pkgs/tools/system/osquery/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

{ stdenv, lib, fetchFromGitHub, pkgconfig, cmake, pythonPackages
, udev, audit, aws-sdk-cpp, cryptsetup, lvm2, libgcrypt, libarchive
, libgpgerror, libuuid, iptables, apt, dpkg, lzma, lz4, bzip2, rpm
, beecrypt, augeas, libxml2, sleuthkit, yara, lldpd, google-gflags
, thrift, boost, rocksdb_lite, cpp-netlib, glog, gbenchmark, snappy
, openssl, linenoise-ng, file, doxygen, devicemapper
, gtest, sqlite
}:

let
  thirdparty = fetchFromGitHub {
    owner = "osquery";
    repo = "third-party";
    rev = "6919841175b2c9cb2dee8986e0cfe49191ecb868";
    sha256 = "1kjxrky586jd1b2z1vs9cm7x1dxw51cizpys9kddiarapc2ih65j";
  };

in

stdenv.mkDerivation rec {
  name = "osquery-${version}";
  version = "2.5.2";

  # this is what `osquery --help` will show as the version.
  OSQUERY_BUILD_VERSION = version;

  src = fetchFromGitHub {
    owner = "facebook";
    repo = "osquery";
    rev = version;
    sha256 = "16isplk66qpvhrf041l0lxb4z6k7wwd1sg7kpsw2q6kivkxpnk3z";
  };

  patches = [ ./misc.patch ] ++ lib.optional stdenv.isLinux ./platform-nixos.patch;

  nativeBuildInputs = [
    pkgconfig cmake pythonPackages.python pythonPackages.jinja2
  ];

  buildInputs = [
    udev audit

    (aws-sdk-cpp.override {
      apis = [ "firehose" "kinesis" "sts" ];
      customMemoryManagement = false;
    })

    lvm2 libgcrypt libarchive libgpgerror libuuid iptables.dev apt dpkg
    lzma lz4 bzip2 rpm beecrypt augeas libxml2 sleuthkit
    yara lldpd google-gflags thrift boost
    cpp-netlib glog gbenchmark snappy openssl linenoise-ng
    file doxygen devicemapper cryptsetup
    gtest sqlite

    # need to be consistent about the malloc implementation
    (rocksdb_lite.override { jemalloc = null; gperftools = null; })
  ];

  preConfigure = ''
    export NIX_CFLAGS_COMPILE="-I${libxml2.dev}/include/libxml2 $NIX_CFLAGS_COMPILE"

    cmakeFlagsArray+=(
      -DCMAKE_LIBRARY_PATH=${cryptsetup}/lib
      -DCMAKE_VERBOSE_MAKEFILE=OFF
    )

    cp -r ${thirdparty}/* third-party
    chmod +w -R third-party
    rm -r third-party/{googletest,sqlite3}
  '';

  meta = with lib; {
    description = "SQL powered operating system instrumentation, monitoring, and analytics";
    homepage = https://osquery.io/;
    license = licenses.bsd3;
    platforms = platforms.linux;
    maintainers = with maintainers; [ cstrahan ];
  };
}