# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4

PortSystem          1.0
PortGroup           cmake 1.1
PortGroup           github 1.0

github.setup        osquery osquery 4.3.0
# Change github.tarball_from to 'releases' or 'archive' next update
github.tarball_from tarball

description         SQL powered operating system instrumentation, monitoring, \
                    and analytics.

long_description    osquery exposes an operating system as a high-performance \
                    relational database. This allows you to write SQL-based \
                    queries to explore operating system data. With osquery, \
                    SQL tables represent abstract concepts such as running \
                    processes, loaded kernel modules, open network \
                    connections, browser plugins, hardware events or file \
                    hashes.

maintainers         {gmail.com:herby.gillot @herbygillot} openmaintainer

homepage            https://osquery.io

categories          sysutils

license             Apache-2 \
                    GPL-2

# The osquery build process requires the git repository as it pulls in a
# large amount of its dependencies as git submodules.
fetch.type          git

configure.args-append \
    -DOSQUERY_VERSION="${version}"

depends_build-append \
    port:python38

patchfiles \
    patch-default_paths.h.diff \
    patch-lenses-path-augeas.cpp.diff \
    patch-macports-cmake-packaging.cmake.diff

set osq_data_dir    ${prefix}/var/db/${name}
set osq_conf_dir    ${prefix}/etc/${name}
set osq_log_dir     ${prefix}/var/log/${name}
set osq_run_dir     ${prefix}/var/run/${name}
set osq_share_dir   ${prefix}/share/${name}
set osq_plist_dir   org.macports.${name}
set osq_plist_file  org.macports.${name}.plist
set osq_flags_file  ${name}.flags


destroot.keepdirs-append \
    ${osq_data_dir} \
    ${osq_conf_dir} \
    ${osq_log_dir} \
    ${osq_run_dir}

post-patch {

    reinplace "s|@SHAREPATH@|${osq_share_dir}|g" \
        ${worksrcpath}/osquery/tables/system/posix/augeas.cpp

    reinplace "s|@CONFPATH@|${osq_conf_dir}|g" \
        ${worksrcpath}/osquery/utils/config/default_paths.h

    reinplace "s|@DATAPATH@|${osq_data_dir}|g" \
        ${worksrcpath}/osquery/utils/config/default_paths.h

    reinplace "s|@RUNPATH@|${osq_run_dir}|g" \
        ${worksrcpath}/osquery/utils/config/default_paths.h

    reinplace "s|@LOGPATH@|${osq_log_dir}|g" \
        ${worksrcpath}/osquery/utils/config/default_paths.h

    reinplace "s|@SHAREPATH@|${osq_share_dir}|g" \
        ${worksrcpath}/osquery/utils/config/default_paths.h

    copy ${filespath}/${osq_plist_file} ${workpath}/

    reinplace "s|@PREFIX@|${prefix}|g"          ${workpath}/${osq_plist_file}
    reinplace "s|@CONFPATH@|${osq_conf_dir}|g"  ${workpath}/${osq_plist_file}

    copy ${filespath}/${osq_flags_file} ${workpath}/

    reinplace "s|@CONFPATH@|${osq_conf_dir}|g"  ${workpath}/${osq_flags_file}
}

post-destroot {

    xinstall -m 755 -o root -g wheel -d ${destroot}${osq_conf_dir}
    xinstall -m 755 -o root -g wheel -d ${destroot}${osq_data_dir}
    xinstall -m 755 -o root -g wheel -d ${destroot}${osq_log_dir}
    xinstall -m 755 -o root -g wheel -d ${destroot}${osq_run_dir}

    copy ${workpath}/${osq_flags_file}  ${destroot}${osq_share_dir}/

    xinstall -d -m 755 ${destroot}${prefix}/etc/LaunchDaemons/${osq_plist_dir}

    xinstall -m 0644 -o root -W ${workpath} ${osq_plist_file} \
        ${destroot}${prefix}/etc/LaunchDaemons/${osq_plist_dir}/

    xinstall -d -m 755 ${destroot}/Library/LaunchDaemons

    ln -s ${prefix}/etc/LaunchDaemons/${osq_plist_dir}/${osq_plist_file} \
        ${destroot}/Library/LaunchDaemons/${osq_plist_file}
}

post-activate {

    if {![file exists ${osq_conf_dir}/osquery.conf]} {
        copy ${osq_share_dir}/osquery.example.conf ${osq_conf_dir}/osquery.conf
    }

    if {![file exists ${osq_conf_dir}/${osq_flags_file}]} {
        copy ${osq_share_dir}/${osq_flags_file} ${osq_conf_dir}/
    }
}

notes "
osquery's configuration can be found in:

    ${osq_conf_dir}

...and query packs can be found in:

    ${osq_share_dir}/packs

To enable the osquery service, use `port load`:

\$ sudo port load osquery

...and use `port unload` to disable:

\$ sudo port unload osquery

Once running, logs can be found in:

    ${osq_log_dir}
"
