Package Details: osquery-git 2.7.0.r14.ge748f38a-1

Git Clone URL: https://aur.archlinux.org/osquery-git.git (read-only)
Package Base: osquery-git
Description: SQL powered operating system instrumentation, monitoring, and analytics.
Upstream URL: https://osquery.io
Licenses: BSD
Submitter: m3thodic
Maintainer: m3thodic
Last Packager: m3thodic
Votes: 4
Popularity: 0.210155
First Submitted: 2016-07-17 08:27
Last Updated: 2017-09-09 09:55

Pinned Comments

m3thodic commented on 2017-02-28 01:55

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

You may have to rm -rf /var/osquery if osqueryd fails to start!

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

Latest Comments

m3thodic commented on 2017-08-20 12:59

@viq Thanks, added!

viq commented on 2017-08-08 07:07

Looks like it may need zstd to build now.

mignacio commented on 2017-03-14 15:38

I got about the same errors as my last comment, so I spun up an fresh Arch instance in EC2 and managed to run makepkg successfully there.

Not sure what was wrong with my build environment but I don't know much about this kind of stuff.

m3thodic commented on 2017-02-28 01:55

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

You may have to rm -rf /var/osquery if osqueryd fails to start!

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

m3thodic commented on 2017-02-28 01:54

Hey guys, it took FOREVER to finally get this to compile/run but I managed to get a working osquery package from the latest master at the time of this writing (commit hash 3c3d649b1ed80362e6653409876110f254cfc719).

Please test and report to let me know if this works for you or not.

Thanks!

mignacio commented on 2017-01-18 19:25

Having some problems with building gtest:

In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/src/gmock-all.cc:40:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/gmock.h:58:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/gmock-actions.h:46:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/internal/gmock-internal-utils.h:47:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/gtest/include/gtest/gtest.h:58:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/gtest/include/gtest/internal/gtest-internal.h:45:
/usr/local/osquery/legacy/include/sys/wait.h:116:22: error: unknown type name '__WAIT_STATUS'
extern __pid_t wait (__WAIT_STATUS __stat_loc);

Looks like this needs a little maintenance.

cyrevolt commented on 2016-12-05 15:54

Another addition: I had issues with headers being in /usr/include/libxml2/libxml, which couldn't be found when building. So before `make deps , I added:
ln -s /usr/include/libxml2/libxml .

cyrevolt commented on 2016-12-01 23:28

Could you remove the commit hash? Otherwise it's not the latest version, and it currently fails because it's missing https://github.com/facebook/osquery/commit/1b21e5173e1b8d2567490a8a15161392643a2899 and our current gflags in Arch is 2.2.0 ;)

cyrevolt commented on 2016-12-01 04:00

The provisioning script in the osquery repo calls pacman, which might be undesirable e.g. when it would update the kernel and you're not willing to reboot and thus need to keep the current kernel modules. I've created an issue in the upstream repo: https://github.com/facebook/osquery/issues/2813
From the reply: We can simply use the env var `SKIP_DISTRO_MAIN=1`

Do you others here also think that this shouldn't be enforced?
We are a rolling release distro, so users upgrade regularly. However, the choice when to upgrade should be their's, not a package's imho. I am going to patch the provisioning script for me locally to work around this and share it if anyone else is interested.

epitron commented on 2016-10-27 14:28

Another small issue: /usr/bin/osqueryctl doesn't have the +x mode bit set.

(Do we need to include this binary at all, since most arch users will be using systemd?)

All comments