https://github.com/osquery/osquery logo
#general
Title
# general
m

Mystery Incorporated

01/27/2022, 6:36 AM
Did the debian repo get rolled back from 5.1? Because I have a bunch of ubuntu hosts on 5.1 and others on 5.0.1 and it seems that 5.0.1 is latest on debian repo?
a

alessandrogario

01/27/2022, 11:43 AM
Interesting, we'll check out the logs on our end; we don't update that repo manually, there's a procedure that will sign our packages from a verified public tag and then update the repository
The packages that we can see on the repo are:
Copy code
<Key>deb/osquery_5.1.0-1.linux_amd64.deb</Key>
<Key>deb/osquery_5.1.0-1.linux_arm64.deb</Key>
<Key>deb/pool/deb/main/o/osquery/osquery_5.1.0-1.linux_amd64.deb</Key>
<Key>deb/pool/deb/main/o/osquery/osquery_5.1.0-1.linux_arm64.deb</Key>
<Key>rpm/aarch64/osquery-5.1.0-1.linux.aarch64.rpm</Key>
<Key>rpm/osquery-5.1.0-1.linux.aarch64.rpm</Key>
<Key>rpm/osquery-5.1.0-1.linux.x86_64.rpm</Key>
<Key>rpm/x86_64/osquery-5.1.0-1.linux.x86_64.rpm</Key>

<Key>deb/osquery-dbgsym_5.1.0-1.linux_amd64.deb</Key>
<Key>deb/osquery-dbgsym_5.1.0-1.linux_arm64.deb</Key>
<Key>deb/pool/deb/main/o/osquery-dbgsym/osquery-dbgsym_5.1.0-1.linux_amd64.deb</Key>
<Key>deb/pool/deb/main/o/osquery-dbgsym/osquery-dbgsym_5.1.0-1.linux_arm64.deb</Key>
<Key>rpm/aarch64/osquery-debuginfo-5.1.0-1.linux.aarch64.rpm</Key>
<Key>rpm/osquery-debuginfo-5.1.0-1.linux.aarch64.rpm</Key>
<Key>rpm/osquery-debuginfo-5.1.0-1.linux.x86_64.rpm</Key>
<Key>rpm/x86_64/osquery-debuginfo-5.1.0-1.linux.x86_64.rpm</Key>
The raw packages are there, at least
I can confirm that the DEB repo is working fine
Copy code
# apt search osquery
Sorting... Done
Full Text Search... Done
osquery/deb 5.1.0-1.linux amd64
  osquery is an operating system instrumentation toolchain.

osquery-dbg/deb 4.0.2-1.linux amd64
  osquery is an operating system instrumentation toolchain.

osquery-dbgsym/deb 5.1.0-1.linux amd64
s

Stefano Bonicatti

01/27/2022, 12:06 PM
And just to clarify, there's only one repo for both Ubuntu and Debian
m

Mystery Incorporated

01/27/2022, 11:47 PM
That's really strange, if say I do
sudo apt install osquery
the response is:
osquery is already the newest version (5.0.1-1.linux).
How can that be? Of course I do sudo apt update to refresh the package list first
The repo it is targeting is
Hit:6 <https://pkg.osquery.io/deb> deb InRelease
a

alessandrogario

01/27/2022, 11:50 PM
can you maybe see if it was locked?
google tells me it's
Copy code
sudo apt-mark showhold
or dpkg --get-selections and some grep
s

Stefano Bonicatti

01/27/2022, 11:52 PM
Also, worth checking
/var/lib/apt/lists/pkg.osquery.io_deb_dists_deb_InRelease
and
/var/lib/apt/lists/pkg.osquery.io_deb_dists_deb_main_binary-amd64_Packages
m

Mystery Incorporated

01/27/2022, 11:54 PM
Oh I'm on arm64 when I cat /var/lib/apt/lists/pkg.osquery.io_deb_dists_deb_InRelease I see a lot of amd64 packages is that my issue?
I can see
e06b4237c43ceea31d98578272460bab 16016342 .refs/main/osquery_5.1.0-1.linux_arm64.deb
in that file actually
That file being
/var/lib/apt/lists/pkg.osquery.io_deb_dists_deb_InRelease
s

Stefano Bonicatti

01/27/2022, 11:57 PM
What about the Packages one? There should be an equivalent for arm64
m

Mystery Incorporated

01/27/2022, 11:58 PM
I think that might be my problem? It looks like it only has the file for amd64?
s

Stefano Bonicatti

01/27/2022, 11:59 PM
hum indeed
You might want to check how the repo has been defined in
/etc/apt/sources.list
m

Mystery Incorporated

01/28/2022, 12:00 AM
ok I'll need to change the arch from this I imagine
sudo add-apt-repository 'deb [arch=amd64] <https://pkg.osquery.io/deb> deb main'
s

Stefano Bonicatti

01/28/2022, 12:00 AM
yeah
m

Mystery Incorporated

01/28/2022, 12:02 AM
Yep that fixed it thanks for the help guys
I must have missed changing the arch type when adding the repo on a few hosts
2 Views