* [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs
@ 2023-08-11 15:27 Francis Laniel
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Francis Laniel @ 2023-08-11 15:27 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel
Hi.
With this contribution, I bumped sysdig and falcosecurity-libs.
Sadly, I am not fully satisfied with the result, hence the fact I marked it as
RFC because I would like to get your feedback to make it better.
First of all, sysdig builds and runs:
Welcome to Buildroot
buildroot login: root
# sysdig --version
sysdig version 0.31.4
# sysdig | head
scap: loading out-of-tree module taints kernel.
scap: driver loading, scap
scap: adding new consumer (____ptrval____)
scap: initializing ring buffer for CPU 0
scap: CPU buffer initialized, size=8388608
26 15:12:28.226519423 0 sysdig (108) > switch next=0 pgft_maj=10 pgft_min=1348 vm_size=47288 vm_rss=19408 vm_swap=0
27 15:12:28.227409149 0 <NA> (0) > switch next=13 pgft_maj=0 pgft_min=0 vm_size=0 vm_rss=0 vm_swap=0
...
Nonetheless, I had to increase the minimal size of the image as libsinsp.a is
quite big:
# du -sh /sysdig/libsinsp.a
171.4M /sysdig/libsinsp.a
I am not forcefully sure where this library is used, I will investigate and
maybe we can run everything without it.
Secondly, I had to tweak heavily the libscap CMakeLists.txt to install several
shared libraries.
Indeed, the libraries are compiled as static, but the sysdig binary is not
static, so it needs plenty of shared libraries to be run from the image.
I am not really sure what is the best solution here (either compiling sysdig as
static or not), but in any case my patch for CMakeLists.txt is not really clean.
Finally, I had to modify the magical number in falcosecurity-libs.mk for
API_VERSION and SCHEMA_VERSION.
While this is not really a big pain, I am wondering if this is not possible to
read the corresponding values from the corresponding files (i.e. API_VERSION and
SCHEMA_VERSION).
So, for future update we would not need to take care of it ourselves.
Changes since:
v1:
* Removed everything regarding VALIJSON in sysdig.mk.
* Bumped first falcosecurity-libs to avoid problem when building it.
* Added runtime test for sysdig.
Francis Laniel (3):
package/falcosecurity-libs: bump to version 0.10.5
package/sysdig: bump to version 0.31.4
support/testing/package: add new test for sysdig
.../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
.../falcosecurity-libs.hash | 2 +-
.../falcosecurity-libs/falcosecurity-libs.mk | 10 +--
package/sysdig/sysdig.hash | 2 +-
package/sysdig/sysdig.mk | 9 ++-
.../testing/tests/package/test_sysdig.config | 1 +
support/testing/tests/package/test_sysdig.py | 46 ++++++++++++++
7 files changed, 122 insertions(+), 9 deletions(-)
create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
create mode 100644 support/testing/tests/package/test_sysdig.config
create mode 100644 support/testing/tests/package/test_sysdig.py
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5
2023-08-11 15:27 [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Francis Laniel
@ 2023-08-11 15:27 ` Francis Laniel
2023-08-13 7:52 ` Yann E. MORIN
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4 Francis Laniel
` (2 subsequent siblings)
3 siblings, 1 reply; 7+ messages in thread
From: Francis Laniel @ 2023-08-11 15:27 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
.../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
.../falcosecurity-libs.hash | 2 +-
.../falcosecurity-libs/falcosecurity-libs.mk | 10 +--
3 files changed, 67 insertions(+), 6 deletions(-)
create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
diff --git a/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
new file mode 100644
index 0000000000..38a8bdd4f4
--- /dev/null
+++ b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
@@ -0,0 +1,61 @@
+From b6d847fe8aa0513c6d19bd8187133699b9c4efd3 Mon Sep 17 00:00:00 2001
+From: Francis Laniel <flaniel@linux.microsoft.com>
+Date: Fri, 28 Apr 2023 15:14:27 +0100
+Subject: [PATCH] cmake: Install shared libraries.
+
+This is needed as sysdig is compiled as a non static binary which relies on
+these libraries.
+
+Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
+---
+ cmake/modules/libelf.cmake | 2 +-
+ userspace/libscap/CMakeLists.txt | 16 +++++++++++++++-
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/cmake/modules/libelf.cmake b/cmake/modules/libelf.cmake
+index 8ca2f4f7..73d13d26 100644
+--- a/cmake/modules/libelf.cmake
++++ b/cmake/modules/libelf.cmake
+@@ -10,7 +10,7 @@ if(LIBELF_INCLUDE)
+ add_custom_target(libelf)
+ elseif(NOT USE_BUNDLED_LIBELF)
+ find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
+- find_library(LIBELF_LIB NAMES libelf.a libelf.so)
++ find_library(LIBELF_LIB NAMES libelf.so)
+ if(LIBELF_LIB)
+ message(STATUS "Found LIBELF: include: ${LIBELF_INCLUDE}, lib: ${LIBELF_LIB}")
+ else()
+diff --git a/userspace/libscap/CMakeLists.txt b/userspace/libscap/CMakeLists.txt
+index ae4760df..59378fea 100644
+--- a/userspace/libscap/CMakeLists.txt
++++ b/userspace/libscap/CMakeLists.txt
+@@ -70,7 +70,7 @@ endif()
+
+ include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+
+-add_library(scap STATIC
++add_library(scap SHARED
+ ${targetfiles})
+
+ if (CMAKE_SYSTEM_NAME MATCHES "SunOS")
+@@ -212,3 +212,17 @@ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND CMAKE_SYSTEM_NAME MATCHES "Linux
+ target_link_libraries(scap scap_engine_gvisor)
+ endif()
+ endif()
++
++install(TARGETS scap)
++install(TARGETS scap_engine_udig)
++install(TARGETS scap_engine_savefile)
++install(TARGETS scap_engine_bpf)
++install(TARGETS scap_engine_noop)
++install(TARGETS scap_engine_source_plugin)
++install(TARGETS scap_engine_kmod)
++install(TARGETS scap_engine_nodriver)
++install(TARGETS scap_event_schema)
++install(TARGETS scap_platform)
++install(TARGETS scap_engine_util)
++install(TARGETS scap_error)
++install(TARGETS driver_event_schema)
+--
+2.34.1
+
diff --git a/package/falcosecurity-libs/falcosecurity-libs.hash b/package/falcosecurity-libs/falcosecurity-libs.hash
index 2e239ca2fe..ef805cbcf6 100644
--- a/package/falcosecurity-libs/falcosecurity-libs.hash
+++ b/package/falcosecurity-libs/falcosecurity-libs.hash
@@ -1,5 +1,5 @@
# sha256 locally computed
-sha256 80903bc57b7f9c5f24298ecf1531cf66ef571681b4bd1e05f6e4db704ffb380b falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz
+sha256 2a4b37c08bec4ba81326314831f341385aff267062e8d4483437958689662936 falcosecurity-libs-0.10.5.tar.gz
sha256 21ec9433a87459b3477faf542bacec419dc03af841309eac35edeffe481cf10b COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 driver/GPL2.txt
sha256 f17d3f2c2d565a74a7d5bf96f880c43701e141897e8dff0c8aa13e5d07aaf226 driver/MIT.txt
diff --git a/package/falcosecurity-libs/falcosecurity-libs.mk b/package/falcosecurity-libs/falcosecurity-libs.mk
index 92d5c61832..039b64bd5c 100644
--- a/package/falcosecurity-libs/falcosecurity-libs.mk
+++ b/package/falcosecurity-libs/falcosecurity-libs.mk
@@ -4,7 +4,7 @@
#
################################################################################
-FALCOSECURITY_LIBS_VERSION = e5c53d648f3c4694385bbe488e7d47eaa36c229a
+FALCOSECURITY_LIBS_VERSION = 0.10.5
FALCOSECURITY_LIBS_SITE = $(call github,falcosecurity,libs,$(FALCOSECURITY_LIBS_VERSION))
FALCOSECURITY_LIBS_LICENSE = Apache-2.0 (userspace), MIT or GPL-2.0 (driver)
FALCOSECURITY_LIBS_LICENSE_FILES = COPYING driver/MIT.txt driver/GPL2.txt
@@ -63,11 +63,11 @@ define FALCOSECURITY_LIBS_MODULE_GEN_MAKEFILE
$(SED) 's/@DRIVER_NAME@/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/Makefile
$(INSTALL) -m 0644 $(@D)/driver/driver_config.h.in $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/3/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${PPM_API_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/1/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/2/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/2/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${DRIVER_VERSION}//;' $(@D)/driver/driver_config.h
$(SED) 's/\$${DRIVER_NAME}/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/driver_config.h
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4
2023-08-11 15:27 [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Francis Laniel
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
@ 2023-08-11 15:27 ` Francis Laniel
2023-08-13 7:59 ` Yann E. MORIN
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 3/3] support/testing/package: add new test for sysdig Francis Laniel
2023-08-13 7:34 ` [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Yann E. MORIN
3 siblings, 1 reply; 7+ messages in thread
From: Francis Laniel @ 2023-08-11 15:27 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel, Angelo Compagnucci
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
package/sysdig/sysdig.hash | 2 +-
package/sysdig/sysdig.mk | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/package/sysdig/sysdig.hash b/package/sysdig/sysdig.hash
index cda3de5e7c..902f6f2b82 100644
--- a/package/sysdig/sysdig.hash
+++ b/package/sysdig/sysdig.hash
@@ -1,3 +1,3 @@
# sha256 locally computed
-sha256 6b96797859002ab69a2bed4fdba1c7fe8064ecf8661621ae7d8fbf8599ffa636 sysdig-0.29.3.tar.gz
+sha256 b8f43326506f85e99a3455f51b75ee79bf4db9dc12908ef43af672166274a795 sysdig-0.31.4.tar.gz
sha256 a88fbf820b38b1c7fabc6efe291b8259e02ae21326f56fe31c6c9adf374b2702 COPYING
diff --git a/package/sysdig/sysdig.mk b/package/sysdig/sysdig.mk
index bafe534a16..fe725a8064 100644
--- a/package/sysdig/sysdig.mk
+++ b/package/sysdig/sysdig.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SYSDIG_VERSION = 0.29.3
+SYSDIG_VERSION = 0.31.4
SYSDIG_SITE = $(call github,draios,sysdig,$(SYSDIG_VERSION))
SYSDIG_LICENSE = Apache-2.0
SYSDIG_LICENSE_FILES = COPYING
@@ -26,13 +26,18 @@ SYSDIG_DEPENDENCIES = \
# grpc_cpp_plugin is needed to build falcosecurity libs, so we give the host
# one there.
SYSDIG_CONF_OPTS += -DFALCOSECURITY_LIBS_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR) \
+ -DDRIVER_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR)/driver \
-DBUILD_DRIVER=OFF \
-DGRPC_CPP_PLUGIN=$(HOST_DIR)/bin/grpc_cpp_plugin \
-DDRIVER_NAME=$(FALCOSECURITY_LIBS_DRIVER_NAME) \
-DENABLE_DKMS=OFF \
-DUSE_BUNDLED_DEPS=OFF \
+ -DUSE_BUNDLED_TBB=OFF \
+ -DUSE_BUNDLED_B64=OFF \
+ -DUSE_BUNDLED_JSONCPP=OFF \
+ -DUSE_BUNDLED_VALIJSON=OFF \
+ -DUSE_BUNDLED_RE2=OFF \
-DWITH_CHISEL=ON \
- -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson \
-DSYSDIG_VERSION=$(SYSDIG_VERSION)
$(eval $(cmake-package))
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [RFC PATCH v2 3/3] support/testing/package: add new test for sysdig
2023-08-11 15:27 [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Francis Laniel
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4 Francis Laniel
@ 2023-08-11 15:27 ` Francis Laniel
2023-08-13 7:34 ` [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Yann E. MORIN
3 siblings, 0 replies; 7+ messages in thread
From: Francis Laniel @ 2023-08-11 15:27 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
.../testing/tests/package/test_sysdig.config | 1 +
support/testing/tests/package/test_sysdig.py | 46 +++++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 support/testing/tests/package/test_sysdig.config
create mode 100644 support/testing/tests/package/test_sysdig.py
diff --git a/support/testing/tests/package/test_sysdig.config b/support/testing/tests/package/test_sysdig.config
new file mode 100644
index 0000000000..6450f34933
--- /dev/null
+++ b/support/testing/tests/package/test_sysdig.config
@@ -0,0 +1 @@
+CONFIG_IPV6=y
diff --git a/support/testing/tests/package/test_sysdig.py b/support/testing/tests/package/test_sysdig.py
new file mode 100644
index 0000000000..f27114c539
--- /dev/null
+++ b/support/testing/tests/package/test_sysdig.py
@@ -0,0 +1,46 @@
+import os
+
+import infra.basetest
+
+
+class TestSysdig(infra.basetest.BRTest):
+ config = \
+ """
+ BR2_arm=y
+ BR2_LINUX_KERNEL=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION=y
+ BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1"
+ BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
+ BR2_LINUX_KERNEL_DTS_SUPPORT=y
+ BR2_LINUX_KERNEL_INTREE_DTS_NAME="vexpress-v2p-ca9"
+ BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="{linux_fragment}"
+ BR2_TOOLCHAIN_EXTERNAL=y
+ BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
+ BR2_TOOLCHAIN_EXTERNAL_GLIBC=y
+ BR2_TOOLCHAIN_EXTERNAL_DOWNLOAD=y
+ BR2_TOOLCHAIN_GCC_AT_LEAST_5=y
+ BR2_TOOLCHAIN_HAS_THREADS=y
+ BR2_TOOLCHAIN_HAS_SYNC_4=y
+ BR2_INSTALL_LIBSTDCPP=y
+ BR2_PACKAGE_LUA=y
+ BR2_PACKAGE_LUA_5_1=y
+ BR2_PACKAGE_SYSDIG=y
+ BR2_TARGET_ROOTFS_CPIO=y
+ # BR2_TARGET_ROOTFS_TAR is not set
+ """.format(linux_fragment=infra.filepath("tests/package/test_sysdig.config"))
+
+ def test_run(self):
+ cpio_file = os.path.join(self.builddir, "images", "rootfs.cpio")
+ kernel_file = os.path.join(self.builddir, "images", "zImage")
+ dtb_file = os.path.join(self.builddir, "images", "vexpress-v2p-ca9.dtb")
+ self.emulator.boot(arch="armv7", kernel=kernel_file,
+ kernel_cmdline=[
+ "console=ttyAMA0,115200"],
+ options=["-initrd", cpio_file,
+ "-dtb", dtb_file,
+ "-M", "vexpress-a9", "-m", "1024"])
+ self.emulator.login()
+
+ self.assertRunOk("sysdig --version")
+ # Run sysdig for 3 seconds.
+ self.assertRunOk("sysdig -M 3")
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs
2023-08-11 15:27 [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Francis Laniel
` (2 preceding siblings ...)
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 3/3] support/testing/package: add new test for sysdig Francis Laniel
@ 2023-08-13 7:34 ` Yann E. MORIN
3 siblings, 0 replies; 7+ messages in thread
From: Yann E. MORIN @ 2023-08-13 7:34 UTC (permalink / raw)
To: Francis Laniel; +Cc: buildroot
Francis, All,
On 2023-08-11 17:27 +0200, Francis Laniel spake thusly:
> With this contribution, I bumped sysdig and falcosecurity-libs.
> Sadly, I am not fully satisfied with the result, hence the fact I marked it as
> RFC because I would like to get your feedback to make it better.
>
> First of all, sysdig builds and runs:
> Welcome to Buildroot
> buildroot login: root
> # sysdig --version
> sysdig version 0.31.4
> # sysdig | head
> scap: loading out-of-tree module taints kernel.
> scap: driver loading, scap
> scap: adding new consumer (____ptrval____)
> scap: initializing ring buffer for CPU 0
> scap: CPU buffer initialized, size=8388608
> 26 15:12:28.226519423 0 sysdig (108) > switch next=0 pgft_maj=10 pgft_min=1348 vm_size=47288 vm_rss=19408 vm_swap=0
> 27 15:12:28.227409149 0 <NA> (0) > switch next=13 pgft_maj=0 pgft_min=0 vm_size=0 vm_rss=0 vm_swap=0
> ...
>
> Nonetheless, I had to increase the minimal size of the image as libsinsp.a is
> quite big:
> # du -sh /sysdig/libsinsp.a
> 171.4M /sysdig/libsinsp.a
> I am not forcefully sure where this library is used, I will investigate and
> maybe we can run everything without it.
There is no need to have static libs (.a files) on the target, as static
libs are only used at linking phase, which happens on the build machine.
So, unless sysdig embeds a linker and generates an executalbe from
those, it should be safe to remove.
> Secondly, I had to tweak heavily the libscap CMakeLists.txt to install several
> shared libraries.
> Indeed, the libraries are compiled as static, but the sysdig binary is not
> static, so it needs plenty of shared libraries to be run from the image.
> I am not really sure what is the best solution here (either compiling sysdig as
> static or not), but in any case my patch for CMakeLists.txt is not really clean.
I don't quite understand this part.
If the libraries are present as static libs at build time, then sysdig
would be statically linked to those, even if sysdig is not itself a
statically linked binary.
Indeed, it's possible to have, say;
ld libfoo.a libbar.so main.o -o myprogram
where myprogram would then be a dynamically linked executable,, which
would have been linked with libfoo.a and dynamically linked with
libbar.so.
So you'll have to expand a bit on that part...
Ah, I think I understand what you are trying to say: falcosecurity-libs
build libscap.a and does not install it, but sysdig needs to link
against it, right?
If so, then it has nothing to do with the fact that sysdig is not
static, but just about the fact that sysdig needs to link with those
libraries.
I'll also further reply to the sysdig bump...
> Finally, I had to modify the magical number in falcosecurity-libs.mk for
> API_VERSION and SCHEMA_VERSION.
> While this is not really a big pain, I am wondering if this is not possible to
> read the corresponding values from the corresponding files (i.e. API_VERSION and
> SCHEMA_VERSION).
> So, for future update we would not need to take care of it ourselves.
That is what I was going to suggest while reviewing patch 1/3. I'll
reply further there.
Regards,
Yann E. MORIN.
> Changes since:
> v1:
> * Removed everything regarding VALIJSON in sysdig.mk.
> * Bumped first falcosecurity-libs to avoid problem when building it.
> * Added runtime test for sysdig.
>
> Francis Laniel (3):
> package/falcosecurity-libs: bump to version 0.10.5
> package/sysdig: bump to version 0.31.4
> support/testing/package: add new test for sysdig
>
> .../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
> .../falcosecurity-libs.hash | 2 +-
> .../falcosecurity-libs/falcosecurity-libs.mk | 10 +--
> package/sysdig/sysdig.hash | 2 +-
> package/sysdig/sysdig.mk | 9 ++-
> .../testing/tests/package/test_sysdig.config | 1 +
> support/testing/tests/package/test_sysdig.py | 46 ++++++++++++++
> 7 files changed, 122 insertions(+), 9 deletions(-)
> create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> create mode 100644 support/testing/tests/package/test_sysdig.config
> create mode 100644 support/testing/tests/package/test_sysdig.py
>
> --
> 2.34.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
@ 2023-08-13 7:52 ` Yann E. MORIN
0 siblings, 0 replies; 7+ messages in thread
From: Yann E. MORIN @ 2023-08-13 7:52 UTC (permalink / raw)
To: Francis Laniel; +Cc: buildroot
Francis, All,
On 2023-08-11 17:27 +0200, Francis Laniel spake thusly:
> Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
You need to expand on the commit log. Having an overview in the cover
letter as you did is very good to understand a series as a whole.
But the cover letter is not going to get comitted to the git history,
shile the commit logs are. So we really need to have the details of the
change in the commit log.
> ---
> .../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
> .../falcosecurity-libs.hash | 2 +-
> .../falcosecurity-libs/falcosecurity-libs.mk | 10 +--
> 3 files changed, 67 insertions(+), 6 deletions(-)
> create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
>
> diff --git a/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> new file mode 100644
> index 0000000000..38a8bdd4f4
> --- /dev/null
> +++ b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> @@ -0,0 +1,61 @@
> +From b6d847fe8aa0513c6d19bd8187133699b9c4efd3 Mon Sep 17 00:00:00 2001
> +From: Francis Laniel <flaniel@linux.microsoft.com>
> +Date: Fri, 28 Apr 2023 15:14:27 +0100
> +Subject: [PATCH] cmake: Install shared libraries.
> +
> +This is needed as sysdig is compiled as a non static binary which relies on
> +these libraries.
As I said in the review of the cover letter, this has nothing to do with
the fact that sysdig is static or not, but the fact that
falcosecurity-libs does not install those libs while sysdig needs to
link against them.
So I think it would still work if you even installed just the static
version of those libs (but I agree that it is nicer if they are shared).
Otherwise, this change is not very intrusive. It would be nice to submit
that upstream, indeed, so we don;t have to maintain it forever, but it
is relatively clean.
Is there a reason why the search for a shared libelf is done in the same
patch that generates shared libs?
> +Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
> +---
> + cmake/modules/libelf.cmake | 2 +-
> + userspace/libscap/CMakeLists.txt | 16 +++++++++++++++-
> + 2 files changed, 16 insertions(+), 2 deletions(-)
> +
> +diff --git a/cmake/modules/libelf.cmake b/cmake/modules/libelf.cmake
> +index 8ca2f4f7..73d13d26 100644
> +--- a/cmake/modules/libelf.cmake
> ++++ b/cmake/modules/libelf.cmake
> +@@ -10,7 +10,7 @@ if(LIBELF_INCLUDE)
> + add_custom_target(libelf)
> + elseif(NOT USE_BUNDLED_LIBELF)
> + find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
> +- find_library(LIBELF_LIB NAMES libelf.a libelf.so)
> ++ find_library(LIBELF_LIB NAMES libelf.so)
Maybe keep libelf.a but in reverse order, so as to prefer the shared
variant, and fallback to the static one?
find_library(LIBELF_LIB NAMES libelf.so libelf.a)
> + if(LIBELF_LIB)
> + message(STATUS "Found LIBELF: include: ${LIBELF_INCLUDE}, lib: ${LIBELF_LIB}")
> + else()
> +diff --git a/userspace/libscap/CMakeLists.txt b/userspace/libscap/CMakeLists.txt
> +index ae4760df..59378fea 100644
> +--- a/userspace/libscap/CMakeLists.txt
> ++++ b/userspace/libscap/CMakeLists.txt
> +@@ -70,7 +70,7 @@ endif()
> +
> + include_directories(${CMAKE_CURRENT_SOURCE_DIR})
> +
> +-add_library(scap STATIC
> ++add_library(scap SHARED
Rather than forcing staitic or shared, it should probably be left out
entorely, to let the build decide based on BUILD_SHARED_LIBS:
https://cmake.org/cmake/help/v3.27/manual/cmake-variables.7.html#variables-that-change-behavior
https://cmake.org/cmake/help/v3.27/variable/BUILD_SHARED_LIBS.html
> ++install(TARGETS scap)
> ++install(TARGETS scap_engine_udig)
> ++install(TARGETS scap_engine_savefile)
> ++install(TARGETS scap_engine_bpf)
> ++install(TARGETS scap_engine_noop)
> ++install(TARGETS scap_engine_source_plugin)
> ++install(TARGETS scap_engine_kmod)
> ++install(TARGETS scap_engine_nodriver)
> ++install(TARGETS scap_event_schema)
> ++install(TARGETS scap_platform)
> ++install(TARGETS scap_engine_util)
> ++install(TARGETS scap_error)
> ++install(TARGETS driver_event_schema)
You'd still need to install them, whether they are static or shared.
[--SNIP--]
> diff --git a/package/falcosecurity-libs/falcosecurity-libs.mk b/package/falcosecurity-libs/falcosecurity-libs.mk
> index 92d5c61832..039b64bd5c 100644
> --- a/package/falcosecurity-libs/falcosecurity-libs.mk
> +++ b/package/falcosecurity-libs/falcosecurity-libs.mk
[--SNIP--]
> @@ -63,11 +63,11 @@ define FALCOSECURITY_LIBS_MODULE_GEN_MAKEFILE
> $(SED) 's/@DRIVER_NAME@/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/Makefile
>
> $(INSTALL) -m 0644 $(@D)/driver/driver_config.h.in $(@D)/driver/driver_config.h
> - $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
> + $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/3/;' $(@D)/driver/driver_config.h
> $(SED) 's/\$${PPM_API_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
> - $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
> - $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
> - $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
> + $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/1/;' $(@D)/driver/driver_config.h
> + $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/2/;' $(@D)/driver/driver_config.h
> + $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/2/;' $(@D)/driver/driver_config.h
As you noticed in the cover letter, it would be much better to extract
those from the files where they are defined, rather than hardcode them
here, which as you noticed, is quite a burden to maintain.
FTR, I did that for erlang and it was recently applied:
b574a9606e62 package/erlang: do not hard-code the Erlang Interface Version (EI_VSN)
So yes, it'd be nice to do the same here.
Regards,
Yann E. MORIN.
> $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
> $(SED) 's/\$${DRIVER_VERSION}//;' $(@D)/driver/driver_config.h
> $(SED) 's/\$${DRIVER_NAME}/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/driver_config.h
> --
> 2.34.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4 Francis Laniel
@ 2023-08-13 7:59 ` Yann E. MORIN
0 siblings, 0 replies; 7+ messages in thread
From: Yann E. MORIN @ 2023-08-13 7:59 UTC (permalink / raw)
To: Francis Laniel; +Cc: Angelo Compagnucci, buildroot
Francis, All,
On 2023-08-11 17:27 +0200, Francis Laniel spake thusly:
> Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
Ditto, please expand on the commit log.
> ---
> package/sysdig/sysdig.hash | 2 +-
> package/sysdig/sysdig.mk | 9 +++++++--
> 2 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/package/sysdig/sysdig.hash b/package/sysdig/sysdig.hash
> index cda3de5e7c..902f6f2b82 100644
> --- a/package/sysdig/sysdig.hash
> +++ b/package/sysdig/sysdig.hash
> @@ -1,3 +1,3 @@
> # sha256 locally computed
> -sha256 6b96797859002ab69a2bed4fdba1c7fe8064ecf8661621ae7d8fbf8599ffa636 sysdig-0.29.3.tar.gz
> +sha256 b8f43326506f85e99a3455f51b75ee79bf4db9dc12908ef43af672166274a795 sysdig-0.31.4.tar.gz
> sha256 a88fbf820b38b1c7fabc6efe291b8259e02ae21326f56fe31c6c9adf374b2702 COPYING
> diff --git a/package/sysdig/sysdig.mk b/package/sysdig/sysdig.mk
> index bafe534a16..fe725a8064 100644
> --- a/package/sysdig/sysdig.mk
> +++ b/package/sysdig/sysdig.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -SYSDIG_VERSION = 0.29.3
> +SYSDIG_VERSION = 0.31.4
> SYSDIG_SITE = $(call github,draios,sysdig,$(SYSDIG_VERSION))
> SYSDIG_LICENSE = Apache-2.0
> SYSDIG_LICENSE_FILES = COPYING
> @@ -26,13 +26,18 @@ SYSDIG_DEPENDENCIES = \
> # grpc_cpp_plugin is needed to build falcosecurity libs, so we give the host
> # one there.
> SYSDIG_CONF_OPTS += -DFALCOSECURITY_LIBS_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR) \
> + -DDRIVER_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR)/driver \
Why do you need to peek into the source tree of falcsecurity-libs?
And if you need the already built driver, then you need to peek into the
build dir, nto the source dir.
> -DBUILD_DRIVER=OFF \
> -DGRPC_CPP_PLUGIN=$(HOST_DIR)/bin/grpc_cpp_plugin \
> -DDRIVER_NAME=$(FALCOSECURITY_LIBS_DRIVER_NAME) \
> -DENABLE_DKMS=OFF \
> -DUSE_BUNDLED_DEPS=OFF \
> + -DUSE_BUNDLED_TBB=OFF \
> + -DUSE_BUNDLED_B64=OFF \
> + -DUSE_BUNDLED_JSONCPP=OFF \
> + -DUSE_BUNDLED_VALIJSON=OFF \
> + -DUSE_BUNDLED_RE2=OFF \
If the bundled copies are disabled, don't you instead need to add
dependencies to the unbundled copies? I.e.
SYSDIG_DPENDENCIES = \
[...]
tbb \
libb64 \
jsoncpp \
valijson \
re2
> -DWITH_CHISEL=ON \
> - -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson \
Urk, this was so wrong... There was no dependnecy to valijson, and the
version is hard-coded so it has not been correct since 2022-10-22 when
valijson was bumped to 0.7...
Good that you get rid of it...
Could you look into master and see at fixing it there?
Regards,
Yann E. MORIN.
> -DSYSDIG_VERSION=$(SYSDIG_VERSION)
>
> $(eval $(cmake-package))
> --
> 2.34.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-08-13 7:59 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-11 15:27 [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Francis Laniel
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 1/3] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
2023-08-13 7:52 ` Yann E. MORIN
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 2/3] package/sysdig: bump to version 0.31.4 Francis Laniel
2023-08-13 7:59 ` Yann E. MORIN
2023-08-11 15:27 ` [Buildroot] [RFC PATCH v2 3/3] support/testing/package: add new test for sysdig Francis Laniel
2023-08-13 7:34 ` [Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs Yann E. MORIN
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox