Package Details: osquery-git 2.10.2.r14.g16d92d1d-1

Git Clone URL: https://aur.archlinux.org/osquery-git.git (read-only)
Package Base: osquery-git
Description: SQL powered operating system instrumentation, monitoring, and analytics.
Upstream URL: https://osquery.io
Licenses: BSD
Submitter: m3thodic
Maintainer: m3thodic
Last Packager: m3thodic
Votes: 6
Popularity: 1.159610
First Submitted: 2016-07-17 08:27
Last Updated: 2017-11-19 23:21

Pinned Comments

m3thodic commented on 2017-02-28 01:55

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

You may have to rm -rf /var/osquery if osqueryd fails to start!

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

Latest Comments

m3thodic commented on 2017-10-30 20:57

@viq Thanks again, updated version should be pushed later tonight.

louiscipher commented on 2017-10-25 16:16

I'm getting build errors when trying to build from the latest version:

In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:75:
/usr/include/stdlib.h:131:24: error: function-like macro '__GLIBC_USE' is not defined
#if __HAVE_FLOAT128 && __GLIBC_USE (IEC_60559_TYPES_EXT)
^
/usr/include/stdlib.h:174:5: error: function-like macro '__GLIBC_USE' is not defined
#if __GLIBC_USE (IEC_60559_BFP_EXT)
^
/usr/include/stdlib.h:188:24: error: function-like macro '__GLIBC_USE' is not defined
#if __HAVE_FLOAT128 && __GLIBC_USE (IEC_60559_TYPES_EXT)
^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:75:
In file included from /usr/include/stdlib.h:199:
In file included from /usr/include/bits/types/locale_t.h:22:
/usr/include/bits/types/__locale_t.h:28:8: error: redefinition of '__locale_struct'
struct __locale_struct
^
/usr/local/osquery/legacy/include/xlocale.h:28:16: note: previous definition is here
typedef struct __locale_struct
^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:131:11: error: no
member named 'at_quick_exit' in the global namespace
using ::at_quick_exit;
~~^
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:154:11: error: no
member named 'quick_exit' in the global namespace
using ::quick_exit;
~~^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:24:
In file included from /usr/local/osquery/include/thrift/protocol/TProtocol.h:28:
In file included from /usr/local/osquery/include/thrift/transport/TTransport.h:24:
In file included from /usr/local/osquery/include/boost/shared_ptr.hpp:17:
In file included from /usr/local/osquery/include/boost/smart_ptr/shared_ptr.hpp:28:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/shared_count.hpp:29:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/sp_counted_base.hpp:45:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/sp_counted_base_clang.hpp:19:
In file included from /usr/local/osquery/include/boost/cstdint.hpp:440:
In file included from /usr/local/osquery/legacy/include/limits.h:125:
In file included from /usr/lib/clang/5.0.0/include/limits.h:37:
/usr/include/limits.h:145:5: error: function-like macro '__GLIBC_USE' is not defined
#if __GLIBC_USE (IEC_60559_BFP_EXT)
^
7 errors generated.
make[2]: *** [osquery/extensions/CMakeFiles/osquery_extensions.dir/build.make:85: osquery/extensions/CMakeFiles/osquery_extensions.dir/__/__/generated/gen-cpp/Extension.cpp.o] Error 1
make[2]: Leaving directory '/tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git'
make[1]: *** [CMakeFiles/Makefile2:1673: osquery/extensions/CMakeFiles/osquery_extensions.dir/all] Error 2
make[1]: Leaving directory '/tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git'
make: *** [Makefile:144: all] Error 2
==> ERROR: A failure occurred in build().
Aborting...
==> ERROR: Makepkg was unable to build osquery-git.

viq commented on 2017-10-17 11:06

Looks like it now needs librdkafka to build, which currently is provided only by https://aur.archlinux.org/packages/librdkafka-git/

m3thodic commented on 2017-08-20 12:59

@viq Thanks, added!

viq commented on 2017-08-08 07:07

Looks like it may need zstd to build now.

mignacio commented on 2017-03-14 15:38

I got about the same errors as my last comment, so I spun up an fresh Arch instance in EC2 and managed to run makepkg successfully there.

Not sure what was wrong with my build environment but I don't know much about this kind of stuff.

m3thodic commented on 2017-02-28 01:55

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

You may have to rm -rf /var/osquery if osqueryd fails to start!

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

m3thodic commented on 2017-02-28 01:54

Hey guys, it took FOREVER to finally get this to compile/run but I managed to get a working osquery package from the latest master at the time of this writing (commit hash 3c3d649b1ed80362e6653409876110f254cfc719).

Please test and report to let me know if this works for you or not.

Thanks!

mignacio commented on 2017-01-18 19:25

Having some problems with building gtest:

In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/src/gmock-all.cc:40:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/gmock.h:58:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/gmock-actions.h:46:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/include/gmock/internal/gmock-internal-utils.h:47:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/gtest/include/gtest/gtest.h:58:
In file included from /tmp/mignacio/yaourt-tmp-mignacio/aur-osquery-git/src/osquery-git/third-party/gmock-1.7.0/gtest/include/gtest/internal/gtest-internal.h:45:
/usr/local/osquery/legacy/include/sys/wait.h:116:22: error: unknown type name '__WAIT_STATUS'
extern __pid_t wait (__WAIT_STATUS __stat_loc);

Looks like this needs a little maintenance.

cyrevolt commented on 2016-12-05 15:54

Another addition: I had issues with headers being in /usr/include/libxml2/libxml, which couldn't be found when building. So before `make deps , I added:
ln -s /usr/include/libxml2/libxml .

All comments