Accepting request 1059625 from home:jeff_mahoney:branches:security:sensor

--------------------------------------------------------------------- - Restore requirement to build with clang13. Newer versions cause libbpfgo to crash immediately. ----------------------------------------------------------------- - Added support for setting command line options via sysconfig - Restore requirement to build with clang13. Newer versions cause libbpfgo to crash immediately. - Added support for setting command line options via sysconfig OBS-URL: https://build.opensuse.org/request/show/1059625 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=32
2023-01-19 15:27:12 +00:00 · 2023-01-19 15:27:12 +00:00 · 6fbff8f638
commit 6fbff8f638
parent b77f05d020
8 changed files with 69 additions and 11 deletions
--- a/sysconfig.velociraptor
+++ b/sysconfig.velociraptor
@ -0,0 +1,9 @@
+## Path:        Security/Monitoring
+## Description: Velociraptor server settings
+## Type:        string                                                          
+## Default:     ""
+## ServiceRestart: velociraptor
+#
+# Options for velociraptor
+#
+VELOCIRAPTOR_OPTS=""
--- a/sysconfig.velociraptor-client
+++ b/sysconfig.velociraptor-client
@ -0,0 +1,9 @@
+## Path:        Security/Monitoring
+## Description: Velociraptor client settings
+## Type:        string                                                          
+## Default:     ""
+## ServiceRestart: velociraptor-client
+#
+# Options for velociraptor-client
+#
+VELOCIRAPTOR_CLIENT_OPTS="-v"
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,5 +1,16 @@
+---------------------------------------------------------------------
+Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Restore requirement to build with clang13.  Newer versions
+  cause libbpfgo to crash immediately.
+
+-----------------------------------------------------------------
+Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Added support for setting command line options via sysconfig
+
 -------------------------------------------------------------------
-Thu Jan 19 05:00:55 UTC 2023 - jeffm@suse.com
+Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git53.0e85855:
  * sdjournal: work around missing _SYSTEMD_UNIT fields
--- a/velociraptor-client.service
+++ b/velociraptor-client.service
@ -6,7 +6,8 @@ Type=simple
 User=root
 Group=root
 UMask=0027
-ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config
+EnvironmentFile=-/etc/sysconfig/velociraptor-client
+ExecStart=/usr/bin/velociraptor client --config /etc/velociraptor/client.config $VELOCIRAPTOR_CLIENT_OPTS

 PrivateTmp=true
 PrivateDevices=true
--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -38,11 +38,12 @@ Source2:        %{name}.service
 Source3:        %{name}.config.placeholder
 Source4:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source5:	update-vendoring.sh
+Source6:	sysconfig.%{name}
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
-BuildRequires:  systemd-devel
+BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  golang(API) >= 1.19
 BuildRequires:  fileb0x
 BuildRequires:  mage
@ -50,8 +51,9 @@ BuildRequires:  mage
 BuildRequires:  libtsan0
 %endif
 %if %{with bpf}
-BuildRequires:  clang >= 13
-BuildRequires:  llvm >= 13
+# clang15 causes libbpfo to crash immediately
+BuildRequires:  clang13
+BuildRequires:  llvm13
 BuildRequires:  bpftool
 BuildRequires:	libelf-devel
 BuildRequires:	zlib-devel-static
@ -101,6 +103,8 @@ mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client
 install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor
 install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
+install -d -m 755 %{buildroot}%{_fillupdir}
+install -m 0644 %{SOURCE6} %{buildroot}%{_fillupdir}

 %files
 %license LICENSE
@ -110,11 +114,13 @@ install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %config(noreplace) %{_sysconfdir}/velociraptor/client.config
 %{_unitdir}/%{name}.service
 %dir %{_sharedstatedir}/velociraptor-client
+%{_fillupdir}/sysconfig.%{name}

 %pre
 %service_add_pre %{name}.service

 %post
+%{fillup_only}
 %service_add_post %{name}.service

 %preun
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,5 +1,16 @@
 -------------------------------------------------------------------
-Thu Jan 19 05:00:55 UTC 2023 - jeffm@suse.com
+Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Restore requirement to build with clang13.  Newer versions
+  cause libbpfgo to crash immediately.
+
+-------------------------------------------------------------------
+Thu Jan 19 14:36:42 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Added support for setting command line options via sysconfig
+
+-------------------------------------------------------------------
+Thu Jan 19 05:00:55 UTC 2023 - Jeff Mahoney <jeffm@suse.com>

 - Update to version 0.6.7.4~git53.0e85855:
  * sdjournal: work around missing _SYSTEMD_UNIT fields
--- a/velociraptor.service
+++ b/velociraptor.service
@ -6,7 +6,8 @@ Type=simple
 User=root
 Group=root
 UMask=0027
-ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config
+EnvironmentFile=-/etc/sysconfig/velociraptor
+ExecStart=/usr/bin/velociraptor frontend --verbose --config /etc/velociraptor/server.config $VELOCIRAPTOR_OPTS

 PrivateTmp=true
 PrivateDevices=true
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -42,12 +42,14 @@ Source6:        %{name}-client.service
 Source7:        %{name}-client.config.placeholder
 Source8:	vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source9:	update-vendoring.sh
+Source10:	sysconfig.%{name}
+Source11:	sysconfig.%{name}-client
 Patch1:		velociraptor-golang-mage-vendoring.diff
 Patch2:		velociraptor-skip-git-submodule-import-for-OBS-build.patch
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
-BuildRequires:  systemd-devel
-BuildRequires:  golang(API) >= 1.19
+BuildRequires:	pkgconfig(libsystemd)
+BuildRequires:  golang(API) >= 1.18
 BuildRequires:	fileb0x
 BuildRequires:	mage
 %ifarch x86_64
@ -56,8 +58,9 @@ BuildRequires:	libtsan0
 BuildRequires:	nodejs >= 16
 BuildRequires:	npm >= 16
 %if %{with bpf}
-BuildRequires:  clang >= 13
-BuildRequires:  llvm >= 13
+# clang15 causes libbpfo to crash immediately
+BuildRequires:  clang13
+BuildRequires:  llvm13
 BuildRequires:  bpftool
 BuildRequires:	libelf-devel
 BuildRequires:	zlib-devel-static
@ -124,6 +127,9 @@ install -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/%{name}.service
 install -m 0600 %{SOURCE5} %{buildroot}%{_sysconfdir}/velociraptor/server.config
 install -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-client.service
 install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
+install -d -m 755 %{buildroot}%{_fillupdir}
+install -m 0644 %{SOURCE10} %{buildroot}%{_fillupdir}
+install -m 0644 %{SOURCE11} %{buildroot}%{_fillupdir}

 %files
 %license LICENSE
@ -138,6 +144,8 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %dir %{_sharedstatedir}/velociraptor/data
 %dir %{_sharedstatedir}/velociraptor/logs
 %dir %{_sharedstatedir}/velociraptor-client
+%{_fillupdir}/sysconfig.%{name}
+%{_fillupdir}/sysconfig.%{name}-client

 %files kafka-humio-gateway
 %license LICENSE
@ -150,6 +158,8 @@ install -m 0600 %{SOURCE7} %{buildroot}%{_sysconfdir}/velociraptor/client.config
 %service_add_pre %{name}.service %{name}-client.service

 %post
+%{fillup_only}
+%{fillup_only -s client}
 %service_add_post %{name}.service %{name}-client.service

 %preun