valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-07 01:55:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

cleanup: Remove old scripts and tooling (#5983)

Browse Source
This commit is contained in:
Teddy Reed 2019-11-04 20:30:10 -05:00 committed by Stefano Bonicatti
parent 93d736a49a
commit 818c05ce4a
24 changed files with 0 additions and 2117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/analysis/analyze.bat
View File

@ -1,4 +0,0 @@
@echo off
REM Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
"C:\Program Files\Cppcheck\cppcheck.exe" --quiet -i .\build\ .
"C:\Program Files\Cppcheck\cppcheck.exe" --quiet --project=.\build\windows10\OSQUERY.sln

2
tools/analysis/asan.supp
View File

@ -1,2 +0,0 @@
interceptor_via_fun:google::SetArgv
interceptor_via_lib:gflags

46
tools/analysis/clang-analyze.sh
View File

@ -1,46 +0,0 @@
#!/bin/bash
# Copyright (c) 2014, Ruslan Baratov
# All rights reserved.
declare -a BLACKLIST=(
"logging.cc"
"logging_unittest.cc"
"signalhandler_unittest.cc"
"string_util.cc"
"sysinfo.cc"
)
for BL_ITEM in ${BLACKLIST[@]}; do
if [[ "$@" == *"${BL_ITEM}"* ]]; then
clang++ "$@"
exit 0;
fi
done
for x in "$@"; do
if [ ! "${x}" == "-c" ]; then
continue
fi
OUTPUT="`mktemp /tmp/clang-analyze.out.XXXXX`"
BINARY="`mktemp /tmp/clang-analyze.bin.XXXXX`"
# analyze
clang++ --analyze "$@" -o "${BINARY}" 2> "${OUTPUT}"
RESULT=0
[ "$?" == 0 ] || RESULT=1
[ -s "${OUTPUT}" ] && RESULT=1
cat "${OUTPUT}";
rm -f "${OUTPUT}"
rm -f "${BINARY}"
if [ "${RESULT}" == "1" ]; then
exit 1;
fi
done
# compile real code
clang++ "$@"

141
tools/analysis/fuzz.py
View File

@ -1,141 +0,0 @@
#!/usr/bin/env python3
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
import ast
import os
import random
import subprocess
import sys
import argparse
# Import the testing utils
sys.path.append(os.path.dirname(os.path.realpath(__file__)) + "/../tests/")
sys.path.append(os.path.dirname(os.path.realpath(__file__)) + "/../codegen/")
from gentable import \
table_name, schema, description, examples, attributes, implementation, \
extended_schema, fuzz_paths, \
WINDOWS, LINUX, POSIX, DARWIN, FREEBSD, \
Column, ForeignKey, table as TableState, TableState as _TableState, \
TEXT, DATE, DATETIME, INTEGER, BIGINT, UNSIGNED_BIGINT, DOUBLE, BLOB
import utils
def _fuzz_paths(shell, name, paths, query):
cmd = [
"zzuf",
"-r0.001:0.1", "-s%d:%d" % (args.s, args.s + args.n)
]
for path in paths:
cmd.append("-I")
cmd.append(path)
cmd.append(shell)
cmd.append("--disable_extensions")
cmd.append(query)
if args.verbose:
print(" ".join(cmd))
proc = subprocess.Popen(
cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE
)
stdout, stderr = proc.communicate()
if args.verbose:
print(stdout)
print(stderr)
if proc.returncode != 0:
print(" ".join(cmd))
print(stderr)
return proc.returncode
def _fuzz_queries(shell, name, paths, examples=[]):
print("Fuzzing file reads for: %s" % (name))
ret = _fuzz_paths(shell, name, paths, "select count(1) from `%s`" % (name))
if ret != 0:
return ret
for example in examples:
print("Fuzzing file reads for query: %s" % (example))
ret = _fuzz_paths(shell, name, paths, example)
if ret != 0:
return ret
return 0
if __name__ == "__main__":
parser = argparse.ArgumentParser(description=(
"Search table specs for opt-in fuzzing options"
))
parser.add_argument(
"--specs", metavar="PATH", default="./specs",
help="Path to the osquery table specs."
)
parser.add_argument(
"--table", metavar="TABLE", default="",
help="Restrict to a single table"
)
parser.add_argument(
"--verbose", action="store_true", default=False,
help="Be verbose."
)
parser.add_argument(
"-c", action="store_true", default=False,
help="Continue working event if a crash is detected."
)
parser.add_argument(
"-n", type=int, default=20,
help="Number of seeds"
)
parser.add_argument(
"-s", type=int, default=-1,
help="Initial seed"
)
group = parser.add_argument_group("Run Options:")
group.add_argument(
"--shell", metavar="PATH", default="./build/%s/osquery/osqueryi" % (
utils.platform()),
help="Path to osqueryi shell (./build/<sys>/osquery/osqueryi)."
)
args = parser.parse_args()
if not os.path.exists(args.shell):
print("Cannot find --shell: %s" % (args.shell))
exit(1)
if not os.path.exists(args.specs):
print("Cannot find --specs: %s" % (args.specs))
exit(1)
if args.s < 0:
args.s = random.randint(0, 65535)
exit_code = 0
tables = utils.queries_from_tables(args.specs, args.table)
for table in tables:
table = table.split(".")
if table[0] == "specs":
table.pop(0)
table[-1] += ".table"
filename = os.path.join(args.specs, *table)
with open(filename, 'rU') as fh:
# Open and parse/execute the specification.
tree = ast.parse(fh.read())
TableState = _TableState()
exec(compile(tree, "<string>", "exec"))
# We may later introduce other (simple) types of fuzzing.
if len(TableState.fuzz_paths) > 0:
# The table specification opted-into path-based fuzzing.
ret = _fuzz_queries(args.shell, TableState.table_name,
TableState.fuzz_paths, TableState.examples)
if ret > 0:
exit_code = ret
if not args.c and ret != 0:
break
sys.exit(exit_code)

1
tools/analysis/lsan.supp
View File

@ -1 +0,0 @@
leak:apache::thrift::transport::TServerSocket::listen

24
tools/analysis/sanitize_blacklist.txt
View File

@ -1,24 +0,0 @@
# This function and source blacklist is applied to LLVM's sanitize frameworks.
# Please restrict entries to known-problems in third-party libraries.
# ASIO 0-lookups
fun:*get_io_service*
src:*asio/impl/*
# GFlags
fun:*SetArgv*
# GLog
# This is a confirmed race, but deemed low pri
fun:google::RawLog__SetLastTime
# Thrift
fun:*TServerSocket*
fun:apache::thrift::transport::TServerSocket::listen
fun:apache::thrift::transport::TServerSocket::notify
fun:apache::thrift::transport::TServerSocket::interrupt
fun:apache::thrift::transport::TServerSocket::interruptChildren
src:*thrift/transport/TServerSocket.cpp
# RocksDB
fun:*ColumnFamilyOptions*

144
tools/analysis/stress.py
View File

@ -1,144 +0,0 @@
#!/usr/bin/env python3
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
import sys
import shutil
import time
import argparse
import subprocess
import tempfile
from threading import Thread
try:
from utils import *
except ImportError:
print("Cannot import osquery testing utils from ./tools/tests")
exit(1)
def run_daemon(proc, output):
output[proc.pid] = profile_cmd("", proc=proc)
def audit(args):
def _run_procs(start):
procs = []
for i in range(3):
for j in range(100):
procs.append(subprocess.Popen("sleep %d" % 1,
shell=True,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE))
if not args["stat"]:
print("Finished launching processes: duration %6.4fs" % (
time.time() - start))
for p in procs:
p.communicate()
proc = None
thread = None
results = {}
if not args["baseline"]:
# Start a daemon, which will modify audit rules
test = args["run"]
if "args" in args:
test += " %s" % (args["args"])
dbpath = tempfile.mkdtemp()
test += " --database_path=%s" % (dbpath)
proc = subprocess.Popen(test,
shell=True,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE)
if not args["stat"]:
thread = Thread(target=run_daemon, args=(proc, results,))
thread.start()
time.sleep(1)
# Run test applications to stress the audting (a fork bomb)
start_time = time.time()
_run_procs(start_time)
end_time = time.time()
# Clean up
if not args["baseline"]:
proc.kill()
shutil.rmtree(dbpath)
if not args["stat"]:
thread.join()
if proc.pid in results:
print("cpu: %6.2f, memory: %d, util: %6.2f" % (
results[proc.pid]["cpu_time"],
results[proc.pid]["memory"],
results[proc.pid]["utilization"]))
pass
return end_time - start_time
def single(args):
start_time = time.time()
if ARGS.verbose:
proc = subprocess.Popen(args, shell=True)
else:
proc = subprocess.Popen(args,
shell=True,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE)
if ARGS.verbose:
print("PID: %d" % (proc.pid))
stdout, stderr = proc.communicate()
end_time = time.time() - start_time
if proc.returncode is not 0:
if not ARGS.verbose:
print(stdout)
print(stderr)
print("%s Test failed. (total %6.4fs)" % (
red("FAILED"), end_time))
sys.exit(proc.returncode)
return end_time
def stress(args):
"""Small utility to run unittests several times."""
times = []
test = args["run"] if args["run"] is not None else ["make", "test"]
for i in range(args["num"]):
if args["audit"]:
times.append(audit(args))
else:
times.append(single(test))
if args["stat"]:
print("%6.4f" % (times[-1]))
else:
print("%s Tests passed (%d/%d) rounds. (average %6.4fs) " % (
green("PASSED"), i + 1, args["num"], sum(times) / len(times)))
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Run tests many times")
parser.add_argument("-n", "--num", type=int, default=50,
help="Number of times to run tests")
parser.add_argument("-A", "--audit", action="store_true", default=False,
help="Perform exec/process auditing stress tests")
parser.add_argument("--baseline", action="store_true", default=False,
help="Run baselines when stressing auditing")
parser.add_argument("--args", default="",
help="Arguments to pass to test binary")
parser.add_argument("--stat", action="store_true", default=False,
help="Only print numerical values")
parser.add_argument("--verbose", action="store_true", default=False,
help="Do not consume stderr/stdout")
parser.add_argument("run", nargs="?", help="Run specific test binary")
ARGS = parser.parse_args()
# A baseline was requested, first run baselines then normal.
if ARGS.baseline:
print("Running baseline tests...")
stress(vars(ARGS))
ARGS.baseline = False
print("Finished. Running tests...")
stress(vars(ARGS))

107
tools/analysis/system_stress.py
View File

@ -1,107 +0,0 @@
#!/usr/bin/env python3
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
from multiprocessing import Process, Lock, Value
import subprocess
import argparse
import socket
import fcntl
import struct
import timeit
P = 3298723423324
# See: http://stackoverflow.com/questions/24196932/how-can-i-get-the-ip-address-of-eth0-in-python
def get_ip_address(ifname):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15])
)[20:24])
def largest_prime_factor(n):
i = 2
while i * i <= n:
if n % i:
i += 1
else:
n //= i
return n
def init(e, po, n, j, l, count):
subprocess.call("echo 'hi' > /dev/null", shell=True)
netcat(e, po, "hello")
l.acquire()
try:
count.value = count.value + 1
finally:
l.release()
if j >= n:
largest_prime_factor(P)
return
procs = []
for i in range(n):
p = Process(target=init, args=(e, po, n, j + i + 1, l, count))
p.start()
procs.append(p)
for p in procs:
p.join()
# See: http://stackoverflow.com/questions/1908878/netcat-implementation-in-python
def netcat(hostname, port, content):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect((hostname, int(port)))
s.sendall(content)
s.shutdown(socket.SHUT_WR)
s.close()
def expect(n):
return (2**n) * n
def main(args):
e = get_ip_address(args.i)
k = expect(args.n)
print ("Expecting %d (default shell) processes" % k)
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind((e, args.p))
c = Value('i', 0)
l = Lock()
for i in range(args.n):
init(e, args.p, args.n, i, l, c)
print("Executed %d (default shell) processes" % c.value)
return 0
if __name__ == '__main__':
parser = argparse.ArgumentParser(
description=("Place the system under stress."
" This will launch lots of shells and each will connect to a UDP socket."))
parser.add_argument("-n", type=int, default=4, help="Expotential intensity")
parser.add_argument("-i", required=True, help="Network interface for socket actions")
parser.add_argument("-p", type=int, default=9090, help="Local network UDP port")
args = parser.parse_args()
start = timeit.default_timer()
main(args)
print("Elapsed: " + str(timeit.default_timer() - start))

7
tools/analysis/tsan.supp
View File

@ -1,7 +0,0 @@
race:TServerSocket
race:PthreadThread
signal:signalHandler
race:sqlite3Parser
race:sqlite3_prepare_v2
race:shell_exec

20
tools/analysis/valgrind.supp
View File

@ -1,20 +0,0 @@
{
<gflags_parse_string_flag_value>
Memcheck:Leak
match-leak-kinds: possible
...
fun:_ZN3fLS25dont_pass0toDEFINE_stringEPcPKc
...
fun:__libc_csu_init
fun:(below main)
}
{
<gflags_parse_flag_value>
Memcheck:Leak
match-leak-kinds: possible
...
fun:_ZN6google12_GLOBAL__N_19FlagValue9ParseFromEPKc
...
fun:_ZN6google21ParseCommandLineFlagsEPiPPPcb
fun:main
}

67
tools/audit.sh
View File

@ -1,67 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $SCRIPT_DIR/lib.sh
function check_format() {
# Create a master branch if it does not exist.
if ! git rev-parse --verify master &> /dev/null; then
git fetch origin master &> /dev/null
git branch master FETCH_HEAD &> /dev/null || true
fi
# Check formatting
make format_check
}
function check_executable() {
HERE=$(pwd)
cd $SCRIPT_DIR/..;
FILES=$(find osquery -type f -perm -a=x)
if [[ ! -z "$FILES" ]]; then
echo "[!] Some source files are marked executable:"
echo "$FILES"
false
fi
FILES=$(find include -type f -perm -a=x)
if [[ ! -z "$FILES" ]]; then
echo "[!] Some header files are marked executable:"
echo "$FILES"
false
fi
cd $HERE;
}
function audit() {
log "Running various code/change audits!"
echo ""
log "Checking for source files marked executable"
check_executable
echo ""
log "Running: make format"
check_format
echo ""
log "Running: make check"
make check
# Check the docs creation
echo ""
log "Running: make docs"
make docs
}
audit
exit 0

44
tools/benchmark.sh
View File

@ -1,44 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
source $SCRIPT_DIR/lib.sh
# Run the build function without the tests
build false
# NODE_LABELS is defined in the Jenkins environment, and provides a wasy for
# us to detect what type of box we are running on. (ie. osx10, centos6).
OUTDIR="$SCRIPT_DIR/../build/benchmarks"
NODE=$(echo $NODE_LABELS | awk '{print $NF}')
mkdir -p $OUTDIR
REPETITIONS=5
export BENCHMARK_TO_FILE="--benchmark_format=csv \
--benchmark_repetitions=$REPETITIONS :>$OUTDIR/$NODE-benchmark.csv"
make run-benchmark/fast
export BENCHMARK_TO_FILE="--benchmark_format=csv \
--benchmark_repetitions=$REPETITIONS :>$OUTDIR/$NODE-kernel-benchmark.csv"
make run-kernel-benchmark/fast
strip $(find $SCRIPT_DIR/../build -name "osqueryi" | xargs)
strip $(find $SCRIPT_DIR/../build -name "osqueryd" | xargs)
wc -c $(find $SCRIPT_DIR/../build -name "osqueryi" | xargs) \
| head -n 1 \
| awk '{print "\"EXECUTABLE_osqueryi_size\","$1",,,,,\""$2"\""}' \
>>$OUTDIR/$NODE-benchmark.csv
wc -c $(find $SCRIPT_DIR/../build -name "osqueryd" | xargs) \
| head -n 1 \
| awk '{print "\"EXECUTABLE_osqueryd_size\","$1",,,,,\""$2"\""}' \
>>$OUTDIR/$NODE-benchmark.csv
exit 0

364
tools/deployment/make_linux_package.sh
View File

@ -1,364 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
# Defaults:
# Set OSQUERY_BUILD_VERSION or add -v VERSION
# Set BUILD_DIR or add -b DIR
# Set FPM if installed outside of path
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SOURCE_DIR="$SCRIPT_DIR/../.."
BUILD_DIR=${BUILD_DIR:="$SOURCE_DIR/build/linux"}
FPM=${FPM:="fpm"}
INSTALL_SOURCE=0
source "$SOURCE_DIR/tools/lib.sh"
# Default version
VERSION=`(cd $SOURCE_DIR; git describe --tags HEAD) || echo 'unknown-version'`
PACKAGE_VERSION=${OSQUERY_BUILD_VERSION:="$VERSION"}
DESCRIPTION="osquery is an operating system instrumentation toolchain."
PACKAGE_NAME="osquery"
PACKAGE_ARCH="x86_64"
PACKAGE_VENDOR="osquery"
PACKAGE_LICENSE="Apache 2.0 or GPL 2.0"
PACKAGE_TYPE=""
PACKAGE_ITERATION_DEFAULT="1.linux"
PACKAGE_ITERATION_ARCH="1.arch"
PACKAGE_DEB_DEPENDENCIES="libc6 (>=2.12), zlib1g"
PACKAGE_RPM_DEPENDENCIES="glibc >= 2.12, zlib"
PACKAGE_TGZ_DEPENDENCIES="zlib"
PACKAGE_TAR_DEPENDENCIES="none"
# Config files
INITD_SRC="$SCRIPT_DIR/osqueryd.initd"
INITD_DST="/etc/init.d/osqueryd"
SYSTEMD_SERVICE_SRC="$SCRIPT_DIR/osqueryd.service"
SYSTEMD_SERVICE_DST="/usr/lib/systemd/system/osqueryd.service"
SYSTEMD_SYSCONFIG_SRC="$SCRIPT_DIR/osqueryd.sysconfig"
SYSTEMD_SYSCONFIG_DST="/etc/sysconfig/osqueryd"
SYSTEMD_SYSCONFIG_DST_DEB="/etc/default/osqueryd"
CTL_SRC="$SCRIPT_DIR/osqueryctl"
PACKS_SRC="$SOURCE_DIR/packs"
PACKS_DST="/usr/share/osquery/packs/"
LENSES_LICENSE="${SOURCE_DIR}/libraries/cmake/source/augeas/src/COPYING"
LENSES_SRC="${SOURCE_DIR}/libraries/cmake/source/augeas/src/lenses"
LENSES_DST="/usr/share/osquery/lenses/"
OSQUERY_POSTINSTALL=${OSQUERY_POSTINSTALL:-"$SCRIPT_DIR/linux_postinstall.sh"}
OSQUERY_PREUNINSTALL=${OSQUERY_PREUNINSTALL:-""}
OSQUERY_CONFIG_SRC=${OSQUERY_CONFIG_SRC:-""}
OSQUERY_TLS_CERT_CHAIN_SRC=${OSQUERY_TLS_CERT_CHAIN_SRC:-""}
OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC="${SCRIPT_DIR}/certs.pem"
OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST="/usr/share/osquery/certs/certs.pem"
OSQUERY_EXAMPLE_CONFIG_SRC="$SCRIPT_DIR/osquery.example.conf"
OSQUERY_EXAMPLE_CONFIG_DST="/usr/share/osquery/osquery.example.conf"
OSQUERY_LOG_DIR="/var/log/osquery/"
OSQUERY_VAR_DIR="/var/osquery"
OSQUERY_ETC_DIR="/etc/osquery"
function usage() {
fatal "Usage: $0 -t deb|rpm|pacman|tar
[-b|--build] /path/to/build/dir
[-d|--dependencies] DEPENDENCY_LIST string
[-i|--iteration] REVISION
[-u|--preuninst] /path/to/pre-uninstall
[-p|--postinst] /path/to/post-install
[-c|--config] /path/to/embedded.config
[-v|--version] OSQUERY_BUILD_VERSION override
This will generate an Linux package with:
(1) An example config /usr/share/osquery/osquery.example.conf
(2) An init.d script /etc/init.d/osqueryd
(3) A systemd service file /usr/lib/systemd/system/osqueryd.service and
a sysconfig file /etc/{default|sysconfig}/osqueryd as appropriate
(4) A default TLS certificate bundle (provided by cURL)
(5) The osquery toolset /usr/bin/osquery*"
}
function check_parsed_args() {
if [[ -z $PACKAGE_TYPE ]]; then
usage
fi
if [[ ! -d $BUILD_DIR ]]; then
log "Cannot find build dir [-b|--build]: $BUILD_DIR"
usage
fi
if [ ! -z "$OSQUERY_CONFIG_SRC" ] && [ ! -f "$OSQUERY_CONFIG_SRC" ]; then
log "$OSQUERY_CONFIG_SRC is not a file."
usage
fi
if ! command -v $FPM > /dev/null; then
fatal "Cannot find fpm script (is fpm installed?)"
fi
}
function parse_args() {
while [ "$1" != "" ]; do
case $1 in
-t | --type ) shift
PACKAGE_TYPE=$1
;;
-i | --iteration ) shift
PACKAGE_ITERATION=$1
;;
-d | --dependencies ) shift
PACKAGE_DEPENDENCIES="${@}"
;;
-u | --preuninst) shift
OSQUERY_PREUNINSTALL=$1
;;
-p | --postinst ) shift
OSQUERY_POSTINSTALL=$1
;;
-c | --config ) shift
OSQUERY_CONFIG_SRC=$1
;;
-b | --build ) shift
BUILD_DIR=$1
;;
-v | --version ) shift
PACKAGE_VERSION=$1
;;
-s | --source ) INSTALL_SOURCE=1
;;
-h | --help ) usage
;;
esac
shift
done
check_parsed_args
if [[ -z $PACKAGE_ITERATION ]]; then
if [[ $PACKAGE_TYPE == "pacman" ]]; then
PACKAGE_ITERATION=$PACKAGE_ITERATION_ARCH
else
PACKAGE_ITERATION=$PACKAGE_ITERATION_DEFAULT
fi
fi
if [[ -z $PACKAGE_DEPENDENCIES ]]; then
if [[ $PACKAGE_TYPE == "deb" ]]; then
PACKAGE_DEPENDENCIES=$PACKAGE_DEB_DEPENDENCIES
elif [[ $PACKAGE_TYPE == "rpm" ]]; then
PACKAGE_DEPENDENCIES=$PACKAGE_RPM_DEPENDENCIES
elif [[ $PACKAGE_TYPE == "pacman" ]]; then
PACKAGE_DEPENDENCIES=$PACKAGE_TGZ_DEPENDENCIES
else
PACKAGE_DEPENDENCIES=$PACKAGE_TAR_DEPENDENCIES
fi
fi
if [[ $PACKAGE_VERSION == *"-"* ]]; then
DESCRIPTION="$DESCRIPTION (unstable/latest version)"
fi
}
function get_pkg_suffix() {
if [[ $PACKAGE_TYPE == "deb" ]]; then
# stay compliant with Debian package naming convention
echo "_${PACKAGE_VERSION}_${PACKAGE_ITERATION}.amd64.${PACKAGE_TYPE}"
elif [[ $PACKAGE_TYPE == "rpm" ]]; then
V=`echo ${PACKAGE_VERSION}|tr '-' '_'`
echo "-${V}-${PACKAGE_ITERATION}.${PACKAGE_ARCH}.${PACKAGE_TYPE}"
elif [[ $PACKAGE_TYPE == "pacman" ]]; then
echo "-${PACKAGE_VERSION}-${PACKAGE_ITERATION}-${PACKAGE_ARCH}.pkg.tar.xz"
else
echo "-${PACKAGE_VERSION}_${PACKAGE_ITERATION}_${PACKAGE_ARCH}.tar.gz"
fi
}
function main() {
parse_args $@
WORKING_DIR=$BUILD_DIR/_packaging
INSTALL_PREFIX=$WORKING_DIR/prefix
DEBUG_PREFIX=$WORKING_DIR/debug
platform OS
distro $OS DISTRO
OUTPUT_PKG_PATH=`readlink --canonicalize "$BUILD_DIR"`/$PACKAGE_NAME$(get_pkg_suffix)
rm -rf $WORKING_DIR
rm -f $OUTPUT_PKG_PATH
mkdir -p $INSTALL_PREFIX
log "copying osquery binaries to $INSTALL_PREFIX"
BINARY_INSTALL_DIR="$INSTALL_PREFIX/usr/bin/"
mkdir -p $BINARY_INSTALL_DIR
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_INSTALL_DIR
ln -s osqueryd $BINARY_INSTALL_DIR/osqueryi
strip --strip-debug $BINARY_INSTALL_DIR/*
cp "$CTL_SRC" $BINARY_INSTALL_DIR
# Create the prefix log dir and copy source configs
log "copying osquery configurations to $INSTALL_PREFIX"
mkdir -p $INSTALL_PREFIX/$OSQUERY_VAR_DIR
mkdir -p $INSTALL_PREFIX/$OSQUERY_LOG_DIR
mkdir -p $INSTALL_PREFIX/$OSQUERY_ETC_DIR
mkdir -p $INSTALL_PREFIX/$PACKS_DST
mkdir -p $INSTALL_PREFIX/$LENSES_DST
mkdir -p `dirname $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST`
cp $OSQUERY_EXAMPLE_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST
cp $PACKS_SRC/* $INSTALL_PREFIX/$PACKS_DST
cp $LENSES_LICENSE $INSTALL_PREFIX/$LENSES_DST
cp $LENSES_SRC/*.aug $INSTALL_PREFIX/$LENSES_DST
if [[ ! -z $OSQUERY_CONFIG_SRC ]] && [[ -f $OSQUERY_CONFIG_SRC ]]; then
log "copying optional config into $INSTALL_PREFIX$OSQUERY_ETC_DIR"
cp $OSQUERY_CONFIG_SRC $INSTALL_PREFIX/$OSQUERY_ETC_DIR/osquery.conf
fi
if [[ ! -z $OSQUERY_TLS_CERT_CHAIN_SRC ]] && [[ -f $OSQUERY_TLS_CERT_CHAIN_SRC ]]; then
log "copying optional tls server certs file into $INSTALL_PREFIX$OSQUERY_ETC_DIR"
cp $OSQUERY_TLS_CERT_CHAIN_SRC $INSTALL_PREFIX/$OSQUERY_ETC_DIR/tls-server-certs.pem
fi
if [[ ! -z $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC ]] && [[ -f $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC ]]; then
log "copying built-in tls server certs file into $INSTALL_PREFIX$OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST"
mkdir -p `dirname $INSTALL_PREFIX/$OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST`
cp $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC $INSTALL_PREFIX/$OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST
fi
if [[ $PACKAGE_TYPE = "deb" ]]; then
#Change config path to Ubuntu default
SYSTEMD_SYSCONFIG_DST=$SYSTEMD_SYSCONFIG_DST_DEB
fi
log "copying osquery init scripts into $INSTALL_PREFIX"
mkdir -p `dirname $INSTALL_PREFIX$INITD_DST`
mkdir -p `dirname $INSTALL_PREFIX$SYSTEMD_SERVICE_DST`
mkdir -p `dirname $INSTALL_PREFIX$SYSTEMD_SYSCONFIG_DST`
cp $INITD_SRC $INSTALL_PREFIX$INITD_DST
cp $SYSTEMD_SERVICE_SRC $INSTALL_PREFIX$SYSTEMD_SERVICE_DST
cp $SYSTEMD_SYSCONFIG_SRC $INSTALL_PREFIX$SYSTEMD_SYSCONFIG_DST
if [[ $PACKAGE_TYPE = "deb" ]]; then
#Change config path in service unit
sed -i 's/sysconfig/default/g' $INSTALL_PREFIX$SYSTEMD_SERVICE_DST
#Change config path in initd script
sed -i 's/sysconfig/default/g' $INSTALL_PREFIX$INITD_DST
fi
log "creating $PACKAGE_TYPE package"
IFS=',' read -a deps <<< "$PACKAGE_DEPENDENCIES"
PACKAGE_DEPENDENCIES=
for element in "${deps[@]}"
do
element=`echo $element | sed 's/ *$//'`
PACKAGE_DEPENDENCIES="$PACKAGE_DEPENDENCIES -d \"$element\""
done
POSTINST_CMD=""
if [[ ! -z $OSQUERY_POSTINSTALL ]] && [[ -f $OSQUERY_POSTINSTALL ]]; then
POSTINST_CMD="--after-install $OSQUERY_POSTINSTALL"
fi
PREUNINST_CMD=""
if [[ ! -z $OSQUERY_PREUNINSTALL ]] && [[ -f $OSQUERY_PREUNINSTALL ]]; then
PREUNINST_CMD="--before-remove $OSQUERY_PREUNINSTALL"
fi
# Change directory modes
find $INSTALL_PREFIX/ -type d | xargs chmod 755
EPILOG="--url https://osquery.io \
-m osquery@osquery.io \
--vendor \"$PACKAGE_VENDOR\" \
--license \"$PACKAGE_LICENSE\" \
--description \"$DESCRIPTION\""
CMD="$FPM -s dir -t $PACKAGE_TYPE \
-n $PACKAGE_NAME -v $PACKAGE_VERSION \
--iteration $PACKAGE_ITERATION \
-a $PACKAGE_ARCH \
--log error \
--config-files $INITD_DST \
--config-files $SYSTEMD_SYSCONFIG_DST \
$PREUNINST_CMD \
$POSTINST_CMD \
$PACKAGE_DEPENDENCIES \
-p $OUTPUT_PKG_PATH \
$EPILOG \"$INSTALL_PREFIX/=/\""
eval "$CMD"
log "package created at $OUTPUT_PKG_PATH"
# Generate debug packages for Linux or CentOS
BUILD_DEBUG_PKG=false
if [[ $PACKAGE_TYPE = "deb" ]]; then
BUILD_DEBUG_PKG=true
PACKAGE_DEBUG_NAME="$PACKAGE_NAME-dbg"
PACKAGE_DEBUG_DEPENDENCIES="osquery (= $PACKAGE_VERSION-$PACKAGE_ITERATION)"
# Debian only needs the non-stripped binaries.
BINARY_DEBUG_DIR=$DEBUG_PREFIX/usr/lib/debug/usr/bin
mkdir -p $BINARY_DEBUG_DIR
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_DEBUG_DIR
strip --only-keep-debug "$BINARY_DEBUG_DIR/osqueryd"
ln -s osqueryd $BINARY_DEBUG_DIR/osqueryi
elif [[ $PACKAGE_TYPE = "rpm" ]]; then
BUILD_DEBUG_PKG=true
PACKAGE_DEBUG_NAME="$PACKAGE_NAME-debuginfo"
PACKAGE_DEBUG_DEPENDENCIES="osquery = $PACKAGE_VERSION"
# Create Build-ID links for executables and Dwarfs.
BUILD_ID=`readelf -n "$BUILD_DIR/osquery/osqueryd" | grep "Build ID" | awk '{print $3}'`
if [[ ! "$BUILD_ID" = "" ]]; then
BUILDLINK_DEBUG_DIR=$DEBUG_PREFIX/usr/lib/debug/.build-id/${BUILD_ID:0:2}
mkdir -p $BUILDLINK_DEBUG_DIR
ln -sf ../../../../bin/osqueryd $BUILDLINK_DEBUG_DIR/${BUILD_ID:2}
ln -sf ../../bin/osqueryd.debug $BUILDLINK_DEBUG_DIR/${BUILD_ID:2}.debug
fi
# Install the non-stripped binaries.
BINARY_DEBUG_DIR=$DEBUG_PREFIX/usr/lib/debug/usr/bin/
mkdir -p $BINARY_DEBUG_DIR
cp "$BUILD_DIR/osquery/osqueryd" "$BINARY_DEBUG_DIR/osqueryd.debug"
strip --only-keep-debug "$BINARY_DEBUG_DIR/osqueryd.debug"
ln -s osqueryd "$BINARY_DEBUG_DIR/osqueryi.debug"
# Finally install the source.
if [[ $INSTALL_SOURCE == "1" ]]; then
SOURCE_DEBUG_DIR=$DEBUG_PREFIX/usr/src/debug/osquery-$PACKAGE_VERSION
BUILD_DIR=`readlink --canonicalize "$BUILD_DIR"`
SOURCE_DIR=`readlink --canonicalize "$SOURCE_DIR"`
for file in `"$SCRIPT_DIR/getfiles.py" --build "$BUILD_DIR/" --base "$SOURCE_DIR/"`
do
mkdir -p `dirname "$SOURCE_DEBUG_DIR/$file"`
cp "$file" "$SOURCE_DEBUG_DIR/$file"
done
fi
fi
PACKAGE_DEBUG_DEPENDENCIES=`echo "$PACKAGE_DEBUG_DEPENDENCIES"|tr '-' '_'`
OUTPUT_DEBUG_PKG_PATH=`readlink --canonicalize "$BUILD_DIR"`/$PACKAGE_DEBUG_NAME$(get_pkg_suffix)
if [[ "$BUILD_DEBUG_PKG" = "true" ]]; then
rm -f $OUTPUT_DEBUG_PKG_PATH
CMD="$FPM -s dir -t $PACKAGE_TYPE \
-n $PACKAGE_DEBUG_NAME -v $PACKAGE_VERSION \
-a $PACKAGE_ARCH \
--iteration $PACKAGE_ITERATION \
--log error \
-d \"$PACKAGE_DEBUG_DEPENDENCIES\" \
-p $OUTPUT_DEBUG_PKG_PATH \
$EPILOG \"$DEBUG_PREFIX/=/\""
eval "$CMD"
log "debug created at $OUTPUT_DEBUG_PKG_PATH"
fi
}
main $@

278
tools/deployment/make_osx_package.sh
View File

@ -1,278 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
# Defaults:
# Set OSQUERY_BUILD_VERSION or add -v VERSION
# Set BUILD_DIR or add -b DIR
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SOURCE_DIR="$SCRIPT_DIR/../.."
BUILD_DIR=${BUILD_DIR:="$SOURCE_DIR/build"}
source "$SOURCE_DIR/tools/lib.sh"
# Binary identifiers
VERSION=`(cd $SOURCE_DIR; git describe --tags HEAD) || echo 'unknown-version'`
APP_VERSION=${OSQUERY_BUILD_VERSION:="$VERSION"}
APP_IDENTIFIER="com.facebook.osquery"
LD_IDENTIFIER="com.facebook.osqueryd"
LD_INSTALL="/Library/LaunchDaemons/$LD_IDENTIFIER.plist"
SIGNING_IDENTITY=""
SIGNING_IDENTITY_COMMAND=""
KEYCHAIN_IDENTITY=""
KEYCHAIN_IDENTITY_COMMAND=""
AUTOSTART=false
CLEAN=false
# Config files
LAUNCHD_SRC="$SCRIPT_DIR/$LD_IDENTIFIER.plist"
LAUNCHD_DST="/private/var/osquery/$LD_IDENTIFIER.plist"
NEWSYSLOG_SRC="$SCRIPT_DIR/$LD_IDENTIFIER.conf"
NEWSYSLOG_DST="/private/var/osquery/$LD_IDENTIFIER.conf"
PACKS_SRC="$SOURCE_DIR/packs"
PACKS_DST="/private/var/osquery/packs/"
LENSES_LICENSE="libs/fb/augeas/augeas/1.9.0/COPYING"
LENSES_SRC="libs/fb/augeas/augeas/1.9.0/share/augeas/lenses/dist"
LENSES_DST="/private/var/osquery/lenses/"
OSQUERY_EXAMPLE_CONFIG_SRC="$SCRIPT_DIR/osquery.example.conf"
OSQUERY_EXAMPLE_CONFIG_DST="/private/var/osquery/osquery.example.conf"
OSQUERY_CONFIG_SRC=""
OSQUERY_CONFIG_DST="/private/var/osquery/osquery.conf"
OSQUERY_DB_LOCATION="/private/var/osquery/osquery.db/"
OSQUERY_LOG_DIR="/private/var/log/osquery/"
OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC="${SCRIPT_DIR}/certs.pem"
OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST="/private/var/osquery/certs/certs.pem"
TLS_CERT_CHAIN_DST="/private/var/osquery/tls-server-certs.pem"
FLAGFILE_DST="/private/var/osquery/osquery.flags"
OSQUERY_PKG_INCLUDE_DIRS=()
OSQUERYCTL_PATH="$SCRIPT_DIR/osqueryctl"
SCRIPT_PREFIX_TEXT="#!/usr/bin/env bash
set -e
"
POSTINSTALL_UNLOAD_TEXT="
if launchctl list | grep -qcm1 $LD_IDENTIFIER; then
launchctl unload $LD_INSTALL
fi
"
POSTINSTALL_AUTOSTART_TEXT="
cp $LAUNCHD_DST $LD_INSTALL
touch $FLAGFILE_DST
launchctl load $LD_INSTALL
"
POSTINSTALL_CLEAN_TEXT="
rm -rf $OSQUERY_DB_LOCATION
"
function usage() {
fatal "Usage: $0
[-b|--build] /path/to/build/dir
[-c|--config] PATH embed an osqueryd config.
[-l|--launchd] PATH override the default launchd plist.
[-t|--cert-chain] PATH to embed a certificate chain file for TLS server validation
[-o|--output] PATH override the output path.
[-a|--autostart] start the daemon when the package is installed
[-x|--clean] force the daemon to start fresh, removing any results previously stored in the database
This will generate an macOS package with:
(1) An example config /var/osquery/osquery.example.config
(2) An optional config /var/osquery/osquery.config if [-c] is used
(3) A LaunchDaemon plist /var/osquery/com.facebook.osqueryd.plist
(4) A default TLS certificate bundle (provided by cURL)
(5) The osquery toolset /usr/local/bin/osquery*
To enable osqueryd to run at boot using Launchd, pass the -a flag.
If the LaunchDaemon was previously installed a newer version of this package
will reload (unload/load) the daemon."
}
function check_parsed_args() {
if [[ ! -d $BUILD_DIR ]]; then
fatal "Cannot find build dir [-b|--builddir]: $BUILD_DIR"
fi
if [[ ! -z $OSQUERY_CONFIG_SRC ]]; then
log "using $OSQUERY_CONFIG_SRC as the config source"
fi
log "using $LAUNCHD_SRC as the launchd source"
if [[ ! -z "$OSQUERY_CONFIG_SRC" ]] && [[ ! -f $OSQUERY_CONFIG_SRC ]]; then
log "The config [-c] $OSQUERY_CONFIG_SRC is not a file"
usage
fi
}
function parse_args() {
while [ "$1" != "" ]; do
case $1 in
-b | --build ) shift
BUILD_DIR=$1
;;
-v | --version ) shift
APP_VERSION=$1
;;
-c | --config ) shift
OSQUERY_CONFIG_SRC=$1
;;
-l | --launchd ) shift
LAUNCHD_SRC=$1
;;
-t | --cert-chain ) shift
TLS_CERT_CHAIN_SRC=$1
;;
-i | --include-dir ) shift
OSQUERY_PKG_INCLUDE_DIRS[${#OSQUERY_PKG_INCLUDE_DIRS}]=$1
;;
-o | --output ) shift
OUTPUT_PKG_PATH=$1
;;
-s | --sign ) shift
SIGNING_IDENTITY=$1
SIGNING_IDENTITY_COMMAND="--sign "$1
;;
-k | --keychain ) shift
KEYCHAIN_IDENTITY=$1
KEYCHAIN_IDENTITY_COMMAND="--keychain "$1
;;
-a | --autostart ) AUTOSTART=true
;;
-x | --clean ) CLEAN=true
;;
-h | --help ) usage
;;
* ) usage
esac
shift
done
check_parsed_args
}
function main() {
parse_args $@
WORKING_DIR=$BUILD_DIR/_packaging
INSTALL_PREFIX="$WORKING_DIR/prefix"
DEBUG_PREFIX="$WORKING_DIR/debug"
SCRIPT_ROOT="$WORKING_DIR/scripts"
PREINSTALL="$SCRIPT_ROOT/preinstall"
POSTINSTALL="$SCRIPT_ROOT/postinstall"
platform OS
if [[ ! "$OS" = "darwin" ]]; then
fatal "This script must be run on macOS"
fi
OUTPUT_PKG_PATH="$BUILD_DIR/osquery-$APP_VERSION.pkg"
OUTPUT_DEBUG_PKG_PATH="$BUILD_DIR/osquery-debug-$APP_VERSION.pkg"
rm -rf $WORKING_DIR
rm -f $OUTPUT_PKG_PATH
mkdir -p $INSTALL_PREFIX
mkdir -p $SCRIPT_ROOT
# We don't need the preinstall for anything so let's skip it until we do
# echo "$SCRIPT_PREFIX_TEXT" > $PREINSTALL
# chmod +x $PREINSTALL
log "copying osquery binaries into $INSTALL_PREFIX"
BINARY_INSTALL_DIR="$INSTALL_PREFIX/usr/local/bin/"
mkdir -p $BINARY_INSTALL_DIR
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_INSTALL_DIR
ln -s osqueryd $BINARY_INSTALL_DIR/osqueryi
strip $BINARY_INSTALL_DIR/*
cp "$OSQUERYCTL_PATH" $BINARY_INSTALL_DIR
if [[ ! "$SIGNING_IDENTITY" = "" ]]; then
log "signing release binaries"
codesign -s $SIGNING_IDENTITY --keychain \"$KEYCHAIN_IDENTITY\" $BINARY_INSTALL_DIR/osqueryd
fi
BINARY_DEBUG_DIR="$DEBUG_PREFIX/private/var/osquery/debug"
mkdir -p "$BINARY_DEBUG_DIR"
cp "$BUILD_DIR/osquery/osqueryd" $BINARY_DEBUG_DIR/osqueryd.debug
ln -s osqueryd.debug $BINARY_DEBUG_DIR/osqueryi.debug
# Create the prefix log dir and copy source configs.
mkdir -p $INSTALL_PREFIX/$OSQUERY_LOG_DIR
mkdir -p `dirname $INSTALL_PREFIX$OSQUERY_CONFIG_DST`
if [[ "$OSQUERY_CONFIG_SRC" != "" ]]; then
cp $OSQUERY_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_CONFIG_DST
fi
# Move configurations into the packaging root.
log "copying osquery configurations"
mkdir -p `dirname $INSTALL_PREFIX$LAUNCHD_DST`
mkdir -p $INSTALL_PREFIX$PACKS_DST
mkdir -p $INSTALL_PREFIX$LENSES_DST
cp $LAUNCHD_SRC $INSTALL_PREFIX$LAUNCHD_DST
cp $NEWSYSLOG_SRC $INSTALL_PREFIX$NEWSYSLOG_DST
cp $OSQUERY_EXAMPLE_CONFIG_SRC $INSTALL_PREFIX$OSQUERY_EXAMPLE_CONFIG_DST
cp $PACKS_SRC/* $INSTALL_PREFIX$PACKS_DST
cp $BUILD_DIR/$LENSES_LICENSE $INSTALL_PREFIX/$LENSES_DST
cp $BUILD_DIR/$LENSES_SRC/*.aug $INSTALL_PREFIX$LENSES_DST
if [[ "$TLS_CERT_CHAIN_SRC" != "" && -f "$TLS_CERT_CHAIN_SRC" ]]; then
cp $TLS_CERT_CHAIN_SRC $INSTALL_PREFIX$TLS_CERT_CHAIN_DST
fi
if [[ $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC != "" ]] && [[ -f $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC ]]; then
mkdir -p `dirname $INSTALL_PREFIX/$OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST`
cp $OSQUERY_TLS_CERT_CHAIN_BUILTIN_SRC $INSTALL_PREFIX/$OSQUERY_TLS_CERT_CHAIN_BUILTIN_DST
fi
# Move/install pre/post install scripts within the packaging root.
log "finalizing preinstall and postinstall scripts"
if [ $AUTOSTART == true ] || [ $CLEAN == true ]; then
echo "$SCRIPT_PREFIX_TEXT" > $POSTINSTALL
chmod +x $POSTINSTALL
if [ $CLEAN == true ]; then
echo "$POSTINSTALL_CLEAN_TEXT" >> $POSTINSTALL
fi
if [ $AUTOSTART == true ]; then
echo "$POSTINSTALL_UNLOAD_TEXT" >> $POSTINSTALL
echo "$POSTINSTALL_AUTOSTART_TEXT" >> $POSTINSTALL
fi
fi
# Copy extra files to the install prefix so that they get packaged too.
# NOTE: Files will be overwritten.
for include_dir in ${OSQUERY_PKG_INCLUDE_DIRS[*]}; do
log "adding $include_dir in the package prefix to be included in the package"
cp -fR $include_dir/* $INSTALL_PREFIX/
done
if [[ ! "$SIGNING_IDENTITY" = "" ]]; then
log "creating signed release package"
else
log "creating package"
fi
pkgbuild --root $INSTALL_PREFIX \
--scripts $SCRIPT_ROOT \
--identifier $APP_IDENTIFIER \
--version $APP_VERSION \
$SIGNING_IDENTITY_COMMAND \
$KEYCHAIN_IDENTITY_COMMAND \
$OUTPUT_PKG_PATH 2>&1 1>/dev/null
log "package created at $OUTPUT_PKG_PATH"
log "creating debug package"
pkgbuild --root $DEBUG_PREFIX \
--identifier $APP_IDENTIFIER.debug \
--version $APP_VERSION \
$OUTPUT_DEBUG_PKG_PATH 2>&1 1>/dev/null
log "package created at $OUTPUT_DEBUG_PKG_PATH"
}
main $@

15
tools/generate_xcode_project.sh
View File

@ -1,15 +0,0 @@
#!/bin/bash
# Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
set -e
BUILD_DIR=$1
CMAKE_COMMAND="$2 -G Xcode"
echo "Cleaning build directory: $BUILD_DIR"
rm -rf ${BUILD_DIR}
mkdir -p ${BUILD_DIR}
echo "Generating xcode project using cmake: $CMAKE_COMMAND"
cd ${BUILD_DIR}
eval ${CMAKE_COMMAND}

221
tools/get_platform.py
View File

@ -1,221 +0,0 @@
#!/usr/bin/env python3
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
import os
import re
import sys
import argparse
import platform
import subprocess
ORACLE_RELEASE = "/etc/oracle-release"
SYSTEM_RELEASE = "/etc/system-release"
LSB_RELEASE = "/etc/lsb-release"
OS_RELEASE = "/etc/os-release"
DEBIAN_VERSION = "/etc/debian_version"
GENTOO_RELEASE = "/etc/gentoo-release"
SUSE_RELEASE = "/etc/SuSE-release"
def _platform():
osType, _, _, _, _, _ = platform.uname()
if osType == "Windows":
return ("windows", "windows")
elif osType == "Linux":
if os.path.exists(ORACLE_RELEASE):
return ("redhat", "oracle")
if os.path.exists(SYSTEM_RELEASE):
with open(SYSTEM_RELEASE, "r") as fd:
fileContents = fd.read()
if fileContents.find("CentOS") != -1:
return ("redhat", "centos")
if fileContents.find("Scientific Linux") != -1:
return ("redhat", "scientific")
if fileContents.find("Red Hat Enterprise") != -1:
return ("redhat", "rhel")
if fileContents.find("Amazon Linux") != -1:
return ("redhat", "amazon")
if fileContents.find("Fedora") != -1:
return ("redhat", "fedora")
if os.path.exists(LSB_RELEASE):
with open(LSB_RELEASE, "r") as fd:
fileContents = fd.read()
if fileContents.find("DISTRIB_ID=Ubuntu") != -1:
return ("debian", "ubuntu")
if fileContents.find("DISTRIB_ID=ManjaroLinux") != -1:
return ("arch", "manjaro")
if os.path.exists(OS_RELEASE):
with open(OS_RELEASE, "r") as fd:
fileContents = fd.read()
if fileContents.find("ID=arch") != -1:
return ("arch", "arch")
if fileContents.find("ID=nixos") != -1:
return ("nixos", "nixos")
if os.path.exists(DEBIAN_VERSION):
return ("debian", "debian")
if os.path.exists(GENTOO_RELEASE):
return ("gentoo", "gentoo")
if os.path.exists(SUSE_RELEASE):
return ("suse", "suse")
else:
return (None, osType.lower())
def _distro(osType):
def getRedhatDistroVersion(pattern):
with open(SYSTEM_RELEASE, "r") as fd:
contents = fd.read()
result = re.findall(pattern, contents)
if result and len(result) == 1:
return result[0].replace("release ", osType)
return None
def commandOutput(cmd):
try:
output = subprocess.check_output(cmd)
return output
except subprocess.CalledProcessError:
return None
except OSError:
return None
except WindowsError:
return None
_, _, osVersion, _, _, _ = platform.uname()
if osType == "oracle":
result = getRedhatDistroVersion(r'release [5-7]')
if result is not None:
return result
elif osType in ["centos", "scientific", "rhel"]:
result = getRedhatDistroVersion(r'release [6-7]')
if result is not None:
return result
elif osType == "amazon":
result = getRedhatDistroVersion(r'release 20[12][0-9]\.[0-9][0-9]')
if result is not None:
return result
elif osType == "ubuntu":
with open(LSB_RELEASE, "r") as fd:
contents = fd.read()
results = re.findall(r'DISTRIB_CODENAME=(.*)', contents)
if len(results) == 1:
return results[0]
elif osType == "darwin":
rawResult = commandOutput(["sw_vers", "-productVersion"])
if rawResult is not None:
results = re.findall(r'[0-9]+\.[0-9]+', rawResult)
if len(results) == 1:
return results[0]
elif osType == "fedora":
with open(SYSTEM_RELEASE, "r") as fd:
contents = fd.read()
results = contents.split()
if len(results) > 2:
return results[2]
elif osType == "arch":
with open("/etc/arch-release", "r") as fd:
contents = fd.read()
results = contents.split()
if len(results) > 2:
return results[2]
elif osType == "manjaro":
with open(LSB_RELEASE, "r") as fd:
contents = fd.read()
results = re.findall(r'DISTRIB_CODENAME=(.*)', contents)
if len(results) == 1:
return results[0]
elif osType == "debian":
result = commandOutput(["lsb_release", "-cs"])
if result is not None:
return result
elif osType == "freebsd":
rawResult = commandOutput(["uname", "-r"])
results = rawResult.split("-")
if len(results) > 0:
return results[0]
elif osType == "gentoo":
with open(GENTOO_RELEASE, "r") as fd:
contents = fd.read()
results = contents.split()
if len(results) > 0:
return results[len(results) -1]
elif osType == "suse":
with open(SUSE_RELEASE, "r") as fd:
contents = fd.read()
results = re.findall(r'VERSION = (.*)', contents)
if len(results) == 1:
return results[0]
elif osType == "nixos":
with open(OS_RELEASE, "r") as fd:
contents = fd.read()
results = re.findall(r'VERSION_ID=\"(.*)\"', contents)
if len(results) == 1:
return results[0]
elif osType == "windows":
return "windows%s" % osVersion
return "unknown_version"
def platformAction():
family, osType = _platform()
print(osType)
def distroAction():
family, osType = _platform()
print(_distro(osType))
def familyAction():
family, osType = _platform()
if family:
print(family)
def defaultAction():
family, osType = _platform()
distro = _distro(osType)
print("%s;%s" % (osType, distro))
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Platform detection script for osquery")
parser.add_argument("--platform", action="store_true", help="Outputs the detected platform")
parser.add_argument("--distro", action="store_true", help="Outputs the detected distribution")
parser.add_argument("--family", action="store_true", help="Outputs the detected family")
args = parser.parse_args()
if args.platform and \
not args.distro and \
not args.family:
platformAction()
elif not args.platform and \
args.distro and \
not args.family:
distroAction()
elif not args.platform and \
not args.distro and \
args.family:
familyAction()
else:
defaultAction()
sys.exit(0)

24
tools/hooks/pre-commit.py
View File

@ -1,24 +0,0 @@
#!/usr/bin/env python3
# Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved
import os
import subprocess
def main():
print("clang format check");
if os.name == "posix":
my_env = os.environ.copy()
my_env["PATH"] = "/urs/local/osquery/bin/" + os.pathsep + my_env["PATH"]
cmd = ["python", "tools/formatting/git-clang-format.py", "--diff", "--commit", "master", "--style=file"]
p = subprocess.Popen(" ".join(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, env=my_env)
out, err = p.communicate()
if not (out.startswith("no modified files to format") or
out.startswith("clang-format did not modify any files")):
print("clang format failed")
print("please run make format_master or apply diff:")
print(out)
exit(1)
if __name__ == "__main__":
main()

183
tools/lib.sh
View File

@ -1,183 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
LIB_SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}")
# For OS X, define the distro that builds the kernel extension.
DARWIN_KERNEL_VERSION="10.11"
function platform() {
local __out=$1
FAMILY=$(python "$LIB_SCRIPT_DIR/get_platform.py" --family)
eval $__out=$(python "$LIB_SCRIPT_DIR/get_platform.py" --platform)
}
function _platform() {
platform PLATFORM
echo $PLATFORM
}
function distro() {
local __out=$2
eval $__out=$(python "$LIB_SCRIPT_DIR/get_platform.py" --distro)
}
function _distro() {
distro $1 DISTRO
echo $DISTRO
}
function threads() {
local __out=$1
platform OS
if [[ $FAMILY = "redhat" ]] || [[ $FAMILY = "debian" ]] || [[ $FAMILY = "suse" ]]; then
eval $__out=`cat /proc/cpuinfo | grep processor | wc -l`
elif [[ $OS = "darwin" ]]; then
eval $__out=`sysctl hw.ncpu | awk '{print $2}'`
elif [[ $OS = "freebsd" ]]; then
eval $__out=`sysctl -n kern.smp.cpus`
else
eval $__out=`nproc`
fi
}
function log() {
echo "[+] $1"
}
function fatal() {
echo "[!] $1"
exit 1
}
function set_cxx() {
export CXX=$1
export CMAKE_CXX_COMPILER=$1
}
function add_cxx_flag() {
export CXXFLAGS="$CXXFLAGS $1"
export CMAKE_CXX_FLAGS="$CMAKE_CXX_FLAGS $1"
}
function set_cc() {
export CC=$1
export CMAKE_C_COMPILER=$1
}
function do_sudo() {
if [[ "$OSQUERY_NOSUDO" = "True" ]]; then
$@
else
ARGS="$@"
log "requesting sudo: $ARGS"
sudo $@
fi
}
function contains_element() {
local e
for e in "${@:2}"; do [[ "$e" == "$1" ]] && return 0; done
return 1
}
function in_ec2() {
if [[ -d /home/ec2-user ]]; then
return 0
else
return 1
fi
}
function build_target() {
threads THREADS
# Clean previous build artifacts.
$MAKE distclean
# Build osquery.
if [[ -z "$RUN_TARGET" ]]; then
$MAKE -j$THREADS
else
$MAKE $RUN_TARGET -j$THREADS
fi
}
function test_target() {
if [[ "$RUN_TARGET" = "debug" ]]; then
$MAKE test_debug
else
$MAKE test
fi
}
function check_deterministic() {
# Expect the project to have been built.
ALIAS=$DISTRO
if [[ "$OS" = "darwin" ]]; then
ALIAS=darwin
fi
DAEMON=build/$ALIAS/osquery/osqueryd
strip $DAEMON
RUN1=$(shasum -a 256 $DAEMON)
# Build again.
$MAKE distclean
build_target
strip $DAEMON
RUN2=$(shasum -a 256 $DAEMON)
echo "Initial build: $RUN1"
echo " Second build: $RUN2"
if [[ "$RUN1" = "$RUN2" ]]; then
exit 0
fi
# The build is not deterministic.
exit 1
}
function initialize() {
DISTRO=$1
# Remove any previously-cached variables
rm build/$DISTRO/CMakeCache.txt >/dev/null 2>&1 || true
}
function build() {
platform PLATFORM
distro $PLATFORM DISTRO
MAKE=make
if [[ "$PLATFORM" = "freebsd" ]]; then
MAKE=gmake
fi
RUN_TESTS=$1
cd $LIB_SCRIPT_DIR/../
# Run build host provisions and install library dependencies.
if [[ ! -z $RUN_BUILD_DEPS ]]; then
$MAKE deps
else
initialize $DISTRO
fi
# Build osquery.
build_target
if [[ ! -z "$RUN_DETERMINISTIC" ]]; then
check_deterministic
fi
if [[ $RUN_TESTS = true ]]; then
# Run code unit and integration tests.
test_target
fi
}

29
tools/provision/darwin.sh
View File

@ -1,29 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
DARWIN_SETUP="\
if [[ ! -f /var/.osquery_build ]]; then \
touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress; \
PROD=\$(softwareupdate -l | grep \"\\*.*Command Line\" | \
tail -n 1 | awk -F\"*\" '{print \$2}' | sed -e 's/^ *//' | tr -d '\n' \
); \
softwareupdate -i \"\$PROD\" --verbose; \
sudo touch /var/.osquery_build; \
fi; \
"
function vagrant_setup() {
sudo bash -c "$DARWIN_SETUP"
}
function distro_main() {
GEM=`which gem`
do_sudo $GEM install --no-ri --no-rdoc -n /usr/local/bin fpm
}
[ "$0" = "$BASH_SOURCE" ] && vagrant_setup || true

80
tools/release/build_release.sh
View File

@ -1,80 +0,0 @@
#!/bin/bash
# Copyright (c) 2015, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
DARWIN_BOX="macos10.13"
LINUX_BOX="ubuntu16.04"
function usage() {
echo "${BASH_SOURCE[0]} VERSION PATH_TO_OSQUERY"
}
function main() {
if [[ $# < 2 ]]; then
usage
exit 1
fi
CURRENT_DIR=$(pwd)
VERSION=$1
OSQUERY=$2
PACKAGES_CMD="cd /build; make packages;"
BUILD_CMD="\
sudo install -d -o vagrant /build; cd /build; \
git clone https://github.com/facebook/osquery . || true; \
git checkout master && git pull; \
git checkout $VERSION; \
make sysprep; SKIP_TESTS=1 make -j 4; \
"
cd $OSQUERY
echo "[!] Please make sure you run:"
echo " vagrant destroy $LINUX_BOX"
echo " vagrant destroy $DARWIN_BOX"
echo ""
echo "[+] Checking out version $VERSION"
PKG_DIR="build/$VERSION"
mkdir -p $PKG_DIR
if [[ ! -f "$PKG_DIR/osquery-${VERSION}_1.linux_x86_64.tar.gz" ]]; then
echo "[+] Vagrant up $LINUX_BOX"
OSQUERY_BUILD_CPUS=4 vagrant up $LINUX_BOX
echo "[+] Building linux packages..."
vagrant ssh $LINUX_BOX -c "$BUILD_CMD"
echo "[+] Running package build command for linux..."
vagrant ssh $LINUX_BOX -c "$PACKAGES_CMD"
echo "[+] Copying linux packages to $PKG_DIR"
vagrant scp "$LINUX_BOX:/build/build/linux/osquery*$VERSION*" ./$PKG_DIR
vagrant halt $LINUX_BOX
fi
if [[ ! -f "$PKG_DIR/osquery-${VERSION}-1.darwin.i386.rpm" ]]; then
echo "[+] Vagrant up $DARWIN_BOX"
OSQUERY_BUILD_CPUS=4 vagrant up $DARWIN_BOX
echo "[+] Running initial softwareupdate check..."
vagrant ssh $DARWIN_BOX -c "/vagrant/tools/provision/darwin.sh"
echo "[+] Running build command for macOS..."
vagrant ssh $DARWIN_BOX -c "$BUILD_CMD"
echo "[+] Running package build command for macOS..."
vagrant ssh $DARWIN_BOX -c "$PACKAGES_CMD"
echo "[+] Copying macOS packages to $PKG_DIR"
vagrant scp "$DARWIN_BOX:/build/build/darwin/osquery*$VERSION*" ./$PKG_DIR
vagrant halt $DARWIN_BOX
fi
echo "[+] Packages copied to $OSQUERY ./$PKG_DIR"
echo "[+] Finished"
cd $CURRENT_DIR
}
main $@

51
tools/release/commit_schema.sh
View File

@ -1,51 +0,0 @@
#!/bin/bash
# Copyright (c) 2015, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function usage() {
echo "${BASH_SOURCE[0]} VERSION PATH_TO_SITE"
}
function main() {
if [[ $# < 2 ]]; then
usage
exit 1
fi
VERSION=$1
SITE=$2
(cd $SITE/schema; git add .)
echo "[+] Will commit the following schema files: "
FILES=$(cd $SITE; git --no-pager diff --name-only HEAD)
if [[ $FILES = "" ]]; then
echo "[-] No files to commit" && exit 1
fi
echo $FILES
echo
read -p "Are you sure? [y/N]: " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1
fi
(cd $SITE; git commit -m "Adding schema $VERSION")
read -p "Push to master? [y/N]: " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
[[ "$0" = "$BASH_SOURCE" ]] && exit 1
fi
(cd $SITE; git push)
echo "[+] Finished"
}
main $@

142
tools/release/new_release.sh
View File

@ -1,142 +0,0 @@
#!/bin/bash
# Copyright (c) 2015, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
URL=https://osquery-packages.s3.amazonaws.com
function usage() {
echo "${BASH_SOURCE[0]} VERSION PATH_TO_OSQUERY PATH_TO_SITE"
}
function main() {
if [[ $# < 3 ]]; then
usage
exit 1
fi
VERSION=$1
OSQUERY=$2
SITE=$3
echo "[+] Checking out version $VERSION"
(cd $OSQUERY; git checkout $VERSION)
echo "[+] Writing new table API"
GENJSON="$SCRIPT_DIR/../codegen/genwebsitejson.py"
/usr/local/osquery/bin/python "$GENJSON" --specs "$OSQUERY/specs" > "$SITE/src/data/osquery_schema_versions/$VERSION.json"
echo "[+] Writing new version metadata"
GENMETADATA="$SCRIPT_DIR/../codegen/genwebsitemetadata.py"
/usr/local/osquery/bin/python "$GENMETADATA" --file "$SITE/src/data/osquery_metadata.json" --version "$VERSION"
printf "[+] Downloading and hashing packages...\n"
PACKAGE="$URL/linux/osquery-${VERSION}_1.linux_x86_64.tar.gz"
echo "[+] Downloading $PACKAGE"
LINUX=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/deb/osquery_${VERSION}_1.linux.amd64.deb"
echo "[+] Downloading $PACKAGE"
DEB=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/rpm/osquery-$VERSION-1.linux.x86_64.rpm"
echo "[+] Downloading $PACKAGE"
RPM=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/darwin/osquery-$VERSION.pkg"
echo "[+] Downloading $PACKAGE"
DARWIN=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/windows/osquery-$VERSION.msi"
echo "[+] Downloading $PACKAGE"
WINDOWS=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/darwin/osquery-debug-$VERSION.pkg"
echo "[+] Downloading $PACKAGE"
DEBUG_DARWIN=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/rpm/osquery-debuginfo-$VERSION-1.linux.x86_64.rpm"
echo "[+] Downloading $PACKAGE"
DEBUG_RPM=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGE="$URL/deb/osquery-dbg_${VERSION}_1.linux.amd64.deb"
echo "[+] Downloading $PACKAGE"
DEBUG_DEB=$(curl $PACKAGE | shasum -a 256 | awk '{print $1}')
PACKAGES="$SITE/src/data/osquery_package_versions/${VERSION}.json"
rm -f "${PACKAGES}"
cat << EOF >> ${PACKAGES}
{
"version": "$VERSION",
"url": "https://pkg.osquery.io",
"downloads": {
"official": [
{
"type": "macOS",
"package": "osquery-$VERSION.pkg",
"content": "$DARWIN",
"platform": "darwin"
},
{
"type": "Linux",
"package": "osquery-$VERSION_1.linux_x86_64.tar.gz",
"content": "$LINUX",
"platform": "linux"
},
{
"type": "RPM",
"package": "osquery-$VERSION-1.linux.x86_64.rpm",
"content": "$RPM",
"platform": "rpm"
},
{
"type": "Debian",
"package": "osquery_$VERSION_1.linux.amd64.deb",
"content": "$DEB",
"platform": "deb"
},
{
"type": "Windows",
"package": "osquery-$VERSION.msi",
"content": "$WINDOWS",
"platform": "windows"
}
],
"debug": [
{
"type": "macOS",
"package": "osquery-debug-$VERSION.pkg",
"content": "$DEBUG_DARWIN",
"platform": "darwin"
},
{
"type": "RPM",
"package": "osquery-debuginfo-$VERSION-1.linux.x86_64.rpm",
"content": "$DEBUG_RPM",
"platform": "rpm"
},
{
"type": "Debian",
"package": "osquery-dbg_2.10.2_1.linux.amd64.deb",
"content": "$DEBUG_DEB",
"platform": "deb"
}
]
}
}
EOF
echo "[+] Hashes written to $PACKAGES"
echo "[+] Finished"
}
main $@

69
tools/release/sign_release.sh
View File

@ -1,69 +0,0 @@
#!/bin/bash
# Copyright (c) 2015, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
function usage() {
echo "${BASH_SOURCE[0]} VERSION PATH_TO_OSQUERY SIGN_HOST SIGN_USER SIGN_IDENT"
echo " SIGN_HOST/SIGN_USER: hostname and user for signing machine"
echo " SIGN_IDENT: SSH identity for signing machine"
}
function main() {
if [[ $# < 5 ]]; then
usage
exit 1
fi
VERSION=$1
OSQUERY=$2
HOST=$3
USER=$4
IDENT=$5
PKGS=$OSQUERY/build/$VERSION
if [[ ! -d "$PKGS" ]]; then
echo "Cannot find $PKGS directory?"
usage
exit 1
fi
echo "[+] Copying packages from $PKGS to signing host $HOST"
scp -i $IDENT -r $PKGS "$USER@$HOST":
SSH="ssh -t -i $IDENT $USER@$HOST"
$SSH "mv ./$VERSION/osquery-$VERSION-1.arch-x86_64.pkg.tar.xz ./local_packages/arch"
$SSH "mv ./$VERSION/osquery-$VERSION.pkg ./local_packages/darwin"
$SSH "mv ./$VERSION/osquery-debug-$VERSION.pkg ./local_packages/darwin"
$SSH "mv ./$VERSION/osquery-$VERSION-1.darwin.i386.rpm ./local_packages/darwin"
$SSH "mv ./$VERSION/osquery-debug-$VERSION-1.darwin.i386.rpm ./local_packages/darwin"
$SSH "mv ./$VERSION/osquery-${VERSION}_1.linux_x86_64.tar.gz ./local_packages/linux"
$SSH "cp ./$VERSION/osquery-$VERSION-1.linux.x86_64.rpm ./local_packages/rpm"
$SSH "cp ./$VERSION/osquery-debuginfo-$VERSION-1.linux.x86_64.rpm ./local_packages/rpm"
$SSH "cp ./$VERSION/osquery-$VERSION-1.linux.x86_64.rpm ./local_packages/centos6"
$SSH "cp ./$VERSION/osquery-debuginfo-$VERSION-1.linux.x86_64.rpm ./local_packages/centos6"
$SSH "cp ./$VERSION/osquery-$VERSION-1.linux.x86_64.rpm ./local_packages/centos7"
$SSH "cp ./$VERSION/osquery-debuginfo-$VERSION-1.linux.x86_64.rpm ./local_packages/centos7"
$SSH "cp ./$VERSION/osquery_${VERSION}_1.linux.amd64.deb ./local_packages/precise"
$SSH "cp ./$VERSION/osquery-dbg_${VERSION}_1.linux.amd64.deb ./local_packages/precise"
$SSH "cp ./$VERSION/osquery_${VERSION}_1.linux.amd64.deb ./local_packages/trusty"
$SSH "cp ./$VERSION/osquery-dbg_${VERSION}_1.linux.amd64.deb ./local_packages/trusty"
$SSH "cp ./$VERSION/osquery_${VERSION}_1.linux.amd64.deb ./local_packages/xenial"
$SSH "cp ./$VERSION/osquery-dbg_${VERSION}_1.linux.amd64.deb ./local_packages/xenial"
$SSH "cp ./$VERSION/osquery_${VERSION}_1.linux.amd64.deb ./local_packages/deb"
$SSH "cp ./$VERSION/osquery-dbg_${VERSION}_1.linux.amd64.deb ./local_packages/deb"
echo "[!] Now run: ./package_publisher please"
$SSH "bash --login"
echo "[+] Packages signed"
}
main $@

54
tools/sync.sh
View File

@ -1,54 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2014-present, Facebook, Inc.
# All rights reserved.
#
# This source code is licensed in accordance with the terms specified in
# the LICENSE file found in the root directory of this source tree.
set -e
if [ "$#" -ne 2 ]; then
echo "Usage: $0 BUILD_DIR LIBRARY_PATH"
exit 1
fi
SOURCE=$(pwd)
BUILD_DIR=$1
SYNC_DIR="$BUILD_DIR/sync"
VERSION=`git describe --tags HEAD --always`
if [ -f "$BUILD_DIR/generated" ]; then
echo "Error: $BUILD_DIR/generated not found."
echo "Run 'make sdk' first"
exit 1
fi
mkdir -p "$SYNC_DIR"
rm -rf "$SYNC_DIR/osquery*"
mkdir -p "$SYNC_DIR/osquery/generated"
export LIBRARY_PATH=$2:$LIBRARY_PATH
# merge the headers with the implementation files
cp -R include/osquery "$SYNC_DIR"
find ./osquery | grep "\.h" | grep -v tests/ | grep -v tables/ | xargs -i cp --parents {} "$SYNC_DIR"
cp $BUILD_DIR/generated/utils_amalgamation.cpp "$SYNC_DIR/osquery/generated/"
# delete all of the old CMake files
find "$SYNC_DIR" -type f -name "CMakeLists.txt" -exec rm -f {} \;
# make the targets file
mkdir -p "$SYNC_DIR/code-analysis"
(cd "$SYNC_DIR/code-analysis" && SDK=True cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON $SOURCE)
python tools/codegen/gentargets.py \
-v $VERSION --sdk $VERSION \
-i "$SYNC_DIR/code-analysis/compile_commands.json" \
-o $SYNC_DIR/osquery \
-s osquery
cp osquery.thrift "$SYNC_DIR/osquery/extensions"
# wrap it up in a tarball
(cd "$SYNC_DIR" && tar -zcf osquery-sync-$VERSION.tar.gz osquery)
echo "Generated $SYNC_DIR/osquery-sync-$VERSION.tar.gz"