diff options
author | Holger Hoffstätte <holger@applied-asynchrony.com> | 2024-07-05 13:03:23 +0200 |
---|---|---|
committer | Yixun Lan <dlan@gentoo.org> | 2024-07-24 12:35:01 +0000 |
commit | c4a467c13e1f031fe2718064635c2ae7f5a3c58b (patch) | |
tree | a11a07f36378f6b76bb33147a757579feb0eb8ed | |
parent | dev-debug/scap-driver: add 0.17.2 (diff) | |
download | gentoo-c4a467c13e1f031fe2718064635c2ae7f5a3c58b.tar.gz gentoo-c4a467c13e1f031fe2718064635c2ae7f5a3c58b.tar.bz2 gentoo-c4a467c13e1f031fe2718064635c2ae7f5a3c58b.zip |
dev-debug/sysdig: add 0.38.1
Starting with this up-to-date release we can finally rely on
properly versioned falcosecurity-libs, support more platforms
and eventually add support for the eBPF probe, obviating the
need for the classic scap kernel module.
Note that this release has the "modern eBPF" probe disabled
until the necessary dependencies (llvm etc.) have been sorted
out and tested.
Closes: https://bugs.gentoo.org/934889
Closes: https://github.com/gentoo/gentoo/pull/37446
Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com>
Signed-off-by: Yixun Lan <dlan@gentoo.org>
-rw-r--r-- | dev-debug/sysdig/Manifest | 2 | ||||
-rw-r--r-- | dev-debug/sysdig/files/0.38.1-libs-no-libanl.patch | 21 | ||||
-rw-r--r-- | dev-debug/sysdig/files/0.38.1-scap-loader.patch | 32 | ||||
-rw-r--r-- | dev-debug/sysdig/sysdig-0.38.1.ebuild | 132 |
4 files changed, 187 insertions, 0 deletions
diff --git a/dev-debug/sysdig/Manifest b/dev-debug/sysdig/Manifest index 234cd960eb7a..8685c6b8bc09 100644 --- a/dev-debug/sysdig/Manifest +++ b/dev-debug/sysdig/Manifest @@ -1,2 +1,4 @@ +DIST falcosecurity-libs-0.17.2.tar.gz 4424458 BLAKE2B cbe3a689d3d93a6896b94fd54b35665b11263c07690a36d40617651f97806b0177af657824f62259df95a984d598a34c17ff942c73e3abd774569607dc22380f SHA512 8bb449d91c12225c08d678ea9a8e97a5b5e8828788b56d5b83ec3b3c6ad5e25d4f56120dba523ac9c593d02ee155026e2d4d47587be6f73f373f06fe7ddc2a0c DIST falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz 816972 BLAKE2B b47ae6a7677935500ebdab8aea7f4c49ef50b7175ec097e7213a1f041ac2b5aa642379924927ec12c84271016e9ab9d191c0c1d4ffacd6ade58b7a03c37f9221 SHA512 65e5916e5f9507fd867a5e9ba3b2670a1b73b7672a22479d3019e948a52ad74441d7e2ce1c74ebd0fdbd1ce66808efa49f285bd5180bceae9d4e6730a60787ce DIST sysdig-0.29.3.tar.gz 306984 BLAKE2B 51e9a0a085fa91d65963fd33e00b139d97d22b551de8ca85e48b4af73991897378970dfde54754a970e79300f06a54bad1d9c8fdfdb44f24150d0b21077e423f SHA512 1dbe1195f245921c671ed2343325aee79fd0cde34681b9cab445135662d3ed7c84884e46b2270c0e868b5de1a3f2800b84e8bf9fcf0dfe581dd17e2e633f46d8 +DIST sysdig-0.38.1.tar.gz 67528905 BLAKE2B 9b0e0f337bf64df200b44f7e23c64d00477d6ebfb2bc995dcb04951c8e25fb9274431022b8fa54f54851436f063b79d1268045ba686e97fb0195922bc8dfcf28 SHA512 17275c029368b203ec590cf448a33275bd6c20b81be77edcd393f1a3c04e6c4714c7286b6268823bb0c629d52a88cd97f7b3ef588bd10a000b65de23eb5b5a45 diff --git a/dev-debug/sysdig/files/0.38.1-libs-no-libanl.patch b/dev-debug/sysdig/files/0.38.1-libs-no-libanl.patch new file mode 100644 index 000000000000..f1b10b3f07cd --- /dev/null +++ b/dev-debug/sysdig/files/0.38.1-libs-no-libanl.patch @@ -0,0 +1,21 @@ + +Do not attempt to link against libanl on musl. + +Bug: https://bugs.gentoo.org/929907 +Bug: https://github.com/falcosecurity/libs/issues/1948 + +Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com> + +--- libs-0.17.2/userspace/libsinsp/CMakeLists.txt~ 2024-06-14 11:38:50.000000000 +0200 ++++ libs-0.17.2/userspace/libsinsp/CMakeLists.txt 2024-07-05 00:18:03.326406540 +0200 +@@ -258,8 +258,8 @@ if(NOT WIN32) + ) + + if(NOT MUSL_OPTIMIZED_BUILD) +- target_link_libraries(sinsp INTERFACE rt anl) +- list(APPEND SINSP_PKGCONFIG_LIBRARIES rt anl) ++ target_link_libraries(sinsp INTERFACE rt) ++ list(APPEND SINSP_PKGCONFIG_LIBRARIES rt) + endif() + + else() diff --git a/dev-debug/sysdig/files/0.38.1-scap-loader.patch b/dev-debug/sysdig/files/0.38.1-scap-loader.patch new file mode 100644 index 000000000000..1f350948b37a --- /dev/null +++ b/dev-debug/sysdig/files/0.38.1-scap-loader.patch @@ -0,0 +1,32 @@ + +Sanitize the scap loader script to not attempt driver downloads or compilation +by default, which would not work anyway as sysdig does not host prebuilt modules +for Gentoo. + +Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com> + +--- sysdig-0.38.0/scripts/scap-driver-loader.in~ 2024-06-17 11:14:55.000000000 +0200 ++++ sysdig-0.38.0/scripts/scap-driver-loader.in 2024-06-17 11:14:55.000000000 +0200 +@@ -662,8 +662,8 @@ print_usage() { + echo "Options:" + echo " --help show brief help" + echo " --clean try to remove an already present driver installation" +- echo " --compile try to compile the driver locally (default true)" +- echo " --download try to download a prebuilt driver (default true)" ++ echo " --compile try to compile the driver locally (default false)" ++ echo " --download try to download a prebuilt driver (default false)" + echo " --source-only skip execution and allow sourcing in another script" + echo "" + echo "Environment variables:" +@@ -770,11 +770,6 @@ while test $# -gt 0; do + esac + done + +-if [ -z "$has_opts" ]; then +- ENABLE_COMPILE="yes" +- ENABLE_DOWNLOAD="yes" +-fi +- + if [ -z "$source_only" ]; then + echo "* Running scap-driver-loader for: driver version=${DRIVER_VERSION}, arch=${ARCH}, kernel release=${KERNEL_RELEASE}, kernel version=${KERNEL_VERSION}" + diff --git a/dev-debug/sysdig/sysdig-0.38.1.ebuild b/dev-debug/sysdig/sysdig-0.38.1.ebuild new file mode 100644 index 000000000000..937c2a94f1eb --- /dev/null +++ b/dev-debug/sysdig/sysdig-0.38.1.ebuild @@ -0,0 +1,132 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( luajit ) + +inherit bash-completion-r1 cmake lua-single + +DESCRIPTION="A system exploration and troubleshooting tool" +HOMEPAGE="https://sysdig.com/" + +# The version of falcosecurity-libs required by sysdig as source tree +LIBS_VERSION="0.17.2" +SRC_URI="https://github.com/draios/sysdig/archive/${PV}.tar.gz -> ${P}.tar.gz + https://github.com/falcosecurity/libs/archive/${LIBS_VERSION}.tar.gz -> falcosecurity-libs-${LIBS_VERSION}.tar.gz" + +# The driver version as found in cmake/modules/driver.cmake +DRIVER_VERSION="7.2.0+driver" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="+modules" +REQUIRED_USE="${LUA_REQUIRED_USE}" + +RDEPEND="${LUA_DEPS} + dev-cpp/tbb:= + dev-cpp/yaml-cpp:= + dev-libs/jsoncpp:= + dev-libs/libb64:= + dev-libs/openssl:= + dev-libs/protobuf:= + dev-libs/re2:= + dev-libs/uthash + net-dns/c-ares:= + net-libs/grpc:= + net-misc/curl + sys-libs/ncurses:= + sys-libs/zlib:= + virtual/libelf:=" + +DEPEND="${RDEPEND} + dev-cpp/nlohmann_json + dev-cpp/valijson + virtual/os-headers" + +# pin the driver to the falcosecurity-libs version +PDEPEND="modules? ( =dev-debug/scap-driver-${LIBS_VERSION}* )" + +PATCHES=( "${FILESDIR}/${PV}-scap-loader.patch" ) + +src_prepare() { + # manually apply patches to falcosecurity-libs dependency + pushd "${WORKDIR}" + # musl has no libanl (#929227) + if [ ${ELIBC} == "musl" ] ; then + eapply -p0 "${FILESDIR}/${PV}-libs-no-libanl.patch" || die + fi + popd + + # do not build with debugging info + sed -i -e 's/-ggdb//g' CMakeLists.txt "${WORKDIR}"/libs-${LIBS_VERSION}/cmake/modules/CompilerFlags.cmake || die + + # fix the driver version + sed -i -e 's/0.0.0-local/${DRIVER_VERSION}/g' cmake/modules/driver.cmake || die + + cmake_src_prepare +} + +src_configure() { + # known problems with strict aliasing: + # https://github.com/falcosecurity/libs/issues/1964 + append-flags -fno-strict-aliasing + + # multiple issues with LTO (known/in progress) + # https://github.com/falcosecurity/libs/issues/1963 + filter-lto + + local mycmakeargs=( + # do not build the kernel driver + -DBUILD_DRIVER=OFF + + # libscap examples are not installed or really useful + -DBUILD_LIBSCAP_EXAMPLES=OFF + + # do not build internal libs as shared + -DBUILD_SHARED_LIBS=OFF + + # do not build eBPF driver for now + -DBUILD_SYSDIG_MODERN_BPF=OFF + + # set driver version to prevent downloading (don't ask..) + -DDRIVER_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}/driver + -DDRIVER_VERSION=${DRIVER_VERSION} + + # point sysdig to the libs tree + -DFALCOSECURITY_LIBS_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION} + + # explicitly set sysdig version - required for some reason + -DSYSDIG_VERSION=${PV} + + # do not use bundled dependencies for sysdig + -DUSE_BUNDLED_DEPS=OFF + + # do not use bundled dependencies for falcosecurity-libs + -DUSE_BUNDLED_B64=OFF + -DUSE_BUNDLED_JSONCPP=OFF + -DUSE_BUNDLED_RE2=OFF + -DUSE_BUNDLED_TBB=OFF + -DUSE_BUNDLED_VALIJSON=OFF + + # set valijson include path to prevent downloading + -DVALIJSON_INCLUDE="${ESYSROOT}"/usr/include + + # enable chisels + -DWITH_CHISEL=ON + ) + + cmake_src_configure +} + +src_install() { + cmake_src_install + + # remove driver headers + rm -r "${ED}"/usr/src || die + + # move bashcomp to the proper location + dobashcomp "${ED}"/usr/etc/bash_completion.d/sysdig || die + rm -r "${ED}"/usr/etc || die +} |