Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
velociraptor
velociraptor.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File velociraptor.spec of Package velociraptor
# # spec file for package velociraptor # # Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "client" %define build_client 1 %define build_server 0 %define name_suffix -client %define make_target linux_bare %define config_perms 0600, root, root %define state_dir_perms 0700, root, root %else %define build_server 1 %define build_client 0 %define name_suffix %{nil} %define make_target linux %define config_perms 0640, root, velociraptor %define state_dir_perms 0700, velociraptor, velociraptor %endif %define projname velociraptor %define vmlinux_h_version 5.14.21150400.22-150400-default # SLE 15 SP3 / Leap 15.3 or newer gets eBPF # Earlier versions don't have a usable eBPF and the # release doesn't easily build llvm13 %if 0%{?suse_version} > 1500 || 0%{?sle_version} > 150200 %bcond_without bpf %endif %if "%{_vendor}" == "debbuild" %bcond_without bpf %endif %if 0%{?rhel} # RHEL can do BPF but we need llvm for it %bcond_without bpf %endif %if "%{_vendor}" == "debbuild" %define _unitdir /usr/lib/systemd/system %endif # Older SLE releases and debbuild don't support uppercase VERSION macro %if "%{_vendor}" == "debbuild" || 0%{?sle_version} < 150000 %define VERSION %{version} %endif #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif # SLE12 has _sharedstatedir in an odd place %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 %define _sharedstatedir /var/lib %endif Name: velociraptor%{name_suffix} Version: 0.7.0.4.git74.3426c0a Release: 0 %if %{build_server} Summary: Endpoint visibility and collection tool %else Summary: Endpoint visibility and collection tool (endpoint only) %endif Group: System/Monitoring License: AGPL-3.0-only URL: https://github.com/Velocidex/velociraptor Source: %{projname}-%{version}.tar.gz Source1: velociraptor-go_modules.tar.gz Source2: vmlinux.h-%{vmlinux_h_version}.tar.xz Source3: velociraptor.service Source4: velociraptor-server.config.placeholder Source5: velociraptor-client.service Source6: velociraptor-client.config.placeholder Source7: sysconfig.velociraptor Source8: sysconfig.velociraptor-client Source9: %{projname}.obsinfo Source10: system-user-velociraptor.sysusers Source11: velociraptor-nodejs.spec.inc Source12: package-lock.json %include %{_sourcedir}/velociraptor-nodejs.spec.inc Patch1: vendor-build-fixes-for-SLE12.patch Patch2: sdjournal-build-fix-for-SLE12.patch Patch3: velociraptor-reproducible-timestamp.diff # PATCH-FIX-UPSTREAM CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch bsc#1221456 -- follow-redirects: Drop Proxy-Athorization across hosts Patch4: CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch # PATCH-FIX-UPSTREAM CVE-2022-25883-npm-watch-semver-deps.patch bsc#1212572 -- upgrade npm-watch Patch5: CVE-2022-25883-npm-watch-semver-deps.patch BuildRequires: fileb0x %if 0%{?suse_version} BuildRequires: systemd-rpm-macros BuildRequires: golang(API) >= 1.19 BuildRequires: pkgconfig(libsystemd) %endif %if "%{_vendor}" == "debbuild" BuildRequires: golang >= 2:1.19~0 BuildRequires: libsystemd-dev BuildRequires: pkg-config %endif %if 0%{?rhel} BuildRequires: golang >= 1.19 BuildRequires: python3 BuildRequires: systemd-devel BuildRequires: pkgconfig(libsystemd) %endif %if %{build_server} BuildRequires: local-npm-registry BuildRequires: nodejs >= 18 BuildRequires: npm >= 18 %endif %if %{with bpf} %if 0%{?suse_version} %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 BuildRequires: clang16 BuildRequires: llvm16 %if 0%{?sle_version} > 150400 BuildRequires: llvm16-libclang13 %endif %else BuildRequires: clang13 BuildRequires: llvm13 %endif BuildRequires: libelf-devel BuildRequires: libzstd-devel BuildRequires: zlib-devel %endif %if "%{_vendor}" == "debbuild" BuildRequires: clang BuildRequires: libelf-dev BuildRequires: libzstd-dev BuildRequires: llvm BuildRequires: zlib1g-dev %endif %if 0%{?rhel} BuildRequires: clang >= 13 BuildRequires: libelf-devel BuildRequires: libzstd-devel BuildRequires: llvm >= 13 BuildRequires: zlib-devel %endif %endif %if %{build_server} BuildRequires: sysuser-tools Requires: group(velociraptor) Requires: user(velociraptor) Obsoletes: velociraptor-kafka-humio-gateway < %{version} %{?sysusers_requires} %endif %if 0%{?suse_version} # SLE12 doesn't support sysusers and releases lower than SP4 don't build the server flavor which includes the system-user-velociraptor package. %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150400 Requires(pre): pwdutils %define pre_create_group 1 %else Requires: group(velociraptor) %endif %endif %if %{build_server} %if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150400 ExclusiveArch: x86_64 %else ExclusiveArch: do_not_build %endif %else ExclusiveArch: x86_64 ppc64le aarch64 s390x %endif %if 0%{?rhel} # RHEL builds aren't working yet ExclusiveArch: do_not_build %endif # Not *required* but without it, we spam the system log Recommends: auditd %if 0%{?_project:1} && (0%{?suse_version} > 1500 || 0%{?sle_version} > 150000) Provides: %{name}(project:%_project) %endif %if "%{vendor}" == "debbuild" %define mtag Packager: https://www.suse.com %mtag %endif %if %{build_server} %description Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://docs.velociraptor.app/ This package contains the velociraptor server and full console GUI. For just the endpoint agent, please install the 'velociraptor-client' package. %package -n system-user-velociraptor Summary: System user and group 'velociraptor' Version: 1.0.0 License: Apache-2.0 Group: System/Monitoring Provides: group(velociraptor) Provides: user(velociraptor) BuildArch: noarch %description -n system-user-velociraptor This package provides a shared system user for all velociraptor components %endif %if %{build_client} %description Velociraptor is a tool for collecting host based state information using The Velociraptor Query Language (VQL) queries. To learn more about Velociraptor, read the documentation on: https://docs.velociraptor.app/ This package contains only the endpoint agent. For the full server and GUI console, please install the 'velociraptor' package. %endif %prep %setup -q -a 1 -a 2 -n %{projname}-%{VERSION} %patch -P 1 -p1 %patch -P 2 -p1 %patch -P 3 -p1 %patch -P 4 -p1 %patch -P 5 -p1 # Set the version to something more specific than <next-tag>-dev sed -ie "s/\([[:space:]]VERSION *= \).*/\1 \"%{VERSION}\"/" constants/constants.go %if %{with bpf} mkdir -p third_party/libbpfgo/output arch=%{_arch} if test "$arch" = "amd64"; then arch=x86_64 fi cp vmlinux.h-%{vmlinux_h_version}/vmlinux-${arch}.h \ third_party/libbpfgo/output/vmlinux.h %endif # These just clutter the GUI and we don't have Windows clients # Note: There are dependencies on these that need to be resolved before # removing them outright. # rm -rf artifacts/definitions/Windows %if %{build_server} pushd gui/velociraptor rm -f package-lock.json local-npm-registry %{_sourcedir} install --include=dev --legacy-peer-deps popd %endif %build # Reproducible builds need stable timestamps timestamp=$(date -Iseconds --utc --date=@$(grep mtime: %{SOURCE9}|sed -e 's/mtime: //')) git_commit=$(grep commit: %{SOURCE9}|sed -e 's/commit: //g') export VELOCIRAPTOR_BUILD_TIME=$timestamp export VELOCIRAPTOR_GIT_HEAD=$git_commit %if %{build_server} (cd gui/velociraptor ; npm run build) %sysusers_generate_pre %{SOURCE10} velociraptor-user %endif %if 0%{?suse_version} LLVM_STRIP=llvm-strip %else LLVM_STRIP=llvm-strip %endif CLANG=clang PATH=$PATH:/usr/sbin make %{make_target} BUILD_BPF_PLUGINS=%{with bpf} CLANG=$CLANG STRIP=$LLVM_STRIP %install install -D -d -m 0750 %buildroot/%{_sysconfdir}/velociraptor install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/data install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/logs install -D -d -m 0700 %buildroot/%{_sharedstatedir}/%{name}/tmp %if %{build_server} service_file_source=%{SOURCE3} config_file_source=%{SOURCE4} sysconfig_file_source=%{SOURCE7} config_file=server.config install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/system-user-velociraptor.conf %else service_file_source=%{SOURCE5} config_file_source=%{SOURCE6} sysconfig_file_source=%{SOURCE8} config_file=client.config %endif %if 0%{?suse_version} install -D -m 0644 "$sysconfig_file_source" %{buildroot}%{_fillupdir}/sysconfig.%{name} %endif %if "%{vendor}" == "debbuild" install -D -m 0644 "$sysconfig_file_source" %{buildroot}/%{_sysconfdir}/default/%{name} %endif install -D -m 0644 "$service_file_source" %{buildroot}%{_unitdir}/%{name}.service install -D -m 0640 "$config_file_source" "%{buildroot}%{_sysconfdir}/velociraptor/$config_file" install -D -m 0755 output/velociraptor-v%{VERSION}-linux-* %buildroot/%{_bindir}/%{name} %files %defattr(-, root, root) %license LICENSE %doc README.md %{_bindir}/%{name} %{_unitdir}/%{name}.service %if 0%{?suse_version} %{_fillupdir}/sysconfig.%{name} %endif %if "%{vendor}" == "debbuild" %{_sysconfdir}/default/%{name} %endif %dir %attr(-, root, velociraptor) %{_sysconfdir}/velociraptor %config(noreplace) %attr(%{config_perms}) %{_sysconfdir}/velociraptor/*.config %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name} %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/data %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/logs %dir %attr(%{state_dir_perms}) %{_sharedstatedir}/%{name}/tmp %if %{build_server} %files -n system-user-velociraptor %defattr(-, root, root) %{_sysusersdir}/system-user-velociraptor.conf %pre -n system-user-velociraptor -f velociraptor-user.pre %endif %if 0%{?suse_version} %pre %if 0%{?pre_create_group} # create velociraptor group if it doesn't exist groupadd -f -r velociraptor 2>/dev/null || : %endif %service_add_pre %{name}.service %post %{fillup_only} %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %service_del_postun %{name}.service %endif %if "%{_vendor}" == "debbuild" %postun # Automatically added by dh_installsystemd/13.11.4 if [ "$1" = remove ] && [ -d /run/systemd/system ] ; then systemctl --system daemon-reload >/dev/null || true fi # End automatically added section # Automatically added by dh_installsystemd/13.11.4 if [ "$1" = "purge" ]; then if [ -x "/usr/bin/deb-systemd-helper" ]; then deb-systemd-helper purge 'velociraptor-client.service' >/dev/null || true fi fi # End automatically added section %endif %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor