Cherry-pick #10429 to 6.7: Add rpm packaging rebase#10623
Conversation
* Add RPM packages support to the package dataset (cherry picked from commit 99d09ea)
| RPMTAG_URL = 1020 | ||
| RPMTAG_ARCH = 1022 | ||
| RPMTAG_SIZE = 1009 | ||
| RPMTAG_INSTALLTIME = 1008 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| RPMTAG_LICENSE = 1014 | ||
| RPMTAG_URL = 1020 | ||
| RPMTAG_ARCH = 1022 | ||
| RPMTAG_SIZE = 1009 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| RPMTAG_SUMMARY = 1004 | ||
| RPMTAG_LICENSE = 1014 | ||
| RPMTAG_URL = 1020 | ||
| RPMTAG_ARCH = 1022 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| RPMTAG_RELEASE = 1002 | ||
| RPMTAG_SUMMARY = 1004 | ||
| RPMTAG_LICENSE = 1014 | ||
| RPMTAG_URL = 1020 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| RPMTAG_VERSION = 1001 | ||
| RPMTAG_RELEASE = 1002 | ||
| RPMTAG_SUMMARY = 1004 | ||
| RPMTAG_LICENSE = 1014 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| RPMTAG_NAME = 1000 | ||
| RPMTAG_VERSION = 1001 | ||
| RPMTAG_RELEASE = 1002 | ||
| RPMTAG_SUMMARY = 1004 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| const ( | ||
| RPMTAG_NAME = 1000 | ||
| RPMTAG_VERSION = 1001 | ||
| RPMTAG_RELEASE = 1002 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
| // Constants in sync with /usr/include/rpm/rpmtag.h | ||
| const ( | ||
| RPMTAG_NAME = 1000 | ||
| RPMTAG_VERSION = 1001 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
|
|
||
| // Constants in sync with /usr/include/rpm/rpmtag.h | ||
| const ( | ||
| RPMTAG_NAME = 1000 |
There was a problem hiding this comment.
don't use ALL_CAPS in Go names; use CamelCase
|
Merged because all tests were green and it was already reviewed. |
Cherry-pick of PR #10429 to 6.7 branch. Original message:
This takes over the code from #9092 and rebases it on top of master.
This adds support for programmatically reading the list of RPM packages. The previous version was using exec (called the rpm binary), but we'd like to keep Auditbeat exec free, because execs are currently blocked by seccomp, as a security feature.
Using the model from Journalbeat, the new code uses dlopen get the relevant C functions and calls them using CGo. This means that librpm is not a hard dependency, but only for when this functionality is needed.