Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
s
seph
05/20/2021, 1:36 PMFirst time I’m building osquery since endpoint security merged, and I’m running into issues…. This is a Big Sur 11.4 machine, with whatever Xcode came from the apple store.
[ 87%] Building CXX object osquery/events/CMakeFiles/osquery_events.dir/darwin/openbsm.cpp.o
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:179:35: error: no member named 'global_seq_num' in 'es_message_t'
ec->global_seq_num = message->global_seq_num;
~~~~~~~ ^
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:213:57: error: no member named 'cwd' in 'es_event_exec_t'
ec->cwd = getStringFromToken(&message->event.exec.cwd->path);
~~~~~~~~~~~~~~~~~~~ ^
2 errors generated.s
sharvil
05/20/2021, 5:15 PMtaking a look, give me a bit
iirc one needs to pass in the SDK version, let me take a look
s
seph
05/20/2021, 5:16 PMI was building as:
cmake -DCMAKE_OSX_DEPLOYMENT_TARGET=10.12 ..
cmake --build . -j $(sysctl -n hw.ncpu)s
sharvil
05/20/2021, 5:33 PMAre you building with just the command line tools, or the full Xcode intall?
s
seph
05/20/2021, 6:13 PMShould be the full ones. Pretty sure the dev tools errored out much sooner, so I had to upgrade
miniseph:build seph$ xcode-select -p
/Applications/Xcode.app/Contents/Developert
theopolis
05/20/2021, 6:31 PM(ideas from the 'maybe it will work department') Are you using an older ./build from months ago? Sometimes I find that a
mv ./build ./build2; mkdir build; cd build; cmake ..s
seph
05/20/2021, 6:32 PMShouldn’t be, I spun up this Big Sur machine when I started. But it’s an easy thing to try.
s
sharvil
05/20/2021, 6:49 PMOkay, I am downloading 11.4 RC/beta, but my internet is slow today and taking a while
s
seph
05/20/2021, 8:42 PM:scratches head: I don’t get it. I rm’ed build and rebuilt. This time it worked. So, clearly some kind of user error. But I’m pretty sure I’d started afresh
😅 1
Aw well. Thanks for prodding on the Teddy, sorry to bother you Sharvil
🤘 1
p
puffycid
05/20/2021, 8:54 PMI've also encountered this same error when building on a Mac
But since Mac ci builds seem to work i assumed it was an issue on my system or something else on my system
I tried multiple different SDK types
I'm pretty sure I also tried removing the build dir
But I will try deleting that again
s
seph
05/20/2021, 9:07 PMWhat version is your Mac? We recently started needing Catalina or later for the builds
p
puffycid
05/20/2021, 9:09 PMBig sur
m
Mike Myers
05/20/2021, 10:56 PMno member named 'global_seq_num' in 'es_message_t'The Endpoint Security code is guarded by a conditional like
if (__builtin_available(macos 10.15, *))global_seq_nummacOS 11s
sharvil
05/21/2021, 10:27 AMOkay, I was successfully able to build latest osquery, without any issues, on fresh installs of 10.15 latest (catalina), 11.3.1 (big sur) and 11.5 Beta (11.4 is in RC and apple just kept redirecting me to 11.5). I also tested those with XCode 12.3, 12.4 and 12.5 Beta, and it worked across all versions.
I also did an ad-hoc codesign of
osquerydIf anyone is still facing build issues, please let me know, I can help troubleshoot, the other thing to check would be where
xcode-select -pThe
global_seq_numno member namebuildccache__builtin_available