1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
{ stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages
, udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
, libgpgerror, libuuid, iptables, dpkg, lzma, bzip2, rpm
, beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags
, thrift, boost, rocksdb_lite, glog, gbenchmark, snappy
, openssl, file, doxygen
, gtest, sqlite, fpm, zstd, rdkafka, rapidjson, fetchgit, fetchurl
}:
let
thirdparty = fetchFromGitHub {
owner = "osquery";
repo = "third-party";
rev = "32e01462fbea75d3b1904693f937dfd62eaced15";
sha256 = "0va24gmgk43a1lyjs63q9qrhvpv8gmqjzpjr5595vhr16idv8wyf";
};
in
stdenv.mkDerivation rec {
name = "osquery-${version}";
version = "3.2.9";
# this is what `osquery --help` will show as the version.
OSQUERY_BUILD_VERSION = version;
OSQUERY_PLATFORM = "NixOS;";
src = fetchFromGitHub {
owner = "facebook";
repo = "osquery";
rev = version;
sha256 = "1fac0yj1701469qhbsp38ab2fmavm3jw6x278bf78yvxdi99ivai";
};
patches = [ ./misc.patch ];
nativeBuildInputs = [
pkgconfig cmake pythonPackages.python pythonPackages.jinja2 doxygen fpm
];
NIX_LDFLAGS = [
"-lcrypto"
];
buildInputs = let
gflags' = google-gflags.overrideAttrs (old: {
cmakeFlags = stdenv.lib.filter (f: (builtins.match ".*STATIC.*" f) == null) old.cmakeFlags;
});
# use older `lvm2` source for osquery, the 2.03 sourcetree
# will break osquery due to the lacking header `lvm2app.h`.
#
# https://github.com/NixOS/nixpkgs/pull/51756#issuecomment-446035295
lvm2' = lvm2.overrideAttrs (old: rec {
name = "lvm2-${version}";
version = "2.02.183";
src = fetchgit {
url = "git://sourceware.org/git/lvm2.git";
rev = "v${version}";
sha256 = "1ny3srcsxd6kj59zq1cman5myj8kzw010wbyc6mrpk4kp823r5nx";
};
});
# dpkg 1.19.2 dropped api in `<dpkg/dpkg-db.h>` which breaks compilation.
dpkg' = dpkg.overrideAttrs (old: rec {
name = "dpkg-${version}";
version = "1.19.0.5";
src = fetchurl {
url = "mirror://debian/pool/main/d/dpkg/dpkg_${version}.tar.xz";
sha256 = "1dc5kp3fqy1k66fly6jfxkkg7w6d0jy8szddpfyc2xvzga94d041";
};
});
in [
udev audit
(aws-sdk-cpp.override {
apis = [ "firehose" "kinesis" "sts" "ec2" ];
customMemoryManagement = false;
})
lvm2' libgcrypt libarchive libgpgerror libuuid iptables dpkg'
lzma bzip2 rpm beecrypt augeas libxml2 sleuthkit
yara lldpd gflags' thrift boost
glog gbenchmark snappy openssl
file cryptsetup
gtest sqlite zstd rdkafka rapidjson rocksdb_lite
];
preConfigure = ''
export NIX_CFLAGS_COMPILE="-I${libxml2.dev}/include/libxml2 $NIX_CFLAGS_COMPILE"
cmakeFlagsArray+=(
-DCMAKE_LIBRARY_PATH=${cryptsetup}/lib
-DCMAKE_VERBOSE_MAKEFILE=OFF
)
cp -r ${thirdparty}/* third-party
chmod +w -R third-party
rm -r third-party/{googletest,sqlite3}
'';
meta = with lib; {
description = "SQL powered operating system instrumentation, monitoring, and analytics";
homepage = https://osquery.io/;
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ cstrahan ma27 ];
};
}
|