Update to 2.4.0, with working osqueryd support.

Approved by:	zi

sysutils/osquery/Makefile

@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	osquery
-PORTVERSION=	1.4.7
-PORTREVISION=	7
+PORTVERSION=	2.4.0
 CATEGORIES=	sysutils
 
 MAINTAINER=	zi@FreeBSD.org
@@ -12,26 +11,22 @@ COMMENT=	SQL powered OS instrumentation, monitoring, and analytics
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-BUILD_DEPENDS=	snappy>0:archivers/snappy \
-		rocksdb>0:databases/rocksdb \
-		thrift>0:devel/thrift \
-		thrift-cpp>0:devel/thrift-cpp \
+BUILD_DEPENDS=	thrift>0:devel/thrift \
 		bash>0:shells/bash \
-		yara>0:security/yara \
-		doxygen:devel/doxygen \
-		${PYTHON_PKGNAMEPREFIX}MarkupSafe>0:textproc/py-MarkupSafe \
-		${PYTHON_PKGNAMEPREFIX}psutil>0:sysutils/py-psutil \
-		${PYTHON_PKGNAMEPREFIX}pexpect>0:misc/py-pexpect \
-		${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2  \
-		${PYTHON_PKGNAMEPREFIX}thrift>0:devel/py-thrift \
-		${PYTHON_PKGNAMEPREFIX}pip>0:devel/py-pip
-LIB_DEPENDS=	libboost_regex.so:devel/boost-libs \
+		linenoise-ng>0:devel/linenoise-ng \
+		asio>0:net/asio \
+		${PYTHON_PKGNAMEPREFIX}Jinja2>0:devel/py-Jinja2
+LIB_DEPENDS=	libaugeas.so:textproc/augeas \
+		libboost_regex.so:devel/boost-libs \
 		libgflags.so:devel/gflags \
-		libicuuc.so:devel/icu
-
-BROKEN=		does not build (error: no matching constructor for initialization of 'gflags::FlagRegisterer')
-DEPRECATED=	repeated build and dependency issues, upstream unable to assist
-EXPIRATION_DATE=2017-04-28
+		libglog.so:devel/glog \
+		libicuuc.so:devel/icu \
+		libthrift.so:devel/thrift-cpp \
+		libtsk.so:sysutils/sleuthkit \
+		libcppnetlib-uri.so:devel/cpp-netlib \
+		librocksdb-lite.so:databases/rocksdb-lite \
+		libyara.so:security/yara \
+		liblldpctl.so:net-mgmt/lldpd
 
 USES=		cmake:outsource gmake libtool python:build compiler:c++11-lib
 CONFIGURE_ENV+=	OSQUERY_BUILD_VERSION="${PORTVERSION}" HOME="${WRKDIR}" \
@@ -46,19 +41,11 @@ GH_SUBDIR=	third-party:tp
 MAKE_JOBS_UNSAFE=	yes
 
 post-patch:
-	${REINPLACE_CMD} -e 's|/var/osquery|/var/db/osquery|g' \
-		${WRKSRC}/osquery/core/init.cpp
-	${REINPLACE_CMD} -e 's|/var/osquery/osquery.em|/var/run/osquery.em|g' \
-		-e 's|/etc/osquery/extensions.load|${PREFIX}/etc/osquery.extensions|g' \
-		-e 's|/etc/osquery/modules.load|${PREFIX}/etc/osquery.modules|g' \
-		${WRKSRC}/osquery/extensions/extensions.cpp
-	${REINPLACE_CMD} -e 's|/var/osquery/osquery.conf|${PREFIX}/etc/osquery.conf|g' \
-		${WRKSRC}/osquery/config/plugins/filesystem.cpp
 	${REINPLACE_CMD} -e 's|/var/osquery/|/var/db/osquery/|g' \
 		${WRKSRC}/tools/deployment/osquery.example.conf
-	${REINPLACE_CMD} -e 's|python |${PYTHON_CMD} |g' \
-		${WRKSRC}/CMake/CMakeLibs.cmake \
-		${WRKSRC}/CMakeLists.txt
+	${REINPLACE_CMD} -e 's|python|${PYTHON_CMD}|g' \
+		${WRKSRC}/CMakeLists.txt \
+		${WRKSRC}/tools/get_platform.py
 
 do-install:
 	${INSTALL_PROGRAM} ${BLDDIR}/osqueryi ${STAGEDIR}${PREFIX}/bin
@@ -69,5 +56,6 @@ do-install:
 		${STAGEDIR}${PREFIX}/etc/osquery.conf.sample
 
 	${MKDIR} ${STAGEDIR}/var/db/osquery
+	${MKDIR} ${STAGEDIR}/var/log/osquery
 
 .include <bsd.port.mk>

sysutils/osquery/distinfo

@@ -1,4 +1,5 @@
-SHA256 (facebook-osquery-1.4.7_GH0.tar.gz) = da0b648159e8a9677152a2d2b3140d5a61e34b637c408c21462d07629d3b64c2
-SIZE (facebook-osquery-1.4.7_GH0.tar.gz) = 459762
-SHA256 (osquery-third-party-1.4.7_GH0.tar.gz) = baf57d27ca739d876e8da472c162552c6bb740cf4d723ffab4826a4abee83045
-SIZE (osquery-third-party-1.4.7_GH0.tar.gz) = 5509720
+TIMESTAMP = 1492024136
+SHA256 (facebook-osquery-2.4.0_GH0.tar.gz) = e5c3f01ac10ac9a9732f9610921cea8e8a7234a18061cf58e22dc86b2b74d685
+SIZE (facebook-osquery-2.4.0_GH0.tar.gz) = 874186
+SHA256 (osquery-third-party-2.4.0_GH0.tar.gz) = 729830902faa4f438c77dfdce849bfbc862501591e3a51154f0e0fbe14af7ede
+SIZE (osquery-third-party-2.4.0_GH0.tar.gz) = 3864623

sysutils/osquery/files/osqueryd.in

@@ -23,7 +23,7 @@ osqueryd_enable=${osqueryd_enable-"NO"}
 osqueryd_flags=${osqueryd_flags-""}
 osqueryd_config=${osqueryd_config-"%%PREFIX%%/etc/osquery.conf"}
 required_files=${osqueryd_config}
-command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --config_path=${osqueryd_config}"
+command_args="--pidfile /var/run/osqueryd.pid --disable_watchdog --daemonize=true --database_path /var/db/osquery/osqueryd --extensions_socket /var/run/osquery.em --extensions_autoload %%PREFIX%%/etc/osquery.extensions --modules_autoload %%PREFIX%%/etc/osquery.modules --config_path=${osqueryd_config}"
 extra_commands="configtest"
 configtest_cmd="configtest"
 pidfile="/var/run/osqueryd.pid"

sysutils/osquery/files/patch-osquery_CMakeLists.txt

@@ -1,11 +0,0 @@
---- osquery/CMakeLists.txt.orig	2015-07-03 23:09:06 UTC
-+++ osquery/CMakeLists.txt
-@@ -54,7 +54,7 @@ endif()
- # The remaining boost libraries are discovered with find_library.
- ADD_OSQUERY_LINK_CORE("boost_system")
- ADD_OSQUERY_LINK_CORE("boost_filesystem")
--ADD_OSQUERY_LINK_CORE("boost_regex")
-+ADD_OSQUERY_LINK_CORE("-lboost_regex")
- ADD_OSQUERY_LINK_CORE("yara")
- 
- if(DEFINED ENV{SANITIZE})

sysutils/osquery/files/patch-osquery_core_init.cpp

@@ -1,22 +0,0 @@
---- osquery/core/init.cpp.orig	2015-07-03 22:32:52 UTC
-+++ osquery/core/init.cpp
-@@ -31,6 +31,10 @@
- #include "osquery/core/watcher.h"
- #include "osquery/database/db_handle.h"
- 
-+#ifdef __FreeBSD__
-+#include <sys/resource.h>
-+#endif
-+
- #ifdef __linux__
- #include <sys/resource.h>
- #include <sys/syscall.h>
-@@ -238,7 +242,7 @@ void Initializer::initDaemon() {
- #ifdef __linux__
-     // Using: ioprio_set(IOPRIO_WHO_PGRP, 0, IOPRIO_CLASS_IDLE);
-     syscall(SYS_ioprio_set, IOPRIO_WHO_PGRP, 0, IOPRIO_CLASS_IDLE);
--#elif defined(__APPLE__) || defined(__FreeBSD__)
-+#elif defined(__APPLE__)
-     setiopolicy_np(IOPOL_TYPE_DISK, IOPOL_SCOPE_PROCESS, IOPOL_THROTTLE);
- #endif
-   }

sysutils/osquery/files/patch-third-party_glog_src_glog_stl__logging.h.in

@@ -1,26 +0,0 @@
---- third-party/glog/src/glog/stl_logging.h.in.orig	2015-04-16 17:06:51 UTC
-+++ third-party/glog/src/glog/stl_logging.h.in
-@@ -76,6 +76,9 @@
- #ifdef GLOG_STL_LOGGING_FOR_EXT_SLIST
- # include <ext/slist>
- #endif
-+#ifdef GLOG_STL_LOGGING_FOR_FORWARD_LIST
-+# include <forward_list>
-+#endif
- 
- // Forward declare these two, and define them after all the container streams
- // operators so that we can recurse from pair -> container -> container -> pair
-@@ -101,9 +104,13 @@ inline std::ostream& operator<<(std::ost
- OUTPUT_TWO_ARG_CONTAINER(std::vector)
- OUTPUT_TWO_ARG_CONTAINER(std::deque)
- OUTPUT_TWO_ARG_CONTAINER(std::list)
-+
- #ifdef GLOG_STL_LOGGING_FOR_EXT_SLIST
- OUTPUT_TWO_ARG_CONTAINER(__gnu_cxx::slist)
- #endif
-+#ifdef GLOG_STL_LOGGING_FOR_FORWARD_LIST
-+OUTPUT_TWO_ARG_CONTAINER(std::forward_list)
-+#endif
- 
- #undef OUTPUT_TWO_ARG_CONTAINER
- 

sysutils/osquery/files/patch-third-party_glog_src_googletest.h

@@ -1,13 +0,0 @@
---- third-party/glog/src/googletest.h.orig	2015-04-16 17:06:51 UTC
-+++ third-party/glog/src/googletest.h
-@@ -58,6 +58,10 @@
- 
- #include "base/commandlineflags.h"
- 
-+#ifdef HAVE_LIB_GFLAGS
-+#include <gflags/gflags.h>
-+using namespace gflags;
-+#endif
- using std::map;
- using std::string;
- using std::vector;

sysutils/osquery/files/patch-third-party_glog_src_logging__unittest.cc

@@ -1,10 +0,0 @@
---- third-party/glog/src/logging_unittest.cc.orig	2015-05-10 14:03:15 UTC
-+++ third-party/glog/src/logging_unittest.cc
-@@ -61,6 +61,7 @@ DECLARE_string(log_backtrace_at);  // lo
- 
- #ifdef HAVE_LIB_GFLAGS
- #include <gflags/gflags.h>
-+using namespace gflags;
- #endif
- 
- #ifdef HAVE_LIB_GMOCK

sysutils/osquery/files/patch-third-party_glog_src_stacktrace__unittest.cc

@@ -1,19 +0,0 @@
---- third-party/glog/src/stacktrace_unittest.cc.orig	2015-05-05 12:29:29 UTC
-+++ third-party/glog/src/stacktrace_unittest.cc
-@@ -125,16 +125,6 @@ void ATTRIBUTE_NOINLINE CheckStackTraceL
-   CHECK_GE(size, 1);
-   CHECK_LE(size, STACK_LEN);
- 
--  if (1) {
--#ifdef HAVE_EXECINFO_H
--    char **strings = backtrace_symbols(stack, size);
--    printf("Obtained %d stack frames.\n", size);
--    for (int i = 0; i < size; i++)
--      printf("%s %p\n", strings[i], stack[i]);
--    printf("CheckStackTrace() addr: %p\n", &CheckStackTrace);
--    free(strings);
--#endif
--  }
-   for (int i = 0; i < BACKTRACE_STEPS; i++) {
-     printf("Backtrace %d: expected: %p..%p  actual: %p ... ",
-            i, expected_range[i].start, expected_range[i].end, stack[i]);

sysutils/osquery/files/patch-third-party_glog_src_stl__logging__unittest.cc

@@ -1,10 +0,0 @@
---- third-party/glog/src/stl_logging_unittest.cc.orig	2015-04-16 17:06:51 UTC
-+++ third-party/glog/src/stl_logging_unittest.cc
-@@ -41,6 +41,7 @@
- // C++0x isn't enabled by default in GCC and libc++ does not have
- // non-standard ext/* and tr1/unordered_*.
- # if defined(_LIBCPP_VERSION)
-+#  define GLOG_STL_LOGGING_FOR_FORWARD_LIST
- #  define GLOG_STL_LOGGING_FOR_UNORDERED
- # else
- #  define GLOG_STL_LOGGING_FOR_EXT_HASH

sysutils/osquery/pkg-message

@@ -1,11 +0,0 @@
-This is the initial release of the FreeBSD port for osquery.
-
-We aren't anywhere near 100% feature parity when compared to
-Linux, however, we are actively working to get there.
-
-osqueryd does not yet have the required functionality to run,
-however, osqueryi (the interactive CLI version) can perform
-basic tasks.
-
-Please submit patches as pull requests here:
-https://github.com/facebook/osquery

sysutils/osquery/pkg-plist

@@ -1,19 +1,23 @@
 bin/osqueryi
 @dir /var/db/osquery
+@dir /var/log/osquery
 include/osquery/config.h
 include/osquery/core.h
 include/osquery/database.h
+include/osquery/dispatcher.h
+include/osquery/distributed.h
 include/osquery/enroll.h
 include/osquery/events.h
 include/osquery/extensions.h
 include/osquery/filesystem.h
 include/osquery/flags.h
-include/osquery/hash.h
 include/osquery/logger.h
+include/osquery/packs.h
 include/osquery/registry.h
 include/osquery/sdk.h
 include/osquery/sql.h
 include/osquery/status.h
+include/osquery/system.h
 include/osquery/tables.h
 lib/libosquery.a
 sbin/osqueryd