https://github.com/osquery/osquery logo
Join Slack
Powered by
If anyone has ever been able to build osquery from...
# general
v
If anyone has ever been able to build osquery from source and then generate packages .deb and .rpm, could you explain the steps here? I might be doing something wrong or the documentation is not connecting the pieces properly. I got as far as building it in the build directory within the osquery source code as explained here https://osquery.readthedocs.io/en/latest/development/building/#linux-ubuntu-18 but then when I get to this https://osquery.readthedocs.io/en/latest/development/building/#building-packages I am not sure what I should be doing. It starts by saying:
Copy code
cd build_folder
mkdir package_data
where I am assuming the 
build_folder
means just the 
build
directory explained in the build process? Ok I am already there, so I create the directory 
package_data
but then when I run:
Copy code
export DESTDIR=$(pwd)/package_data
cmake --build . --target install
Nothing gets installed in the package_data directory 😢
m
maybe that was a typo and it should have said 
--target package
?
v
This would come after in Creating the Linux packages
Copy code
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo \
  -DCPACK_GENERATOR=DEB \
  -DOSQUERY_PACKAGE_VERSION=${OSQUERY_VERSION} \
  -DOSQUERY_DATA_PATH=${DESTDIR} \
  -DOSQUERY_SOURCE_DIRECTORY_LIST="osquery-src-path;osquery-build-path" \
  ../osquery-packaging

cmake --build . --target package
Update: I was able to get data into 
package_data
, but when I run the first long command above, it adds more data to the package_data directory, but the second command 
cmake --build . --target package
fails with the following:
s
The packaged_data represents the osquery binaries + deployment files necessary to then create the .deb. They are the output of the compilation + installation of the 
osquery
repository. You would then move to the 
osquery-packaging
repository and point that (using 
OSQUERY_DATA_PATH
) to where you installed those files.
You are giving your command from the package_data folder, which I'm not sure what it is at that point for you, and in general, you should be under the 
osquery-packaging
build folder, not 
osquery
so basically it's just 1. Clone 
osquery
2. Compile 
osquery
3. Install 
osquery
using 
DESTDIR
to point it to a folder of your choosing (this is package_data in the wiki. It will contain the files needed to create a package) 4. Clone 
osquery-packaging
, separately 5. From a subfolder of the 
osquery-packaging
repo you've created (could be called what you want but lets say it's 
build
), run the last cmake command, pointing 
OSQUERY_DATA_PATH
to the 
package_data
folder in step 3
v
Thank you, Stefano. I will give it a try and update you!
@Stefano Bonicatti thank you so much. It worked: However, I am confused hahahah sorry for being new to this but I was expecting to see just the .deb file. Do I need all of the other files in this directory if I want to use the .deb to install the modified osquery package in other machines?
s
No you have to consider that the build folder will contain intermediate artifacts and the final output too. The .deb and .ddeb files are your output
ty 1
v
@Stefano Bonicatti Would you know what causes this?
Copy code
E0418 13:41:16.476779  5687 aws_util.cpp:429] Exception making HTTP POST request to URL (<https://firehose.us-east-1.amazonaws.com>): certificate verify failed
I tried following this guide but still failing: https://zercurity.medium.com/capturing-osquery-query-results-with-aws-firehose-kinesis-and-aws-athena-25b3430a4471
Never mind, I did something that worked hahaha, not sure if it is cheating or not. I got the certs from my Fleet and appended them to 
/opt/osquery/share/osquery/certs/certs.pem
which contain root certs from Amazon
and then I pointed my tls_server_certs to this file
Open in Slack
PreviousNext
Powered by