Package Details: osquery-git 3.3.2.r0.g5188ce528-2

Git Clone URL: https://aur.archlinux.org/osquery-git.git (read-only, click to copy)
Package Base: osquery-git
Description: SQL powered operating system instrumentation, monitoring, and analytics.
Upstream URL: https://osquery.io
Licenses: BSD
Submitter: m3thodic
Maintainer: m3thodic
Last Packager: m3thodic
Votes: 7
Popularity: 0.000000
First Submitted: 2016-07-17 08:27
Last Updated: 2019-02-28 03:43

Required by (1)

Sources (4)

Pinned Comments

m3thodic commented on 2017-02-28 01:55

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

You may have to rm -rf /var/osquery if osqueryd fails to start!

*** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION *** ATTENTION ***

Latest Comments

« First ‹ Previous 1 2 3 Next › Last »

m3thodic commented on 2018-03-08 10:08

@viq This update requires a recompile of rocksdb-lite -- they changed the way they export their symbols. Reinstall rocksdb-lite and try osquery again. Let me know if that worked for you.

viq commented on 2018-03-08 07:20

-- Building osqueryd: /home/viq/.cache/pacaur/osquery-git/src/osquery-git/osquery/osqueryd
cd /home/viq/.cache/pacaur/osquery-git/src/osquery-git/osquery && /usr/bin/cmake -E cmake_link_script CMakeFiles/daemon.dir/link.txt --verbose=1
/usr/bin/g++  -std=c++14   -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now -rdynamic CMakeFiles/daemon.dir/devtools/shell.cpp.o CMakeFiles/daemon.dir/main/main.cpp.o CMakeFiles/daemon.dir/main/posix/main.cpp.o  -o osqueryd -Wl,-whole-archive libosquery.a -Wl,-no-whole-archive -Wl,-whole-archive libosquery_additional.a -Wl,-no-whole-archive -lz -Wl,-Bdynamic -lgflags -Wl,-Bdynamic -lthrift -ldl -Wl,-Bstatic -lboost_system -lboost_filesystem -lboost_thread -lboost_context -Wl,-Bdynamic -lrt -lc -lglog -rdynamic -Wl,-zrelro -Wl,-znow -pie -Wl,--build-id -static-libstdc++ -ludev -laudit -larchive -lzstd -lrdkafka -Wl,-Bstatic -laws-cpp-sdk-kinesis -laws-cpp-sdk-firehose -laws-cpp-sdk-core -laws-cpp-sdk-sts -Wl,-Bdynamic -lresolv -lcryptsetup -ldevmapper -llvm2app -lgcrypt -lgpg-error -lblkid -lip4tc -Wl,-Bstatic -ldpkg -Wl,-Bdynamic -llzma -lrpm -lrpmio -Wl,-Bstatic -lpopt -Wl,-Bdynamic -ldb -laugeas -lfa -lxml2 -Wl,-Bstatic -laws-cpp-sdk-ec2 -Wl,-Bdynamic -ltsk -lyara -llldpctl -lrocksdb_lite -Wl,-Bstatic -lboost_regex -Wl,-Bdynamic -lssl -lcrypto -lpthread -lmagic -lbz2 -luuid 
libosquery_additional.a(rocksdb.cpp.o):(.data.rel.ro._ZTIN7osquery17GlogRocksDBLoggerE[_ZTIN7osquery17GlogRocksDBLoggerE]+0x10): undefined reference to `typeinfo for rocksdb::Logger'
collect2: error: ld returned 1 exit status
make[2]: *** [osquery/CMakeFiles/daemon.dir/build.make:202: osquery/osqueryd] Error 1
make[2]: Leaving directory '/home/viq/.cache/pacaur/osquery-git/src/osquery-git'
make[1]: *** [CMakeFiles/Makefile2:832: osquery/CMakeFiles/daemon.dir/all] Error 2
make[1]: Leaving directory '/home/viq/.cache/pacaur/osquery-git/src/osquery-git'
make: *** [Makefile:144: all] Error 2
==> ERROR: A failure occurred in build().

psy0nic commented on 2017-12-31 00:08

Is it possible to get a section added to your patch for Artix Linux? The only section that fails is the os detection. I tried editing get_platform.py directly substituting Arch with Artix but I am admittedely new and not yet good with Arch package management nor Python. I was able to get it to continue compiling by temporarily changing my /etc/lsb-release to read Arch instead of Artix. From reading some of the Arch documentation and forums I don't think forks of Arch are necessarily supported nor actually appreciated but we do also use AUR for packages not yet in the main pacman repos such as this one and thought it may be a simple request to help out a (so far) small community of Arch enthusiasts?

daskol commented on 2017-12-18 22:29

It seems that apt package as well as dpkg is not necessary and so they could are excluded since the default package manager for Arch is pacman.

m3thodic commented on 2017-10-30 20:57

@viq Thanks again, updated version should be pushed later tonight.

louiscipher commented on 2017-10-25 16:16

I'm getting build errors when trying to build from the latest version:

In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:75:
/usr/include/stdlib.h:131:24: error: function-like macro '__GLIBC_USE' is not defined
#if __HAVE_FLOAT128 && __GLIBC_USE (IEC_60559_TYPES_EXT)
^
/usr/include/stdlib.h:174:5: error: function-like macro '__GLIBC_USE' is not defined
#if __GLIBC_USE (IEC_60559_BFP_EXT)
^
/usr/include/stdlib.h:188:24: error: function-like macro '__GLIBC_USE' is not defined
#if __HAVE_FLOAT128 && __GLIBC_USE (IEC_60559_TYPES_EXT)
^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:75:
In file included from /usr/include/stdlib.h:199:
In file included from /usr/include/bits/types/locale_t.h:22:
/usr/include/bits/types/__locale_t.h:28:8: error: redefinition of '__locale_struct'
struct __locale_struct
^
/usr/local/osquery/legacy/include/xlocale.h:28:16: note: previous definition is here
typedef struct __locale_struct
^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:23:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/string:52:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/bits/basic_string.h:6159:
In file included from /usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/ext/string_conversions.h:41:
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:131:11: error: no
member named 'at_quick_exit' in the global namespace
using ::at_quick_exit;
~~^
/usr/bin/../lib64/gcc/x86_64-pc-linux-gnu/7.2.0/../../../../include/c++/7.2.0/cstdlib:154:11: error: no
member named 'quick_exit' in the global namespace
using ::quick_exit;
~~^
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.cpp:7:
In file included from /tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git/generated/gen-cpp/Extension.h:10:
In file included from /usr/local/osquery/include/thrift/TDispatchProcessor.h:22:
In file included from /usr/local/osquery/include/thrift/TProcessor.h:24:
In file included from /usr/local/osquery/include/thrift/protocol/TProtocol.h:28:
In file included from /usr/local/osquery/include/thrift/transport/TTransport.h:24:
In file included from /usr/local/osquery/include/boost/shared_ptr.hpp:17:
In file included from /usr/local/osquery/include/boost/smart_ptr/shared_ptr.hpp:28:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/shared_count.hpp:29:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/sp_counted_base.hpp:45:
In file included from /usr/local/osquery/include/boost/smart_ptr/detail/sp_counted_base_clang.hpp:19:
In file included from /usr/local/osquery/include/boost/cstdint.hpp:440:
In file included from /usr/local/osquery/legacy/include/limits.h:125:
In file included from /usr/lib/clang/5.0.0/include/limits.h:37:
/usr/include/limits.h:145:5: error: function-like macro '__GLIBC_USE' is not defined
#if __GLIBC_USE (IEC_60559_BFP_EXT)
^
7 errors generated.
make[2]: *** [osquery/extensions/CMakeFiles/osquery_extensions.dir/build.make:85: osquery/extensions/CMakeFiles/osquery_extensions.dir/__/__/generated/gen-cpp/Extension.cpp.o] Error 1
make[2]: Leaving directory '/tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git'
make[1]: *** [CMakeFiles/Makefile2:1673: osquery/extensions/CMakeFiles/osquery_extensions.dir/all] Error 2
make[1]: Leaving directory '/tmp/yaourt-tmp-bverdier/aur-osquery-git/src/osquery-git'
make: *** [Makefile:144: all] Error 2
==> ERROR: A failure occurred in build().
Aborting...
==> ERROR: Makepkg was unable to build osquery-git.

viq commented on 2017-10-17 11:06

Looks like it now needs librdkafka to build, which currently is provided only by https://aur.archlinux.org/packages/librdkafka-git/

m3thodic commented on 2017-08-20 12:59

@viq Thanks, added!

viq commented on 2017-08-08 07:07

Looks like it may need zstd to build now.

mignacio commented on 2017-03-14 15:38

I got about the same errors as my last comment, so I spun up an fresh Arch instance in EC2 and managed to run makepkg successfully there.

Not sure what was wrong with my build environment but I don't know much about this kind of stuff.