https://github.com/osquery/osquery logo
Join Slack
Powered by
i think you can also use Beast as it has been impo...
# extensions
a
i think you can also use Beast as it has been imported into the third-party folder
r
I started working on the curl extension and as a test I tried to just include the existing http_client into the example extension code. Adding #include "osquery/remote/http_client.h" to the file was the only change. I then compiled it with "make external" and I get an linker error like this /usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_library_init
>> referenced by openssl_init.ipp:40 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:40)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost:asiossldetailopenssl init base:instance())
/usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_load_error_strings
>> referenced by openssl_init.ipp:41 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:41)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost:asiossldetailopenssl init base:instance())
/usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_COMP_free_compression_methods
>> referenced by openssl_init.ipp:84 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:84)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost:asiossldetailopenssl init basedo init:~do_init())
clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
have you ever seen this happen when making extensions?
a
boost is not being linked
err, sorry, openssl
extensions don’t inherit all the libs that osquery uses
r
any ideas why?
a
but you can link to them as they are inside /usr/local/osquery/lib
r
seems like make should link those I thought
a
yeah it’s normal, the CMake project is not importing those libs
well extensions are new executables, so CMake doesn’t have to export osquery libs to extensions
r
so do I just include that in my own CMake file for the extension?
a
i’m not even sure they have been marked PUBLIC
yeah
if you are using our new CMake code (bundling)
r
I see. I'm not the best with make files so I'll have to figure that out
a
you can use new style target_link_libraries(target PRIVATE /usr/local/osquery/lib/ssl….)
you can just look at the CMake files
the Makefile stuff is just a wrapper
around CMake
r
a
search for the ssl lib in /usr/local/osquery/lib and use that name
you can use the full path to really make sure to reference the osquery one rather than the system one (if present)
r
ok cool. I'll give that a shot. Thanks!
cmake_minimum_required(VERSION 3.10) project(web_request) function(main) set(project_source_files web_request.cpp ) add_library("${PROJECT_NAME}" STATIC ${project_source_files}) target_link_libraries("${PROJECT_NAME}" PRIVATE /usr/local/osquery/lib/libssl.a) endfunction() main()
added that and it seems to compile and link. Does that seem right?
nevermind something's not right
a
extensions are executable so you can't use add_library and you also have to use the osquery wrappers
have a look at the cmake in our repo
r
looking through it now
a
that is for extension bundling
let me find you and example for a standalone extension
line 36
r
ok that's a little more clear to me.
do I then add target_link_libraries("${PROJECT_NAME}" /usr/local/osquery/lib/libssl.a)
or do I need the add_subdirectory etc
what's not clear is how much the osquery wrapper takes care of
a
I'm back
so you can just create a subfolder named "extension_yourname" and symlink it inside osquery/external
then just use the add_osquery_extension call i linked
(the last one at line 36)
after that call you can just add additional libraries
(sorry but I only have a phone with me!)
r
no problem. I really appreciate the help
Where I'm at now is a different linker error. So I assume I'm missing a lib somewhere /usr/local/osquery/bin/ld.lld: error: undefined symbol: osquery:Uri:Uri(std: 1:basic_string<char, std: 1:char_traits<char>, std: 1:allocator<char> > const&)
>> referenced by http_client.h:313 (/home/zaphod/osquery/osquery/remote/http_client.h:313)
>> /home/zaphod/osquery/build/bionic/cache/Thin-59c554.tmp.o:(WebRequestTablePlugin::generate(osquery::QueryContext&))
/usr/local/osquery/bin/ld.lld: error: undefined symbol: osquery:httpClient:closeSocket()
>> referenced by http_client.h:237 (/home/zaphod/osquery/osquery/remote/http_client.h:237)
>> /home/zaphod/osquery/build/bionic/cache/Thin-59c554.tmp.o:(osquery:httpClient:~Client())
clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
since I'm trying to copy the curl.cpp code I included the http_client.h and then tried to use the same methods as the curl.cpp table
osquery:http:Client client_; osquery:http:Response response_; osquery:http:Request request_("http://www.google.com");
but the linker error is from inside the http_client code.
a
if it is using the boost beast stuff, both the h and cpp needs to be included
from third-party folder
r
I thought the http_client.h did that though
or do I need to add and includes directory in the makefile?
a
yeah you have to add them to the cmake file
uhm if curl is enough maybe just use that
i thought it was easier to call the osquery http helpers from the extensions
r
I thought so too. I may end up just using curl if this doesn't work tomorrow 😐
Honestly it's probably just my inexperience will osquery. I'm still learning the ends and outs of how it all pieces together
2 Views
Open in Slack
PreviousNext
Powered by