Merge pull request #39336 from Ma27/fix-osquery

osquery: 2.5.2 -> 3.2.2

3 files changed, 112 insertions, 155 deletions

diff --git a/pkgs/tools/system/osquery/default.nix b/pkgs/tools/system/osquery/default.nix
index 44d5bcf5f38a..2a719efd79b3 100644
--- a/pkgs/tools/system/osquery/default.nix
+++ b/pkgs/tools/system/osquery/default.nix
@@ -1,59 +1,62 @@
 { stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages
 , udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
-, libgpgerror, libuuid, iptables, apt, dpkg, lzma, lz4, bzip2, rpm
+, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm
 , beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags
-, thrift, boost, rocksdb_lite, cpp-netlib, glog, gbenchmark, snappy
-, openssl, linenoise-ng, file, doxygen, devicemapper
-, gtest, sqlite
+, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy
+, openssl, file, doxygen
+, gtest, sqlite, fpm, zstd, rdkafka, rapidjson, path
 }:
 
 let
+
   thirdparty = fetchFromGitHub {
     owner = "osquery";
     repo = "third-party";
-    rev = "6919841175b2c9cb2dee8986e0cfe49191ecb868";
-    sha256 = "1kjxrky586jd1b2z1vs9cm7x1dxw51cizpys9kddiarapc2ih65j";
+    rev = "4ef099c31a1165c5e7e3a699f9e4b3eb68c3c3d9";
+    sha256 = "1vm0prw4dix0m51vkw9z0vwfd8698gqjw499q8h604hs1rvn6132";
   };
 
 in
 
 stdenv.mkDerivation rec {
   name = "osquery-${version}";
-  version = "2.5.2";
+  version = "3.2.2";
 
   # this is what `osquery --help` will show as the version.
   OSQUERY_BUILD_VERSION = version;
+  OSQUERY_PLATFORM = "nixos;${builtins.readFile "${toString path}/.version"}";
 
   src = fetchFromGitHub {
     owner = "facebook";
     repo = "osquery";
     rev = version;
-    sha256 = "16isplk66qpvhrf041l0lxb4z6k7wwd1sg7kpsw2q6kivkxpnk3z";
+    sha256 = "0qwj4cy6m25sqwb0irqfqinipx50l4imnz1gqxx147vzfwb52jlq";
   };
 
-  patches = [ ./misc.patch ] ++ lib.optional stdenv.isLinux ./platform-nixos.patch;
+  patches = [ ./misc.patch ];
 
   nativeBuildInputs = [
-    pkgconfig cmake pythonPackages.python pythonPackages.jinja2
+    pkgconfig cmake pythonPackages.python pythonPackages.jinja2 doxygen fpm
   ];
 
-  buildInputs = [
+  buildInputs = let
+    gflags' = google-gflags.overrideAttrs (old: {
+      cmakeFlags = stdenv.lib.filter (f: isNull (builtins.match ".*STATIC.*" f)) old.cmakeFlags;
+    });
+  in [
     udev audit
 
     (aws-sdk-cpp.override {
-      apis = [ "firehose" "kinesis" "sts" ];
+      apis = [ "firehose" "kinesis" "sts" "ec2" ];
       customMemoryManagement = false;
     })
 
-    lvm2 libgcrypt libarchive libgpgerror libuuid iptables.dev apt dpkg
-    lzma lz4 bzip2 rpm beecrypt augeas libxml2 sleuthkit
-    yara lldpd google-gflags thrift boost
-    cpp-netlib glog gbenchmark snappy openssl linenoise-ng
-    file doxygen devicemapper cryptsetup
-    gtest sqlite
-
-    # need to be consistent about the malloc implementation
-    (rocksdb_lite.override { jemalloc = null; gperftools = null; })
+    lvm2 libgcrypt libarchive libgpgerror libuuid iptables dpkg
+    lzma bzip2 rpm beecrypt augeas libxml2 sleuthkit
+    yara lldpd gflags' thrift boost
+    glog gbenchmark snappy openssl
+    file cryptsetup
+    gtest sqlite zstd rdkafka rapidjson rocksdb_lite
   ];
 
   preConfigure = ''
@@ -74,7 +77,6 @@ stdenv.mkDerivation rec {
     homepage = https://osquery.io/;
     license = licenses.bsd3;
     platforms = platforms.linux;
-    maintainers = with maintainers; [ cstrahan ];
-    broken = true; # 2018-04-11
+    maintainers = with maintainers; [ cstrahan ma27 ];
   };
 }
diff --git a/pkgs/tools/system/osquery/misc.patch b/pkgs/tools/system/osquery/misc.patch
index 1a0ef267f0df..acdbf6346c83 100644
--- a/pkgs/tools/system/osquery/misc.patch
+++ b/pkgs/tools/system/osquery/misc.patch
@@ -1,33 +1,9 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index a976a46d..408ac308 100644
+index b8eb5a16..319d81dc 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -125,14 +125,13 @@ else()
-     set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libc++")
-   else()
-     set(LINUX TRUE)
--    set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14 -stdlib=libstdc++")
-+    set(CXX_COMPILE_FLAGS "${CXX_COMPILE_FLAGS} -std=c++14")
-   endif()
-   set(POSIX TRUE)
- endif()
- 
- if(POSIX)
-   add_compile_options(
--    -Qunused-arguments
-     -Wstrict-aliasing
-     -Wno-missing-field-initializers
-     -Wno-unused-local-typedef
-@@ -154,7 +153,6 @@ if(POSIX)
-   )
-   if(NOT FREEBSD)
-     add_compile_options(
--      -Werror=shadow
-       -fvisibility=hidden
-       -fvisibility-inlines-hidden
-     )
-@@ -372,12 +370,6 @@ elseif(NOT FREEBSD)
-   endif()
+@@ -447,12 +447,6 @@ elseif(CLANG AND DEPS AND NOT FREEBSD)
+   set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -flto=thin")
  endif()
  
 -if(NOT IS_DIRECTORY "${CMAKE_SOURCE_DIR}/third-party/sqlite3")
@@ -39,7 +15,7 @@ index a976a46d..408ac308 100644
  # Make sure deps were built before compiling (else show warning).
  execute_process(
    COMMAND "${CMAKE_SOURCE_DIR}/tools/provision.sh" check "${CMAKE_BINARY_DIR}"
-@@ -439,6 +431,8 @@ endif()
+@@ -518,6 +512,8 @@ endif()
  
  if(APPLE)
    LOG_PLATFORM("OS X")
@@ -48,87 +24,67 @@ index a976a46d..408ac308 100644
  elseif(OSQUERY_BUILD_PLATFORM STREQUAL "debian")
    LOG_PLATFORM("Debian")
  elseif(OSQUERY_BUILD_PLATFORM STREQUAL "ubuntu")
-@@ -477,7 +471,6 @@ if(POSIX)
-   include_directories("${BUILD_DEPS}/include/openssl")
+@@ -567,7 +563,6 @@ if(POSIX AND DEPS)
+   endif()
  endif()
  
 -include_directories("${CMAKE_SOURCE_DIR}/third-party/sqlite3")
  include_directories("${CMAKE_SOURCE_DIR}/include")
  include_directories("${CMAKE_SOURCE_DIR}")
  
-@@ -559,21 +552,10 @@ else()
-   set(GTEST_FLAGS "-DGTEST_USE_OWN_TR1_TUPLE=0")
+@@ -655,18 +650,6 @@ if(FREEBSD OR "${HAVE_TR1_TUPLE}" STREQUAL "")
+   add_definitions(-DGTEST_USE_OWN_TR1_TUPLE=0)
  endif()
  
 -set(GTEST_FLAGS
--  ${GTEST_FLAGS}
 -  "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googletest/include"
 -  "-I${CMAKE_SOURCE_DIR}/third-party/googletest/googlemock/include"
 -)
 -join("${GTEST_FLAGS}" " " GTEST_FLAGS)
 -
- set(BUILD_GTEST TRUE)
- 
--add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/googletest")
+-if(NOT SKIP_TESTS)
+-  add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/googletest")
+-endif()
 -
- include(Thrift)
- 
 -add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/sqlite3")
 -
- add_subdirectory(osquery)
- add_subdirectory(tools/tests)
- 
-diff --git a/include/osquery/core.h b/include/osquery/core.h
-index b597edee..b0628037 100644
---- a/include/osquery/core.h
-+++ b/include/osquery/core.h
-@@ -15,8 +15,9 @@
- #include <string>
- #include <vector>
- 
--#if defined(__APPLE__) || defined(__FreeBSD__)
-+#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__)
- #include <boost/thread/shared_mutex.hpp>
-+#include <boost/thread/recursive_mutex.hpp>
- #else
- #include <shared_mutex>
- #endif
-@@ -188,7 +189,7 @@ inline bool isPlatform(PlatformType a, const PlatformType& t = kPlatformType) {
-   return (static_cast<int>(t) & static_cast<int>(a)) != 0;
- }
- 
--#if defined(__APPLE__) || defined(__FreeBSD__)
-+#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__linux__)
- #define MUTEX_IMPL boost
- #else
- #define MUTEX_IMPL std
-@@ -204,10 +205,10 @@ using WriteLock = MUTEX_IMPL::unique_lock<Mutex>;
- using ReadLock = MUTEX_IMPL::shared_lock<Mutex>;
- 
- /// Helper alias for defining recursive mutexes.
--using RecursiveMutex = std::recursive_mutex;
-+using RecursiveMutex = MUTEX_IMPL::recursive_mutex;
- 
- /// Helper alias for write locking a recursive mutex.
--using RecursiveLock = std::lock_guard<std::recursive_mutex>;
-+using RecursiveLock = MUTEX_IMPL::lock_guard<MUTEX_IMPL::recursive_mutex>;
- }
- 
- /**
+ if(NOT FREEBSD)
+   add_subdirectory("${CMAKE_SOURCE_DIR}/third-party/linenoise-ng")
+ endif()
 diff --git a/osquery/CMakeLists.txt b/osquery/CMakeLists.txt
-index 77913d31..671b20d4 100644
+index 1c8201ee..a89e6821 100644
 --- a/osquery/CMakeLists.txt
 +++ b/osquery/CMakeLists.txt
-@@ -57,7 +57,7 @@ endif()
+@@ -35,8 +35,6 @@ if(CLANG AND POSIX)
+     -Wextra
+     -pedantic
+     -Wuseless-cast
+-    -Wno-c99-extensions
+-    -Wno-zero-length-array
+     -Wno-unused-parameter
+     -Wno-gnu-case-range
+     -Weffc++
+@@ -61,14 +59,7 @@ endif()
  
  # Construct a set of all object files, starting with third-party and all
  # of the osquery core objects (sources from ADD_CORE_LIBRARY macros).
--set(OSQUERY_OBJECTS $<TARGET_OBJECTS:osquery_sqlite>)
-+set(OSQUERY_OBJECTS "")
+-if(FREEBSD)
+-  set(OSQUERY_OBJECTS $<TARGET_OBJECTS:osquery_sqlite>)
+-else()
+-  set(OSQUERY_OBJECTS
+-    $<TARGET_OBJECTS:osquery_sqlite>
+-    $<TARGET_OBJECTS:linenoise-ng>
+-  )
+-endif()
++set(OSQUERY_OBJECTS $<TARGET_OBJECTS:linenoise-ng>)
  
  # Add subdirectories
  add_subdirectory(config)
-@@ -138,6 +138,8 @@ elseif(FREEBSD)
+@@ -147,10 +138,11 @@ if(APPLE OR LINUX)
+   ADD_OSQUERY_LINK_ADDITIONAL("rocksdb_lite")
+ elseif(FREEBSD)
+   ADD_OSQUERY_LINK_CORE("icuuc")
+-  ADD_OSQUERY_LINK_CORE("linenoise")
    ADD_OSQUERY_LINK_ADDITIONAL("rocksdb-lite")
  endif()
  
@@ -137,41 +93,62 @@ index 77913d31..671b20d4 100644
  if(POSIX)
    ADD_OSQUERY_LINK_CORE("boost_system")
    ADD_OSQUERY_LINK_CORE("boost_filesystem")
-@@ -157,6 +159,7 @@ ADD_OSQUERY_LINK_ADDITIONAL("cppnetlib-client-connections${WO_KEY}")
+@@ -168,6 +160,8 @@ endif()
  ADD_OSQUERY_LINK_CORE("glog${WO_KEY}")
  
  if(POSIX)
 +  ADD_OSQUERY_LINK_ADDITIONAL("benchmark")
-   ADD_OSQUERY_LINK_ADDITIONAL("snappy")
++  ADD_OSQUERY_LINK_ADDITIONAL("snappy")
    ADD_OSQUERY_LINK_ADDITIONAL("ssl")
    ADD_OSQUERY_LINK_ADDITIONAL("crypto")
-@@ -336,13 +339,6 @@ if(NOT OSQUERY_BUILD_SDK_ONLY)
- 
-   install(DIRECTORY "${CMAKE_SOURCE_DIR}/packs/"
-     DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/packs" COMPONENT main)
--  if(APPLE)
--    install(FILES "${CMAKE_SOURCE_DIR}/tools/deployment/com.facebook.osqueryd.plist"
--      DESTINATION "${CMAKE_INSTALL_PREFIX}/share/osquery/" COMPONENT main)
--  else()
--    install(PROGRAMS "${CMAKE_SOURCE_DIR}/tools/deployment/osqueryd.initd"
--      DESTINATION "/etc/init.d/" RENAME "osqueryd" COMPONENT main)
--  endif()
+   ADD_OSQUERY_LINK_ADDITIONAL("libpthread")
+diff --git a/osquery/extensions/CMakeLists.txt b/osquery/extensions/CMakeLists.txt
+index 52f3bf80..066ed1c0 100644
+--- a/osquery/extensions/CMakeLists.txt
++++ b/osquery/extensions/CMakeLists.txt
+@@ -60,12 +60,6 @@ else()
+   )
  endif()
  
- if(NOT SKIP_TESTS)
-diff --git a/osquery/tables/system/linux/tests/md_tables_tests.cpp b/osquery/tables/system/linux/tests/md_tables_tests.cpp
-index 126be362..119d361d 100644
---- a/osquery/tables/system/linux/tests/md_tables_tests.cpp
-+++ b/osquery/tables/system/linux/tests/md_tables_tests.cpp
-@@ -72,7 +72,7 @@ void GetDrivesForArrayTestHarness(std::string arrayName,
-   EXPECT_CALL(md, getArrayInfo(arrayDevPath, _))
-       .WillOnce(DoAll(SetArgReferee<1>(arrayInfo), Return(true)));
- 
--  Sequence::Sequence s1;
-+  Sequence s1;
-   for (int i = 0; i < MD_SB_DISKS; i++) {
-     mdu_disk_info_t diskInfo;
-     diskInfo.number = i;
+-if(NOT WINDOWS)
+-  add_compile_options(
+-    -Wno-macro-redefined
+-  )
+-endif()
+-
+ ADD_OSQUERY_LIBRARY(TRUE osquery_extensions
+   ${THRIFT_GENERATED_FILES}
+   ${THRIFT_IMPL_FILE}
+diff --git a/osquery/logger/CMakeLists.txt b/osquery/logger/CMakeLists.txt
+index ab91bd24..d8364991 100644
+--- a/osquery/logger/CMakeLists.txt
++++ b/osquery/logger/CMakeLists.txt
+@@ -55,9 +55,9 @@ if(NOT SKIP_KAFKA AND NOT WINDOWS AND NOT FREEBSD)
+ 
+   ADD_OSQUERY_LINK_ADDITIONAL("rdkafka")
+ 
+-  set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS
+-    "logger/plugins/tests/kafka_producer_tests.cpp"
+-  )
++  #set(OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS
++  #  "logger/plugins/tests/kafka_producer_tests.cpp"
++  #)
+ 
+   ADD_OSQUERY_TEST_ADDITIONAL(${OSQUERY_LOGGER_KAFKA_PLUGINS_TESTS})
+ endif()
+diff --git a/osquery/tables/CMakeLists.txt b/osquery/tables/CMakeLists.txt
+index dd78084f..158758e1 100644
+--- a/osquery/tables/CMakeLists.txt
++++ b/osquery/tables/CMakeLists.txt
+@@ -68,7 +68,7 @@ if(LINUX)
+   set(TABLE_PLATFORM "linux")
+ 
+   ADD_OSQUERY_LINK_ADDITIONAL("libresolv.so")
+-  ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app lvm-internal daemonclient")
++  ADD_OSQUERY_LINK_ADDITIONAL("cryptsetup devmapper lvm2app")
+   ADD_OSQUERY_LINK_ADDITIONAL("gcrypt gpg-error")
+   ADD_OSQUERY_LINK_ADDITIONAL("blkid")
+   ADD_OSQUERY_LINK_ADDITIONAL("ip4tc")
 diff --git a/specs/windows/services.table b/specs/windows/services.table
 index 4ac24ee9..657d8b99 100644
 --- a/specs/windows/services.table
diff --git a/pkgs/tools/system/osquery/platform-nixos.patch b/pkgs/tools/system/osquery/platform-nixos.patch
deleted file mode 100644
index 7e1afcb640b3..000000000000
--- a/pkgs/tools/system/osquery/platform-nixos.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff --git a/tools/get_platform.py b/tools/get_platform.py
-index 3dd34516..f53ca83a 100644
---- a/tools/get_platform.py
-+++ b/tools/get_platform.py
-@@ -26,6 +26,8 @@ DEBIAN_VERSION = "/etc/debian_version"
- GENTOO_RELEASE = "/etc/gentoo-release"
- 
- def _platform():
-+    return ("nixos", "nixos")
-+
-     osType, _, _, _, _, _ = platform.uname()
- 
-     if osType == "Windows":
-@@ -75,6 +77,8 @@ def _platform():
-         return (None, osType.lower())
- 
- def _distro(osType):
-+    return "unknown_version"
-+
-     def getRedhatDistroVersion(pattern):
-         with open(SYSTEM_RELEASE, "r") as fd:
-             contents = fd.read()