- Always link to libc++abi.a, dl and rt.
- Add OSQUERY_TOOLCHAIN_SYSROOT option which should contain
the path to the sysroot where the portable compiler and its libraries are in.
- Fix OpenSSL build with custom toolchain.
- Always include the custom toolchain cmake.
Unfortunately system name detection is done when project() is called
which is also when compiler detection is done, and we need the compiler
to be set before that, so we always include the cmake file.
- Do not use getrandom syscall in Boost, for glibc < 2.25 support.
- Remove usage of secure_getenv and getauxval in librpm.
- Update CI to use the toolchain.
- Reflect changes in the docs.
Use the new CacheBeta task to cache and restore the ccache
directory, which greatly improves build times.
The cache is saved only if the job ends with success.
A pipeline variable CacheVersion present in the cache key
is used to invalidate all old caches if such a need arises.
Add a way to compile third-party libraries from source instead of downloading prebuilt ones.
Each library source code is downloaded with git into a submodule at configure time,
in response to the find_package(library_name) CMake call,
except for OpenSSL where the official source archive is used.
Each submodule is attached to a release tag on its own upstream repository.
All the libraries are built using CMake directly, except for OpenSSL which uses a formula system,
which permits to build libraries with a separate build system
when there's no easy way to integrate it directly with CMake.
This new dependency system determines which library is fetched from where using the concept of "layers".
Currently we have three of them: source, formula, facebook,
where the last layer represents the pre-built libraries.
The provided order will be used when looking for libraries.
A system to patch submodule source code has been added and it's currently used with googletest, libudev and util-linux.
Patches should be put under libraries/cmake/source/<library name>/patches/<submodule>,
where <submodule> is often one and is "src", but in other cases, like AWS,
there are multiple with a more specific name.
If for whatever reason the submodule cloning or the patching fails,
the submodule has to be unregistered and its folder should be cleared.
This should be achievable with "git submodule deinit -f <submodule path>"
Following some other changes on existing functionality:
- Changed the CMake variable BUILD_TESTING to OSQUERY_BUILD_TESTS
to avoid enabling tests on third party libraries.
Due to an issue with glog the BUILD_TESTING variable
will be always forced to OFF.
- Moved compiler and linker flags to their own file cmake/flags.cmake
- Moved all the third-party CMakeLists.txt used for pre-built libraries under libraries/cmake/facebook
- Added the --exclude-folders option to tools/format-check.py and tools/git-clang-format.py,
so that it's possible to ignore any third party library source code.
- The format and format_check target use the new --exclude-folders option
to exclude libraries/cmake/source from formatting.
- The test and osquery binaries are properly compiled with PIE (osquery/osquery#5611)
Co-authored-by: Stefano Bonicatti <stefano.bonicatti@gmail.com>
Co-authored-by: Teddy Reed <teddy@casualhacking.io>
A new Windows VM has been recently deployed that moves the
Python 2 installation, Windows Buck builds are now failing.
Support the old and new path for Python 2 and
support multiple minor versions of python instead of hardcoding one.
* Add an option to avoid generating debug symbols
A new option, OSQUERY_NO_DEBUG_SYMBOLS, has been added
to avoid generating debug symbols when building in Debug or RelWithDebInfo.
This is especially needed on the CI where the disk size is limited
and symbols are not necessary, because we cannot directly access
processes to debug them.
* Enable Debug builds on the CI
Enabled Debug builds on macOS and Linux; a special job has been created
to represent the combined build status of Release and Debug builds.
Also format the other long cmakeArgs line so that there's one argument
per line.
* Run Docker as privileged also in Debug builds
* Simplify azure pipelines configuration
Use strategy and matrix to avoid repeating the script
for Release and Debug builds.
Fix ebpfTests.sysEbpf_null_attr, ebpfTests.sysEbpf_create_map,
ebpfMapTests.int_key_int_value, ebpfMapTests.int_key_struct_value
by running Docker as privileged on Azure Pipelines.
Docker is used only to get a new distribution running, it's not used
for any security purpose, so there's no point in limiting it.
Apparently there's a bug in the visualization of the logs,
where color codes eat characters.
So we disable tests colored output until a fix on Azure Pipelines appears.
Formatting a bit more consistently the yaml file.
Originally the separation existed because there were multiple branches,
and only one of them was protected by PRs.
So broken commits could land and differentiating from broken build
or tests was useful.
This is not true anymore and PRs checks are per pipeline, not per job,
so the separation wouldn't make a difference.
