Thu Jan  6 21:50:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Remove dependencies on nodejs since we don't use it in client mode.

 -------------------------------------------------------------------
-Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
+Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.2~git73.dc02b45e:
  * Update PrivateKeys.yaml (#1459)
--- a/velociraptor-client.service
+++ b/velociraptor-client.service
@ -16,6 +16,7 @@ ProtectKernelTunables=true
 ProtectKernelModules=true
 ProtectControlGroups=true
 MemoryDenyWriteExecute=true
+Restart=on-failure

 [Install]
 WantedBy=multi-user.target
--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -19,8 +19,14 @@
 %define vendor_version 0.6.7.4~git41.678ed56
 %define vmlinux_h_version 5.14.21150400.22-150400-default

+%if 0%{?suse_version} >= 1500
+%bcond_without bpf
+%else
+%bcond_with bpf
+%endif
+
 Name:           velociraptor-client
-Version:        0.6.7.4~git46.5d88d80
+Version:        0.6.7.4~git51.a588d6e4
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)
 Group:		System/Monitoring
@ -34,21 +40,22 @@ Source4:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source5:	update-vendoring.sh
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
-Patch4:		libbpfgo-i386.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
-BuildRequires:  golang(API) >= 1.18
+BuildRequires:  golang(API) >= 1.19
 BuildRequires:  fileb0x
 BuildRequires:  mage
 %ifarch x86_64
 BuildRequires:  libtsan0
 %endif
-BuildRequires:  clang13
-BuildRequires:  llvm13
+%if %{with bpf}
+BuildRequires:  clang >= 13
+BuildRequires:  llvm >= 13
 BuildRequires:  bpftool
 BuildRequires:	libelf-devel
 BuildRequires:	zlib-devel-static
+%endif
 Conflicts:      velociraptor
 ExclusiveArch:	x86_64 ppc64le aarch64 s390x

@ -71,10 +78,12 @@ install the 'velociraptor' package.
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go

+%if %{with bpf}
 mkdir -p third_party/libbpfgo/output

 cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
   third_party/libbpfgo/output/vmlinux.h
+%endif

 # These just clutter the GUI and we don't have Windows clients
 # Note: There are dependencies on these that need to be resolved before
@ -82,7 +91,7 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
 # rm -rf artifacts/definitions/Windows

 %build
-PATH=$PATH:/usr/sbin make linux_bare
+PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}

 %install
 mkdir -p %buildroot/%{_bindir}
@ -94,7 +103,6 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config

 %files
-%defattr(-,root,root)
 %license LICENSE
 %doc README.md
 %dir %{_sysconfdir}/velociraptor
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,11 +1,25 @@
 -------------------------------------------------------------------
-Wed Jan 18 15:50:02 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+Thu Jan 19 01:01:09 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x                     
-  Neither the client or server builds on ix86.
+- Clean up for Factory submission:
+  - Make bpf-enabled builds conditional
+  - Removed %defattr and combined service lines.
+  - Change clang and llvm dependencies to use >= 13
+  - Newer versions of clang hit a DWARF parsing bug in go < 1.19,
+    so increase go version dependecy
+  - Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
+    Neither the client or server builds on ix86.

 -------------------------------------------------------------------
-Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
+Mon Dec 12 20:03:23 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
+
+- Update to version 0.6.7.4~git51.a588d6e4:
+  * magefile.go: use current architecture for Linux builds
+  * Update libbpfgo submodule to include non-AMD64 build fixes
+  * bpf: bpf expects s390 instead of s390x
+
+-------------------------------------------------------------------
+Wed Dec 07 04:21:36 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git46.5d88d80:
  * contrib/kafka-humio-gateway: add new debug option for noisy events
@ -15,7 +29,7 @@ Wed Dec 07 04:21:36 UTC 2022 - jeffm@suse.com
  * vql/server/kafka: set appropriate ClientID

 -------------------------------------------------------------------
-Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
+Wed Dec 07 02:49:56 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git41.678ed56:
  * rpm: introduce rpm vql plugin
@ -63,7 +77,7 @@ Wed Dec 07 02:49:56 UTC 2022 - jeffm@suse.com
  * Bugfix: When org is not specified this JS code raised (#2315) (#2316)

 -------------------------------------------------------------------
-Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
+Tue Dec 06 21:53:43 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.3~git41.fa6afa7:
  * rpm: introduce rpm vql plugin
@ -414,7 +428,7 @@ Tue Dec 06 21:53:43 UTC 2022 - jeffm@suse.com
  * Update FilenameSearch.yaml (#1741)

 -------------------------------------------------------------------
-Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
+Fri Nov 11 21:12:02 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git86.b5931f7:
  * cleanup: go mod tidy
@ -423,7 +437,7 @@ Fri Nov 11 21:12:02 UTC 2022 - jeffm@suse.com
 - Only attempt to copy vmlinux.h if /sys/kernel/btf/vmlinux doesn't exist

 -------------------------------------------------------------------
-Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:13:00 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git84.1b38fda:
  * Clean up libbpfgo mess
@ -440,7 +454,7 @@ Fri Nov 11 20:13:00 UTC 2022 - jeffm@suse.com
  * SSHLogin: require _TRANSPORT != 'kernel' from watch_journal()

 -------------------------------------------------------------------
-Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
+Fri Nov 11 20:08:20 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git67.85b608e:
  * clients/host-info.js: add MAC addresses to client dashboard
@ -470,13 +484,13 @@ Fri Nov 11 20:08:20 UTC 2022 - jeffm@suse.com
  * shell-viewer: default to Bash on non-Windows clients

 -------------------------------------------------------------------
-Thu Nov 10 15:22:27 UTC 2022 - jeffm@suse.com
+Thu Nov 10 15:22:27 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git70.b7df8172:
  * file_store: handle watching artifacts with named sources

 -------------------------------------------------------------------
-Thu Sep 29 14:16:05 UTC 2022 - jeffm@suse.com
+Thu Sep 29 14:16:05 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git68.5226b23b:
  * api/authenticators/basic: fix logoff endpoint
@ -493,13 +507,13 @@ Fri Aug 19 21:07:15 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Fixed update-vendoring script to use an independent go module cache.

 -------------------------------------------------------------------
-Fri Aug 19 01:59:35 UTC 2022 - jeffm@suse.com
+Fri Aug 19 01:59:35 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git59.5ebb49db:
  * api/authenticators: fix handling of missing oauthstate cookie for OAUTH2

 -------------------------------------------------------------------
-Thu Aug 11 19:40:21 UTC 2022 - jeffm@suse.com
+Thu Aug 11 19:40:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git57.fcb11adf:
  * kafka-humio-gateway: add sample config file
@ -515,7 +529,7 @@ Fri Jul 15 02:24:03 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Add vmlinux.h from 5.18.9-2-default to provide type information (x86_64 only)

 -------------------------------------------------------------------
-Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
+Fri Jul 15 00:00:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4.2~git56.47b4adb4:
  * Updating the NewFiles and ProcessStatuses Artifacts
@ -538,7 +552,7 @@ Fri Jul 15 00:00:39 UTC 2022 - jeffm@suse.com
  * shell-viewer: default to Bash on non-Windows clients

 -------------------------------------------------------------------
-Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
+Thu May 12 20:15:26 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to upstream 0.6.4-2:
  * Reset nanny when client connection failed. (#1780)
@ -561,7 +575,7 @@ Thu May 12 20:15:26 UTC 2022 - jeffm@suse.com
 - Revendored dependencies.

 -------------------------------------------------------------------
-Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
+Thu May 12 17:54:31 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4~git31.4298eab0:
  * Elastic.Events.Client: Update to use new artifactset type
@ -570,7 +584,7 @@ Thu May 12 17:54:31 UTC 2022 - jeffm@suse.com
  * api: add type and description fields to v1/GetArtifacts endpoint

 -------------------------------------------------------------------
-Thu May 12 13:30:42 UTC 2022 - jeffm@suse.com
+Thu May 12 13:30:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.4~git26.4407b9b7:
  * Add artifact for chattrsnoop plugin
@ -756,7 +770,7 @@ Tue May  3 13:45:09 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
  * fix APIConfigLoader not applying command line args (#1463)

 -------------------------------------------------------------------
-Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
+Mon May 02 14:55:07 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Resync with git repository:
  * Add artifact to monitor user group updates (#24)
@ -765,13 +779,13 @@ Mon May 02 14:55:07 UTC 2022 - jeffm@suse.com
  * Add custom artifacts for login and logout attempts recorded by auditd

 -------------------------------------------------------------------
-Fri Mar 18 14:12:59 UTC 2022 - jeffm@suse.com
+Fri Mar 18 14:12:59 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git19.640f7a1c:
  * Add tcpsnoop plugin

 -------------------------------------------------------------------
-Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
+Tue Mar 15 13:31:21 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git17.741ebb59:
  * kafka-humio-gateway: update README.md
@ -779,7 +793,7 @@ Tue Mar 15 13:31:21 UTC 2022 - jeffm@suse.com
  * Add Kafka-Humio Gateway [Depends on PR#10] (#8)

 -------------------------------------------------------------------
-Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
+Tue Mar 15 01:04:29 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git13.af7fdb00:
  * SUSE: Add SSHLogin artifacts
@ -788,7 +802,7 @@ Tue Mar 15 01:04:29 UTC 2022 - jeffm@suse.com
  * Add systemd-dev as build dependency for github workflow

 -------------------------------------------------------------------
-Fri Feb 18 00:52:01 UTC 2022 - jeffm@suse.com
+Fri Feb 18 00:52:01 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git6.d95ed32e:
  * Update the Linux.Events.SSHLogin artifact to scan the systemd journal
@ -815,7 +829,7 @@ Wed Feb  2 18:10:19 UTC 2022 - Jeff Mahoney <jeffm@suse.com>
 - Added systemd unit file and placeholder config file.

 -------------------------------------------------------------------
-Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:33:45 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.3~git0.69e0fffa:
  * Prepare for 0.6.3 release (#1515)
@ -934,7 +948,7 @@ Thu Jan 27 17:33:45 UTC 2022 - jeffm@suse.com
  * Fixed bug in CSS (#1337)

 -------------------------------------------------------------------
-Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
+Thu Jan 27 17:27:42 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.2~git0.8dd598b2:
  * Update ese parser to fix timestamp bug
@ -949,7 +963,7 @@ Thu Jan 27 17:27:42 UTC 2022 - jeffm@suse.com
  * Propagate column types from artifact to flow notebook. (#1346)

 -------------------------------------------------------------------
-Thu Jan 06 20:14:39 UTC 2022 - jeffm@suse.com
+Thu Jan 06 20:14:39 UTC 2022 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.2~git73.dc02b45e:
  * Update PrivateKeys.yaml (#1459)
--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.7.4~git46.5d88d80
-mtime: 1670386624
-commit: 5d88d8095b52fea3fd0c30ad1f8673ffabd1d63c
+version: 0.6.7.4~git51.a588d6e4
+mtime: 1670873734
+commit: a588d6e4e6191afe15dc0755fe1562cadd7af636
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -19,8 +19,14 @@
 %define vendor_version 0.6.7.4~git41.678ed56
 %define vmlinux_h_version 5.14.21150400.22-150400-default

+%if 0%{?suse_version} >= 1500
+%bcond_without bpf
+%else
+%bcond_with bpf
+%endif
+
 Name:           velociraptor
-Version:        0.6.7.4~git46.5d88d80
+Version:        0.6.7.4~git51.a588d6e4
 Release:        0
 Summary:	Endpoint visibility and collection tool
 Group:		System/Monitoring
@ -38,11 +44,10 @@ Source8:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source9:	update-vendoring.sh
 Patch1:		velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
-Patch4:		libbpfgo-i386.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  systemd-devel
-BuildRequires:  golang(API) >= 1.18
+BuildRequires:  golang(API) >= 1.19
 BuildRequires:	fileb0x
 BuildRequires:	mage
 %ifarch x86_64
@ -50,11 +55,13 @@ BuildRequires:	libtsan0
 %endif
 BuildRequires:	nodejs >= 16
 BuildRequires:	npm >= 16
-BuildRequires:  clang13
-BuildRequires:  llvm13
+%if %{with bpf}
+BuildRequires:  clang >= 13
+BuildRequires:  llvm >= 13
 BuildRequires:  bpftool
 BuildRequires:	libelf-devel
 BuildRequires:	zlib-devel-static
+%endif
 Conflicts:	velociraptor-client
 ExclusiveArch:	x86_64 ppc64le aarch64 s390x

@ -71,7 +78,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.

 %package kafka-humio-gateway
 Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
-Version: 0.6.7.4~git46.5d88d80
+Version: 0.6.7.4~git51.a588d6e4

 %description kafka-humio-gateway
 This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -84,10 +91,12 @@ and post them to a Humio cluster.
 # Set the version to something more specific than <next-tag>-dev
 sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go

+%if %{with bpf}
 mkdir -p third_party/libbpfgo/output

 cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
   third_party/libbpfgo/output/vmlinux.h
+%endif

 # These just clutter the GUI and we don't have Windows clients
 # Note: There are dependencies on these that need to be resolved before
@ -96,7 +105,7 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \

 %build
 (cd gui/velociraptor ; npm run build)
-PATH=$PATH:/usr/sbin make linux
+PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf}

 (cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)

@ -117,7 +126,6 @@ install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service
 install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config

 %files
-%defattr(-, root, root)
 %license LICENSE
 %doc README.md
 %dir %{_sysconfdir}/velociraptor
@ -132,7 +140,6 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %dir %{_sharedstatedir}/velociraptor-client

 %files kafka-humio-gateway
-%defattr(-, root, root)
 %license LICENSE
 %doc contrib/kafka-humio-gateway/README.md
 %{_bindir}/%{name}-kafka-humio-gateway
@ -140,19 +147,15 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %{_datadir}/%{name}-kafka-humio-gateway/sample-config.yml

 %pre
-%service_add_pre %{name}.service
-%service_add_pre %{name}-client.service
+%service_add_pre %{name}.service %{name}-client.service

 %post
-%service_add_post %{name}.service
-%service_add_post %{name}-client.service
+%service_add_post %{name}.service %{name}-client.service

 %preun
-%service_del_preun %{name}.service
-%service_del_preun %{name}-client.service
+%service_del_preun %{name}.service %{name}-client.service

 %postun
-%service_del_postun %{name}.service
-%service_del_postun %{name}-client.service
+%service_del_postun %{name}.service %{name}-client.service

 %changelog