diff --git a/sysutils/osquery/Makefile b/sysutils/osquery/Makefile index 956ab25f9fcc..44fb1564e6ef 100644 --- a/sysutils/osquery/Makefile +++ b/sysutils/osquery/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= osquery -PORTVERSION= 1.4.7 -PORTREVISION= 7 +PORTVERSION= 2.4.0 CATEGORIES= sysutils MAINTAINER= zi@FreeBSD.org @@ -12,26 +11,22 @@ COMMENT= SQL powered OS instrumentation, monitoring, and analytics LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= snappy>0:archivers/snappy \ - rocksdb>0:databases/rocksdb \ - thrift>0:devel/thrift \ - thrift-cpp>0:devel/thrift-cpp \ +BUILD_DEPENDS= thrift>0:devel/thrift \ bash>0:shells/bash \ - yara>0:security/yara \ - doxygen:devel/doxygen \ - ${PYTHON_PKGNAMEPREFIX}MarkupSafe>0:textproc/py-MarkupSafe \ - ${PYTHON_PKGNAMEPREFIX}psutil>0:sysutils/py-psutil \ - ${PYTHON_PKGNAMEPREFIX}pexpect>0:misc/py-pexpect \ - ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2 \ - ${PYTHON_PKGNAMEPREFIX}thrift>0:devel/py-thrift \ - ${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip -LIB_DEPENDS= libboost_regex.so:devel/boost-libs \ + linenoise-ng>0:devel/linenoise-ng \ + asio>0:net/asio \ + ${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2 +LIB_DEPENDS= libaugeas.so:textproc/augeas \ + libboost_regex.so:devel/boost-libs \ libgflags.so:devel/gflags \ - libicuuc.so:devel/icu - -BROKEN= does not build (error: no matching constructor for initialization of 'gflags::FlagRegisterer') -DEPRECATED= repeated build and dependency issues, upstream unable to assist -EXPIRATION_DATE=2017-04-28 + libglog.so:devel/glog \ + libicuuc.so:devel/icu \ + libthrift.so:devel/thrift-cpp \ + libtsk.so:sysutils/sleuthkit \ + libcppnetlib-uri.so:devel/cpp-netlib \ + librocksdb-lite.so:databases/rocksdb-lite \ + libyara.so:security/yara \ + liblldpctl.so:net-mgmt/lldpd USES= cmake:outsource gmake libtool python:build compiler:c++11-lib CONFIGURE_ENV+= OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" \ @@ -46,19 +41,11 @@ GH_SUBDIR= third-party:tp MAKE_JOBS_UNSAFE= yes post-patch: - ${REINPLACE_CMD} -e 's|/var/osquery|/var/db/osquery|g' \ - ${WRKSRC}/osquery/core/init.cpp - ${REINPLACE_CMD} -e 's|/var/osquery/osquery.em|/var/run/osquery.em|g' \ - -e 's|/etc/osquery/extensions.load|${PREFIX}/etc/osquery.extensions|g' \ - -e 's|/etc/osquery/modules.load|${PREFIX}/etc/osquery.modules|g' \ - ${WRKSRC}/osquery/extensions/extensions.cpp - ${REINPLACE_CMD} -e 's|/var/osquery/osquery.conf|${PREFIX}/etc/osquery.conf|g' \ - ${WRKSRC}/osquery/config/plugins/filesystem.cpp ${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \ ${WRKSRC}/tools/deployment/osquery.example.conf - ${REINPLACE_CMD} -e 's|python |${PYTHON_CMD} |g' \ - ${WRKSRC}/CMake/CMakeLibs.cmake \ - ${WRKSRC}/CMakeLists.txt + ${REINPLACE_CMD} -e 's|python|${PYTHON_CMD}|g' \ + ${WRKSRC}/CMakeLists.txt \ + ${WRKSRC}/tools/get_platform.py do-install: ${INSTALL_PROGRAM} ${BLDDIR}/osqueryi ${STAGEDIR}${PREFIX}/bin @@ -69,5 +56,6 @@ do-install: ${STAGEDIR}${PREFIX}/etc/osquery.conf.sample ${MKDIR} ${STAGEDIR}/var/db/osquery + ${MKDIR} ${STAGEDIR}/var/log/osquery .include diff --git a/sysutils/osquery/distinfo b/sysutils/osquery/distinfo index 476cdb0b9fc7..6717ac29c5d6 100644 --- a/sysutils/osquery/distinfo +++ b/sysutils/osquery/distinfo @@ -1,4 +1,5 @@ -SHA256 (facebook-osquery-1.4.7_GH0.tar.gz) = da0b648159e8a9677152a2d2b3140d5a61e34b637c408c21462d07629d3b64c2 -SIZE (facebook-osquery-1.4.7_GH0.tar.gz) = 459762 -SHA256 (osquery-third-party-1.4.7_GH0.tar.gz) = baf57d27ca739d876e8da472c162552c6bb740cf4d723ffab4826a4abee83045 -SIZE (osquery-third-party-1.4.7_GH0.tar.gz) = 5509720 +TIMESTAMP = 1492024136 +SHA256 (facebook-osquery-2.4.0_GH0.tar.gz) = e5c3f01ac10ac9a9732f9610921cea8e8a7234a18061cf58e22dc86b2b74d685 +SIZE (facebook-osquery-2.4.0_GH0.tar.gz) = 874186 +SHA256 (osquery-third-party-2.4.0_GH0.tar.gz) = 729830902faa4f438c77dfdce849bfbc862501591e3a51154f0e0fbe14af7ede +SIZE (osquery-third-party-2.4.0_GH0.tar.gz) = 3864623 diff --git a/sysutils/osquery/files/osqueryd.in b/sysutils/osquery/files/osqueryd.in index f54fae351cf2..703680859264 100644 --- a/sysutils/osquery/files/osqueryd.in +++ b/sysutils/osquery/files/osqueryd.in @@ -23,7 +23,7 @@ osqueryd_enable=${osqueryd_enable-"NO"} osqueryd_flags=${osqueryd_flags-""} osqueryd_config=${osqueryd_config-"%%PREFIX%%/etc/osquery.conf"} required_files=${osqueryd_config} -command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --config_path=${osqueryd_config}" +command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --config_path=${osqueryd_config}" extra_commands="configtest" configtest_cmd="configtest" pidfile="/var/run/osqueryd.pid" diff --git a/sysutils/osquery/files/patch-osquery_CMakeLists.txt b/sysutils/osquery/files/patch-osquery_CMakeLists.txt deleted file mode 100644 index e61f745e4d92..000000000000 --- a/sysutils/osquery/files/patch-osquery_CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ ---- osquery/CMakeLists.txt.orig 2015-07-03 23:09:06 UTC -+++ osquery/CMakeLists.txt -@@ -54,7 +54,7 @@ endif() - # The remaining boost libraries are discovered with find_library. - ADD_OSQUERY_LINK_CORE("boost_system") - ADD_OSQUERY_LINK_CORE("boost_filesystem") --ADD_OSQUERY_LINK_CORE("boost_regex") -+ADD_OSQUERY_LINK_CORE("-lboost_regex") - ADD_OSQUERY_LINK_CORE("yara") - - if(DEFINED ENV{SANITIZE}) diff --git a/sysutils/osquery/files/patch-osquery_core_init.cpp b/sysutils/osquery/files/patch-osquery_core_init.cpp deleted file mode 100644 index e7b5c9970f5a..000000000000 --- a/sysutils/osquery/files/patch-osquery_core_init.cpp +++ /dev/null @@ -1,22 +0,0 @@ ---- osquery/core/init.cpp.orig 2015-07-03 22:32:52 UTC -+++ osquery/core/init.cpp -@@ -31,6 +31,10 @@ - #include "osquery/core/watcher.h" - #include "osquery/database/db_handle.h" - -+#ifdef __FreeBSD__ -+#include -+#endif -+ - #ifdef __linux__ - #include - #include -@@ -238,7 +242,7 @@ void Initializer::initDaemon() { - #ifdef __linux__ - // Using: ioprio_set(IOPRIO_WHO_PGRP, 0, IOPRIO_CLASS_IDLE); - syscall(SYS_ioprio_set, IOPRIO_WHO_PGRP, 0, IOPRIO_CLASS_IDLE); --#elif defined(__APPLE__) || defined(__FreeBSD__) -+#elif defined(__APPLE__) - setiopolicy_np(IOPOL_TYPE_DISK, IOPOL_SCOPE_PROCESS, IOPOL_THROTTLE); - #endif - } diff --git a/sysutils/osquery/files/patch-third-party_glog_src_glog_stl__logging.h.in b/sysutils/osquery/files/patch-third-party_glog_src_glog_stl__logging.h.in deleted file mode 100644 index 05202047e247..000000000000 --- a/sysutils/osquery/files/patch-third-party_glog_src_glog_stl__logging.h.in +++ /dev/null @@ -1,26 +0,0 @@ ---- third-party/glog/src/glog/stl_logging.h.in.orig 2015-04-16 17:06:51 UTC -+++ third-party/glog/src/glog/stl_logging.h.in -@@ -76,6 +76,9 @@ - #ifdef GLOG_STL_LOGGING_FOR_EXT_SLIST - # include - #endif -+#ifdef GLOG_STL_LOGGING_FOR_FORWARD_LIST -+# include -+#endif - - // Forward declare these two, and define them after all the container streams - // operators so that we can recurse from pair -> container -> container -> pair -@@ -101,9 +104,13 @@ inline std::ostream& operator<<(std::ost - OUTPUT_TWO_ARG_CONTAINER(std::vector) - OUTPUT_TWO_ARG_CONTAINER(std::deque) - OUTPUT_TWO_ARG_CONTAINER(std::list) -+ - #ifdef GLOG_STL_LOGGING_FOR_EXT_SLIST - OUTPUT_TWO_ARG_CONTAINER(__gnu_cxx::slist) - #endif -+#ifdef GLOG_STL_LOGGING_FOR_FORWARD_LIST -+OUTPUT_TWO_ARG_CONTAINER(std::forward_list) -+#endif - - #undef OUTPUT_TWO_ARG_CONTAINER - diff --git a/sysutils/osquery/files/patch-third-party_glog_src_googletest.h b/sysutils/osquery/files/patch-third-party_glog_src_googletest.h deleted file mode 100644 index 09d842d1d5e2..000000000000 --- a/sysutils/osquery/files/patch-third-party_glog_src_googletest.h +++ /dev/null @@ -1,13 +0,0 @@ ---- third-party/glog/src/googletest.h.orig 2015-04-16 17:06:51 UTC -+++ third-party/glog/src/googletest.h -@@ -58,6 +58,10 @@ - - #include "base/commandlineflags.h" - -+#ifdef HAVE_LIB_GFLAGS -+#include -+using namespace gflags; -+#endif - using std::map; - using std::string; - using std::vector; diff --git a/sysutils/osquery/files/patch-third-party_glog_src_logging__unittest.cc b/sysutils/osquery/files/patch-third-party_glog_src_logging__unittest.cc deleted file mode 100644 index 64283048d4f3..000000000000 --- a/sysutils/osquery/files/patch-third-party_glog_src_logging__unittest.cc +++ /dev/null @@ -1,10 +0,0 @@ ---- third-party/glog/src/logging_unittest.cc.orig 2015-05-10 14:03:15 UTC -+++ third-party/glog/src/logging_unittest.cc -@@ -61,6 +61,7 @@ DECLARE_string(log_backtrace_at); // lo - - #ifdef HAVE_LIB_GFLAGS - #include -+using namespace gflags; - #endif - - #ifdef HAVE_LIB_GMOCK diff --git a/sysutils/osquery/files/patch-third-party_glog_src_stacktrace__unittest.cc b/sysutils/osquery/files/patch-third-party_glog_src_stacktrace__unittest.cc deleted file mode 100644 index bd88e5918abb..000000000000 --- a/sysutils/osquery/files/patch-third-party_glog_src_stacktrace__unittest.cc +++ /dev/null @@ -1,19 +0,0 @@ ---- third-party/glog/src/stacktrace_unittest.cc.orig 2015-05-05 12:29:29 UTC -+++ third-party/glog/src/stacktrace_unittest.cc -@@ -125,16 +125,6 @@ void ATTRIBUTE_NOINLINE CheckStackTraceL - CHECK_GE(size, 1); - CHECK_LE(size, STACK_LEN); - -- if (1) { --#ifdef HAVE_EXECINFO_H -- char **strings = backtrace_symbols(stack, size); -- printf("Obtained %d stack frames.\n", size); -- for (int i = 0; i < size; i++) -- printf("%s %p\n", strings[i], stack[i]); -- printf("CheckStackTrace() addr: %p\n", &CheckStackTrace); -- free(strings); --#endif -- } - for (int i = 0; i < BACKTRACE_STEPS; i++) { - printf("Backtrace %d: expected: %p..%p actual: %p ... ", - i, expected_range[i].start, expected_range[i].end, stack[i]); diff --git a/sysutils/osquery/files/patch-third-party_glog_src_stl__logging__unittest.cc b/sysutils/osquery/files/patch-third-party_glog_src_stl__logging__unittest.cc deleted file mode 100644 index 8da30d90fad0..000000000000 --- a/sysutils/osquery/files/patch-third-party_glog_src_stl__logging__unittest.cc +++ /dev/null @@ -1,10 +0,0 @@ ---- third-party/glog/src/stl_logging_unittest.cc.orig 2015-04-16 17:06:51 UTC -+++ third-party/glog/src/stl_logging_unittest.cc -@@ -41,6 +41,7 @@ - // C++0x isn't enabled by default in GCC and libc++ does not have - // non-standard ext/* and tr1/unordered_*. - # if defined(_LIBCPP_VERSION) -+# define GLOG_STL_LOGGING_FOR_FORWARD_LIST - # define GLOG_STL_LOGGING_FOR_UNORDERED - # else - # define GLOG_STL_LOGGING_FOR_EXT_HASH diff --git a/sysutils/osquery/pkg-message b/sysutils/osquery/pkg-message deleted file mode 100644 index 7da7d6d410a3..000000000000 --- a/sysutils/osquery/pkg-message +++ /dev/null @@ -1,11 +0,0 @@ -This is the initial release of the FreeBSD port for osquery. - -We aren't anywhere near 100% feature parity when compared to -Linux, however, we are actively working to get there. - -osqueryd does not yet have the required functionality to run, -however, osqueryi (the interactive CLI version) can perform -basic tasks. - -Please submit patches as pull requests here: -https://github.com/facebook/osquery diff --git a/sysutils/osquery/pkg-plist b/sysutils/osquery/pkg-plist index 40e9c6b22bb1..c76842a11758 100644 --- a/sysutils/osquery/pkg-plist +++ b/sysutils/osquery/pkg-plist @@ -1,19 +1,23 @@ bin/osqueryi @dir /var/db/osquery +@dir /var/log/osquery include/osquery/config.h include/osquery/core.h include/osquery/database.h +include/osquery/dispatcher.h +include/osquery/distributed.h include/osquery/enroll.h include/osquery/events.h include/osquery/extensions.h include/osquery/filesystem.h include/osquery/flags.h -include/osquery/hash.h include/osquery/logger.h +include/osquery/packs.h include/osquery/registry.h include/osquery/sdk.h include/osquery/sql.h include/osquery/status.h +include/osquery/system.h include/osquery/tables.h lib/libosquery.a sbin/osqueryd