Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
alessandrogario
08/14/2018, 6:18 PMi think you can also use Beast as it has been imported into the third-party folder
r
Rich5
08/16/2018, 4:51 PMI started working on the curl extension and as a test I tried to just include the existing http_client into the example extension code. Adding #include "osquery/remote/http_client.h" to the file was the only change. I then compiled it with "make external" and I get an linker error like this /usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_library_init
>> referenced by openssl_init.ipp:40 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:40)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost::asio:😒sl::detail:😮penssl_init_base::instance())/usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_load_error_strings
>> referenced by openssl_init.ipp:41 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:41)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost::asio:😒sl::detail:😮penssl_init_base::instance())/usr/local/osquery/bin/ld.lld: error: undefined symbol: SSL_COMP_free_compression_methods
>> referenced by openssl_init.ipp:84 (/usr/local/osquery/include/boost/asio/ssl/detail/impl/openssl_init.ipp:84)
>> /home/zaphod/osquery/build/bionic/cache/Thin-37287b.tmp.o:(boost::asio:😒sl::detail:😮penssl_init_base::do_init::~do_init())clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
have you ever seen this happen when making extensions?
a
alessandrogario
08/16/2018, 6:28 PMboost is not being linked
err, sorry, openssl
extensions don’t inherit all the libs that osquery uses
r
Rich5
08/16/2018, 6:29 PMany ideas why?
a
alessandrogario
08/16/2018, 6:29 PMbut you can link to them as they are inside /usr/local/osquery/lib
r
Rich5
08/16/2018, 6:29 PMseems like make should link those I thought
a
alessandrogario
08/16/2018, 6:29 PMyeah it’s normal, the CMake project is not importing those libs
well extensions are new executables, so CMake doesn’t have to export osquery libs to extensions
r
Rich5
08/16/2018, 6:30 PMso do I just include that in my own CMake file for the extension?
a
alessandrogario
08/16/2018, 6:30 PMi’m not even sure they have been marked PUBLIC
yeah
if you are using our new CMake code (bundling)
r
Rich5
08/16/2018, 6:31 PMI see. I'm not the best with make files so I'll have to figure that out
a
alessandrogario
08/16/2018, 6:31 PMyou can use new style target_link_libraries(target PRIVATE /usr/local/osquery/lib/ssl….)
you can just look at the CMake files
the Makefile stuff is just a wrapper
around CMake
r
Rich5
08/16/2018, 6:31 PMa
alessandrogario
08/16/2018, 6:32 PMsearch for the ssl lib in /usr/local/osquery/lib and use that name
you can use the full path to really make sure to reference the osquery one rather than the system one (if present)
r
Rich5
08/16/2018, 6:33 PMok cool. I'll give that a shot. Thanks!
cmake_minimum_required(VERSION 3.10)
project(web_request)
function(main)
set(project_source_files
web_request.cpp
)
add_library("${PROJECT_NAME}" STATIC ${project_source_files})
target_link_libraries("${PROJECT_NAME}" PRIVATE /usr/local/osquery/lib/libssl.a)
endfunction()
main()
added that and it seems to compile and link. Does that seem right?
nevermind something's not right
a
alessandrogario
08/16/2018, 7:32 PMextensions are executable so you can't use add_library and you also have to use the osquery wrappers
have a look at the cmake in our repo
r
Rich5
08/16/2018, 7:40 PMlooking through it now
a
alessandrogario
08/16/2018, 7:41 PMthat is for extension bundling
let me find you and example for a standalone extension
line 36
r
Rich5
08/16/2018, 7:46 PMok that's a little more clear to me.
do I then add target_link_libraries("${PROJECT_NAME}" /usr/local/osquery/lib/libssl.a)
or do I need the add_subdirectory etc
what's not clear is how much the osquery wrapper takes care of
a
alessandrogario
08/16/2018, 8:42 PMI'm back
so you can just create a subfolder named "extension_yourname" and symlink it inside osquery/external
then just use the add_osquery_extension call i linked
(the last one at line 36)
after that call you can just add additional libraries
(sorry but I only have a phone with me!)
r
Rich5
08/16/2018, 8:45 PMno problem. I really appreciate the help
Where I'm at now is a different linker error. So I assume I'm missing a lib somewhere /usr/local/osquery/bin/ld.lld: error: undefined symbol: osquery::Uri::Uri(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
>> referenced by http_client.h:313 (/home/zaphod/osquery/osquery/remote/http_client.h:313)
>> /home/zaphod/osquery/build/bionic/cache/Thin-59c554.tmp.o:(WebRequestTablePlugin::generate(osquery::QueryContext&))/usr/local/osquery/bin/ld.lld: error: undefined symbol: osquery::http::Client::closeSocket()
>> referenced by http_client.h:237 (/home/zaphod/osquery/osquery/remote/http_client.h:237)
>> /home/zaphod/osquery/build/bionic/cache/Thin-59c554.tmp.o:(osquery::http::Client::~Client())clang-6.0: error: linker command failed with exit code 1 (use -v to see invocation)
since I'm trying to copy the curl.cpp code I included the http_client.h and then tried to use the same methods as the curl.cpp table
osquery::http::Client client_;
osquery::http::Response response_;
osquery::http::Request request_("http://www.google.com");
but the linker error is from inside the http_client code.
a
alessandrogario
08/16/2018, 8:48 PMif it is using the boost beast stuff, both the h and cpp needs to be included
from third-party folder
r
Rich5
08/16/2018, 8:51 PMI thought the http_client.h did that though
or do I need to add and includes directory in the makefile?
a
alessandrogario
08/16/2018, 10:40 PMyeah you have to add them to the cmake file
uhm if curl is enough maybe just use that
i thought it was easier to call the osquery http helpers from the extensions
r
Rich5
08/16/2018, 11:23 PMI thought so too. I may end up just using curl if this doesn't work tomorrow 😐
Honestly it's probably just my inexperience will osquery. I'm still learning the ends and outs of how it all pieces together