Hi everyone, an old employee in my organization had set up an installer for Macs which included the flags file, and installed the service, etc. I was able to build an OSX package, but having trouble figuring out how to include my osquery.flags file. Can't seem to find any information in the documentation on this, and have also tried searching here in Slack.

We removed the old package building scripts when we switched to using CPack because the old scripts had a few bugs and were prone to regressions. You could add a line to the code here and install a .flags file https://github.com/osquery/osquery/blob/master/cmake/packaging.cmake#L256 it's hacky proposal (sorry about that)

Would it be better to install osquery with a script that sets up the flags file afterwards?

In theory you can plug other CMake scripts to be run when CPack runs the local install phase https://cmake.org/cmake/help/v3.15/variable/CPACK_INSTALL_SCRIPT.html

I could try that out

I really like the idea for an after-install script that does site-specific configuration

Does the pre-built installer found on the website install the service as well?

For macos it does not install the service automatically. But a launch daemon is provided and you can start the service with:

sudo osqueryctl start

If you're custom making packages I wouldn't use scripts from the repo. I'd look at the Mac packaging tools and go from there.

I ended up creating a bash script that downloads/installs the pre-built osquery package, then dumps the flags file, config, and secret then copies the launchdaemon and then loads that. Seems to be working fine for what I needed it to do without much headache.