Date: Tue, 12 May 2026 17:19:55 +0000 From: Olivier Cochard <olivier@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b2b57cb210bc - main - sysutils/osquery: Add new port Message-ID: <6a03613b.3dcf4.218927f7@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by olivier: URL: https://cgit.FreeBSD.org/ports/commit/?id=b2b57cb210bc27e1983027c8c8a5d6613bdd18d2 commit b2b57cb210bc27e1983027c8c8a5d6613bdd18d2 Author: Olivier Cochard <olivier@FreeBSD.org> AuthorDate: 2026-05-12 16:56:54 +0000 Commit: Olivier Cochard <olivier@FreeBSD.org> CommitDate: 2026-05-12 17:19:16 +0000 sysutils/osquery: Add new port SQL powered operating system instrumentation and analytics Sponsored by: Netflix --- sysutils/Makefile | 1 + sysutils/osquery/Makefile | 72 ++++++++++++++++++++++++++++++++++++ sysutils/osquery/distinfo | 21 +++++++++++ sysutils/osquery/files/osqueryd.in | 76 ++++++++++++++++++++++++++++++++++++++ sysutils/osquery/pkg-descr | 5 +++ 5 files changed, 175 insertions(+) diff --git a/sysutils/Makefile b/sysutils/Makefile index c371b79acd85..5db686a21dac 100644 --- a/sysutils/Makefile +++ b/sysutils/Makefile @@ -829,6 +829,7 @@ SUBDIR += openvox-agent8 SUBDIR += openvox-server8 SUBDIR += osinfo-db-tools + SUBDIR += osquery SUBDIR += p5-App-Regather SUBDIR += p5-App-RunCron SUBDIR += p5-App-ZFSCurses diff --git a/sysutils/osquery/Makefile b/sysutils/osquery/Makefile new file mode 100644 index 000000000000..28be7a202d6d --- /dev/null +++ b/sysutils/osquery/Makefile @@ -0,0 +1,72 @@ +PORTNAME= osquery +DISTVERSION= 5.23.0 +CATEGORIES= sysutils +MASTER_SITES+= https://github.com/ocochard/osquery/commit/:patches +DISTFILES+= 0c61e05a6.patch:patches +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} \ + ocochard-linenoise-ng-2c90f29_GH0${EXTRACT_SUFX} + +PATCH_SITES= https://github.com/ocochard/osquery/commit/ +PATCHFILES= 48489383b.patch:-p1 \ + 410f2e4c1.patch:-p1 \ + 3a9eca878.patch:-p1 \ + 1adc6ed41.patch:-p1 \ + b8433155f.patch:-p1 \ + fb97abae5.patch:-p1 \ + 797000ae7.patch:-p1 + +MAINTAINER= olivier@FreeBSD.org +COMMENT= SQL powered operating system instrumentation and analytics +WWW= https://osquery.io/ + +LICENSE= APACHE20 GPLv2 +LICENSE_COMB= multi +LICENSE_FILE_APACHE20= ${WRKSRC}/LICENSE + +ONLY_FOR_ARCHS= aarch64 amd64 +ONLY_FOR_ARCHS_REASON= osquery upstream only tests on x86_64 and aarch64 + +BUILD_DEPENDS= bash:shells/bash \ + ${LOCALBASE}/include/rapidjson/document.h:devel/rapidjson \ + ${LOCALBASE}/include/gtest/gtest_prod.h:devel/googletest +LIB_DEPENDS= libaugeas.so:textproc/augeas \ + libxml2.so:textproc/libxml2 \ + liblz4.so:archivers/liblz4 \ + libboost_filesystem.so:devel/boost-libs \ + libgflags.so:devel/gflags \ + libglog.so:devel/glog \ + librocksdb.so:databases/rocksdb \ + libtsk.so:sysutils/sleuthkit \ + libthrift.so:devel/thrift-cpp \ + libyara.so:security/yara \ + libzstd.so:archivers/zstd + +USES= cmake compiler:c++17-lang localbase:ldflags \ + pkgconfig python:build,3.7+ sqlite ssl +USE_RC_SUBR= osqueryd + +USE_GITHUB= yes +GH_ACCOUNT= osquery +GH_TAGNAME= ${DISTVERSION} +GH_TUPLE= ocochard:linenoise-ng:2c90f29:linenoiseng/libraries/cmake/source/linenoise-ng/src + +EXTRA_PATCHES= ${WRKDIR}/0c61e05a6-freebsd.patch:-p1 + +CMAKE_OFF= OSQUERY_BUILD_TESTS \ + OSQUERY_BUILD_BPF \ + OSQUERY_BUILD_DPKG \ + OSQUERY_BUILD_ETW \ + OSQUERY_BUILD_AWS + +CMAKE_ARGS= -DOSQUERY_TOOLCHAIN_SYSROOT= \ + -DOSQUERY_VERSION=${DISTVERSION} + +PLIST_FILES= bin/osqueryd \ + bin/osqueryi + +post-extract: + @${SED} \ + -e '/^diff --git a\/libraries\/cmake\/source\/linenoise-ng\/src/,/^diff --git/{/^diff --git a\/libraries\/cmake\/source\/linenoise-ng\/src/d; /^diff --git/!d;}' \ + ${DISTDIR}/0c61e05a6.patch > ${WRKDIR}/0c61e05a6-freebsd.patch + +.include <bsd.port.mk> diff --git a/sysutils/osquery/distinfo b/sysutils/osquery/distinfo new file mode 100644 index 000000000000..d0e0d331878d --- /dev/null +++ b/sysutils/osquery/distinfo @@ -0,0 +1,21 @@ +TIMESTAMP = 1778600376 +SHA256 (0c61e05a6.patch) = e572c2d676dcfb38f69f1adff92ed688988ac9c5d582110f713eeaeb614a514b +SIZE (0c61e05a6.patch) = 10413 +SHA256 (osquery-osquery-5.23.0_GH0.tar.gz) = 6bcc3c4bd4e05c33744e5c3be0b07e08abc1962cc7f0744777858296f34306ee +SIZE (osquery-osquery-5.23.0_GH0.tar.gz) = 4524365 +SHA256 (ocochard-linenoise-ng-2c90f29_GH0.tar.gz) = 2ce92ab62557ebbccf5d6f5898ee34eae2cadbb81069c23b992933f8ff0466bf +SIZE (ocochard-linenoise-ng-2c90f29_GH0.tar.gz) = 42719 +SHA256 (48489383b.patch) = c376aa4badb38590a644e3bc85c6a4a58f7b38cf5b1b4925d6e99b5c12341255 +SIZE (48489383b.patch) = 4028 +SHA256 (410f2e4c1.patch) = 759f9ee501eb9fd73ba73a7dd4af723ab70bf5c4815c635da8ff46596a4c1a76 +SIZE (410f2e4c1.patch) = 29031 +SHA256 (3a9eca878.patch) = 6427df9c356092c2b8a0d136442f10f97a226ae6e736f2df588395c9ca0218af +SIZE (3a9eca878.patch) = 49293 +SHA256 (1adc6ed41.patch) = 0989dc2a3dd154930334bd52148de3bed6961b1067d0b64137674e2b4eab7073 +SIZE (1adc6ed41.patch) = 61149 +SHA256 (b8433155f.patch) = 4e4fb8d1b46c0e39eeaba44690b58c72906b473a8004e65ad4375297a8769ff5 +SIZE (b8433155f.patch) = 8027 +SHA256 (fb97abae5.patch) = 24087cf967096320c2cdc1c2b304b30c2540513037675ba511d18a8b7d148025 +SIZE (fb97abae5.patch) = 14205 +SHA256 (797000ae7.patch) = fd86e2ee6b2e6c2d182fb73e4b755747b4925b776364f4bebbc6cb457a92d987 +SIZE (797000ae7.patch) = 1955 diff --git a/sysutils/osquery/files/osqueryd.in b/sysutils/osquery/files/osqueryd.in new file mode 100644 index 000000000000..362de250ff38 --- /dev/null +++ b/sysutils/osquery/files/osqueryd.in @@ -0,0 +1,76 @@ +#!/bin/sh +# +# PROVIDE: osqueryd +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf to enable osqueryd: +# +# osqueryd_enable="YES" +# +# osqueryd_flagfile (path): Path to osquery flagfile. +# Default: %%PREFIX%%/etc/osquery/osquery.flags +# osqueryd_config (path): Path to osquery config file. +# Default: %%PREFIX%%/etc/osquery/osquery.conf +# osqueryd_pidfile (path): Path to pidfile. +# Default: /var/run/osqueryd.pid +# osqueryd_database_path (path): Path to RocksDB state. +# Default: /var/db/osquery/osquery.db +# osqueryd_logger_path (path): Directory for result/status logs. +# Default: /var/log/osquery +# osqueryd_user (user): Run as this user. osqueryd needs root for many +# tables (processes, openbsm, devd, kernel_info, etc.); the default is +# "root" and changing it will silently disable a large fraction of tables. +# Default: root +# osqueryd_flags (str): Extra command-line flags appended to osqueryd. + +. /etc/rc.subr + +name="osqueryd" +rcvar="osqueryd_enable" + +load_rc_config "${name}" + +: ${osqueryd_enable:="NO"} +: ${osqueryd_flagfile:="%%PREFIX%%/etc/osquery/osquery.flags"} +: ${osqueryd_config:="%%PREFIX%%/etc/osquery/osquery.conf"} +: ${osqueryd_pidfile:="/var/run/osqueryd.pid"} +: ${osqueryd_database_path:="/var/db/osquery/osquery.db"} +: ${osqueryd_logger_path:="/var/log/osquery"} +: ${osqueryd_user:="root"} +: ${osqueryd_flags:=""} + +pidfile="${osqueryd_pidfile}" +command="%%PREFIX%%/bin/osqueryd" +start_precmd="osqueryd_prestart" + +osqueryd_prestart() +{ + if [ ! -d "${osqueryd_logger_path}" ]; then + install -d -o "${osqueryd_user}" -m 0750 \ + "${osqueryd_logger_path}" + fi + if [ ! -d "$(dirname "${osqueryd_database_path}")" ]; then + install -d -o "${osqueryd_user}" -m 0750 \ + "$(dirname "${osqueryd_database_path}")" + fi + return 0 +} + +# Compose command_args. Flagfile / config are appended only when present so +# the daemon starts cleanly on a fresh install before the operator has +# populated them. +command_args="--pidfile ${osqueryd_pidfile} \ + --database_path ${osqueryd_database_path} \ + --logger_path ${osqueryd_logger_path} \ + --daemonize" + +if [ -r "${osqueryd_flagfile}" ]; then + command_args="${command_args} --flagfile ${osqueryd_flagfile}" +fi +if [ -r "${osqueryd_config}" ]; then + command_args="${command_args} --config_path ${osqueryd_config}" +fi +command_args="${command_args} ${osqueryd_flags}" + +run_rc_command "$1" diff --git a/sysutils/osquery/pkg-descr b/sysutils/osquery/pkg-descr new file mode 100644 index 000000000000..29703e89edc8 --- /dev/null +++ b/sysutils/osquery/pkg-descr @@ -0,0 +1,5 @@ +osquery exposes an operating system as a high-performance relational database. +This allows you to write SQL-based queries to explore operating system data. +With osquery, SQL tables represent abstract concepts such as running processes, +loaded kernel modules, open network connections, browser plugins, hardware +events or file hashes.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a03613b.3dcf4.218927f7>