Channels
#core
Title
# core
s
seph
05/20/2021, 1:36 PM
First time I’m building osquery since endpoint security merged, and I’m running into issues…. This is a Big Sur 11.4 machine, with whatever Xcode came from the apple store.
Copy code
[ 87%] Building CXX object osquery/events/CMakeFiles/osquery_events.dir/darwin/openbsm.cpp.o
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:179:35: error: no member named 'global_seq_num' in 'es_message_t'
ec->global_seq_num = message->global_seq_num;
~~~~~~~ ^
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:213:57: error: no member named 'cwd' in 'es_event_exec_t'
ec->cwd = getStringFromToken(&message->event.exec.cwd->path);
~~~~~~~~~~~~~~~~~~~ ^
2 errors generated.s
sharvil
05/20/2021, 5:15 PMtaking a look, give me a bit
iirc one needs to pass in the SDK version, let me take a look
s
seph
05/20/2021, 5:16 PM
I was building as:
Copy code
cmake -DCMAKE_OSX_DEPLOYMENT_TARGET=10.12 ..
cmake --build . -j $(sysctl -n hw.ncpu)s
sharvil
05/20/2021, 5:33 PMAre you building with just the command line tools, or the full Xcode intall?
s
seph
05/20/2021, 6:13 PM
Should be the full ones. Pretty sure the dev tools errored out much sooner, so I had to upgrade
Copy code
miniseph:build seph$ xcode-select -p
/Applications/Xcode.app/Contents/Developert
theopolis
05/20/2021, 6:31 PM
(ideas from the 'maybe it will work department') Are you using an older ./build from months ago? Sometimes I find that a
mv ./build ./build2; mkdir build; cd build; cmake ..s
seph
05/20/2021, 6:32 PM
Shouldn’t be, I spun up this Big Sur machine when I started. But it’s an easy thing to try.
s
sharvil
05/20/2021, 6:49 PMOkay, I am downloading 11.4 RC/beta, but my internet is slow today and taking a while
s
seph
05/20/2021, 8:42 PM
:scratches head: I don’t get it. I rm’ed build and rebuilt. This time it worked. So, clearly some kind of user error. But I’m pretty sure I’d started afresh
😅 1
Aw well. Thanks for prodding on the Teddy, sorry to bother you Sharvil
metal 1
p
puffycid
05/20/2021, 8:54 PMI've also encountered this same error when building on a Mac
But since Mac ci builds seem to work i assumed it was an issue on my system or something else on my system
I tried multiple different SDK types
I'm pretty sure I also tried removing the build dir
But I will try deleting that again
s
seph
05/20/2021, 9:07 PM
What version is your Mac? We recently started needing Catalina or later for the builds
p
puffycid
05/20/2021, 9:09 PMBig sur
m
Mike Myers
05/20/2021, 10:56 PMno member named 'global_seq_num' in 'es_message_t'The Endpoint Security code is guarded by a conditional like
if (__builtin_available(macos 10.15, *))global_seq_nummacOS 11s
sharvil
05/21/2021, 10:27 AMOkay, I was successfully able to build latest osquery, without any issues, on fresh installs of 10.15 latest (catalina), 11.3.1 (big sur) and 11.5 Beta (11.4 is in RC and apple just kept redirecting me to 11.5). I also tested those with XCode 12.3, 12.4 and 12.5 Beta, and it worked across all versions.
I also did an ad-hoc codesign of
osquerydIf anyone is still facing build issues, please let me know, I can help troubleshoot, the other thing to check would be where
xcode-select -pThe
global_seq_numno member namebuildccache__builtin_available15 Views