* [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4
2023-04-28 15:22 [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs Francis Laniel
@ 2023-04-28 15:22 ` Francis Laniel
2023-07-31 20:18 ` Thomas Petazzoni via buildroot
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
2023-07-07 14:26 ` [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs Francis Laniel
2 siblings, 1 reply; 9+ messages in thread
From: Francis Laniel @ 2023-04-28 15:22 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel, Angelo Compagnucci
- Remove upstream patch as it is no more needed.
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
...BUNDLED_DEPS-before-getting-nlohmann.patch | 52 -------------------
package/sysdig/sysdig.hash | 2 +-
package/sysdig/sysdig.mk | 8 ++-
3 files changed, 8 insertions(+), 54 deletions(-)
delete mode 100644 package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch
diff --git a/package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch b/package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch
deleted file mode 100644
index 3521bd3f8d..0000000000
--- a/package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 0dbebd008c04d266dc41c4bec8280a0744fd5130 Mon Sep 17 00:00:00 2001
-From: Francis Laniel <flaniel@linux.microsoft.com>
-Date: Wed, 13 Apr 2022 18:01:11 +0100
-Subject: [PATCH] cmake: Check USE_BUNDLED_DEPS before getting
- nlohmann-json.
-
-Upstream: https://github.com/draios/sysdig/pull/1869
-Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
----
- cmake/modules/nlohmann-json.cmake | 29 +++++++++++++++++++----------
- 1 file changed, 19 insertions(+), 10 deletions(-)
-
-diff --git a/cmake/modules/nlohmann-json.cmake b/cmake/modules/nlohmann-json.cmake
-index bb1279d7..feb0f071 100644
---- a/cmake/modules/nlohmann-json.cmake
-+++ b/cmake/modules/nlohmann-json.cmake
-@@ -16,13 +16,22 @@
- # limitations under the License.
- #
-
--set(NJSON_SRC "${PROJECT_BINARY_DIR}/njson-prefix/src/njson")
--message(STATUS "Using bundled nlohmann-json in '${NJSON_SRC}'")
--set(NJSON_INCLUDE_DIR "${NJSON_SRC}/single_include")
--ExternalProject_Add(
-- njson
-- URL "https://github.com/nlohmann/json/archive/v3.3.0.tar.gz"
-- URL_HASH "SHA256=2fd1d207b4669a7843296c41d3b6ac5b23d00dec48dba507ba051d14564aa801"
-- CONFIGURE_COMMAND ""
-- BUILD_COMMAND ""
-- INSTALL_COMMAND "")
-+if(NOT USE_BUNDLED_DEPS)
-+ find_path(NJSON_INCLUDE_DIR NAMES nlohmann/json.hpp)
-+ if(NJSON_INCLUDE_DIR)
-+ message(STATUS "Found njson: include: ${NJSON_INCLUDE_DIR}")
-+ else()
-+ message(FATAL_ERROR "Couldn't find system njson")
-+ endif()
-+else()
-+ set(NJSON_SRC "${PROJECT_BINARY_DIR}/njson-prefix/src/njson")
-+ message(STATUS "Using bundled nlohmann-json in '${NJSON_SRC}'")
-+ set(NJSON_INCLUDE_DIR "${NJSON_SRC}/single_include")
-+ ExternalProject_Add(
-+ njson
-+ URL "https://github.com/nlohmann/json/archive/v3.3.0.tar.gz"
-+ URL_HASH "SHA256=2fd1d207b4669a7843296c41d3b6ac5b23d00dec48dba507ba051d14564aa801"
-+ CONFIGURE_COMMAND ""
-+ BUILD_COMMAND ""
-+ INSTALL_COMMAND "")
-+endif()
---
-2.25.1
-
diff --git a/package/sysdig/sysdig.hash b/package/sysdig/sysdig.hash
index cda3de5e7c..902f6f2b82 100644
--- a/package/sysdig/sysdig.hash
+++ b/package/sysdig/sysdig.hash
@@ -1,3 +1,3 @@
# sha256 locally computed
-sha256 6b96797859002ab69a2bed4fdba1c7fe8064ecf8661621ae7d8fbf8599ffa636 sysdig-0.29.3.tar.gz
+sha256 b8f43326506f85e99a3455f51b75ee79bf4db9dc12908ef43af672166274a795 sysdig-0.31.4.tar.gz
sha256 a88fbf820b38b1c7fabc6efe291b8259e02ae21326f56fe31c6c9adf374b2702 COPYING
diff --git a/package/sysdig/sysdig.mk b/package/sysdig/sysdig.mk
index bafe534a16..aabd274557 100644
--- a/package/sysdig/sysdig.mk
+++ b/package/sysdig/sysdig.mk
@@ -4,7 +4,7 @@
#
################################################################################
-SYSDIG_VERSION = 0.29.3
+SYSDIG_VERSION = 0.31.4
SYSDIG_SITE = $(call github,draios,sysdig,$(SYSDIG_VERSION))
SYSDIG_LICENSE = Apache-2.0
SYSDIG_LICENSE_FILES = COPYING
@@ -26,11 +26,17 @@ SYSDIG_DEPENDENCIES = \
# grpc_cpp_plugin is needed to build falcosecurity libs, so we give the host
# one there.
SYSDIG_CONF_OPTS += -DFALCOSECURITY_LIBS_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR) \
+ -DDRIVER_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR)/driver \
-DBUILD_DRIVER=OFF \
-DGRPC_CPP_PLUGIN=$(HOST_DIR)/bin/grpc_cpp_plugin \
-DDRIVER_NAME=$(FALCOSECURITY_LIBS_DRIVER_NAME) \
-DENABLE_DKMS=OFF \
-DUSE_BUNDLED_DEPS=OFF \
+ -DUSE_BUNDLED_TBB=OFF \
+ -DUSE_BUNDLED_B64=OFF \
+ -DUSE_BUNDLED_JSONCPP=OFF \
+ -DUSE_BUNDLED_VALIJSON=OFF \
+ -DUSE_BUNDLED_RE2=OFF \
-DWITH_CHISEL=ON \
-DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson \
-DSYSDIG_VERSION=$(SYSDIG_VERSION)
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 9+ messages in thread* Re: [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4 Francis Laniel
@ 2023-07-31 20:18 ` Thomas Petazzoni via buildroot
2023-07-31 20:35 ` Thomas Petazzoni via buildroot
2023-08-11 15:18 ` Francis Laniel
0 siblings, 2 replies; 9+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-07-31 20:18 UTC (permalink / raw)
To: Francis Laniel; +Cc: Angelo Compagnucci, buildroot
Hello Francis (and perhaps Angelo who can help?),
On Fri, 28 Apr 2023 16:22:10 +0100
Francis Laniel <flaniel@linux.microsoft.com> wrote:
> - Remove upstream patch as it is no more needed.
Actually I had to remove it from current master, because sysdig was
bumped to 0.29.3 already, which includes the patch... and so the patch
in Buildroot doesn't apply anymore.
I tested your version bump, and it fails to build with:
CMake Error at /home/thomas/projets/buildroot/output/build/falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a/userspace/libscap/CMakeLists.txt:131 (add_subdirectory):
The binary directory
/home/thomas/projets/buildroot/output/build/sysdig-0.31.4/buildroot-build/driver
is already used to build a source directory. It cannot be used to build
source directory
/home/thomas/projets/buildroot/output/build/falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a/driver
Specify a unique binary directory name.
during the configuration step of sysdig.
Configuration tested:
BR2_arm=y
BR2_cortex_a9=y
BR2_ARM_ENABLE_VFP=y
BR2_TOOLCHAIN_EXTERNAL=y
BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
BR2_INIT_NONE=y
BR2_SYSTEM_BIN_SH_NONE=y
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1"
BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
# BR2_PACKAGE_BUSYBOX is not set
BR2_PACKAGE_SYSDIG=y
BR2_PACKAGE_LUA=y
BR2_PACKAGE_LUA_5_1=y
# BR2_TARGET_ROOTFS_TAR is not set
it would be good to have a runtime test for sysdig in support/testing/,
as it's not trivial to build, and the autobuilders never caught the
patching issue.
> SYSDIG_CONF_OPTS += -DFALCOSECURITY_LIBS_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR) \
> + -DDRIVER_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR)/driver \
So apparently something goes wrong with this. Perhaps because
falcosecurity-libs needs to be bumped first?
> -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson \
One thing that is a bit annoying with the packaging here is the fact
that sysdig needs to look into the source directory of
falcosecurity-libs and the source tree of valijson. Packages should
normally not need to access the source/build tree of other packages.
Not a strict requirement for this version bump, but would be good to
address on the long run.
By the way
-DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson is truly
horrible, because if valijson gets updated to another version... like
it has:
VALIJSON_VERSION = 0.7
then this doesn't work anymore.
It needs to be VALIJSON_SRCDIR.
Curious that we can build sysdig today (I verified, it builds) with
this mistake. Probably means this option is irrelevant.
Could you have a look at all those issues?
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4
2023-07-31 20:18 ` Thomas Petazzoni via buildroot
@ 2023-07-31 20:35 ` Thomas Petazzoni via buildroot
2023-08-11 15:18 ` Francis Laniel
1 sibling, 0 replies; 9+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-07-31 20:35 UTC (permalink / raw)
To: Francis Laniel; +Cc: Angelo Compagnucci, buildroot
On Mon, 31 Jul 2023 22:18:43 +0200
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:
> By the way
> -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson is truly
> horrible, because if valijson gets updated to another version... like
> it has:
>
> VALIJSON_VERSION = 0.7
>
> then this doesn't work anymore.
>
> It needs to be VALIJSON_SRCDIR.
>
> Curious that we can build sysdig today (I verified, it builds) with
> this mistake. Probably means this option is irrelevant.
(1) There is no build dependency on valijson, so I don't see how it
could be relevant anyway.
(2) There is no reference to VALIJSON_INCLUDE anywhere in the code
base, as far as I can see
This really needs to be cleaned up. Very soon.
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread* Re: [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4
2023-07-31 20:18 ` Thomas Petazzoni via buildroot
2023-07-31 20:35 ` Thomas Petazzoni via buildroot
@ 2023-08-11 15:18 ` Francis Laniel
1 sibling, 0 replies; 9+ messages in thread
From: Francis Laniel @ 2023-08-11 15:18 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Angelo Compagnucci, buildroot
Hi.
Le lundi 31 juillet 2023, 22:18:43 CEST Thomas Petazzoni a écrit :
> Hello Francis (and perhaps Angelo who can help?),
>
> On Fri, 28 Apr 2023 16:22:10 +0100
>
> Francis Laniel <flaniel@linux.microsoft.com> wrote:
> > - Remove upstream patch as it is no more needed.
>
> Actually I had to remove it from current master, because sysdig was
> bumped to 0.29.3 already, which includes the patch... and so the patch
> in Buildroot doesn't apply anymore.
>
> I tested your version bump, and it fails to build with:
>
> CMake Error at
> /home/thomas/projets/buildroot/output/build/falcosecurity-libs-e5c53d648f3c
> 4694385bbe488e7d47eaa36c229a/userspace/libscap/CMakeLists.txt:131
> (add_subdirectory): The binary directory
>
>
> /home/thomas/projets/buildroot/output/build/sysdig-0.31.4/buildroot-build/d
> river
>
> is already used to build a source directory. It cannot be used to build
> source directory
>
>
> /home/thomas/projets/buildroot/output/build/falcosecurity-libs-e5c53d648f3c
> 4694385bbe488e7d47eaa36c229a/driver
>
> Specify a unique binary directory name.
>
> during the configuration step of sysdig.
>
> Configuration tested:
>
> BR2_arm=y
> BR2_cortex_a9=y
> BR2_ARM_ENABLE_VFP=y
> BR2_TOOLCHAIN_EXTERNAL=y
> BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
> BR2_INIT_NONE=y
> BR2_SYSTEM_BIN_SH_NONE=y
> BR2_LINUX_KERNEL=y
> BR2_LINUX_KERNEL_CUSTOM_VERSION=y
> BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="6.1"
> BR2_LINUX_KERNEL_DEFCONFIG="vexpress"
> # BR2_PACKAGE_BUSYBOX is not set
> BR2_PACKAGE_SYSDIG=y
> BR2_PACKAGE_LUA=y
> BR2_PACKAGE_LUA_5_1=y
> # BR2_TARGET_ROOTFS_TAR is not set
> it would be good to have a runtime test for sysdig in support/testing/,
> as it's not trivial to build, and the autobuilders never caught the
> patching issue.
Good idea! I will check how I can do that!
> > SYSDIG_CONF_OPTS +=
> > -DFALCOSECURITY_LIBS_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR) \>
> > + -DDRIVER_SOURCE_DIR=$(FALCOSECURITY_LIBS_SRCDIR)/driver \
>
> So apparently something goes wrong with this. Perhaps because
> falcosecurity-libs needs to be bumped first?
As you advised, bumping first the libs then the binary removed the above
problem, thank you!
Regarding this, I am wondering if I should bump both of them in the same
commit, as they are tightly coupled. What do you think?
Note that, I had to make linux-menuconfig to add CONFIG_IPV6, to avoid some
compile errors due to some missing IPv6 related fields while compiling the
kernel module which is parts of the libs.
> > -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson \
>
> One thing that is a bit annoying with the packaging here is the fact
> that sysdig needs to look into the source directory of
> falcosecurity-libs and the source tree of valijson. Packages should
> normally not need to access the source/build tree of other packages.
> Not a strict requirement for this version bump, but would be good to
> address on the long run.
>
> By the way
> -DVALIJSON_INCLUDE=$(BUILD_DIR)/valijson-0.6/include/valijson is truly
> horrible, because if valijson gets updated to another version... like
> it has:
>
> VALIJSON_VERSION = 0.7
>
> then this doesn't work anymore.
>
> It needs to be VALIJSON_SRCDIR.
>
> Curious that we can build sysdig today (I verified, it builds) with
> this mistake. Probably means this option is irrelevant.
>
> Could you have a look at all those issues?
I removed everything about VALIJSON and it builds fine.
Glad making it simpler permits to build it!
> Thanks!
>
> Thomas
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5
2023-04-28 15:22 [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs Francis Laniel
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4 Francis Laniel
@ 2023-04-28 15:22 ` Francis Laniel
2023-07-31 20:49 ` Thomas Petazzoni via buildroot
2023-07-07 14:26 ` [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs Francis Laniel
2 siblings, 1 reply; 9+ messages in thread
From: Francis Laniel @ 2023-04-28 15:22 UTC (permalink / raw)
To: buildroot; +Cc: Francis Laniel, Angelo Compagnucci
Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
---
.../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
.../falcosecurity-libs.hash | 2 +-
.../falcosecurity-libs/falcosecurity-libs.mk | 12 ++--
3 files changed, 69 insertions(+), 6 deletions(-)
create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
diff --git a/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
new file mode 100644
index 0000000000..38a8bdd4f4
--- /dev/null
+++ b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
@@ -0,0 +1,61 @@
+From b6d847fe8aa0513c6d19bd8187133699b9c4efd3 Mon Sep 17 00:00:00 2001
+From: Francis Laniel <flaniel@linux.microsoft.com>
+Date: Fri, 28 Apr 2023 15:14:27 +0100
+Subject: [PATCH] cmake: Install shared libraries.
+
+This is needed as sysdig is compiled as a non static binary which relies on
+these libraries.
+
+Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
+---
+ cmake/modules/libelf.cmake | 2 +-
+ userspace/libscap/CMakeLists.txt | 16 +++++++++++++++-
+ 2 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/cmake/modules/libelf.cmake b/cmake/modules/libelf.cmake
+index 8ca2f4f7..73d13d26 100644
+--- a/cmake/modules/libelf.cmake
++++ b/cmake/modules/libelf.cmake
+@@ -10,7 +10,7 @@ if(LIBELF_INCLUDE)
+ add_custom_target(libelf)
+ elseif(NOT USE_BUNDLED_LIBELF)
+ find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
+- find_library(LIBELF_LIB NAMES libelf.a libelf.so)
++ find_library(LIBELF_LIB NAMES libelf.so)
+ if(LIBELF_LIB)
+ message(STATUS "Found LIBELF: include: ${LIBELF_INCLUDE}, lib: ${LIBELF_LIB}")
+ else()
+diff --git a/userspace/libscap/CMakeLists.txt b/userspace/libscap/CMakeLists.txt
+index ae4760df..59378fea 100644
+--- a/userspace/libscap/CMakeLists.txt
++++ b/userspace/libscap/CMakeLists.txt
+@@ -70,7 +70,7 @@ endif()
+
+ include_directories(${CMAKE_CURRENT_SOURCE_DIR})
+
+-add_library(scap STATIC
++add_library(scap SHARED
+ ${targetfiles})
+
+ if (CMAKE_SYSTEM_NAME MATCHES "SunOS")
+@@ -212,3 +212,17 @@ if(CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND CMAKE_SYSTEM_NAME MATCHES "Linux
+ target_link_libraries(scap scap_engine_gvisor)
+ endif()
+ endif()
++
++install(TARGETS scap)
++install(TARGETS scap_engine_udig)
++install(TARGETS scap_engine_savefile)
++install(TARGETS scap_engine_bpf)
++install(TARGETS scap_engine_noop)
++install(TARGETS scap_engine_source_plugin)
++install(TARGETS scap_engine_kmod)
++install(TARGETS scap_engine_nodriver)
++install(TARGETS scap_event_schema)
++install(TARGETS scap_platform)
++install(TARGETS scap_engine_util)
++install(TARGETS scap_error)
++install(TARGETS driver_event_schema)
+--
+2.34.1
+
diff --git a/package/falcosecurity-libs/falcosecurity-libs.hash b/package/falcosecurity-libs/falcosecurity-libs.hash
index 2e239ca2fe..ef805cbcf6 100644
--- a/package/falcosecurity-libs/falcosecurity-libs.hash
+++ b/package/falcosecurity-libs/falcosecurity-libs.hash
@@ -1,5 +1,5 @@
# sha256 locally computed
-sha256 80903bc57b7f9c5f24298ecf1531cf66ef571681b4bd1e05f6e4db704ffb380b falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz
+sha256 2a4b37c08bec4ba81326314831f341385aff267062e8d4483437958689662936 falcosecurity-libs-0.10.5.tar.gz
sha256 21ec9433a87459b3477faf542bacec419dc03af841309eac35edeffe481cf10b COPYING
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 driver/GPL2.txt
sha256 f17d3f2c2d565a74a7d5bf96f880c43701e141897e8dff0c8aa13e5d07aaf226 driver/MIT.txt
diff --git a/package/falcosecurity-libs/falcosecurity-libs.mk b/package/falcosecurity-libs/falcosecurity-libs.mk
index 92d5c61832..acd46cf7a5 100644
--- a/package/falcosecurity-libs/falcosecurity-libs.mk
+++ b/package/falcosecurity-libs/falcosecurity-libs.mk
@@ -4,7 +4,7 @@
#
################################################################################
-FALCOSECURITY_LIBS_VERSION = e5c53d648f3c4694385bbe488e7d47eaa36c229a
+FALCOSECURITY_LIBS_VERSION = 0.10.5
FALCOSECURITY_LIBS_SITE = $(call github,falcosecurity,libs,$(FALCOSECURITY_LIBS_VERSION))
FALCOSECURITY_LIBS_LICENSE = Apache-2.0 (userspace), MIT or GPL-2.0 (driver)
FALCOSECURITY_LIBS_LICENSE_FILES = COPYING driver/MIT.txt driver/GPL2.txt
@@ -57,17 +57,19 @@ endef
# For the others, it was taken by inspecting
# falcosecurity-libs/*/CMakeLists.txt, which normally creates these
# files, but doesn't work well with the kernel-module infrastructure.
+# The magical number for API_VERSION and SCHEMA_VERSION are taken from
+# corresponding files.
define FALCOSECURITY_LIBS_MODULE_GEN_MAKEFILE
$(INSTALL) -m 0644 $(@D)/driver/Makefile.in $(@D)/driver/Makefile
$(SED) 's/@KBUILD_FLAGS@//;' $(@D)/driver/Makefile
$(SED) 's/@DRIVER_NAME@/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/Makefile
$(INSTALL) -m 0644 $(@D)/driver/driver_config.h.in $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_API_CURRENT_VERSION_MAJOR}/3/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${PPM_API_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/1/;' $(@D)/driver/driver_config.h
- $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/0/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_API_CURRENT_VERSION_PATCH}/1/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MAJOR}/2/;' $(@D)/driver/driver_config.h
+ $(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_MINOR}/2/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${PPM_SCHEMA_CURRENT_VERSION_PATCH}/0/;' $(@D)/driver/driver_config.h
$(SED) 's/\$${DRIVER_VERSION}//;' $(@D)/driver/driver_config.h
$(SED) 's/\$${DRIVER_NAME}/$(FALCOSECURITY_LIBS_DRIVER_NAME)/;' $(@D)/driver/driver_config.h
--
2.34.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 9+ messages in thread* Re: [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
@ 2023-07-31 20:49 ` Thomas Petazzoni via buildroot
2023-08-11 15:18 ` Francis Laniel
0 siblings, 1 reply; 9+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-07-31 20:49 UTC (permalink / raw)
To: Francis Laniel; +Cc: Angelo Compagnucci, buildroot
Hello Francis,
On Fri, 28 Apr 2023 16:22:11 +0100
Francis Laniel <flaniel@linux.microsoft.com> wrote:
> diff --git a/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> new file mode 100644
> index 0000000000..38a8bdd4f4
> --- /dev/null
> +++ b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> @@ -0,0 +1,61 @@
> +From b6d847fe8aa0513c6d19bd8187133699b9c4efd3 Mon Sep 17 00:00:00 2001
> +From: Francis Laniel <flaniel@linux.microsoft.com>
> +Date: Fri, 28 Apr 2023 15:14:27 +0100
> +Subject: [PATCH] cmake: Install shared libraries.
> +
> +This is needed as sysdig is compiled as a non static binary which relies on
> +these libraries.
Not clear. An executable can use a mix of shared and static libraries.
What is the upstream status of this? How is falcosecurity-libs supposed
to be used by sysdig according to upstream?
All patches now need to have an "Upstream: <link>" tag that indicates
where the patch has been submitted.
> +diff --git a/cmake/modules/libelf.cmake b/cmake/modules/libelf.cmake
> +index 8ca2f4f7..73d13d26 100644
> +--- a/cmake/modules/libelf.cmake
> ++++ b/cmake/modules/libelf.cmake
> +@@ -10,7 +10,7 @@ if(LIBELF_INCLUDE)
> + add_custom_target(libelf)
> + elseif(NOT USE_BUNDLED_LIBELF)
> + find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
> +- find_library(LIBELF_LIB NAMES libelf.a libelf.so)
> ++ find_library(LIBELF_LIB NAMES libelf.so)
Is this really related?
> diff --git a/package/falcosecurity-libs/falcosecurity-libs.hash b/package/falcosecurity-libs/falcosecurity-libs.hash
> index 2e239ca2fe..ef805cbcf6 100644
> --- a/package/falcosecurity-libs/falcosecurity-libs.hash
> +++ b/package/falcosecurity-libs/falcosecurity-libs.hash
> @@ -1,5 +1,5 @@
> # sha256 locally computed
> -sha256 80903bc57b7f9c5f24298ecf1531cf66ef571681b4bd1e05f6e4db704ffb380b falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz
> +sha256 2a4b37c08bec4ba81326314831f341385aff267062e8d4483437958689662936 falcosecurity-libs-0.10.5.tar.gz
> sha256 21ec9433a87459b3477faf542bacec419dc03af841309eac35edeffe481cf10b COPYING
> sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 driver/GPL2.txt
> sha256 f17d3f2c2d565a74a7d5bf96f880c43701e141897e8dff0c8aa13e5d07aaf226 driver/MIT.txt
> diff --git a/package/falcosecurity-libs/falcosecurity-libs.mk b/package/falcosecurity-libs/falcosecurity-libs.mk
> index 92d5c61832..acd46cf7a5 100644
> --- a/package/falcosecurity-libs/falcosecurity-libs.mk
> +++ b/package/falcosecurity-libs/falcosecurity-libs.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -FALCOSECURITY_LIBS_VERSION = e5c53d648f3c4694385bbe488e7d47eaa36c229a
> +FALCOSECURITY_LIBS_VERSION = 0.10.5
> FALCOSECURITY_LIBS_SITE = $(call github,falcosecurity,libs,$(FALCOSECURITY_LIBS_VERSION))
> FALCOSECURITY_LIBS_LICENSE = Apache-2.0 (userspace), MIT or GPL-2.0 (driver)
> FALCOSECURITY_LIBS_LICENSE_FILES = COPYING driver/MIT.txt driver/GPL2.txt
> @@ -57,17 +57,19 @@ endef
> # For the others, it was taken by inspecting
> # falcosecurity-libs/*/CMakeLists.txt, which normally creates these
> # files, but doesn't work well with the kernel-module infrastructure.
> +# The magical number for API_VERSION and SCHEMA_VERSION are taken from
> +# corresponding files.
Which corresponding files? :-)
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5
2023-07-31 20:49 ` Thomas Petazzoni via buildroot
@ 2023-08-11 15:18 ` Francis Laniel
0 siblings, 0 replies; 9+ messages in thread
From: Francis Laniel @ 2023-08-11 15:18 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Angelo Compagnucci, buildroot
Hi.
Le lundi 31 juillet 2023, 22:49:56 CEST Thomas Petazzoni a écrit :
> Hello Francis,
>
> On Fri, 28 Apr 2023 16:22:11 +0100
>
> Francis Laniel <flaniel@linux.microsoft.com> wrote:
> > diff --git
> > a/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> > b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> > new file mode 100644
> > index 0000000000..38a8bdd4f4
> > --- /dev/null
> > +++ b/package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
> > @@ -0,0 +1,61 @@
> > +From b6d847fe8aa0513c6d19bd8187133699b9c4efd3 Mon Sep 17 00:00:00 2001
> > +From: Francis Laniel <flaniel@linux.microsoft.com>
> > +Date: Fri, 28 Apr 2023 15:14:27 +0100
> > +Subject: [PATCH] cmake: Install shared libraries.
> > +
> > +This is needed as sysdig is compiled as a non static binary which relies
> > on +these libraries.
>
> Not clear. An executable can use a mix of shared and static libraries.
Indeed, but it causes troubles without this modification (see below).
Moreover, this whole magic causes a big increase in the rootfs image, as the
limit should be increased from 60 MB to 195 MB (more than 3 times).
> What is the upstream status of this? How is falcosecurity-libs supposed
> to be used by sysdig according to upstream?
Sadly, I do not have any clue on this.
I will reach someone upstream to understand how everything is built because
their way of building is totally incompatible with how Buildroot builds.
> All patches now need to have an "Upstream: <link>" tag that indicates
> where the patch has been submitted.
I will ensure this once I would have deal with all the issues here.
> > +diff --git a/cmake/modules/libelf.cmake b/cmake/modules/libelf.cmake
> > +index 8ca2f4f7..73d13d26 100644
> > +--- a/cmake/modules/libelf.cmake
> > ++++ b/cmake/modules/libelf.cmake
> > +@@ -10,7 +10,7 @@ if(LIBELF_INCLUDE)
> > + add_custom_target(libelf)
> > + elseif(NOT USE_BUNDLED_LIBELF)
> > + find_path(LIBELF_INCLUDE elf.h PATH_SUFFIXES elf)
> > +- find_library(LIBELF_LIB NAMES libelf.a libelf.so)
> > ++ find_library(LIBELF_LIB NAMES libelf.so)
>
> Is this really related?
We need this patch, otherwise, building sysdig fails with the following:
[ 22%] Linking C shared library libscap_engine_bpf.so
/home/francis-buildroot/buildroot/output/host/lib/gcc/x86_64-buildroot-linux-
gnu/12.3.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: /home/francis-
buildroot/buildroot/output/host/x86_64-buildroot-linux-gnu/sysroot/usr/lib/../
lib64/libelf.a(elf_error.o): relocation R_X86_64_TPOFF32 against
`global_error' can not be used when making a shared object; recompile with -
fPIC
/home/francis-buildroot/buildroot/output/host/lib/gcc/x86_64-buildroot-linux-
gnu/12.3.0/../../../../x86_64-buildroot-linux-gnu/bin/ld: failed to set
dynamic section sizes: bad value
> > diff --git a/package/falcosecurity-libs/falcosecurity-libs.hash
> > b/package/falcosecurity-libs/falcosecurity-libs.hash index
> > 2e239ca2fe..ef805cbcf6 100644
> > --- a/package/falcosecurity-libs/falcosecurity-libs.hash
> > +++ b/package/falcosecurity-libs/falcosecurity-libs.hash
> > @@ -1,5 +1,5 @@
> >
> > # sha256 locally computed
> >
> > -sha256 80903bc57b7f9c5f24298ecf1531cf66ef571681b4bd1e05f6e4db704ffb380b
> > falcosecurity-libs-e5c53d648f3c4694385bbe488e7d47eaa36c229a.tar.gz
> > +sha256 2a4b37c08bec4ba81326314831f341385aff267062e8d4483437958689662936
> > falcosecurity-libs-0.10.5.tar.gz>
> > sha256 21ec9433a87459b3477faf542bacec419dc03af841309eac35edeffe481cf10b
> > COPYING sha256
> > 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643
> > driver/GPL2.txt sha256
> > f17d3f2c2d565a74a7d5bf96f880c43701e141897e8dff0c8aa13e5d07aaf226
> > driver/MIT.txt>
> > diff --git a/package/falcosecurity-libs/falcosecurity-libs.mk
> > b/package/falcosecurity-libs/falcosecurity-libs.mk index
> > 92d5c61832..acd46cf7a5 100644
> > --- a/package/falcosecurity-libs/falcosecurity-libs.mk
> > +++ b/package/falcosecurity-libs/falcosecurity-libs.mk
> > @@ -4,7 +4,7 @@
> >
> > #
> > #########################################################################
> > #######>
> > -FALCOSECURITY_LIBS_VERSION = e5c53d648f3c4694385bbe488e7d47eaa36c229a
> > +FALCOSECURITY_LIBS_VERSION = 0.10.5
> >
> > FALCOSECURITY_LIBS_SITE = $(call
> > github,falcosecurity,libs,$(FALCOSECURITY_LIBS_VERSION))
> > FALCOSECURITY_LIBS_LICENSE = Apache-2.0 (userspace), MIT or GPL-2.0
> > (driver) FALCOSECURITY_LIBS_LICENSE_FILES = COPYING driver/MIT.txt
> > driver/GPL2.txt>
> > @@ -57,17 +57,19 @@ endef
> >
> > # For the others, it was taken by inspecting
> > # falcosecurity-libs/*/CMakeLists.txt, which normally creates these
> > # files, but doesn't work well with the kernel-module infrastructure.
> >
> > +# The magical number for API_VERSION and SCHEMA_VERSION are taken from
> > +# corresponding files.
>
> Which corresponding files? :-)
I just removed this comment as the files were already mentioned above.
>
> Thomas
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs
2023-04-28 15:22 [Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs Francis Laniel
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 1/2] package/sysdig: bump to version 0.31.4 Francis Laniel
2023-04-28 15:22 ` [Buildroot] [RFC PATCH v1 2/2] package/falcosecurity-libs: bump to version 0.10.5 Francis Laniel
@ 2023-07-07 14:26 ` Francis Laniel
2 siblings, 0 replies; 9+ messages in thread
From: Francis Laniel @ 2023-07-07 14:26 UTC (permalink / raw)
To: buildroot; +Cc: Angelo Compagnucci
Hi.
Le vendredi 28 avril 2023, 17:22:09 CEST Francis Laniel a écrit :
> Hi.
>
>
> With this contribution, I bumped sysdig and falcosecurity-libs.
> Sadly, I am not fully satisfied with the result, hence the fact I marked it
> as RFC because I would like to get your feedback to make it better.
>
> First of all, sysdig builds and runs:
> Welcome to Buildroot
> buildroot login: root
> # sysdig --version
> sysdig version 0.31.4
> # sysdig | head
> scap: loading out-of-tree module taints kernel.
> scap: driver loading, scap
> scap: adding new consumer (____ptrval____)
> scap: initializing ring buffer for CPU 0
> scap: CPU buffer initialized, size=8388608
> 26 15:12:28.226519423 0 sysdig (108) > switch next=0 pgft_maj=10
> pgft_min=1348 vm_size=47288 vm_rss=19408 vm_swap=0 27 15:12:28.227409149 0
> <NA> (0) > switch next=13 pgft_maj=0 pgft_min=0 vm_size=0 vm_rss=0
> vm_swap=0 ...
>
> Nonetheless, I had to increase the minimal size of the image as libsinsp.a
> is quite big:
> # du -sh /sysdig/libsinsp.a
> 152.7M /sysdig/libsinsp.a
> I am not forcefully sure where this library is used, I will investigate and
> maybe we can run everything without it.
>
> Secondly, I had to tweak heavily the libscap CMakeLists.txt to install
> several shared libraries.
> Indeed, the libraries are compiled as static, but the sysdig binary is not
> static, so it needs plenty of shared libraries to be run from the image.
> I am not really sure what is the best solution here (either compiling sysdig
> as static or not), but in any case my patch for CMakeLists.txt is not
> really clean.
>
> Finally, I had to modify the magical number in falcosecurity-libs.mk for
> API_VERSION and SCHEMA_VERSION.
> While this is not really a big pain, I am wondering if this is not possible
> to read the corresponding values from the corresponding files (i.e.
> API_VERSION and SCHEMA_VERSION).
> So, for future update we would not need to take care of it ourselves.
>
> Francis Laniel (2):
> package/sysdig: bump to version 0.31.4
> package/falcosecurity-libs: bump to version 0.10.5
>
> .../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
> .../falcosecurity-libs.hash | 2 +-
> .../falcosecurity-libs/falcosecurity-libs.mk | 12 ++--
> ...BUNDLED_DEPS-before-getting-nlohmann.patch | 52 ----------------
> package/sysdig/sysdig.hash | 2 +-
> package/sysdig/sysdig.mk | 8 ++-
> 6 files changed, 77 insertions(+), 60 deletions(-)
> create mode 100644
> package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch delete
> mode 100644
> package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.pa
> tch
>
>
> Best regards and thank you in advance for your advises.
> --
> 2.34.1
Can someone please share some feedback on this contribution?
Best regards and thank you in advance.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 9+ messages in thread