Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry-pick #21936 to 7.x: [Auditbeat] dynamically find librpm.so #22024

Merged
merged 1 commit into from
Oct 21, 2020
Merged

Cherry-pick #21936 to 7.x: [Auditbeat] dynamically find librpm.so #22024

merged 1 commit into from
Oct 21, 2020

Conversation

leehinman
Copy link
Contributor

@leehinman leehinman commented Oct 20, 2020
edited by zube bot
Loading

Cherry-pick of PR #21936 to 7.x branch. Original message:

What does this PR do?

Auditbeat uses librpm to determine
information about installed packages. To do this auditbeat needs to
dlopen the librpm dynamic library. The version number and thus
filename of the library changes over time. Previously we had a list
of acceptable values, but this caused librpm to not be loaded when
there was a new version. This change uses the information in the elf
header of the rpm binary to determine the exact path of librpm (and
thus version) that the rpm binary on the system uses. A fallback of
"librpm.so" is also provided. If systems have the rpm-devel package
installed then this symlink is available.

Why is it important?

Stops us from having to update an accepted list of librpm.so filenames
when new version of rpm based Linux distributions are released.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files
    - [ ] I have added tests that prove my fix is effective or that my feature works
    - [ ] I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

Install & start auditbeat on systems with and without rpm-devel
installed. Package module should start without errors.

Related issues

@leehinman
dynamically find librpm (elastic#21936)
614f274 
- use elf header of rpm binary to find version of librpm
- use librpm.so as fallback, provided by rpm-devel

Closes elastic#19287

(cherry picked from commit 37dc557)
@leehinman leehinman requested a review from a team as a code owner October 20, 2020 14:21
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@botelastic botelastic bot added needs_team Indicates that the issue/PR needs a Team:* label and removed needs_team Indicates that the issue/PR needs a Team:* label labels Oct 20, 2020
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview

Expand to view the summary

Build stats

  • Build Cause: [Pull request #22024 opened]

  • Start Time: 2020-10-20T14:22:30.232+0000

  • Duration: 41 min 51 sec

Test stats 🧪

Test Results
Failed 0
Passed 228
Skipped 33
Total 261

@leehinman leehinman merged commit 114058d into elastic:7.x Oct 21, 2020
@zube zube bot removed the [zube]: Done label Jan 20, 2021
@leehinman leehinman deleted the backport_21936_7.x branch May 14, 2021 14:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaiyan-sheng kaiyan-sheng kaiyan-sheng approved these changes

Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leehinman @elasticmachine @kaiyan-sheng