From ae96b757dd6a37fd67002c9d3b930606a11d96ce Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 09:55:10 -0800 Subject: [PATCH 1/6] wip --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 396cdf3..df0df35 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,7 @@ on: push: branches: - master + - plugins tags: - v*brim* workflow_dispatch: From af54541eda0c59fb49d3ca9d119019afebecdcda Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 09:58:07 -0800 Subject: [PATCH 2/6] Attempt to build a plugin on macOS/Linux --- .github/workflows/release.yml | 4 ++-- release.sh | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df0df35..5492dbf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,7 +4,7 @@ on: pull_request: push: branches: - - master + - main - plugins tags: - v*brim* @@ -17,7 +17,7 @@ jobs: release: strategy: matrix: - platform: [macos-12, ubuntu-20.04, windows-2019] + platform: [macos-12, ubuntu-20.04] runs-on: ${{ matrix.platform }} steps: diff --git a/release.sh b/release.sh index 8357f4f..7f8e5cb 100755 --- a/release.sh +++ b/release.sh @@ -73,6 +73,7 @@ install_zeek_package() { $sudo pip3 install btest wheel +install_zeek_package corelight/zeek-community-id 181a104b99d9019771ece7e489e46f2268b746d8 install_zeek_package brimdata/geoip-conn c9dd7f0f8d40573189b2ed2bae9fad478743cfdf install_zeek_package salesforce/hassh 76a47abe9382109ce9ba530e7f1d7014a4a95209 install_zeek_package salesforce/ja3 421dd4f3616b533e6971bb700289c6bb8355e707 From 35f6c4eee9f63adcc717b4993eb8159131cdc47d Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 10:28:47 -0800 Subject: [PATCH 3/6] wip --- release.sh | 9 +++------ zeekrunner | 1 - zeekrunner.go | 6 +----- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/release.sh b/release.sh index 7f8e5cb..7ac82ec 100755 --- a/release.sh +++ b/release.sh @@ -50,11 +50,8 @@ install_zeek_package() { build_command=$(zkg_meta package build_command) if [ "$build_command" ]; then - if [ "$OS" = Windows_NT ]; then - export LDFLAGS='-static -Wl,--allow-multiple-definition' - fi - sh -c "$build_command" - $sudo tar -xf build/*.tgz -C /usr/local/zeek/lib/zeek/plugins + echo "building plugins not currently supported" + exit 1 fi test_command=$(zkg_meta package test_command) @@ -86,7 +83,7 @@ echo "@load policy/protocols/conn/community-id-logging" | $sudo tee -a /usr/loca mkdir -p zeek/bin zeek/lib/zeek zeek/share/zeek cp zeekrunner$exe zeek/ cp /usr/local/zeek/bin/zeek$exe zeek/bin/ -cp -R /usr/local/zeek/lib/zeek/plugins zeek/lib/zeek/ +cp -R zeek/lib/zeek/ for d in base policy site builtin-plugins; do cp -R /usr/local/zeek/share/zeek/$d zeek/share/zeek/ done diff --git a/zeekrunner b/zeekrunner index f26b785..ae095e7 100755 --- a/zeekrunner +++ b/zeekrunner @@ -3,7 +3,6 @@ dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" export ZEEKPATH=$dir/share/zeek:$dir/share/zeek/policy:$dir/share/zeek/site -export ZEEK_PLUGIN_PATH=$dir/lib/zeek/plugins # The packet filter and loaded scripts are disabled because they emit either # timeless logs or logs with timestamp set to execution time rather than time diff --git a/zeekrunner.go b/zeekrunner.go index b74625c..d009448 100644 --- a/zeekrunner.go +++ b/zeekrunner.go @@ -23,9 +23,6 @@ var ( "share/zeek/policy", "share/zeek/site", } - zeekPluginRelPaths = []string{ - "lib/zeek/plugins", - } ) func pathEnvVar(name, topDir string, subdirs []string) string { @@ -46,13 +43,12 @@ event zeek_init() { func launchZeek(zdepsZeekDir, zeekExecPath string) error { zeekPath := pathEnvVar("ZEEKPATH", zdepsZeekDir, zeekPathRelPaths) - zeekPlugin := pathEnvVar("ZEEK_PLUGIN_PATH", zdepsZeekDir, zeekPluginRelPaths) cmd := exec.Command(zeekExecPath, "-C", "-r", "-", "--exec", ExecScript, "local") cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr - cmd.Env = append(os.Environ(), zeekPath, zeekPlugin) + cmd.Env = append(os.Environ(), zeekPath) return cmd.Run() } From 53888e7bdb4d1343805315421b0de69e8e3e48b3 Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 10:50:38 -0800 Subject: [PATCH 4/6] wip --- .github/workflows/release.yml | 2 +- release.sh | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5492dbf..e59be7e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: release: strategy: matrix: - platform: [macos-12, ubuntu-20.04] + platform: [macos-12, ubuntu-20.04, windows-2019] runs-on: ${{ matrix.platform }} steps: diff --git a/release.sh b/release.sh index 7ac82ec..5aae1f5 100755 --- a/release.sh +++ b/release.sh @@ -70,7 +70,6 @@ install_zeek_package() { $sudo pip3 install btest wheel -install_zeek_package corelight/zeek-community-id 181a104b99d9019771ece7e489e46f2268b746d8 install_zeek_package brimdata/geoip-conn c9dd7f0f8d40573189b2ed2bae9fad478743cfdf install_zeek_package salesforce/hassh 76a47abe9382109ce9ba530e7f1d7014a4a95209 install_zeek_package salesforce/ja3 421dd4f3616b533e6971bb700289c6bb8355e707 From b757dbecb19a5f8982b67f959aff4659851ee8e7 Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 11:12:20 -0800 Subject: [PATCH 5/6] wip --- release.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/release.sh b/release.sh index 5aae1f5..1eadb1a 100755 --- a/release.sh +++ b/release.sh @@ -82,7 +82,6 @@ echo "@load policy/protocols/conn/community-id-logging" | $sudo tee -a /usr/loca mkdir -p zeek/bin zeek/lib/zeek zeek/share/zeek cp zeekrunner$exe zeek/ cp /usr/local/zeek/bin/zeek$exe zeek/bin/ -cp -R zeek/lib/zeek/ for d in base policy site builtin-plugins; do cp -R /usr/local/zeek/share/zeek/$d zeek/share/zeek/ done From 92efab3d4a04911144d02017c69eaaf337e27a93 Mon Sep 17 00:00:00 2001 From: Phil Rzewski Date: Wed, 3 Jan 2024 12:02:29 -0800 Subject: [PATCH 6/6] Don't run on this branch --- .github/workflows/release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e59be7e..d397550 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,6 @@ on: push: branches: - main - - plugins tags: - v*brim* workflow_dispatch: