radosroka
commented
10 months ago How do you build fapolicyd? Can you elaborate?
Closed ehousey closed 9 months ago
radosroka
commented
10 months ago How do you build fapolicyd? Can you elaborate?
ehousey
commented
10 months ago Hi radosroka,
Well, any RPM versions of fapolicyd I could find were not running on Amazon Linux 2 ("2" as in, before Amazon Linux 2023). Someone had posted steps on building fapolicyd from source to run on AL2, though a few of the steps were incorrect (at least for me). I reworked the steps and was able to build fapolicyd based on an Amazon Linux 2 system. running a 5.4 version of the kernel
But now, Amazon Linux 2023 is running kernel (6.1.56 at last peek), and the header file "uthash-devel.h" does not appear to be available for this newer version of the kernel. Hence I am stuck.
Ed
radosroka
commented
9 months ago Can you share the steps? I would like to see them. uthash is a separate package on fedora and on some older RHELs(not sure which releases) hence you can install it. If its not availabe we used to bundle it.
https://github.com/linux-application-whitelisting/fapolicyd/blob/main/fapolicyd.spec https://github.com/linux-application-whitelisting/fapolicyd/blob/main/fapolicyd-uthash-bundle.patch
ehousey
commented
9 months ago Hi radosroka,
Sure, here are the steps I used. I can try your uthash-bundle patch out and see if I can get any further. These steps were used to build an fapolicyd RPM on AL2. I'm trying to do the same thing but on AL 2023.
Thanks Ed
amazon-linux-extras install kernel-5.4 -y
yum -y -q install kernel
reboot
cd /usr/local/build
aws s3 cp s3://
tar -xzvpf /usr/local/build/fapolicyd-1.3.1.tar.gz -C /usr/local/build/
cd /usr/local/build/fapolicyd-1.3.1
amazon-linux-extras install epel -y
if [ -f /etc/yum.repos.d/nodesource-el7.repo ] then mv /etc/yum.repos.d/nodesource-el7.repo /home/ec2-user fi yum-builddep -y -q /usr/local/build/fapolicyd-1.3.1/fapolicyd.spec
./autogen.sh
./configure --with-rpm --with-audit --disable-shared --disable-dependency-tracking
cd /usr/local/build
rm -f /usr/local/build/fapolicyd-1.3.1.tar.gz
tar -czvf fapolicyd-1.3.1.tar.gz fapolicyd-1.3.1
mkdir -p /usr/local/build/SOURCES
rm -f /usr/local/build/SOURCES/fapolicyd-1.3.1.tar.gz ln -s /usr/local/build/fapolicyd-1.3.1.tar.gz /usr/local/build/SOURCES/fapolicyd-1.3.1.tar.gz
yum -y -q install rpm-build
#
rpmbuild --define "_topdir pwd" -ba fapolicyd-1.3.1/fapolicyd.spec
ls -l /usr/local/build/RPMS/x86_64/fapolicyd-1.3.1-1.x86_64.rpm
cd /usr/local/build/RPMS/x86_64 rpm -ivh fapolicyd-1.3.1-1.x86_64.rpm
radosroka
commented
9 months ago You need to also download uthash tarball with specific version see .spec file and put it to the right place.
radosroka
commented
9 months ago Btw have you tried to install uthash-devel manually?
ehousey
commented
9 months ago Hi radosroka,
Great news! I was able to successfully build the 1.0.4 version of fapolicyd on Amazon Linux 2023. Thank you for the reference to the uthash-devel RPM. I have included the steps I used to build the fapolicyd RPM for Amazon Linux 2023 below.
dnf -y groupinstall "Development Tools" dnf -y install pcre2-devel openssl-devel systemd-devel dnf-utils aws s3 cp s3://YOUR S3 BUCKET/uthash-devel-2.3.0-6.fc39.noarch.rpm . rpm -ivh uthash-devel-2.3.0-6.fc39.noarch.rpm
mkdir -p /usr/local/build cd /usr/local/build aws s3 cp s3://YOUR S3 BUCKET/fapolicyd-1.0.4.tar.gz . tar -xzvpf /usr/local/build/fapolicyd-1.0.4.tar.gz -C /usr/local/build/ cd /usr/local/build/fapolicyd-1.0.4
yum-builddep -y -q /usr/local/build/fapolicyd-1.0.4/fapolicyd.spec ./autogen.sh ./configure --with-rpm --with-audit --disable-shared --disable-dependency-tracking
cd /usr/local/build
rm -f /usr/local/build/fapolicyd-1.0.4.tar.gz
tar -czvf fapolicyd-1.0.4.tar.gz fapolicyd-1.0.4
mkdir -p /usr/local/build/SOURCES
rm -f /usr/local/build/SOURCES/fapolicyd-1.0.4.tar.gz ln -s /usr/local/build/fapolicyd-1.0.4.tar.gz /usr/local/build/SOURCES/fapolicyd-1.0.4.tar.gz
yum -y -q install rpm-build
rpmbuild --define "_topdir pwd" -ba fapolicyd-1.0.4/fapolicyd.spec
ls -l /usr/local/build/RPMS/x86_64/fapolicyd-1.0.4-1.x86_64.rpm
cd /usr/local/build/RPMS/x86_64 rpm -ivh fapolicyd-1.0.4-1.x86_64.rpm
Ed
Hi,
As we move to Amazon Linux 2023, which is based on the 6.1 version of the Linux kernel, fapolicyd does not build. An error is produced during the build dependency phase, looking for the "uthash-devel" rpm. This does not seem to exist for Amazon Linux 2023.
Has anyone been able to build fapolicyd for Amazon Linux 2023 (or a kernel based on 6.1) ?
Thank you, Ed