- Added workaround for missing Maintainers tag in Debian-based packages.
obs-service-format_spec_file strips the Packager tag from the spec file
before committing. The build service replaces it with its own. debbuild
expects the Packager field to be present to generate the Maintainers tag
in the output but it only receives the "cleaned" spec file.
- Added Recommends: auditd
- Technically not *required* but Velociraptor's audit client enables
audit and then listens on the multicast socket. Without a listener
on the unicast socket, the kernel will spam the system log with events.
- Fixed debian packaging:
* /etc/sysconfig -> /etc/default
* %postun for systemd service cleanup
* Note: obs-service-format_spec_file strips the Packager tag that
debbuild uses to generate the Maintainer tag
OBS-URL: https://build.opensuse.org/request/show/1134354
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=59
- Temporarily use the NODE_MODULES BEGIN/END form of the node_modules
service due to a bug in debbuild preventing Debian builds from succeeding.
- Update to version 0.7.0.4.git4.c1b68a5b:
* hash: fix nil pointer dereference panic
* velociraptor: add dummy main function for mage
- Removed patch:
* velociraptor-golang-mage-vendoring.diff
- Switched to using go_modules and node_modules source services
- Eliminated bespoke vendoring scripts.
- Pulled sysuser definition into the velociraptor package.
- Remove PrivateTmp and PrivateDevices settings in velociraptor-client.service (SENS-70)
- Update to version 0.7.0.4.git0.e09a0df8:
* Add additional sanitization to HTML templates on JS side. (#2) (#3077) (CVE-2023-5950)
* vql/linux/sdjournal: Fix open/close lifetimes
* vql/linux/audit: fix shutdown races
* vql/linux/audit: fix goroutine lifetimes
* vql/linux/audit: limit messageQueue to within runService
* vql/linux/audit: add auditService.Log()
* vql/linux/audit: pull parts of shutdown into shutdown watcher
* vql/linux/audit: remove unnecessary error handling for reassembler
* vql/linux/audit: remove unused waitgroup from main event loop
* vql/linux/audit: handle top-level cancelation properly
* vql/linux/audit: make explicit that goroutines in the main errgroup don't return errors
* vql/linux/audit: make stats reporting separate from debug prints
* vql/linux/audit: simplify polling in listener
* vql/linux/audit: tests, check various rule scenarios
* vql/linux/audit: Add more client failure test cases
* vql/linux/audit: Fix audit client lifecycle
OBS-URL: https://build.opensuse.org/request/show/1133905
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=55
- Update to version 0.6.7.5~git78.2bef6fc:
* bpf: fix path to vmlinux.h
- Update to version 0.6.7.5~git77.997aa73:
* file_store/test_utils/server_config.go: update test certificate
* Update bluemonday dependency.
* vql/functions/hash: cache results on Linux
* libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0
* logscale/backport: don't use networking.GetHttpTransport
* vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint
* file_store/directory: add ability to report pending size
- Change clang dependency to clang16
- Fix velociraptor-golang-mage-vendoring.diff to account for newer
'go mod vendor' honoring build flags.
- Fix update-vendoring.sh script to actually run the %setup part of
the spec.
- Merge client package into server spec and use _multibuild to create
client package from same spec file.
- Adjust changelog to retain changes for client package.
- Fix building in static mode on earlier releases.
- Added patch: velociraptor-libbpfgo-only-build-libbpf.patch
- Tightening the security of the services a bit:
- tmp files are now moved to /var/lib/velociraptor{,-client}/tmp
from /tmp
- run velociraptor server as user velociraptor instead of root
we do not really need root permissions here
- introduce /var/lib/velociraptor/filestore to make it easier to
split out large file upload
- change permissions for the data directory and subdirectories to
OBS-URL: https://build.opensuse.org/request/show/1085591
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=46
---------------------------------------------------------------------
- Restore requirement to build with clang13. Newer versions
cause libbpfgo to crash immediately.
-----------------------------------------------------------------
- Added support for setting command line options via sysconfig
- Restore requirement to build with clang13. Newer versions
cause libbpfgo to crash immediately.
- Added support for setting command line options via sysconfig
OBS-URL: https://build.opensuse.org/request/show/1059625
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=32
- Clean up for Factory submission:
- Make bpf-enabled builds conditional
- Removed %defattr and combined service lines.
- Change clang and llvm dependencies to use >= 13
- Newer versions of clang hit a DWARF parsing bug in go < 1.19,
so increase go version dependecy
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
Neither the client or server builds on ix86.
- Added Restart=on-failure to restart the client automatically.
- Update to version 0.6.7.4~git51.a588d6e4:
* magefile.go: use current architecture for Linux builds
* Update libbpfgo submodule to include non-AMD64 build fixes
* bpf: bpf expects s390 instead of s390x
- Clean up for Factory submission:
- Make bpf-enabled builds conditional
- Removed %defattr and combined service lines.
- Change clang and llvm dependencies to use >= 13
- Newer versions of clang hit a DWARF parsing bug in go < 1.19,
so increase go version dependecy
- Define ExclusiveArch for x86_64, ppc64le, aarch64, and s390x
Neither the client or server builds on ix86.
- Update to version 0.6.7.4~git51.a588d6e4:
* magefile.go: use current architecture for Linux builds
* Update libbpfgo submodule to include non-AMD64 build fixes
* bpf: bpf expects s390 instead of s390x
OBS-URL: https://build.opensuse.org/request/show/1059461
OBS-URL: https://build.opensuse.org/package/show/security:sensor/velociraptor?expand=0&rev=30
