nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-04-13 20:07:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge master into staging-next

Browse Source
This commit is contained in:
github-actions[bot] 2023-07-20 12:01:16 +00:00 committed by GitHub
commit 37df58121d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 2217 additions and 6142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/systems/default.nix
View File

@ -85,17 +85,18 @@ rec {
# is why we use the more obscure "bfd" and not "binutils" for this
# choice.
else "bfd";
extensions = rec {
sharedLibrary = assert final.hasSharedLibraries;
/**/ if final.isDarwin then ".dylib"
extensions = lib.optionalAttrs final.hasSharedLibraries {
sharedLibrary =
if final.isDarwin then ".dylib"
else if final.isWindows then ".dll"
else ".so";
} // {
staticLibrary =
/**/ if final.isWindows then ".lib"
else ".a";
library =
/**/ if final.isStatic then staticLibrary
else sharedLibrary;
/**/ if final.isStatic then final.extensions.staticLibrary
else final.extensions.sharedLibrary;
executable =
/**/ if final.isWindows then ".exe"
else "";

12
maintainers/maintainer-list.nix
View File

@ -10839,6 +10839,12 @@
fingerprint = "FEF0 AE2D 5449 3482 5F06 40AA 186A 1EDA C5C6 3F83";
}];
};
mig4ng = {
email = "mig4ng@gmail.com";
github = "mig4ng";
githubId = 5817039;
name = "Miguel Carneiro";
};
mightyiam = {
email = "mightyiampresence@gmail.com";
github = "mightyiam";
@ -18466,6 +18472,12 @@
github = "zmitchell";
githubId = 10246891;
};
znewman01 = {
email = "znewman01@gmail.com";
github = "znewman01";
githubId = 873857;
name = "Zack Newman";
};
zoedsoupe = {
github = "zoedsoupe";
githubId = 44469426;

2
nixos/doc/manual/release-notes/rl-2311.section.md
View File

@ -26,6 +26,8 @@
- [trust-dns](https://trust-dns.org/), a Rust based DNS server built to be safe and secure from the ground up. Available as [services.trust-dns](#opt-services.trust-dns.enable).
- [osquery](https://www.osquery.io/), a SQL powered operating system instrumentation, monitoring, and analytics.
## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
- The `boot.loader.raspberryPi` options have been marked deprecated, with intent for removal for NixOS 24.11. They had a limited use-case, and do not work like people expect. They required either very old installs ([before mid-2019](https://github.com/NixOS/nixpkgs/pull/62462)) or customized builds out of scope of the standard and generic AArch64 support. That option set never supported the Raspberry Pi 4 family of devices.

2
nixos/lib/make-disk-image.nix
View File

@ -572,7 +572,7 @@ let format' = format; in let
${lib.optionalString installBootLoader ''
# In this throwaway resource, we only have /dev/vda, but the actual VM may refer to another disk for bootloader, e.g. /dev/vdb
# Use this option to create a symlink from vda to any arbitrary device you want.
${optionalString (config.boot.loader.grub.device != "/dev/vda") ''
${optionalString (config.boot.loader.grub.enable && config.boot.loader.grub.device != "/dev/vda") ''
mkdir -p $(dirname ${config.boot.loader.grub.device})
ln -s /dev/vda ${config.boot.loader.grub.device}
''}

1
nixos/modules/module-list.nix
View File

@ -764,6 +764,7 @@
./services/monitoring/nagios.nix
./services/monitoring/netdata.nix
./services/monitoring/opentelemetry-collector.nix
./services/monitoring/osquery.nix
./services/monitoring/parsedmarc.nix
./services/monitoring/prometheus/alertmanager-irc-relay.nix
./services/monitoring/prometheus/alertmanager.nix

1
nixos/modules/rename.nix
View File

@ -72,7 +72,6 @@ in
(mkRemovedOptionModule [ "services" "mesos" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "moinmoin" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mwlib" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "osquery" ] "The osquery module has been removed")
(mkRemovedOptionModule [ "services" "pantheon" "files" ] ''
This module was removed, please add pkgs.pantheon.elementary-files to environment.systemPackages directly.
'')

97
nixos/modules/services/monitoring/osquery.nix Normal file
View File

@ -0,0 +1,97 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.osquery;
dirname = path: with lib.strings; with lib.lists; concatStringsSep "/"
(init (splitString "/" (normalizePath path)));
# conf is the osquery configuration file used when the --config_plugin=filesystem.
# filesystem is the osquery default value for the config_plugin flag.
conf = pkgs.writeText "osquery.conf" (builtins.toJSON cfg.settings);
# flagfile is the file containing osquery command line flags to be
# provided to the application using the special --flagfile option.
flagfile = pkgs.writeText "osquery.flags"
(concatStringsSep "\n"
(mapAttrsToList (name: value: "--${name}=${value}")
# Use the conf derivation if not otherwise specified.
({ config_path = conf; } // cfg.flags)));
osqueryi = pkgs.runCommand "osqueryi" { nativeBuildInputs = [ pkgs.makeWrapper ]; } ''
mkdir -p $out/bin
makeWrapper ${pkgs.osquery}/bin/osqueryi $out/bin/osqueryi \
--add-flags "--flagfile ${flagfile}"
'';
in
{
options.services.osquery = {
enable = mkEnableOption (mdDoc "osqueryd daemon");
settings = mkOption {
default = { };
description = mdDoc ''
Configuration to be written to the osqueryd JSON configuration file.
To understand the configuration format, refer to https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-components.
'';
example = {
options.utc = false;
};
type = types.attrs;
};
flags = mkOption {
default = { };
description = mdDoc ''
Attribute set of flag names and values to be written to the osqueryd flagfile.
For more information, refer to https://osquery.readthedocs.io/en/stable/installation/cli-flags.
'';
example = {
config_refresh = "10";
};
type = with types;
submodule {
freeformType = attrsOf str;
options = {
database_path = mkOption {
default = "/var/lib/osquery/osquery.db";
readOnly = true;
description = mdDoc "Path used for the database file.";
type = path;
};
logger_path = mkOption {
default = "/var/log/osquery";
readOnly = true;
description = mdDoc "Base directory used for logging.";
type = path;
};
pidfile = mkOption {
default = "/run/osquery/osqueryd.pid";
readOnly = true;
description = mdDoc "Path used for pid file.";
type = path;
};
};
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ osqueryi ];
systemd.services.osqueryd = {
after = [ "network.target" "syslog.service" ];
description = "The osquery daemon";
serviceConfig = {
ExecStart = "${pkgs.osquery}/bin/osqueryd --flagfile ${flagfile}";
PIDFile = cfg.flags.pidfile;
LogsDirectory = cfg.flags.logger_path;
StateDirectory = dirname cfg.flags.database_path;
Restart = "always";
};
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d ${dirname (cfg.flags.pidfile)} 0755 root root -"
];
};
}

1
nixos/tests/all-tests.nix
View File

@ -577,6 +577,7 @@ in {
openvscode-server = handleTest ./openvscode-server.nix {};
orangefs = handleTest ./orangefs.nix {};
os-prober = handleTestOn ["x86_64-linux"] ./os-prober.nix {};
osquery = handleTestOn ["x86_64-linux"] ./osquery.nix {};
osrm-backend = handleTest ./osrm-backend.nix {};
overlayfs = handleTest ./overlayfs.nix {};
pacemaker = handleTest ./pacemaker.nix {};

56
nixos/tests/osquery.nix Normal file
View File

@ -0,0 +1,56 @@
import ./make-test-python.nix ({ lib, pkgs, ... }:
with lib;
let
config_refresh = "10";
nullvalue = "NULL";
utc = false;
in
{
name = "osquery";
meta = with maintainers; {
maintainers = [ znewman01 lewo ];
};
nodes.machine = { config, pkgs, ... }: {
services.osquery = {
enable = true;
settings.options = { inherit nullvalue utc; };
flags = {
inherit config_refresh;
nullvalue = "IGNORED";
};
};
};
testScript = { nodes, ... }:
let
cfg = nodes.machine.services.osquery;
in
''
machine.start()
machine.wait_for_unit("osqueryd.service")
# Stop the osqueryd service so that we can use osqueryi to check information stored in the database.
machine.wait_until_succeeds("systemctl stop osqueryd.service")
# osqueryd was able to query information about the host.
machine.succeed("echo 'SELECT address FROM etc_hosts LIMIT 1;' | osqueryi | tee /dev/console | grep -q '127.0.0.1'")
# osquery binaries respect configuration from the Nix config option.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"utc\";' | osqueryi | tee /dev/console | grep -q ${boolToString utc}")
# osquery binaries respect configuration from the Nix flags option.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"config_refresh\";' | osqueryi | tee /dev/console | grep -q ${config_refresh}")
# Demonstrate that osquery binaries prefer configuration plugin options over CLI flags.
# https://osquery.readthedocs.io/en/latest/deployment/configuration/#options.
machine.succeed("echo 'SELECT value FROM osquery_flags WHERE name = \"nullvalue\";' | osqueryi | tee /dev/console | grep -q ${nullvalue}")
# Module creates directories for default database_path and pidfile flag values.
machine.succeed("test -d $(dirname ${cfg.flags.database_path})")
machine.succeed("test -d $(dirname ${cfg.flags.pidfile})")
'';
})

6
pkgs/applications/graphics/ImageMagick/default.nix
View File

@ -47,13 +47,13 @@ in
stdenv.mkDerivation (finalAttrs: {
pname = "imagemagick";
version = "7.1.1-12";
version = "7.1.1-13";
src = fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
rev = finalAttrs.version;
hash = "sha256-URwSufiTcLGWRFNOJidJyEcIPxWUSdN7yHaCiFh7GEI=";
hash = "sha256-HrUka7VLF9YH23TxDQeQpulQf3ssSfYOhi29v2onvCE=";
};
outputs = [ "out" "dev" "doc" ]; # bin/ isn't really big
@ -124,7 +124,7 @@ stdenv.mkDerivation (finalAttrs: {
'';
passthru.tests = {
version = testers.testVersion { package = imagemagick; };
version = testers.testVersion { package = finalAttrs.finalPackage; };
inherit (python3.pkgs) img2pdf;
pkg-config = testers.testMetaPkgConfig finalAttrs.finalPackage;
};

26
pkgs/applications/networking/cluster/kubevpn/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "kubevpn";
version = "1.1.34";
src = fetchFromGitHub {
owner = "KubeNetworks";
repo = "kubevpn";
rev = "v${version}";
sha256 = "sha256-P4lROZ6UxsCtMwGWIDBkXjd8v/wtD7u9LBoUUzP9Tz0=";
};
vendorHash = "sha256-LihRVqVMrN45T9NLOQw/EsrEMTSLYYhWzVm+lYXtFRQ=";
# TODO investigate why some config tests are failing
doCheck = false;
meta = with lib; {
changelog = "https://github.com/KubeNetworks/kubevpn/releases/tag/${src.rev}";
description = "Create a VPN and connect to Kubernetes cluster network, access resources, and more";
homepage = "https://github.com/KubeNetworks/kubevpn";
license = licenses.mit;
maintainers = with maintainers; [ mig4ng ];
};
}

17
pkgs/applications/networking/cluster/nomad/default.nix
View File

@ -77,9 +77,20 @@ rec {
nomad_1_5 = generic {
buildGoModule = buildGo120Module;
version = "1.5.6";
sha256 = "sha256-eFzGaTJ9BcK5F10lkTKB3sNaGZsmZ0BbPZI6kT5ZUpo=";
vendorSha256 = "sha256-tOUQr44wUhhCccvj4dCI7fvLMrKaEX7xY7035Q3wU3M=";
version = "1.5.7";
sha256 = "sha256-IafIC1YVbJFQjC04S2rqjDgB83uSFpMajgsKxfFc/H8=";
vendorSha256 = "sha256-y3WiQuoQn6SdwTgtPWuB6EBtsJC+YleQPzownZQNkno=";
passthru.tests.nomad = nixosTests.nomad;
preCheck = ''
export PATH="$PATH:/build/go/bin"
'';
};
nomad_1_6 = generic {
buildGoModule = buildGo120Module;
version = "1.6.0";
sha256 = "sha256-979SlqBu2/kUdPB4BplhOcEq0J2sjKmFkEiLOzOAUPM=";
vendorSha256 = "sha256-Y3O7ADzZPlLWFbXSYBcI6b5MAhMD0UnkhQxO9VJMpOY=";
passthru.tests.nomad = nixosTests.nomad;
preCheck = ''
export PATH="$PATH:/build/go/bin"

4
pkgs/applications/radio/cloudlog/default.nix
View File

@ -8,13 +8,13 @@
stdenvNoCC.mkDerivation rec {
pname = "cloudlog";
version = "2.4.3";
version = "2.4.5";
src = fetchFromGitHub {
owner = "magicbug";
repo = "Cloudlog";
rev = version;
sha256 = "sha256-2L+Yp8yxhmoVh34cW1s5Xy1f0X2xUo3UP32XcAV2LsM=";
sha256 = "sha256-L68jk49lGw9LNSqIPlDp2WHoQhn8UBW6VDZwsCtjTQI=";
};
postPath = ''

4
pkgs/development/interpreters/elixir/generic-builder.nix
View File

@ -50,14 +50,14 @@ stdenv.mkDerivation ({
# to PATH so the scripts can run without problems.
for f in $out/bin/*; do
b=$(basename $f)
b=$(basename $f)
if [ "$b" = mix ]; then continue; fi
wrapProgram $f \
--prefix PATH ":" "${lib.makeBinPath [ erlang coreutils curl bash ]}"
done
substituteInPlace $out/bin/mix \
--replace "/usr/bin/env elixir" "${coreutils}/bin/env elixir"
--replace "/usr/bin/env elixir" "${coreutils}/bin/env $out/bin/elixir"
'';
pos = builtins.unsafeGetAttrPos "sha256" args;

1
pkgs/development/node-packages/node-packages.json
View File

@ -123,6 +123,7 @@
, "diagnostic-languageserver"
, "diff2html-cli"
, "dockerfile-language-server-nodejs"
, "dotenv-cli"
, "dotenv-vault"
, "elasticdump"
, "@electron-forge/cli"

7698
pkgs/development/node-packages/node-packages.nix generated
View File

File diff suppressed because it is too large Load Diff

7
pkgs/development/ocaml-modules/iri/default.nix
View File

@ -4,15 +4,16 @@
buildDunePackage rec {
pname = "iri";
version = "0.6.0";
duneVersion = "3";
version = "0.7.0";
minimalOCamlVersion = "4.12";
src = fetchFromGitLab {
domain = "framagit.org";
owner = "zoggy";
repo = "ocaml-iri";
rev = version;
sha256 = "sha256:0zk8nnwcyljkc1a556byncv6cn1vqhk4267z1lm15flh1k7chyax";
hash = "sha256-Mkg7kIIVpKbeWUras1RqtJsRx2Q3dBnm4QqSMJFweF8=";
};
propagatedBuildInputs = [ sedlex uunf uutf ];

39
pkgs/development/web/minify/default.nix
View File

@ -1,24 +1,51 @@
{ buildGoModule, fetchFromGitHub, lib }:
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
, nix-update-script
, testers
, minify
}:
buildGoModule rec {
pname = "minify";
version = "2.11.1";
version = "2.12.7";
src = fetchFromGitHub {
owner = "tdewolff";
repo = pname;
rev = "v${version}";
sha256 = "sha256-qna2u+Y4eRGLNvRKDbL/VQud1pn8b1wWzbKQM1p0Yws=";
hash = "sha256-V3lFM58ciU9RrIp5s+ZMaCUAfRJxbTuQxusXhLCiGmI=";
};
vendorSha256 = "sha256-stj3fOaPM70kF6vTX/DEs4qFq/O0Vq0TFw0J/3L5NmA=";
patches = [ ./update-go-version-mod.patch ];
vendorHash = "sha256-v3ZPaeE1YW9BRXHxGsmN8tHv3ApOY+NivfePctOmYlM=";
nativeBuildInputs = [ installShellFiles ];
ldflags = [ "-s" "-w" "-X main.Version=${version}" ];
subPackages = [ "cmd/minify" ];
passthru = {
updateScript = nix-update-script { };
tests.version = testers.testVersion {
inherit version;
package = minify;
command = "minify --version";
};
};
postInstall = ''
installShellCompletion --cmd minify --bash cmd/minify/bash_completion
'';
meta = with lib; {
description = "Minifiers for web formats";
license = licenses.mit;
description = "Go minifiers for web formats";
homepage = "https://go.tacodewolff.nl/minify";
downloadPage = "https://github.com/tdewolff/minify";
changelog = "https://github.com/tdewolff/minify/releases/tag/v${version}";
license = licenses.mit;
};
}

12
pkgs/development/web/minify/update-go-version-mod.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/go.mod b/go.mod
index cebe363..f9ae9c8 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
module github.com/tdewolff/minify/v2
-go 1.13
+go 1.18
require (
github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927 // indirect

13
pkgs/tools/security/rbw/default.nix
View File

@ -5,7 +5,7 @@
, openssl
, pkg-config
, installShellFiles
, Security
, darwin
# rbw-fzf
, withFzf ? false
@ -24,20 +24,23 @@
rustPlatform.buildRustPackage rec {
pname = "rbw";
version = "1.7.1";
version = "1.8.1";
src = fetchzip {
url = "https://git.tozt.net/rbw/snapshot/rbw-${version}.tar.gz";
sha256 = "sha256-xE3T3iVXFaaTF90ehQiG6+dLXcsqrHeprSMUnlSsxkE=";
sha256 = "sha256-cRfCsuhVlTRSgndf4rZrfLG/+NgI4VshVwbQydJt2cE=";
};
cargoHash = "sha256-eaG56FGz4smlqDPi/CJ0KB7NMEgp684X19PVWxGQutw=";
cargoHash = "sha256-CFhBSRqWAJJJkeMNnLwp6/pLhIZHFvdlPn7pjfJFBWw=";
nativeBuildInputs = [
installShellFiles
] ++ lib.optionals stdenv.isLinux [ pkg-config ];
buildInputs = lib.optionals stdenv.isDarwin [ Security ];
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
darwin.apple_sdk.frameworks.AppKit
];
preConfigure = lib.optionalString stdenv.isLinux ''
export OPENSSL_INCLUDE_DIR="${openssl.dev}/include"

25
pkgs/tools/system/osquery/Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch Normal file
View File

@ -0,0 +1,25 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 15:40:31 -0400
Subject: [PATCH] Remove circular definition of AUDIT_FILTER_EXCLUDE
https://github.com/osquery/osquery/issues/6551
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/libaudit/src/lib/libaudit.h | 1 -
1 file changed, 1 deletion(-)
diff --git a/libraries/cmake/source/libaudit/src/lib/libaudit.h b/libraries/cmake/source/libaudit/src/libaudit.h
--- a/libraries/cmake/source/libaudit/src/lib/libaudit.h
+++ b/libraries/cmake/source/libaudit/src/lib/libaudit.h
@@ -260,7 +260,6 @@ extern "C" {
#define AUDIT_KEY_SEPARATOR 0x01
/* These are used in filter control */
-#define AUDIT_FILTER_EXCLUDE AUDIT_FILTER_TYPE
#define AUDIT_FILTER_MASK 0x07 /* Mask to get actual filter */
#define AUDIT_FILTER_UNSET 0x80 /* This value means filter is unset */
--
2.38.1

37
pkgs/tools/system/osquery/Remove-git-reset.patch Normal file
View File

@ -0,0 +1,37 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 13:48:07 -0400
Subject: [PATCH] Remove git reset
This is not required for nixpkgs builds because we are not working in
the source repository and therefore do not need to be careful about
updating submodule content.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/modules/utils.cmake | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/libraries/cmake/source/modules/utils.cmake b/libraries/cmake/source/modules/utils.cmake
--- a/libraries/cmake/source/modules/utils.cmake
+++ b/libraries/cmake/source/modules/utils.cmake
@@ -102,17 +102,6 @@ function(patchSubmoduleSourceCode library_name patches_dir source_dir apply_to_d
file(COPY "${source_dir}" DESTINATION "${parent_dir}")
endif()
- # We need to restore the source code to its original state, pre patch
- execute_process(
- COMMAND "${GIT_EXECUTABLE}" reset --hard HEAD
- RESULT_VARIABLE process_exit_code
- WORKING_DIRECTORY "${source_dir}"
- )
-
- if(NOT ${process_exit_code} EQUAL 0)
- message(FATAL_ERROR "Failed to git reset the following submodule: \"${source_dir}\"")
- endif()
-
set(patchSubmoduleSourceCode_Patched TRUE PARENT_SCOPE)
endfunction()
--
2.38.1

157
pkgs/tools/system/osquery/Remove-system-controls-table.patch Normal file
View File

@ -0,0 +1,157 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Wed, 16 Nov 2022 22:00:06 -0400
Subject: [PATCH] Remove system controls table
Relies on <sys/sysctl.h> which is not present in glibc since 2.32.
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
osquery/tables/system/CMakeLists.txt | 4 --
specs/CMakeLists.txt | 1 -
specs/posix/system_controls.table | 21 -------
tests/integration/tables/system_controls.cpp | 61 --------------------
4 files changed, 87 deletions(-)
delete mode 100644 specs/posix/system_controls.table
delete mode 100644 tests/integration/tables/system_controls.cpp
diff --git a/osquery/tables/system/CMakeLists.txt b/osquery/tables/system/CMakeLists.txt
--- a/osquery/tables/system/CMakeLists.txt
+++ b/osquery/tables/system/CMakeLists.txt
@@ -43,7 +43,6 @@ function(generateOsqueryTablesSystemSystemtable)
posix/smbios_utils.cpp
posix/sudoers.cpp
posix/suid_bin.cpp
- posix/system_controls.cpp
posix/ulimit_info.cpp
)
endif()
@@ -82,7 +81,6 @@ function(generateOsqueryTablesSystemSystemtable)
linux/shared_memory.cpp
linux/smbios_tables.cpp
linux/startup_items.cpp
- linux/sysctl_utils.cpp
linux/system_info.cpp
linux/usb_devices.cpp
linux/user_groups.cpp
@@ -156,7 +154,6 @@ function(generateOsqueryTablesSystemSystemtable)
darwin/smbios_tables.cpp
darwin/smc_keys.cpp
darwin/startup_items.cpp
- darwin/sysctl_utils.cpp
darwin/system_extensions.mm
darwin/system_info.cpp
darwin/time_machine.cpp
@@ -326,7 +323,6 @@ function(generateOsqueryTablesSystemSystemtable)
posix/shell_history.h
posix/ssh_keys.h
posix/sudoers.h
- posix/sysctl_utils.h
posix/last.h
posix/openssl_utils.h
posix/authorized_keys.h
diff --git a/specs/CMakeLists.txt b/specs/CMakeLists.txt
--- a/specs/CMakeLists.txt
+++ b/specs/CMakeLists.txt
@@ -246,7 +246,6 @@ function(generateNativeTables)
"posix/socket_events.table:linux,macos"
"posix/sudoers.table:linux,macos,freebsd"
"posix/suid_bin.table:linux,macos,freebsd"
- "posix/system_controls.table:linux,macos,freebsd"
"posix/ulimit_info.table:linux,macos,freebsd"
"posix/usb_devices.table:linux,macos"
"posix/user_events.table:linux,macos,freebsd"
diff --git a/specs/posix/system_controls.table b/specs/posix/system_controls.table
deleted file mode 100644
--- a/specs/posix/system_controls.table
+++ /dev/null
@@ -1,21 +0,0 @@
-table_name("system_controls")
-description("sysctl names, values, and settings information.")
-schema([
- Column("name", TEXT, "Full sysctl MIB name", index=True),
- Column("oid", TEXT, "Control MIB", additional=True),
- Column("subsystem", TEXT, "Subsystem ID, control type", additional=True),
- Column("current_value", TEXT, "Value of setting"),
- Column("config_value", TEXT, "The MIB value set in /etc/sysctl.conf"),
- Column("type", TEXT, "Data type"),
-])
-extended_schema(DARWIN, [
- Column("field_name", TEXT, "Specific attribute of opaque type"),
-])
-
-implementation("system_controls@genSystemControls")
-fuzz_paths([
- "/run/sysctl.d/",
- "/usr/lib/sysctl.d/",
- "/lib/sysctl.d/",
- "/sys"
-])
diff --git a/tests/integration/tables/system_controls.cpp b/tests/integration/tables/system_controls.cpp
deleted file mode 100644
--- a/tests/integration/tables/system_controls.cpp
+++ /dev/null
@@ -1,61 +0,0 @@
-/**
- * Copyright (c) 2014-present, The osquery authors
- *
- * This source code is licensed as defined by the LICENSE file found in the
- * root directory of this source tree.
- *
- * SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only)
- */
-
-// Sanity check integration test for system_controls
-// Spec file: specs/posix/system_controls.table
-
-#include <osquery/tests/integration/tables/helper.h>
-
-namespace osquery {
-namespace table_tests {
-namespace {
-
-class SystemControlsTest : public testing::Test {
- protected:
- void SetUp() override {
- setUpEnvironment();
- }
-};
-
-TEST_F(SystemControlsTest, test_sanity) {
- auto const rows = execute_query("select * from system_controls");
- auto const row_map = ValidationMap{
- {"name", NonEmptyString},
- {"oid", NormalType},
- {"subsystem",
- SpecificValuesCheck{"",
- "abi",
- "debug",
- "dev",
- "fs",
- "fscache",
- "hw",
- "kern",
- "kernel",
- "machdep",
- "net",
- "sunrpc",
- "user",
- "vfs",
- "vm"}},
- {"current_value", NormalType},
- {"config_value", NormalType},
- {"type",
- SpecificValuesCheck{
- "", "node", "int", "string", "quad", "opaque", "struct"}},
-#ifdef __APPLE__
- {"field_name", NormalType},
-#endif
- };
- validate_rows(rows, row_map);
-}
-
-} // namespace
-} // namespace table_tests
-} // namespace osquery
--
2.38.1

29
pkgs/tools/system/osquery/Use-locale.h-instead-of-removed-xlocale.h-header.patch Normal file
View File

@ -0,0 +1,29 @@
From: Jack Baldry <jack.baldry@grafana.com>
Date: Tue, 15 Nov 2022 14:34:33 -0400
Subject: [PATCH] Use locale.h instead of removed xlocale.h header
https://sourceware.org/glibc/wiki/Release/2.26#Removal_of_.27xlocale.h.27
Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
---
libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
--- a/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
+++ b/libraries/cmake/source/augeas/gnulib/generated/linux/x86_64/lib/locale.h
@@ -48,9 +48,9 @@
/* NetBSD 5.0 mis-defines NULL. */
#include <stddef.h>
-/* Mac OS X 10.5 defines the locale_t type in <xlocale.h>. */
+/* Mac OS X 10.5 defines the locale_t type in <locale.h>. */
#if 1
-# include <xlocale.h>
+# include <locale.h>
#endif
/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
--
2.38.1

85
pkgs/tools/system/osquery/default.nix Normal file
View File

@ -0,0 +1,85 @@
{ lib
, cmake
, fetchFromGitHub
, git
, llvmPackages
, nixosTests
, overrideCC
, perl
, python3
, stdenv
, openssl_1_1
}:
let
buildStdenv = overrideCC stdenv llvmPackages.clangUseLLVM;
in
buildStdenv.mkDerivation rec {
pname = "osquery";
version = "5.5.1";
src = fetchFromGitHub {
owner = "osquery";
repo = "osquery";
rev = version;
fetchSubmodules = true;
sha256 = "sha256-Q6PQVnBjAjAlR725fyny+RhQFUNwxWGjLDuS5p9JKlU=";
};
patches = [
./Remove-git-reset.patch
./Use-locale.h-instead-of-removed-xlocale.h-header.patch
./Remove-circular-definition-of-AUDIT_FILTER_EXCLUDE.patch
# For current state of compilation against glibc in the clangWithLLVM toolchain, refer to the upstream issue in https://github.com/osquery/osquery/issues/7823.
./Remove-system-controls-table.patch
];
buildInputs = [
llvmPackages.libunwind
];
nativeBuildInputs = [
cmake
git
perl
python3
];
postPatch = ''
substituteInPlace cmake/install_directives.cmake --replace "/control" "control"
# This is required to build libarchive with our glibc version
# which provides the ARC4RANDOM_BUF function
substituteInPlace libraries/cmake/source/libarchive/CMakeLists.txt --replace " target_compile_definitions(thirdparty_libarchive PRIVATE" " target_compile_definitions(thirdparty_libarchive PRIVATE HAVE_ARC4RANDOM_BUF"
# We need to override this hash because we use our own openssl 1.1 version
substituteInPlace libraries/cmake/formula/openssl/CMakeLists.txt --replace "d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca" "e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6"
cat libraries/cmake/formula/openssl/CMakeLists.txt
'';
# For explanation of these deletions, refer to the ./Use-locale.h-instead-of-removed-xlocale.h-header.patch file.
preConfigure = ''
find libraries/cmake/source -name 'config.h' -exec sed -i '/#define HAVE_XLOCALE_H 1/d' {} \;
'';
cmakeFlags = [
"-DOSQUERY_VERSION=${version}"
"-DOSQUERY_OPENSSL_ARCHIVE_PATH=${openssl_1_1.src}"
];
postFixup = ''
patchelf --set-rpath "${llvmPackages.libunwind}/lib:$(patchelf --print-rpath $out/bin/osqueryd)" "$out/bin/osqueryd"
'';
passthru.tests.osquery = nixosTests.osquery;
meta = with lib; {
description = "SQL powered operating system instrumentation, monitoring, and analytics.";
longDescription = ''
The system controls table is not included as it does not presently compile with glibc >= 2.32.
For more information, refer to https://github.com/osquery/osquery/issues/7823
'';
homepage = "https://osquery.io";
license = licenses.bsd3;
platforms = platforms.linux;
maintainers = with maintainers; [ znewman01 lewo ];
};
}

16
pkgs/top-level/all-packages.nix
View File

@ -1789,6 +1789,8 @@ with pkgs;
openbugs = pkgsi686Linux.callPackage ../applications/science/machine-learning/openbugs { };
osquery = callPackage ../tools/system/osquery { };
paperview = callPackage ../tools/X11/paperview { };
pferd = callPackage ../tools/misc/pferd { };
@ -10786,6 +10788,7 @@ with pkgs;
nomad_1_3
nomad_1_4
nomad_1_5
nomad_1_6
;
nomad-autoscaler = callPackage ../applications/networking/cluster/nomad-autoscaler { };
@ -11947,9 +11950,7 @@ with pkgs;
revolt-desktop = callPackage ../applications/networking/instant-messengers/revolt-desktop { };
rbw = callPackage ../tools/security/rbw {
inherit (darwin.apple_sdk.frameworks) Security;
};
rbw = callPackage ../tools/security/rbw { };
remarshal = with python3Packages; toPythonApplication remarshal;
@ -15843,9 +15844,10 @@ with pkgs;
gcc-arm-embedded-12 = callPackage ../development/compilers/gcc-arm-embedded/12 { };
gcc-arm-embedded = gcc-arm-embedded-12;
# Has to match the default gcc so that there are no linking errors when
# using C/C++ libraries in D packages
gdc = wrapCC (gcc.cc.override {
# It would be better to match the default gcc so that there are no linking errors
# when using C/C++ libraries in D packages, but right now versions >= 12 are broken.
gdc = gdc11;
gdc11 = wrapCC (gcc11.cc.override {
name = "gdc";
langCC = false;
langC = false;
@ -32707,6 +32709,8 @@ with pkgs;
kubelogin-oidc = callPackage ../applications/networking/cluster/kubelogin-oidc { };
kubevpn = callPackage ../applications/networking/cluster/kubevpn { };
k8sgpt = callPackage ../applications/networking/cluster/k8sgpt { };
k9s = callPackage ../applications/networking/cluster/k9s { };