https://github.com/osquery/osquery logo
Join Slack
Powered by
any suggestions what I am doing wrong?
# fleet
l
any suggestions what I am doing wrong?
b
what OS are you running on?
l
I built the ubuntu osquery 'agent' with no problem! It worked great. I thought I'd get ambitious and create one for my Mac to connect to. That part failed.
b
So if your building this on Linux then the pkg target is a little more complicated. You’ll need to install mkbom, which I had to do from source.
Not in front of a computer at the moment but when i get back I’ll send you some details
c
You will probably also need xar. If you're using docker, this is from my docker config file. Otherwise you can just pull the commands out from here
Copy code
# Install xar from source

RUN git clone --depth=1 \
              --branch=master \
              <https://github.com/mackyle/xar.git> \
  && cd /xar/xar; \
  sed -i '332s/^.*$/AC_CHECK_LIB([crypto], [OPENSSL_init_crypto], , [have_libcrypto="0"])/' <http://configure.ac|configure.ac> \
  && ./autogen.sh --noconfigure \
  && ./configure LDFLAGS=-lfts \
  && make \
  && make install \
  && cd / \
  && rm -rf /xar

 # Install bomutils from source

RUN git clone --depth=1 \
              --branch=master \
              <https://github.com/hogliux/bomutils.git> \
  && cd bomutils \
  && make \
  && make install \
  && chmod 755 build/bin/mkbom \
  && cp build/bin/mkbom /usr/local/bin/mkbom \
  && cd / \
  && rm -rf /bomutils
s
Hi, jumping in on this thread I had the same issue. Installed mkbom and xar from source. Now I get an 
error="build pkg: mkbom: exit status 1"
when running 
go run -v ./cmd/package --type=pkg
. The only other valuable output I get is 
Unable to find path: /tmp/orbit-package3699160814/flat/root
Any idea how to fix?
l
going to try these this morning... will report back! thanks for the tips/guidance @Chad and @Benjamin Edwards
👍 1
c
@Stijn Pieters - thats a bug in the code. You can look at the PR https://github.com/fleetdm/fleet/pull/1815
s
I feel stupid asking, but when I run on main branch I get the following error: 
error="create root dir: Path /tmp/orbit-package2211337692 already exists with mode 20000000700 instead of the expected 20000000755"
Running 
git checkout d0bb3202785ac6b69f1e6542f55c77e9eb28f5a2
fixes this, but then I can't build Mac packages :-P
l
so I installed (as above) xar and bomutils successfully, however I'm no closer. I'm going to teardown mysetup and try it all again. Will report back.
c
@Stijn Pieters think this is related to another issue that has been worked on and will be fixed in the latest version. Let me know if you need help temporarily working around it
@Lee Armet if you share your errors I can help you troubleshoot it
l
much appreciated, Chad. I decided to forgo using docker and follow the guide on kifarunix "install fleet osquery manager on ubuntu"
I am now getting the following error: Using config file: /etc/fleet/fleet.yml {"component":"crons","cron":"vulnerabilities","level":"info","ts":"2021-09-08T191417.791894435Z","vulnerability scanning":"not configured"} {"address":"0.0.0.0:8080","msg":"listening","transport":"https","ts":"2021-09-08T191417.814501814Z"} {"terminated":"tls: failed to parse private key","ts":"2021-09-08T191417.815321235Z"}
I believe I'm close to getting this up and running
4 Views
Open in Slack
PreviousNext
Powered by