Conversation
|
Pinging @elastic/secops |
|
jenkins, test this plz |
| // or more contributor license agreements. Licensed under the Elastic License; | ||
| // you may not use this file except in compliance with the Elastic License. | ||
|
|
||
| // +build linux |
There was a problem hiding this comment.
linux,cgo better reflects the requirements of the file. Likewise anywhere that uses a tag that's meant to be the opposite should be updated (I think that would be // +build !linux !cgo).
You'll want to update anything that depends on this file directly to include the same label. This should allow for CGO_ENABLED=0 go build to still work on Linux.
There was a problem hiding this comment.
Thanks, should be done with the latest commit. I tested CGO_ENABLED=0 go build on linux.
|
jenkins, test this plz |
cwurm
left a comment
There was a problem hiding this comment.
Thanks for rebasing it, @tsg! Just one test failure on Windows related to build constraints (see comment), and the docs page @andrewkroh mentioned.
LGTM otherwise, if the relevant parts of CI go green.
| // or more contributor license agreements. Licensed under the Elastic License; | ||
| // you may not use this file except in compliance with the Elastic License. | ||
|
|
||
| // +build !linux !cgo |
There was a problem hiding this comment.
Should be // +build !linux,!windows !cgo,!windows, I think. The definition for Package is not available for Windows because package.go is // +build !windows.
There was a problem hiding this comment.
Thanks, trying it as an extra // + build !windows line, I think that should work as well.
|
There is a system test in Unfortunately, it's already wrong at the moment (testing for "debian" which does not cover Ubuntu). I'd have fixed it but didn't want to cause a merge conflict here. It's tricky because Python does not have an exact out of the box equivalent to the Go code (which ultimately parses Maybe we could do: |
|
jenkins, test this pls |
|
jenkins, test this |
|
jenkins, test this just one more time |
|
All green except an unrelated Metricbeat test. I was hoping for an all-green, but I think this is good to merge. |
* Add RPM packages support to the package dataset (cherry picked from commit 99d09ea)
* Add RPM packages support to the package dataset (cherry picked from commit 99d09ea)
This takes over the code from #9092 and rebases it on top of master.
This adds support for programmatically reading the list of RPM packages. The previous version was using exec (called the rpm binary), but we'd like to keep Auditbeat exec free, because execs are currently blocked by seccomp, as a security feature.
Using the model from Journalbeat, the new code uses dlopen get the relevant C functions and calls them using CGo. This means that librpm is not a hard dependency, but only for when this functionality is needed.