Accepting request 1085596 from home:jeff_mahoney:branches:security:sensor:updates

- Provide sysuser template for velociraptor user and group. OBS-URL: https://build.opensuse.org/request/show/1085596 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=48
2023-05-09 02:00:49 +00:00 · 2023-05-09 02:00:49 +00:00 · c313187484
commit c313187484
parent f537d3a99b
3 changed files with 40 additions and 9 deletions
--- a/system-user-velociraptor.sysusers
+++ b/system-user-velociraptor.sysusers
@ -0,0 +1,2 @@
+u velociraptor - "Velociraptor User" /var/lib/velociraptor
+g velociraptor - -
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue May  9 01:25:01 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
+
+- Provide sysuser template for velociraptor user and group.
+
 -------------------------------------------------------------------
 Mon May 08 20:21:03 UTC 2023 - jeffm@suse.com

--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -83,9 +83,10 @@ Source9:        update-vendoring.sh
 Source10:       sysconfig.velociraptor
 Source11:       sysconfig.velociraptor-client
 Source12:       %{projname}.obsinfo
-Source13:       velociraptor-kafka.sysusers
-Source14:       velociraptor-kafka-humio-gateway.service
-Source15:       sysconfig.velociraptor-kafka-humio-gateway
+Source13:       system-user-velociraptor.sysusers
+Source14:       velociraptor-kafka.sysusers
+Source15:       velociraptor-kafka-humio-gateway.service
+Source16:       sysconfig.velociraptor-kafka-humio-gateway
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:         vendor-build-fixes-for-SLE12.patch
 Patch3:         sdjournal-build-fix-for-SLE12.patch
@ -112,7 +113,7 @@ BuildRequires:  zlib-devel
 Requires:       group(velociraptor)
 Requires:       user(velociraptor)
 ExclusiveArch:  x86_64 ppc64le aarch64 s390x
-%if %{build_kafka_humio_gateway}
+%if %{build_server}
 BuildRequires:  sysuser-tools
 %{?sysusers_requires}
 %endif
@ -128,6 +129,18 @@ https://docs.velociraptor.app/

 This package contains the velociraptor server and full console GUI.
 For just the endpoint agent, please install the 'velociraptor-client' package.
+
+%package -n system-user-velociraptor
+Summary:        System user and group 'velociraptor'
+Version:        1.0.0
+License:        Apache-2.0
+Group:          System/Monitoring
+Provides:       group(velociraptor)
+Provides:       user(velociraptor)
+
+%description -n system-user-velociraptor
+This package provides a shared system user for all velociraptor components
+
 %endif

 %if %{build_kafka_humio_gateway}
@ -185,13 +198,14 @@ export VELOCIRAPTOR_GIT_HEAD=$git_commit

 %if %{build_server}
 (cd gui/velociraptor ; npm run build)
+%sysusers_generate_pre %{SOURCE13} velociraptor-user
 %endif

 make %{make_target} BUILD_LIBBPFGO=%{with bpf} GIT=echo

 %if %{build_kafka_humio_gateway}
 (cd contrib/kafka-humio-gateway; go build -o %{name}-kafka-humio-gateway)
-%sysusers_generate_pre %{SOURCE13} user
+%sysusers_generate_pre %{SOURCE16} kafka-user
 %endif

 %install
@ -205,6 +219,8 @@ service_file_source=%{SOURCE5}
 config_file_source=%{SOURCE6}
 sysconfig_file_source=%{SOURCE10}
 config_file=server.config
+
+install -D -m 0644 %{SOURCE13} %{buildroot}%{_sysusersdir}/system-user-velociraptor.conf
 %else
 service_file_source=%{SOURCE7}
 config_file_source=%{SOURCE8}
@ -218,12 +234,12 @@ install -D -m 0640 "$config_file_source" "%{buildroot}%{_sysconfdir}/velocirapto
 install -D -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/%{name}

 %if %{build_kafka_humio_gateway}
-install -D -m 0644 %{SOURCE14} %{buildroot}%{_unitdir}/
-install -D -m 0644 %{SOURCE15} %{buildroot}%{_fillupdir}/
+install -D -m 0644 %{SOURCE15} %{buildroot}%{_unitdir}/
+install -D -m 0644 %{SOURCE16} %{buildroot}%{_fillupdir}/
 install -D -m 0755 contrib/kafka-humio-gateway/velociraptor-kafka-humio-gateway %buildroot/%{_bindir}
 install -D -m 0644 contrib/kafka-humio-gateway/sample-config.yml \
 		   %buildroot/%{_datadir}/velociraptor-kafka-humio-gateway/sample-config.yml
-install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/velociraptor-kafka.conf
+install -D -m 0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/velociraptor-kafka.conf
 install -D -d -m 0750 %{buildroot}%{_sysconfdir}/velociraptor-kafka-humio-gateway
 install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
 		   %buildroot/%{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml
@ -258,6 +274,14 @@ install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
 %postun
 %service_del_postun %{name}.service

+%if %{build_server}
+%pre -n system-user-velociraptor -f velociraptor-user.pre
+
+%files -n system-user-velociraptor
+%defattr(-, root, root)
+%{_sysusersdir}/system-user-velociraptor.conf
+%endif
+
 %if %{build_kafka_humio_gateway}
 %files kafka-humio-gateway
 %defattr(-, root, root)
@ -272,7 +296,7 @@ install -D -m 0640 contrib/kafka-humio-gateway/sample-config.yml \
 %dir %attr(750, root, velociraptor-kafka) %{_sysconfdir}/velociraptor-kafka-humio-gateway
 %config(noreplace) %attr(0640, root, velociraptor-kafka) %{_sysconfdir}/velociraptor-kafka-humio-gateway/transport.yml

-%pre kafka-humio-gateway -f user.pre
+%pre kafka-humio-gateway -f kafka-user.pre
 %service_add_pre velociraptor-kafka-humio-gateway.service

 %post kafka-humio-gateway