nixpkgs/pkgs/tools/system/osquery/default.nix

83 lines
2.3 KiB
Nix
Raw Normal View History

2017-07-25 03:47:32 +02:00
{ stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages
, udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm
2017-07-25 03:47:32 +02:00
, beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy
, openssl, file, doxygen
, gtest, sqlite, fpm, zstd, rdkafka, rapidjson, path
2017-07-25 03:47:32 +02:00
}:
let
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
2017-07-25 03:47:32 +02:00
thirdparty = fetchFromGitHub {
owner = "osquery";
repo = "third-party";
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
rev = "4ef099c31a1165c5e7e3a699f9e4b3eb68c3c3d9";
sha256 = "1vm0prw4dix0m51vkw9z0vwfd8698gqjw499q8h604hs1rvn6132";
2017-07-25 03:47:32 +02:00
};
in
stdenv.mkDerivation rec {
name = "osquery-${version}";
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
version = "3.2.2";
2017-07-25 03:47:32 +02:00
# this is what `osquery --help` will show as the version.
OSQUERY_BUILD_VERSION = version;
OSQUERY_PLATFORM = "nixos;${stdenv.lib.nixpkgsVersion}";
2017-07-25 03:47:32 +02:00
src = fetchFromGitHub {
owner = "facebook";
repo = "osquery";
rev = version;
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
sha256 = "0qwj4cy6m25sqwb0irqfqinipx50l4imnz1gqxx147vzfwb52jlq";
2017-07-25 03:47:32 +02:00
};
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
patches = [ ./misc.patch ];
2017-07-25 03:47:32 +02:00
nativeBuildInputs = [
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
pkgconfig cmake pythonPackages.python pythonPackages.jinja2 doxygen fpm
2017-07-25 03:47:32 +02:00
];
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
buildInputs = let
gflags' = google-gflags.overrideAttrs (old: {
cmakeFlags = stdenv.lib.filter (f: isNull (builtins.match ".*STATIC.*" f)) old.cmakeFlags;
});
in [
2017-07-25 03:47:32 +02:00
udev audit
(aws-sdk-cpp.override {
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
apis = [ "firehose" "kinesis" "sts" "ec2" ];
2017-07-25 03:47:32 +02:00
customMemoryManagement = false;
})
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
lvm2 libgcrypt libarchive libgpgerror libuuid iptables dpkg
lzma bzip2 rpm beecrypt augeas libxml2 sleuthkit
yara lldpd gflags' thrift boost
glog gbenchmark snappy openssl
file cryptsetup
gtest sqlite zstd rdkafka rapidjson rocksdb_lite
2017-07-25 03:47:32 +02:00
];
preConfigure = ''
export NIX_CFLAGS_COMPILE="-I${libxml2.dev}/include/libxml2 $NIX_CFLAGS_COMPILE"
cmakeFlagsArray+=(
-DCMAKE_LIBRARY_PATH=${cryptsetup}/lib
-DCMAKE_VERBOSE_MAKEFILE=OFF
2017-07-25 03:47:32 +02:00
)
cp -r ${thirdparty}/* third-party
chmod +w -R third-party
rm -r third-party/{googletest,sqlite3}
2017-07-25 03:47:32 +02:00
'';
meta = with lib; {
description = "SQL powered operating system instrumentation, monitoring, and analytics";
homepage = https://osquery.io/;
2017-07-25 03:47:32 +02:00
license = licenses.bsd3;
platforms = platforms.linux;
osquery: 2.5.2 -> 3.2.2 The package was originally broken as reported in #38940 and facebook/osquery#4257. The latest version (3.x) contains several important fixes for GCC 7, so now we can compile without a much less complicated patches. The following changes were needed to fix the derivation: * Upgrade `osquery/third-party` to the latest rev to be compliant with osquery 3. * Keep using an override for the AWS SDK (for a lower closure size and less compile time), but make the `ec2` API available. * Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the build. `linenoise-ng` is obsolete as it's directly bundled with `osquery/third-party`. * Fixed the linking issue with `gflags` as recommended in the mailing list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ * Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and `devicemapper` (thanks @Infinisil). * Override `OSQUERY_PLATFORM` to provide `nixos:version` for sandbox and non-NixOS based builds. The `platform-nixos.patch` file is now obsolete (thanks @flokli). The patch was rebased against the 3.x branch of `osquery` and contains mostly old changes. Additionally several testing targets were skipped as they broke the build. The functionality has been testing using the following command: ``` mkdir /tmp/osq.log/ ./result/bin/osqueryd --pidfile /tmp/osq.pid \ --database_path /tmp/test.db --logger_path /tmp/osq.log ``` With the daemon running the database can be queried easily using `./result/bin/osqueryi`. Fixes ticket #38940 See ticket #36453 Further reference can be gathered from the affected Hydra logs for the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux
2018-04-24 07:13:49 +02:00
maintainers = with maintainers; [ cstrahan ma27 ];
2017-07-25 03:47:32 +02:00
};
}