Refactor third-party libraries to build from source on Linux (osquery#5706)

Add a way to compile third-party libraries from source instead of downloading prebuilt ones.
Each library source code is downloaded with git into a submodule at configure time,
in response to the find_package(library_name) CMake call,
except for OpenSSL where the official source archive is used.
Each submodule is attached to a release tag on its own upstream repository.
All the libraries are built using CMake directly, except for OpenSSL which uses a formula system,
which permits to build libraries with a separate build system
when there's no easy way to integrate it directly with CMake.

This new dependency system determines which library is fetched from where using the concept of "layers".
Currently we have three of them: source, formula, facebook,
where the last layer represents the pre-built libraries.
The provided order will be used when looking for libraries.

A system to patch submodule source code has been added and it's currently used with googletest, libudev and util-linux.
Patches should be put under libraries/cmake/source/<library name>/patches/<submodule>,
where <submodule> is often one and is "src", but in other cases, like AWS,
there are multiple with a more specific name.
If for whatever reason the submodule cloning or the patching fails,
the submodule has to be unregistered and its folder should be cleared.
This should be achievable with "git submodule deinit -f <submodule path>"

Following some other changes on existing functionality:

- Changed the CMake variable BUILD_TESTING to OSQUERY_BUILD_TESTS
  to avoid enabling tests on third party libraries.
  Due to an issue with glog the BUILD_TESTING variable
  will be always forced to OFF.
- Moved compiler and linker flags to their own file cmake/flags.cmake
- Moved all the third-party CMakeLists.txt used for pre-built libraries under libraries/cmake/facebook
- Added the --exclude-folders option to tools/format-check.py and tools/git-clang-format.py,
  so that it's possible to ignore any third party library source code.
- The format and format_check target use the new --exclude-folders option
  to exclude libraries/cmake/source from formatting.
- The test and osquery binaries are properly compiled with PIE (osquery#5611)

Co-authored-by: Stefano Bonicatti <[email protected]>
Co-authored-by: Teddy Reed <[email protected]>

Author: 3 people

.gitignore

@@ -30,7 +30,6 @@ build/
 # Run Artifacts
 *.log
 *.orig
-*.patch
 *.rej
 
 # Vagrant Artifacts

.gitmodules

@@ -0,0 +1,126 @@
+[submodule "libraries/cmake/source/bzip2/src"]
+	path = libraries/cmake/source/bzip2/src
+	url = https://sourceware.org/git/bzip2.git
+[submodule "libraries/cmake/source/libarchive/src"]
+	path = libraries/cmake/source/libarchive/src
+	url = https://github.com/libarchive/libarchive
+[submodule "libraries/cmake/source/libmagic/src"]
+	path = libraries/cmake/source/libmagic/src
+	url = https://github.com/file/file
+[submodule "libraries/cmake/source/libudev/src"]
+	path = libraries/cmake/source/libudev/src
+	url = https://github.com/systemd/systemd
+[submodule "libraries/cmake/source/libxml2/src"]
+	path = libraries/cmake/source/libxml2/src
+	url = https://github.com/GNOME/libxml2
+[submodule "libraries/cmake/source/linenoise-ng/src"]
+	path = libraries/cmake/source/linenoise-ng/src
+	url = https://github.com/arangodb/linenoise-ng
+[submodule "libraries/cmake/source/lzma/src"]
+	path = libraries/cmake/source/lzma/src
+	url = https://github.com/xz-mirror/xz
+[submodule "libraries/cmake/source/rapidjson/src"]
+	path = libraries/cmake/source/rapidjson/src
+	url = https://github.com/Tencent/rapidjson
+[submodule "libraries/cmake/source/rocksdb/src"]
+	path = libraries/cmake/source/rocksdb/src
+	url = https://github.com/facebook/rocksdb
+[submodule "libraries/cmake/source/sleuthkit/src"]
+	path = libraries/cmake/source/sleuthkit/src
+	url = https://github.com/sleuthkit/sleuthkit
+[submodule "libraries/cmake/source/sqlite/src"]
+	path = libraries/cmake/source/sqlite/src
+	url = https://github.com/osquery/third-party-sqlite
+[submodule "libraries/cmake/source/ssdeep-cpp/src"]
+	path = libraries/cmake/source/ssdeep-cpp/src
+	url = https://github.com/ssdeep-project/ssdeep
+[submodule "libraries/cmake/source/thrift/src"]
+	path = libraries/cmake/source/thrift/src
+	url = https://github.com/apache/thrift
+[submodule "libraries/cmake/source/util-linux/src"]
+	path = libraries/cmake/source/util-linux/src
+	url = https://git.kernel.org/pub/scm/utils/util-linux/util-linux
+[submodule "libraries/cmake/source/yara/src"]
+	path = libraries/cmake/source/yara/src
+	url = https://github.com/VirusTotal/yara
+[submodule "libraries/cmake/source/zlib/src"]
+	path = libraries/cmake/source/zlib/src
+	url = https://github.com/madler/zlib
+[submodule "libraries/cmake/source/zstd/src"]
+	path = libraries/cmake/source/zstd/src
+	url = https://github.com/facebook/zstd
+[submodule "libraries/cmake/source/augeas/src"]
+	path = libraries/cmake/source/augeas/src
+	url = https://github.com/hercules-team/augeas
+[submodule "libraries/cmake/source/smartmontools/src"]
+	path = libraries/cmake/source/smartmontools/src
+	url = https://github.com/osquery/third-party-smartmontools
+[submodule "libraries/cmake/source/berkeley-db/src"]
+	path = libraries/cmake/source/berkeley-db/src
+	url = https://github.com/osquery/third-party-berkeley-db
+[submodule "libraries/cmake/source/librpm/src"]
+	path = libraries/cmake/source/librpm/src
+	url = https://github.com/rpm-software-management/rpm
+[submodule "libraries/cmake/source/popt/src"]
+	path = libraries/cmake/source/popt/src
+	url = https://github.com/osquery/third-party-popt
+[submodule "libraries/cmake/source/libdpkg/src"]
+	path = libraries/cmake/source/libdpkg/src
+	url = https://git.dpkg.org/cgit/dpkg/dpkg.git
+[submodule "libraries/cmake/source/libaudit/src"]
+	path = libraries/cmake/source/libaudit/src
+	url = https://github.com/linux-audit/audit-userspace
+[submodule "libraries/cmake/source/libelfin/src"]
+	path = libraries/cmake/source/libelfin/src
+	url = https://github.com/aclements/libelfin
+[submodule "libraries/cmake/source/libgcrypt/src"]
+	path = libraries/cmake/source/libgcrypt/src
+	url = https://dev.gnupg.org/source/libgcrypt.git
+[submodule "libraries/cmake/source/libgpg-error/src"]
+	path = libraries/cmake/source/libgpg-error/src
+	url = https://dev.gnupg.org/source/libgpg-error.git
+[submodule "libraries/cmake/source/libcryptsetup/src"]
+	path = libraries/cmake/source/libcryptsetup/src
+	url = https://gitlab.com/cryptsetup/cryptsetup.git
+[submodule "libraries/cmake/source/libdevmapper/src"]
+	path = libraries/cmake/source/libdevmapper/src
+	url = https://github.com/lvmteam/lvm2
+[submodule "libraries/cmake/source/libiptables/src"]
+	path = libraries/cmake/source/libiptables/src
+	url = https://github.com/osquery/third-party-iptables
+[submodule "libraries/cmake/source/librdkafka/src"]
+	path = libraries/cmake/source/librdkafka/src
+	url = https://github.com/edenhill/librdkafka
+[submodule "libraries/cmake/source/lldpd/src"]
+	path = libraries/cmake/source/lldpd/src
+	url = https://github.com/vincentbernat/lldpd
+[submodule "libraries/cmake/source/googletest/src"]
+	path = libraries/cmake/source/googletest/src
+	url = https://github.com/google/googletest
+[submodule "libraries/cmake/source/glog/src"]
+	path = libraries/cmake/source/glog/src
+	url = https://github.com/google/glog
+[submodule "libraries/cmake/source/gflags/src"]
+	path = libraries/cmake/source/gflags/src
+	url = https://github.com/gflags/gflags
+[submodule "libraries/cmake/source/aws-sdk-cpp/aws-c-common_src"]
+	path = libraries/cmake/source/aws-sdk-cpp/aws-c-common_src
+	url = https://github.com/awslabs/aws-c-common
+[submodule "libraries/cmake/source/aws-sdk-cpp/aws-c-event-stream_src"]
+	path = libraries/cmake/source/aws-sdk-cpp/aws-c-event-stream_src
+	url = https://github.com/awslabs/aws-c-event-stream
+[submodule "libraries/cmake/source/aws-sdk-cpp/aws-checksums_src"]
+	path = libraries/cmake/source/aws-sdk-cpp/aws-checksums_src
+	url = https://github.com/awslabs/aws-checksums
+[submodule "libraries/cmake/source/aws-sdk-cpp/aws-sdk-cpp_src"]
+	path = libraries/cmake/source/aws-sdk-cpp/aws-sdk-cpp_src
+	url = https://github.com/aws/aws-sdk-cpp
+[submodule "libraries/cmake/source/boost/src"]
+	path = libraries/cmake/source/boost/src
+	url = https://github.com/boostorg/boost
+[submodule "libraries/cmake/source/icu/src"]
+	path = libraries/cmake/source/icu/src
+	url = https://github.com/unicode-org/icu
+[submodule "libraries/cmake/source/augeas/gnulib/src"]
+	path = libraries/cmake/source/augeas/gnulib/src
+	url = https://github.com/osquery/third-party-gnulib

CMakeLists.txt

@@ -5,15 +5,19 @@
 # the LICENSE file found in the root directory of this source tree.
 
 cmake_minimum_required(VERSION 3.13.3)
+
+cmake_policy(SET CMP0083 NEW)
+
 project(osquery)
 
-if(BUILD_TESTING)
+if(OSQUERY_BUILD_TESTS)
   enable_testing()
 endif()
 
 include(cmake/globals.cmake)
 include(cmake/utilities.cmake)
 include(cmake/options.cmake)
+include(cmake/flags.cmake)
 include(cmake/packaging.cmake)
 
 function(main)
@@ -32,25 +36,130 @@ function(main)
     endif()
   endif()
 
-  generateGlobalSettingsTargets()
-
   findPythonExecutablePath()
   generateSpecialTargets()
 
-  add_subdirectory("third-party")
+  add_subdirectory("libraries")
+  importLibraries()
+
   add_subdirectory("osquery")
   add_subdirectory("plugins")
   add_subdirectory("tools")
   add_subdirectory("specs")
 
-  if(BUILD_TESTING)
+  if(OSQUERY_BUILD_TESTS)
     add_subdirectory("tests")
   endif()
 
   identifyPackagingSystem()
   generateInstallTargets()
   generatePackageTarget()
+endfunction()
+
+function(importLibraries)
+  set(python_module_list
+    markupsafe
+    jinja2
+  )
+
+  set(library_descriptor_list
+    "Linux,Darwin:augeas"
+    "Linux:berkeley-db"
+    "Linux,Darwin,Windows:boost"
+    "Linux,Darwin,Windows:bzip2"
+    "Linux,Darwin,Windows:gflags"
+    "Linux,Darwin:glibc"
+    "Linux,Darwin,Windows:glog"
+    "Linux,Darwin,Windows:googletest"
+    "Linux,Darwin,Windows:libarchive"
+    "Linux:libaudit"
+    "Linux:libcryptsetup"
+    "Linux:libdevmapper"
+    "Linux:libdpkg"
+    "Linux:libelfin"
+    "Linux:libgcrypt"
+    "Linux:libgpg-error"
+    "Linux:libiptables"
+    "Linux,Darwin:libmagic"
+    "Linux,Darwin:librdkafka"
+    "Linux:librpm"
+    "Linux:libudev"
+    "Linux,Darwin:libxml2"
+    "Linux,Darwin,Windows:linenoise-ng"
+    "Linux,Darwin:lldpd"
+    "Linux:lzma"
+    "Linux,Darwin:popt"
+    "Linux,Darwin,Windows:rapidjson"
+    "Linux,Darwin,Windows:rocksdb"
+    "Linux,Darwin:sleuthkit"
+    "Linux,Darwin:smartmontools"
+    "Linux,Darwin,Windows:sqlite"
+    "Linux,Darwin:ssdeep-cpp"
+    "Linux,Darwin,Windows:thrift"
+    "Linux:util-linux"
+    "Linux,Darwin:yara"
+    "Linux,Darwin,Windows:zlib"
+    "Linux,Darwin,Windows:zstd"
+    "Linux,Darwin,Windows:openssl"
+    "Linux,Darwin,Windows:aws-sdk-cpp"
+  )
+
+  foreach(python_module ${python_module_list})
+    find_package("${python_module}" REQUIRED)
+  endforeach()
+
+  foreach(library_descriptor ${library_descriptor_list})
+    # Expand the library descriptor
+    string(REPLACE ":" ";" library_descriptor "${library_descriptor}")
+
+    list(GET library_descriptor 0 platform_list)
+    list(GET library_descriptor 1 library)
+
+    string(REPLACE "," ";" platform_list "${platform_list}")
 
+    list(FIND platform_list "${CMAKE_SYSTEM_NAME}" platform_index)
+    if(platform_index EQUAL -1)
+      continue()
+    endif()
+
+    find_package("${library}" REQUIRED)
+
+    # Facebook-provided libraries always come with the thirdparty_ prefix
+    if(TARGET "thirdparty_${library}")
+      continue()
+
+    # For generic libraries that import the library name, let's create
+    # an alias
+    elseif(TARGET "${library}")
+      add_library("thirdparty_${library}" ALIAS "${library}")
+
+    # Legacy libraries will just export variables; build a new INTERFACE
+    # target with them
+    elseif(DEFINED "${library}_LIBRARIES")
+      if(NOT DEFINED "${library}_INCLUDE_DIRS")
+        message(FATAL_ERROR "Variable ${library}_INCLUDE_DIRS was not found!")
+      endif()
+
+      add_library("thirdparty_${library}" INTERFACE)
+
+      target_link_libraries("thirdparty_${library}" INTERFACE
+        ${library}_LIBRARIES
+      )
+
+      target_include_directories("thirdparty_${library}" INTERFACE
+        ${library}_INCLUDE_DIRS
+      )
+
+      if(DEFINED "${library}_DEFINITIONS")
+        target_compile_definitions("thirdparty_${library}" INTERFACE
+          ${library}_DEFINITIONS
+        )
+      endif()
+
+    else()
+      message(FATAL_ERROR "The '${library}' was found but it couldn't be imported correctly")
+    endif()
+  endforeach()
 endfunction()
 
 main()

azure-pipelines.yml

@@ -20,9 +20,11 @@ jobs:
       vmImage: 'Ubuntu-16.04'
 
     container:
-      image: trailofbits/osql-experimental:ubuntu-18.04
+      image: trailofbits/osquery:ubuntu-18.04
       options: --privileged
 
+    timeoutInMinutes: 120
+
     steps:
     - script: mkdir $(Build.BinariesDirectory)/build
       displayName: "Create build folder"
@@ -35,7 +37,7 @@ jobs:
           -DCMAKE_BUILD_TYPE=$(BUILD_TYPE)
           -DCMAKE_C_COMPILER=clang
           -DCMAKE_CXX_COMPILER=clang++
-          -DBUILD_TESTING=ON
+          -DOSQUERY_BUILD_TESTS=ON
           $(EXTRA_CMAKE_ARGS)
           $(Build.SourcesDirectory)
 
@@ -141,7 +143,7 @@ jobs:
     steps:
     - script: |
         brew upgrade
-        brew install ccache
+        brew install ccache flex bison
       displayName: "Install Homebrew and prerequisites"
       timeoutInMinutes: 20
 
@@ -152,7 +154,7 @@ jobs:
       displayName: "Configure osquery"
       inputs:
         workingDirectory: $(Build.BinariesDirectory)/build
-        cmakeArgs: -DCMAKE_BUILD_TYPE=$(BUILD_TYPE) -DBUILD_TESTING=ON $(EXTRA_CMAKE_ARGS) $(Build.SourcesDirectory)
+        cmakeArgs: -DCMAKE_BUILD_TYPE=$(BUILD_TYPE) -DOSQUERY_BUILD_TESTS=ON $(EXTRA_CMAKE_ARGS) $(Build.SourcesDirectory)
 
     - task: CMake@1
       displayName: "Build osquery"
@@ -251,7 +253,7 @@ jobs:
       displayName: "Configure osquery"
       inputs:
         workingDirectory: $(Build.BinariesDirectory)\build
-        cmakeArgs: -G "Visual Studio 15 2017 Win64" -T host=x64 -DBUILD_TESTING=ON $(Build.SourcesDirectory)
+        cmakeArgs: -G "Visual Studio 15 2017 Win64" -T host=x64 -DOSQUERY_BUILD_TESTS=ON $(Build.SourcesDirectory)
 
     - task: CMake@1
       displayName: "Build osquery"