# # spec file for package velociraptor # # Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define projname velociraptor %define vendor_version 0.6.4.2~git56.47b4adb4 %define vmlinux_h_version 5.18.9-2-default Name: velociraptor-client Version: 0.6.4.2~git59.5ebb49db Release: 0 Summary: Endpoint visibility and collection tool (endpoint only) Group: System/Monitoring License: AGPL-3.0-only URL: https://github.com/Velocidex/velociraptor Source: %{projname}-%{version}.tar.xz Source1: vendor-golang-%{vendor_version}.tar.xz Source2: %{name}.service Source3: %{name}.config.placeholder Source4: vmlinux.h-%{vmlinux_h_version}.tar.xz Patch1: velociraptor-golang-mage-vendoring.diff Patch2: velociraptor-skip-git-submodule-import-for-OBS-build.patch Patch3: velociraptor-makefile-add-bpf-rules-to-linux_bare.patch Patch4: make-libbpfgo-vendorable.patch BuildRequires: golang-packaging BuildRequires: systemd-rpm-macros BuildRequires: systemd-devel # We actually only require >= 1.17 BuildRequires: golang(API) = 1.17 BuildRequires: fileb0x BuildRequires: mage BuildRequires: libtsan0 BuildRequires: clang13 BuildRequires: llvm13 BuildRequires: bpftool BuildRequires: libelf-devel Conflicts: velociraptor %description Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://docs.velociraptor.app/ This package contains only the endpoint agent. For the full console, please install the 'velociraptor' package. %prep %setup -q -a 1 -a 4 -n %{projname}-%{version} %autopatch -p1 # Without this, the libbpfgo tests want to vendor the external version rm -rf third_party/libbpfgo/selftest third_party/libbpfgo/helpers/example_tracelisten_test.go # Set the version to something more specific than -dev sed -ie "s/\(VERSION *= \).*/\1 \"%{version}\"/" constants/constants.go mkdir -p third_party/libbpfgo/output cp vmlinux.h-%{vmlinux_h_version}/vmlinux-%{_arch}.h \ third_party/libbpfgo/output/vmlinux.h # These just clutter the GUI and we don't have Windows clients # Note: There are dependencies on these that need to be resolved before # removing them outright. # rm -rf artifacts/definitions/Windows %build PATH=$PATH:/usr/sbin make linux_bare %install mkdir -p %buildroot/%{_bindir} mkdir -p %buildroot/%{_sysconfdir}/velociraptor mkdir -p %buildroot/%{_unitdir} mkdir -p %buildroot/%{_sharedstatedir}/velociraptor-client install -m 0755 output/velociraptor-v%{version}-linux-* %buildroot/%{_bindir}/velociraptor install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service install -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/velociraptor/client.config %files %defattr(-,root,root) %license LICENSE %doc README.md %dir %{_sysconfdir}/velociraptor %{_bindir}/velociraptor %config(noreplace) %{_sysconfdir}/velociraptor/client.config %{_unitdir}/%{name}.service %dir %{_sharedstatedir}/velociraptor-client %pre %service_add_pre %{name}.service %post %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service %changelog