rpm/velociraptor
SHA256
1
0
Fork 0
forked from pool/velociraptor
Code Pull Requests Activity

Accepting request 1060080 from security:sensor

Browse Source 
- Fixed release detection to include Tumblweed (forwarded request 1060079 from jeff_mahoney)

OBS-URL: https://build.opensuse.org/request/show/1060080
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/velociraptor?expand=0&rev=2
This commit is contained in:
Dominique Leuenberger 2023-01-21 18:10:27 +00:00 committed by Git OBS Bridge
commit 6404b5dcb9
7 changed files with 298 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
sdjournal-build-fix-for-SLE12.patch Normal file
View File

@ -0,0 +1,18 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: third_party/sdjournal: remove enums missing on SLE-12
The version of systemd on SLE-12 is older and doesn't have these enums. We
don't use them, so it's safe to remove them.
--- a/third_party/sdjournal/journal_linux.go
+++ b/third_party/sdjournal/journal_linux.go
@@ -380,9 +380,6 @@ const (
SD_JOURNAL_RUNTIME_ONLY = int(C.SD_JOURNAL_RUNTIME_ONLY)
SD_JOURNAL_SYSTEM = int(C.SD_JOURNAL_SYSTEM)
SD_JOURNAL_CURRENT_USER = int(C.SD_JOURNAL_CURRENT_USER)
- SD_JOURNAL_OS_ROOT = int(C.SD_JOURNAL_OS_ROOT)
- SD_JOURNAL_ALL_NAMESPACES = int(C.SD_JOURNAL_ALL_NAMESPACES)
- SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE = int(C.SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE)
)
// Journal event constants

38
velociraptor-client.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Fixed release detection to include Tumblweed
-------------------------------------------------------------------
Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Increase required release to enable eBPF to SLE 15 SP2 and
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
and can't easily build llvm13.
-------------------------------------------------------------------
Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Remove dependency on bpftool. We use the vmlinux.h archive
to provide vmlinux.h.
-------------------------------------------------------------------
Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
- vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch
-------------------------------------------------------------------
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add memory limit to systemd unit
---------------------------------------------------------------------
Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add memory limit to systemd unit
--------------------------------------------------------------------- ---------------------------------------------------------------------
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com> Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

2
velociraptor-client.service
View File

@ -6,6 +6,8 @@ Type=simple
User=root User=root
Group=root Group=root
UMask=0027 UMask=0027
MemoryHigh=4G
MemoryMax=8G
EnvironmentFile=-/etc/sysconfig/velociraptor-client EnvironmentFile=-/etc/sysconfig/velociraptor-client
ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS

49
velociraptor-client.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package velociraptor # spec file for package velociraptor-client
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -15,51 +15,66 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
%define projname velociraptor %define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56 %define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default %define vmlinux_h_version 5.14.21150400.22-150400-default
%if 0%{?suse_version} >= 1500 # SLE 15 SP2 / Leap 15.2 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf %bcond_without bpf
%else %else
%bcond_with bpf %bcond_with bpf
%endif %endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# SLE12 has _sharedstatedir in an odd place
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
%define _sharedstatedir /var/lib
%endif
Name: velociraptor-client Name: velociraptor-client
Version: 0.6.7.4~git53.0e85855 Version: 0.6.7.4~git53.0e85855
Release: 0 Release: 0
Summary: Endpoint visibility and collection tool (endpoint only) Summary: Endpoint visibility and collection tool (endpoint only)
Group: System/Monitoring Group: System/Monitoring
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor URL: https://github.com/Velocidex/velociraptor
Source: %{projname}-%{version}.tar.xz Source: %{projname}-%{version}.tar.xz
Source1: vendor-golang-%{vendor_version}.tar.xz Source1: vendor-golang-%{vendor_version}.tar.xz
Source2: %{name}.service Source2: %{name}.service
Source3: %{name}.config.placeholder Source3: %{name}.config.placeholder
Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source5: update-vendoring.sh Source5: update-vendoring.sh
Source6: sysconfig.%{name} Source6: sysconfig.%{name}
Patch1: velociraptor-golang-mage-vendoring.diff Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
BuildRequires: golang-packaging Patch3: vendor-build-fixes-for-SLE12.patch
BuildRequires: systemd-rpm-macros Patch4: sdjournal-build-fix-for-SLE12.patch
BuildRequires: pkgconfig(libsystemd)
BuildRequires: golang(API) >= 1.19
BuildRequires: fileb0x BuildRequires: fileb0x
BuildRequires: golang-packaging
BuildRequires: mage BuildRequires: mage
BuildRequires: systemd-rpm-macros
BuildRequires: golang(API) >= 1.19
BuildRequires: pkgconfig(libsystemd)
%ifarch x86_64 %ifarch x86_64
BuildRequires: libtsan0 BuildRequires: libtsan0
%endif %endif
%if %{with bpf} %if %{with bpf}
# clang15 causes libbpfo to crash immediately # clang15 causes libbpfo to crash immediately
BuildRequires: clang13 BuildRequires: clang13
BuildRequires: libelf-devel
BuildRequires: llvm13 BuildRequires: llvm13
BuildRequires: bpftool BuildRequires: zlib-devel-static
BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
%endif %endif
Conflicts: velociraptor Conflicts: velociraptor
ExclusiveArch: x86_64 ppc64le aarch64 s390x ExclusiveArch: x86_64 ppc64le aarch64 s390x
%description %description
Velociraptor is a tool for collecting host based state information Velociraptor is a tool for collecting host based state information
@ -72,7 +87,6 @@ https://docs.velociraptor.app/
This package contains only the endpoint agent. For the full console, please This package contains only the endpoint agent. For the full console, please
install the 'velociraptor' package. install the 'velociraptor' package.
%prep %prep
%setup -q -a 1 -a 4 -n %{projname}-%{version} %setup -q -a 1 -a 4 -n %{projname}-%{version}
%autopatch -p1 %autopatch -p1
@ -107,6 +121,7 @@ install -d -m 755 %{buildroot}%{_fillupdir}
install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir} install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir}
%files %files
%defattr(-, root, root)
%license LICENSE %license LICENSE
%doc README.md %doc README.md
%dir %{_sysconfdir}/velociraptor %dir %{_sysconfdir}/velociraptor

28
velociraptor.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Fixed release detection to include Tumblweed
-------------------------------------------------------------------
Sat Jan 21 02:20:07 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Increase required release to enable eBPF to SLE 15 SP2 and
openSUSE Leap 15.2. Earlier versions don't have a usable eBPF
and can't easily build llvm13.
-------------------------------------------------------------------
Sat Jan 21 01:44:59 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Remove dependency on bpftool. We use the vmlinux.h archive
to provide vmlinux.h.
-------------------------------------------------------------------
Fri Jan 20 20:18:49 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
- Restored %defattr due to SLE12 using rpm-4.11.
- Fix builds in vendor code on SLE12
- Fix build in third_party/sdjournal due to older systemd on SLE12
- Added patches:
- vendor-build-fixes-for-SLE12.patch
- sdjournal-build-fix-for-SLE12.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com> Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

69
velociraptor.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package velociraptor # spec file for package velociraptor
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2023 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -15,58 +15,73 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
%define projname velociraptor %define projname velociraptor
%define vendor_version 0.6.7.4~git41.678ed56 %define vendor_version 0.6.7.4~git41.678ed56
%define vmlinux_h_version 5.14.21150400.22-150400-default %define vmlinux_h_version 5.14.21150400.22-150400-default
%if 0%{?suse_version} >= 1500 # SLE 15 SP2 / Leap 15.2 or newer gets eBPF
# Earlier versions don't have a usable eBPF and the
# release doesn't easily build llvm13
%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150200
%bcond_without bpf %bcond_without bpf
%else %else
%bcond_with bpf %bcond_with bpf
%endif %endif
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
# SLE12 has _sharedstatedir in an odd place
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
%define _sharedstatedir /var/lib
%endif
Name: velociraptor Name: velociraptor
Version: 0.6.7.4~git53.0e85855 Version: 0.6.7.4~git53.0e85855
Release: 0 Release: 0
Summary: Endpoint visibility and collection tool Summary: Endpoint visibility and collection tool
Group: System/Monitoring Group: System/Monitoring
License: AGPL-3.0-only License: AGPL-3.0-only
URL: https://github.com/Velocidex/velociraptor URL: https://github.com/Velocidex/velociraptor
Source: %{projname}-%{version}.tar.xz Source: %{projname}-%{version}.tar.xz
Source1: vendor-golang-%{vendor_version}.tar.xz Source1: vendor-golang-%{vendor_version}.tar.xz
Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz Source2: vendor-golang-kafka-humio-gateway-%{vendor_version}.tar.xz
Source3: vendor-nodejs-%{vendor_version}.tar.xz Source3: vendor-nodejs-%{vendor_version}.tar.xz
Source4: %{name}.service Source4: %{name}.service
Source5: %{name}-server.config.placeholder Source5: %{name}-server.config.placeholder
Source6: %{name}-client.service Source6: %{name}-client.service
Source7: %{name}-client.config.placeholder Source7: %{name}-client.config.placeholder
Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz Source8: vmlinux.h-%{vmlinux_h_version}.tar.xz
Source9: update-vendoring.sh Source9: update-vendoring.sh
Source10: sysconfig.%{name} Source10: sysconfig.%{name}
Source11: sysconfig.%{name}-client Source11: sysconfig.%{name}-client
Patch1: velociraptor-golang-mage-vendoring.diff Patch1: velociraptor-golang-mage-vendoring.diff
Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch
Patch3: vendor-build-fixes-for-SLE12.patch
Patch4: sdjournal-build-fix-for-SLE12.patch
BuildRequires: fileb0x
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: mage
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd)
BuildRequires: golang(API) >= 1.18 BuildRequires: golang(API) >= 1.18
BuildRequires: fileb0x BuildRequires: pkgconfig(libsystemd)
BuildRequires: mage
%ifarch x86_64 %ifarch x86_64
BuildRequires: libtsan0 BuildRequires: libtsan0
%endif %endif
BuildRequires: nodejs >= 16 BuildRequires: nodejs >= 16
BuildRequires: npm >= 16 BuildRequires: npm >= 16
%if %{with bpf} %if %{with bpf}
# clang15 causes libbpfo to crash immediately # clang15 causes libbpfo to crash immediately
BuildRequires: clang13 BuildRequires: clang13
BuildRequires: libelf-devel
BuildRequires: llvm13 BuildRequires: llvm13
BuildRequires: bpftool BuildRequires: zlib-devel-static
BuildRequires: libelf-devel
BuildRequires: zlib-devel-static
%endif %endif
Conflicts: velociraptor-client Conflicts: velociraptor-client
ExclusiveArch: x86_64 ppc64le aarch64 s390x ExclusiveArch: x86_64 ppc64le aarch64 s390x
%description %description
Velociraptor is a tool for collecting host based state information Velociraptor is a tool for collecting host based state information
@ -80,8 +95,8 @@ This package contains the endpoint agent and full console GUI.
For just the endpoint agent, please install the 'velociraptor-client' package. For just the endpoint agent, please install the 'velociraptor-client' package.
%package kafka-humio-gateway %package kafka-humio-gateway
Summary: Gateway between Kafka and Humio for Velociraptor Artifacts Summary: Gateway between Kafka and Humio for Velociraptor Artifacts
Version: 0.6.7.4~git53.0e85855 Version: 0.6.7.4~git53.0e85855
%description kafka-humio-gateway %description kafka-humio-gateway
This tool is used to consume events generated by the Kafka Velociraptor plugin This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -132,6 +147,7 @@ install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}
install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir} install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}
%files %files
%defattr(-, root, root)
%license LICENSE %license LICENSE
%doc README.md %doc README.md
%dir %{_sysconfdir}/velociraptor %dir %{_sysconfdir}/velociraptor
@ -148,6 +164,7 @@ install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}
%{_fillupdir}/sysconfig.%{name}-client %{_fillupdir}/sysconfig.%{name}-client
%files kafka-humio-gateway %files kafka-humio-gateway
%defattr(-, root, root)
%license LICENSE %license LICENSE
%doc contrib/kafka-humio-gateway/README.md %doc contrib/kafka-humio-gateway/README.md
%{_bindir}/%{name}-kafka-humio-gateway %{_bindir}/%{name}-kafka-humio-gateway

137
vendor-build-fixes-for-SLE12.patch Normal file
View File

@ -0,0 +1,137 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: vendor: build fixes for SLE-12
SLE-12 uses gcc 4.8 and as a result requires definition
of _GNU_SOURCE and -std=c99 to build properly.
--- a/vendor/github.com/Velocidex/go-magic/magic/magic.go
+++ b/vendor/github.com/Velocidex/go-magic/magic/magic.go
@@ -1,7 +1,7 @@
package magic
/*
- #cgo CFLAGS: -DHAVE_CONFIG_H
+ #cgo CFLAGS: -DHAVE_CONFIG_H -std=c99 -D_GNU_SOURCE -DHAVE_STRNDUP
#include <magic.h>
#include <stdlib.h>
*/
--- a/vendor/github.com/Velocidex/go-magic/magic/regex.c
+++ b/vendor/github.com/Velocidex/go-magic/magic/regex.c
@@ -24,8 +24,6 @@
#pragma alloca
#endif
-#define _GNU_SOURCE
-
/* We need this for `regex.h', and perhaps for the Emacs include files. */
#include <sys/types.h>
--- a/vendor/github.com/Velocidex/go-yara/cgo.go
+++ b/vendor/github.com/Velocidex/go-yara/cgo.go
@@ -6,6 +6,6 @@
package yara
-// #cgo CFLAGS: -D_FILE_OFFSET_BITS=64
+// #cgo CFLAGS: -D_FILE_OFFSET_BITS=64 -std=c99 -D_GNU_SOURCE
// #cgo LDFLAGS:
import "C"
--- a/vendor/github.com/Velocidex/go-yara/endian.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
-Copyright (c) 2016. The YARA Authors. All Rights Reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice, this
-list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation and/or
-other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its contributors
-may be used to endorse or promote products derived from this software without
-specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-#ifndef YR_ENDIAN_H
-#define YR_ENDIAN_H
-
-#include <yara_integers.h>
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap16)
-#define yr_bswap16(x) __builtin_bswap16(x)
-#endif
-#endif
-
-#if !defined(yr_bswap16) && defined(_MSC_VER)
-#define yr_bswap16(x) _byteswap_ushort(x)
-#endif
-
-#if !defined(yr_bswap16)
-uint16_t _yr_bswap16(uint16_t x);
-#define yr_bswap16(x) _yr_bswap16(x)
-#endif
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap32)
-#define yr_bswap32(x) __builtin_bswap32(x)
-#endif
-#endif
-
-#if !defined(yr_bswap32) && defined(_MSC_VER)
-#define yr_bswap32(x) _byteswap_ulong(x)
-#endif
-
-#if !defined(yr_bswap32)
-uint32_t _yr_bswap32(uint32_t x);
-#define yr_bswap32(x) _yr_bswap32(x)
-#endif
-
-#if defined(__has_builtin)
-#if __has_builtin(__builtin_bswap64)
-#define yr_bswap64(x) __builtin_bswap64(x)
-#endif
-#endif
-
-#if !defined(yr_bswap64) && defined(_MSC_VER)
-#define yr_bswap64(x) _byteswap_uint64(x)
-#endif
-
-#if !defined(yr_bswap64)
-uint64_t _yr_bswap64(uint64_t x);
-#define yr_bswap64(x) _yr_bswap64(x)
-#endif
-
-#if defined(WORDS_BIGENDIAN)
-#define yr_le16toh(x) yr_bswap16(x)
-#define yr_le32toh(x) yr_bswap32(x)
-#define yr_le64toh(x) yr_bswap64(x)
-#define yr_be16toh(x) (x)
-#define yr_be32toh(x) (x)
-#define yr_be64toh(x) (x)
-#else
-#define yr_le16toh(x) (x)
-#define yr_le32toh(x) (x)
-#define yr_le64toh(x) (x)
-#define yr_be16toh(x) yr_bswap16(x)
-#define yr_be32toh(x) yr_bswap32(x)
-#define yr_be64toh(x) yr_bswap64(x)
-#endif
-
-#endif