Accepting request 1060929 from home:jeff_mahoney:branches:security:sensor

- Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo - Use obsinfo mtime to produce stable build timestamp (bsc#1207369). - Update to version 0.6.7.4~git60.8abed37a: * http_comms: create ring buffer temporary file in the same directory * cronsnoop: plumb in real scope logging * cronsnoop: don't treat routine errors as fatal * cronsnoop: fix typo OBS-URL: https://build.opensuse.org/request/show/1060929 OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=41
2023-01-25 13:29:03 +00:00 · 2023-01-25 13:29:03 +00:00 · d5a3e31f79
commit d5a3e31f79
parent a66ed310ea
10 changed files with 88 additions and 16 deletions
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <services>
  <service mode="manual" name="obs_scm">
-    <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
+    <param name="url">https://github.com/SUSE/linux-security-sensor</param>
    <param name="filename">velociraptor</param>
    <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
    <param name="revision">sensor-base-0.6.7</param>
--- a/2
+++ b/2
@ -3,4 +3,4 @@
                <param name="url">https://github.com/jeffmahoney/linux-security-sensor</param>
              <param name="changesrevision">0e858552af3d6ab57bae796cc3e50ccef36b4aff</param></service><service name="tar_scm">
                <param name="url">https://github.com/SUSE/linux-security-sensor</param>
-              <param name="changesrevision">b5931f73eb6c171a558d09d4ef8b3d4d7292d519</param></service></servicedata>
+              <param name="changesrevision">8abed37a6dd7d02c637e2c0307b41b05e8e25570</param></service></servicedata>
--- a/velociraptor-0.6.7.4~git53.0e85855.obscpio
+++ b/velociraptor-0.6.7.4~git53.0e85855.obscpio
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9fb0aab829afab06e59851f025e2024d4266e0f19bc8180caad8dc050656cdc8
 size 127591950
--- a/velociraptor-0.6.7.4~git60.8abed37a.obscpio
+++ b/velociraptor-0.6.7.4~git60.8abed37a.obscpio
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:6434dbc0f203b5bdc29078c70bad621562bd9500fad99f348b2afc9809a3a29f
 size 127596046
--- a/velociraptor-client.changes
+++ b/velociraptor-client.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
 - Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
 -------------------------------------------------------------------
 Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com
 - Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo
 -------------------------------------------------------------------
 Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
@ -31,11 +45,6 @@ Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
 - add memory limit to systemd unit
 ---------------------------------------------------------------------
 Fri Jan 20 16:37:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
 - add memory limit to systemd unit
 ---------------------------------------------------------------------
 Thu Jan 19 15:17:22 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
--- a/velociraptor-client.spec
+++ b/velociraptor-client.spec
@ -40,7 +40,7 @@
 %endif
 Name:           velociraptor-client
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git60.8abed37a
 Release:        0
 Summary:        Endpoint visibility and collection tool (endpoint only)
 Group:          System/Monitoring
@ -53,10 +53,12 @@ Source3:        %{name}.config.placeholder
 Source4:        vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source5:        update-vendoring.sh
 Source6:        sysconfig.%{name}
 Source7:        %{projname}.obsinfo
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:         velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:         vendor-build-fixes-for-SLE12.patch
 Patch4:         sdjournal-build-fix-for-SLE12.patch
 Patch5:         velociraptor-reproducible-timestamp.diff
 BuildRequires:  fileb0x
 BuildRequires:  golang-packaging
 BuildRequires:  mage
@ -107,6 +109,14 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
 # rm -rf artifacts/definitions/Windows
 %build
 # Reproductible builds need stable timestamps
 timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE7}|sed -e 's/mtime: //'))
 git_commit=$(grep commit: %{SOURCE7}|sed -e 's/commit: //g')
 export VELOCIRAPTOR_BUILD_TIME=$timestamp
 export VELOCIRAPTOR_GIT_HEAD=$git_commit
 PATH=$PATH:/usr/sbin make linux_bare BUILD_LIBBPFGO=%{with bpf}
 %install
--- a/velociraptor-reproducible-timestamp.diff
+++ b/velociraptor-reproducible-timestamp.diff
@ -0,0 +1,30 @@
 From: Jeff Mahoney <jeffm@suse.com>
 Subject: magefile: use stable timestamps for build
 In order to create reprodicible builds, we can't have timestamps that vary
 without anything else changing.
 diff --git a/magefile.go b/magefile.go
 index 16badc2b..76011657 100644
 --- a/magefile.go
 +++ b/magefile.go
@@ -428,10 +428,18 @@ func build_gui_files() error {
 }
 func flags() string {
 -	timestamp := time.Now().Format(time.RFC3339)
 +	timestamp := os.Getenv("VELOCIRAPTOR_BUILD_TIME")
 +	if timestamp == "" {
 +		timestamp = time.Now().Format(time.RFC3339)
 +	}
 	flags := fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.build_time=%s"`, timestamp)
 -	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, hash())
 +	head := os.Getenv("VELOCIRAPTOR_GIT_HEAD")
 +	if head == "" {
 +		head = hash()
 +	}
 +
 +	flags += fmt.Sprintf(` -X "www.velocidex.com/golang/velociraptor/config.commit_hash=%s"`, head)
 	// If we are running on the CI pipeline we need to know the run
 	// number and URL so we can report them.
--- a/velociraptor.changes
+++ b/velociraptor.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Tue Jan 24 20:57:08 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
 - Use obsinfo mtime to produce stable build timestamp (bsc#1207369).
 -------------------------------------------------------------------
 Tue Jan 24 15:07:09 UTC 2023 - jeffm@suse.com
 - Update to version 0.6.7.4~git60.8abed37a:
  * http_comms: create ring buffer temporary file in the same directory
  * cronsnoop: plumb in real scope logging
  * cronsnoop: don't treat routine errors as fatal
  * cronsnoop: fix typo
 -------------------------------------------------------------------
 Sat Jan 21 04:07:38 UTC 2023 - Jeff Mahoney <jeffm@suse.com>
--- a/velociraptor.obsinfo
+++ b/velociraptor.obsinfo
@ -1,4 +1,4 @@
 name: velociraptor
-version: 0.6.7.4~git53.0e85855
+version: 0.6.7.4~git60.8abed37a
-mtime: 1674098741
+mtime: 1674570307
-commit: 0e858552af3d6ab57bae796cc3e50ccef36b4aff
+commit: 8abed37a6dd7d02c637e2c0307b41b05e8e25570
--- a/velociraptor.spec
+++ b/velociraptor.spec
@ -40,7 +40,7 @@
 %endif
 Name:           velociraptor
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git60.8abed37a
 Release:        0
 Summary:        Endpoint visibility and collection tool
 Group:          System/Monitoring
@ -58,6 +58,7 @@ Source8:        vmlinux.h-%{vmlinux_h_version}.tar.xz
 Source9:        update-vendoring.sh
 Source10:       sysconfig.%{name}
 Source11:       sysconfig.%{name}-client
 Source12:       %{projname}.obsinfo
 Patch1:         velociraptor-golang-mage-vendoring.diff
 Patch2:         velociraptor-skip-git-submodule-import-for-OBS-build.patch
 Patch3:         vendor-build-fixes-for-SLE12.patch
@ -96,7 +97,7 @@ For just the endpoint agent, please install the 'velociraptor-client' package.
 %package kafka-humio-gateway
 Summary:        Gateway between Kafka and Humio for Velociraptor Artifacts
-Version:        0.6.7.4~git53.0e85855
+Version:        0.6.7.4~git60.8abed37a
 %description kafka-humio-gateway
 This tool is used to consume events generated by the Kafka Velociraptor plugin
@ -122,6 +123,14 @@ cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \
 # rm -rf artifacts/definitions/Windows
 %build
 # Reproductible builds need stable timestamps
 timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE12}|sed -e 's/mtime: //'))
 git_commit=$(grep commit: %{SOURCE12}|sed -e 's/commit: //g')
 export VELOCIRAPTOR_BUILD_TIME=$timestamp
 export VELOCIRAPTOR_GIT_HEAD=$git_commit
 (cd gui/velociraptor ; npm run build)
 PATH=$PATH:/usr/sbin make linux BUILD_LIBBPFGO=%{with bpf}