The package was originally broken as reported in #38940 and
facebook/osquery#4257. The latest version (3.x) contains several
important fixes for GCC 7, so now we can compile without a much less
complicated patches.
The following changes were needed to fix the derivation:
* Upgrade `osquery/third-party` to the latest rev to be compliant with
osquery 3.
* Keep using an override for the AWS SDK (for a lower closure size and
less compile time), but make the `ec2` API available.
* Added the dependencies `fpm`, `zstd`, `rdkafka`, `rapidjson` to the
build. `linenoise-ng` is obsolete as it's directly bundled with
`osquery/third-party`.
* Fixed the linking issue with `gflags` as recommended in the mailing
list: https://groups.google.com/d/msg/nix-devel/l1blj-mWxtI/J3CwPATBCAAJ
* Dropped the obsolete dependencies `cpp-netlib`, `lz4`, `apt` and
`devicemapper` (thanks @Infinisil).
* Override `OSQUERY_PLATFORM` to provide `nixos:version`
for sandbox and non-NixOS based builds. The `platform-nixos.patch`
file is now obsolete (thanks @flokli).
The patch was rebased against the 3.x branch of `osquery` and contains
mostly old changes. Additionally several testing targets were skipped as
they broke the build.
The functionality has been testing using the following command:
```
mkdir /tmp/osq.log/
./result/bin/osqueryd --pidfile /tmp/osq.pid \
--database_path /tmp/test.db --logger_path /tmp/osq.log
```
With the daemon running the database can be queried easily using
`./result/bin/osqueryi`.
Fixes ticket #38940
See ticket #36453
Further reference can be gathered from the affected Hydra logs for
the master branch: https://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.osquery.x86_64-linux