+6

maintainers/maintainer-list.nix

··· 18445 18445 github = "zmitchell"; 18446 18446 githubId = 10246891; 18447 18447 }; 18448 18448 + znewman01 = { 18449 18449 + email = "znewman01@gmail.com"; 18450 18450 + github = "znewman01"; 18451 18451 + githubId = 873857; 18452 18452 + name = "Zack Newman"; 18453 18453 + }; 18448 18454 zoedsoupe = { 18449 18455 github = "zoedsoupe"; 18450 18456 githubId = 44469426;

+25

pkgs/tools/system/osquery/Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch

··· 1 1 + From: Jack Baldry <jack.baldry@grafana.com> 2 2 + Date: Tue, 15 Nov 2022 15:40:31 -0400 3 3 + Subject: [PATCH] Remove circular definition of AUDIT_FILTER_EXCLUDE 4 4 + 5 5 + https://github.com/osquery/osquery/issues/6551 6 6 + 7 7 + Signed-off-by: Jack Baldry <jack.baldry@grafana.com> 8 8 + --- 9 9 + libraries/cmake/source/libaudit/src/lib/libaudit.h | 1 - 10 10 + 1 file changed, 1 deletion(-) 11 11 + 12 12 + diff --git a/libraries/cmake/source/libaudit/src/lib/libaudit.h b/libraries/cmake/source/libaudit/src/libaudit.h 13 13 + --- a/libraries/cmake/source/libaudit/src/lib/libaudit.h 14 14 + +++ b/libraries/cmake/source/libaudit/src/lib/libaudit.h 15 15 + @@ -260,7 +260,6 @@ extern "C" { 16 16 + #define AUDIT_KEY_SEPARATOR 0x01 17 17 + 18 18 + /* These are used in filter control */ 19 19 + -#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE 20 20 + #define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */ 21 21 + #define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */ 22 22 + 23 23 + -- 24 24 + 2.38.1 25 25 +

+37

pkgs/tools/system/osquery/Remove-git-reset.patch

··· 1 1 + From: Jack Baldry <jack.baldry@grafana.com> 2 2 + Date: Tue, 15 Nov 2022 13:48:07 -0400 3 3 + Subject: [PATCH] Remove git reset 4 4 + 5 5 + This is not required for nixpkgs builds because we are not working in 6 6 + the source repository and therefore do not need to be careful about 7 7 + updating submodule content. 8 8 + 9 9 + Signed-off-by: Jack Baldry <jack.baldry@grafana.com> 10 10 + --- 11 11 + libraries/cmake/source/modules/utils.cmake | 11 ----------- 12 12 + 1 file changed, 11 deletions(-) 13 13 + 14 14 + diff --git a/libraries/cmake/source/modules/utils.cmake b/libraries/cmake/source/modules/utils.cmake 15 15 + --- a/libraries/cmake/source/modules/utils.cmake 16 16 + +++ b/libraries/cmake/source/modules/utils.cmake 17 17 + @@ -102,17 +102,6 @@ function(patchSubmoduleSourceCode library_name patches_dir source_dir apply_to_d 18 18 + file(COPY "${source_dir}" DESTINATION "${parent_dir}") 19 19 + endif() 20 20 + 21 21 + - # We need to restore the source code to its original state, pre patch 22 22 + - execute_process( 23 23 + - COMMAND "${GIT_EXECUTABLE}" reset --hard HEAD 24 24 + - RESULT_VARIABLE process_exit_code 25 25 + - WORKING_DIRECTORY "${source_dir}" 26 26 + - ) 27 27 + - 28 28 + - if(NOT ${process_exit_code} EQUAL 0) 29 29 + - message(FATAL_ERROR "Failed to git reset the following submodule: \"${source_dir}\"") 30 30 + - endif() 31 31 + - 32 32 + set(patchSubmoduleSourceCode_Patched TRUE PARENT_SCOPE) 33 33 + endfunction() 34 34 + 35 35 + -- 36 36 + 2.38.1 37 37 +

+157

pkgs/tools/system/osquery/Remove-system-controls-table.patch

··· 1 1 + From: Jack Baldry <jack.baldry@grafana.com> 2 2 + Date: Wed, 16 Nov 2022 22:00:06 -0400 3 3 + Subject: [PATCH] Remove system controls table 4 4 + 5 5 + Relies on <sys/sysctl.h> which is not present in glibc since 2.32. 6 6 + 7 7 + Signed-off-by: Jack Baldry <jack.baldry@grafana.com> 8 8 + --- 9 9 + osquery/tables/system/CMakeLists.txt | 4 -- 10 10 + specs/CMakeLists.txt | 1 - 11 11 + specs/posix/system_controls.table | 21 ------- 12 12 + tests/integration/tables/system_controls.cpp | 61 -------------------- 13 13 + 4 files changed, 87 deletions(-) 14 14 + delete mode 100644 specs/posix/system_controls.table 15 15 + delete mode 100644 tests/integration/tables/system_controls.cpp 16 16 + 17 17 + diff --git a/osquery/tables/system/CMakeLists.txt b/osquery/tables/system/CMakeLists.txt 18 18 + --- a/osquery/tables/system/CMakeLists.txt 19 19 + +++ b/osquery/tables/system/CMakeLists.txt 20 20 + @@ -43,7 +43,6 @@ function(generateOsqueryTablesSystemSystemtable) 21 21 + posix/smbios_utils.cpp 22 22 + posix/sudoers.cpp 23 23 + posix/suid_bin.cpp 24 24 + - posix/system_controls.cpp 25 25 + posix/ulimit_info.cpp 26 26 + ) 27 27 + endif() 28 28 + @@ -82,7 +81,6 @@ function(generateOsqueryTablesSystemSystemtable) 29 29 + linux/shared_memory.cpp 30 30 + linux/smbios_tables.cpp 31 31 + linux/startup_items.cpp 32 32 + - linux/sysctl_utils.cpp 33 33 + linux/system_info.cpp 34 34 + linux/usb_devices.cpp 35 35 + linux/user_groups.cpp 36 36 + @@ -156,7 +154,6 @@ function(generateOsqueryTablesSystemSystemtable) 37 37 + darwin/smbios_tables.cpp 38 38 + darwin/smc_keys.cpp 39 39 + darwin/startup_items.cpp 40 40 + - darwin/sysctl_utils.cpp 41 41 + darwin/system_extensions.mm 42 42 + darwin/system_info.cpp 43 43 + darwin/time_machine.cpp 44 44 + @@ -326,7 +323,6 @@ function(generateOsqueryTablesSystemSystemtable) 45 45 + posix/shell_history.h 46 46 + posix/ssh_keys.h 47 47 + posix/sudoers.h 48 48 + - posix/sysctl_utils.h 49 49 + posix/last.h 50 50 + posix/openssl_utils.h 51 51 + posix/authorized_keys.h 52 52 + diff --git a/specs/CMakeLists.txt b/specs/CMakeLists.txt 53 53 + --- a/specs/CMakeLists.txt 54 54 + +++ b/specs/CMakeLists.txt 55 55 + @@ -246,7 +246,6 @@ function(generateNativeTables) 56 56 + "posix/socket_events.table:linux,macos" 57 57 + "posix/sudoers.table:linux,macos,freebsd" 58 58 + "posix/suid_bin.table:linux,macos,freebsd" 59 59 + - "posix/system_controls.table:linux,macos,freebsd" 60 60 + "posix/ulimit_info.table:linux,macos,freebsd" 61 61 + "posix/usb_devices.table:linux,macos" 62 62 + "posix/user_events.table:linux,macos,freebsd" 63 63 + diff --git a/specs/posix/system_controls.table b/specs/posix/system_controls.table 64 64 + deleted file mode 100644 65 65 + --- a/specs/posix/system_controls.table 66 66 + +++ /dev/null 67 67 + @@ -1,21 +0,0 @@ 68 68 + -table_name("system_controls") 69 69 + -description("sysctl names, values, and settings information.") 70 70 + -schema([ 71 71 + - Column("name", TEXT, "Full sysctl MIB name", index=True), 72 72 + - Column("oid", TEXT, "Control MIB", additional=True), 73 73 + - Column("subsystem", TEXT, "Subsystem ID, control type", additional=True), 74 74 + - Column("current_value", TEXT, "Value of setting"), 75 75 + - Column("config_value", TEXT, "The MIB value set in /etc/sysctl.conf"), 76 76 + - Column("type", TEXT, "Data type"), 77 77 + -]) 78 78 + -extended_schema(DARWIN, [ 79 79 + - Column("field_name", TEXT, "Specific attribute of opaque type"), 80 80 + -]) 81 81 + - 82 82 + -implementation("system_controls@genSystemControls") 83 83 + -fuzz_paths([ 84 84 + - "/run/sysctl.d/", 85 85 + - "/usr/lib/sysctl.d/", 86 86 + - "/lib/sysctl.d/", 87 87 + - "/sys" 88 88 + -]) 89 89 + diff --git a/tests/integration/tables/system_controls.cpp b/tests/integration/tables/system_controls.cpp 90 90 + deleted file mode 100644 91 91 + --- a/tests/integration/tables/system_controls.cpp 92 92 + +++ /dev/null 93 93 + @@ -1,61 +0,0 @@ 94 94 + -/** 95 95 + - * Copyright (c) 2014-present, The osquery authors 96 96 + - * 97 97 + - * This source code is licensed as defined by the LICENSE file found in the 98 98 + - * root directory of this source tree. 99 99 + - * 100 100 + - * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) 101 101 + - */ 102 102 + - 103 103 + -// Sanity check integration test for system_controls 104 104 + -// Spec file: specs/posix/system_controls.table 105 105 + - 106 106 + -#include <osquery/tests/integration/tables/helper.h> 107 107 + - 108 108 + -namespace osquery { 109 109 + -namespace table_tests { 110 110 + -namespace { 111 111 + - 112 112 + -class SystemControlsTest : public testing::Test { 113 113 + - protected: 114 114 + - void SetUp() override { 115 115 + - setUpEnvironment(); 116 116 + - } 117 117 + -}; 118 118 + - 119 119 + -TEST_F(SystemControlsTest, test_sanity) { 120 120 + - auto const rows = execute_query("select * from system_controls"); 121 121 + - auto const row_map = ValidationMap{ 122 122 + - {"name", NonEmptyString}, 123 123 + - {"oid", NormalType}, 124 124 + - {"subsystem", 125 125 + - SpecificValuesCheck{"", 126 126 + - "abi", 127 127 + - "debug", 128 128 + - "dev", 129 129 + - "fs", 130 130 + - "fscache", 131 131 + - "hw", 132 132 + - "kern", 133 133 + - "kernel", 134 134 + - "machdep", 135 135 + - "net", 136 136 + - "sunrpc", 137 137 + - "user", 138 138 + - "vfs", 139 139 + - "vm"}}, 140 140 + - {"current_value", NormalType}, 141 141 + - {"config_value", NormalType}, 142 142 + - {"type", 143 143 + - SpecificValuesCheck{ 144 144 + - "", "node", "int", "string", "quad", "opaque", "struct"}}, 145 145 + -#ifdef __APPLE__ 146 146 + - {"field_name", NormalType}, 147 147 + -#endif 148 148 + - }; 149 149 + - validate_rows(rows, row_map); 150 150 + -} 151 151 + - 152 152 + -} // namespace 153 153 + -} // namespace table_tests 154 154 + -} // namespace osquery 155 155 + -- 156 156 + 2.38.1 157 157 +

+29

pkgs/tools/system/osquery/Use-locale.h-instead-of-removed-xlocale.h-header.patch

··· 1 1 + From: Jack Baldry <jack.baldry@grafana.com> 2 2 + Date: Tue, 15 Nov 2022 14:34:33 -0400 3 3 + Subject: [PATCH] Use locale.h instead of removed xlocale.h header 4 4 + 5 5 + https://sourceware.org/glibc/wiki/Release/2.26#Removal_of_.27xlocale.h.27 6 6 + 7 7 + Signed-off-by: Jack Baldry <jack.baldry@grafana.com> 8 8 + --- 9 9 + libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h | 4 ++-- 10 10 + 1 file changed, 2 insertions(+), 2 deletions(-) 11 11 + 12 12 + diff --git a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h 13 13 + --- a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h 14 14 + +++ b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h 15 15 + @@ -48,9 +48,9 @@ 16 16 + /* NetBSD 5.0 mis-defines NULL. */ 17 17 + #include <stddef.h> 18 18 + 19 19 + -/* Mac OS X 10.5 defines the locale_t type in <xlocale.h>. */ 20 20 + +/* Mac OS X 10.5 defines the locale_t type in <locale.h>. */ 21 21 + #if 1 22 22 + -# include <xlocale.h> 23 23 + +# include <locale.h> 24 24 + #endif 25 25 + 26 26 + /* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */ 27 27 + -- 28 28 + 2.38.1 29 29 +

+85

pkgs/tools/system/osquery/default.nix

··· 1 1 + { lib 2 2 + , cmake 3 3 + , fetchFromGitHub 4 4 + , git 5 5 + , llvmPackages 6 6 + , nixosTests 7 7 + , overrideCC 8 8 + , perl 9 9 + , python3 10 10 + , stdenv 11 11 + , openssl_1_1 12 12 + }: 13 13 + 14 14 + let 15 15 + buildStdenv = overrideCC stdenv llvmPackages.clangUseLLVM; 16 16 + in 17 17 + buildStdenv.mkDerivation rec { 18 18 + pname = "osquery"; 19 19 + version = "5.5.1"; 20 20 + 21 21 + src = fetchFromGitHub { 22 22 + owner = "osquery"; 23 23 + repo = "osquery"; 24 24 + rev = version; 25 25 + fetchSubmodules = true; 26 26 + sha256 = "sha256-Q6PQVnBjAjAlR725fyny+RhQFUNwxWGjLDuS5p9JKlU="; 27 27 + }; 28 28 + 29 29 + patches = [ 30 30 + ./Remove-git-reset.patch 31 31 + ./Use-locale.h-instead-of-removed-xlocale.h-header.patch 32 32 + ./Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch 33 33 + # For current state of compilation against glibc in the clangWithLLVM toolchain, refer to the upstream issue in https://github.com/osquery/osquery/issues/7823. 34 34 + ./Remove-system-controls-table.patch 35 35 + ]; 36 36 + 37 37 + 38 38 + buildInputs = [ 39 39 + llvmPackages.libunwind 40 40 + ]; 41 41 + nativeBuildInputs = [ 42 42 + cmake 43 43 + git 44 44 + perl 45 45 + python3 46 46 + ]; 47 47 + 48 48 + postPatch = '' 49 49 + substituteInPlace cmake/install_directives.cmake --replace "/control" "control" 50 50 + # This is required to build libarchive with our glibc version 51 51 + # which provides the ARC4RANDOM_BUF function 52 52 + substituteInPlace libraries/cmake/source/libarchive/CMakeLists.txt --replace " target_compile_definitions(thirdparty_libarchive PRIVATE" " target_compile_definitions(thirdparty_libarchive PRIVATE HAVE_ARC4RANDOM_BUF" 53 53 + # We need to override this hash because we use our own openssl 1.1 version 54 54 + substituteInPlace libraries/cmake/formula/openssl/CMakeLists.txt --replace "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" "e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6" 55 55 + cat libraries/cmake/formula/openssl/CMakeLists.txt 56 56 + ''; 57 57 + 58 58 + # For explanation of these deletions, refer to the ./Use-locale.h-instead-of-removed-xlocale.h-header.patch file. 59 59 + preConfigure = '' 60 60 + find libraries/cmake/source -name 'config.h' -exec sed -i '/#define HAVE_XLOCALE_H 1/d' {} \; 61 61 + ''; 62 62 + 63 63 + cmakeFlags = [ 64 64 + "-DOSQUERY_VERSION=${version}" 65 65 + "-DOSQUERY_OPENSSL_ARCHIVE_PATH=${openssl_1_1.src}" 66 66 + ]; 67 67 + 68 68 + postFixup = '' 69 69 + patchelf --set-rpath "${llvmPackages.libunwind}/lib:$(patchelf --print-rpath $out/bin/osqueryd)" "$out/bin/osqueryd" 70 70 + ''; 71 71 + 72 72 + passthru.tests.osquery = nixosTests.osquery; 73 73 + 74 74 + meta = with lib; { 75 75 + description = "SQL powered operating system instrumentation, monitoring, and analytics."; 76 76 + longDescription = '' 77 77 + The system controls table is not included as it does not presently compile with glibc >= 2.32. 78 78 + For more information, refer to https://github.com/osquery/osquery/issues/7823 79 79 + ''; 80 80 + homepage = "https://osquery.io"; 81 81 + license = licenses.bsd3; 82 82 + platforms = platforms.linux; 83 83 + maintainers = with maintainers; [ znewman01 lewo ]; 84 84 + }; 85 85 + }

+2

pkgs/top-level/all-packages.nix

··· 1785 1785 1786 1786 openbugs = pkgsi686Linux.callPackage ../applications/science/machine-learning/openbugs { }; 1787 1787 1788 1788 + osquery = callPackage ../tools/system/osquery { }; 1789 1789 + 1788 1790 paperview = callPackage ../tools/X11/paperview { }; 1789 1791 1790 1792 pferd = callPackage ../tools/misc/pferd { };