Add a special define when osquery is built for fuzzing.
With that is possible to enable code that ignores
changing log levels.
With the config fuzzer, even if the fuzzer code was settings
the minloglevel to 4, that was immediately changed by the osquery logic.
Do not run queries parsed from the config to improve
the config fuzzer performance and avoid oom issues.
When built for fuzzing, compile osquery and libraries
without optimizing the frame pointer away.
This in some cases improves the accuracy of the stack trace
presented when a bug is found.
The job will output packages that will be used for the release.
We skip formatting checks and building tests,
so that more disk space is left for debug symbols.
Added the OSQUERY_BUILD_AWS option due to
oss-fuzz CI failing to build the AWS EC2 library,
due to its high requirement of memory.
The fuzzers do not gain much from having these tables enabled,
moreover this can be used during development
to avoid building a possibly unneeded table.
Done some minor cleanups to remove logic duplication
and enable ec2 integration tests on all the platforms
that supports them.
Add OSQUERY_ENABLE_VALGRIND_SUPPORT so that it's possible
to run osquery under Valgrind.
This is specifically required by the boost library
that needs to be compiled with a special define
and it also requires the valgrind.h header.
Also move the defines for the ASAN usage to the boost
library CMakeLists.txt instead of being in flags.cmake.
This way we reduce the unnecessary recompilation of code that
doesn't depend on boost, when switching options.
When possible try to avoid generating debug symbols
for third party libraries, when compiling in Debug or
RelWithDebInfo mode, like for POSIX platforms.
This might not always possible because there's no way
to explicitly disable symbol generation on Windows,
but this should be an improvement.
The list of spec files, dependency of the amalgamated table generation,
was incorrectly specified.
When a list is used in a DEPENDS argument, all the components of
the argument should be a list.
Using double quotes breaks that.
The flag to build the fuzzers is now OSQUERY_BUILD_FUZZERS
and it is independent from OSQUERY_BUILD_TESTS.
Now it's possible to build with the address sanitizer
but without any feature required by the fuzzers.
The fuzzers and the sanitizer flags are presented only on Linux.
CMake doesn't add the /MD flag in the CMAKE_<LANG>_FLAGS_<CONFIG>
anymore, to be then replaced with /MT by us.
Without it, the build still defaults to using /MD, which is wrong.
Even if the macOS image have Python homebrew already installed,
there's the symlink /usr/local/bin/2to3 which points to the
system installed Python.
Normally that file is placed by homebrew Python,
but since it's not, upgrading the homebrew Python version
makes it soft fail because it cannot overwrite such symlink.
Later the CMake step fails to detect the correct Python version on the
system and the CI fails.
Since we are not interested in the Python 2 to 3 conversion,
delete the link and let homebrew place its own.
Due to a bug present in CPack provided with CMake
version 3.18.0 and higher on RPM packages generation,
add a check which fails the configuration
if a version with the bug is found.
Provide a way to ignore the check by setting
OSQUERY_IGNORE_CMAKE_MAX_VERSION_CHECK=TRUE.
Since the CI already selects the newest installation of Python,
to then install some additional packages, lets pass the root folder to CMake,
so it doesn't have to detect Python again and possibly select the wrong version.
Remove the need to use Python3 32bit, since it's not necessary
and the Windows installation used is a 64bit one anyway.
Fix pip complaining about the Scripts folder not being in the PATH,
by prepending the PATH with the selected Python installation
root folder and Scripts folder.
Split and reorder the various prerequisite install steps
so that they are closer to each other
and slightly better categorized.
The gpg-error and libgcrypt repositories often fail cloning.
We use our mirrored version on Github instead.
libcap repository does not support shallow cloning,
change the url to another official mirror which supports it.
