Merge pull request #300630 from SebTM/sysdig_036

sysdig: 0.35.3 -> 0.36.0
2024-10-07 04:57:26 +03:00 · 2024-04-01 12:42:43 +02:00 · 2024-04-01 12:42:43 +02:00 · 7c045a5460
commit 7c045a5460
parent af105fd375 1a92639f29
1 changed files with 59 additions and 54 deletions
--- a/pkgs/os-specific/linux/sysdig/default.nix
+++ b/pkgs/os-specific/linux/sysdig/default.nix
@ -1,38 +1,36 @@
 { lib, stdenv, fetchFromGitHub, cmake, kernel, installShellFiles, pkg-config
-, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb, protobuf, grpc
-, yaml-cpp, nlohmann_json, re2, zstd, uthash
-}:
+, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb
+, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash }:

 let
-  # Compare with https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/falcosecurity-libs.cmake
-  libsRev = "0.14.2";
-  libsHash = "sha256-sWrniRB/vQd1BZnsiz+wLHugrF3LhuAr9e9gDMavLoo=";
+  # Compare with https://github.com/draios/sysdig/blob/0.36.0/cmake/modules/falcosecurity-libs.cmake
+  libsRev = "0.15.1";
+  libsHash = "sha256-CsKa5ybRj7Mjb71xNwd8FtDprOMfpJMrm3mvkeqZE3o=";

-  # Compare with https://github.com/falcosecurity/libs/blob/0.14.2/cmake/modules/valijson.cmake
+  # Compare with https://github.com/falcosecurity/libs/blob/0.15.1/cmake/modules/valijson.cmake
  valijson = fetchFromGitHub {
    owner = "tristanpenman";
    repo = "valijson";
-    rev = "v0.6";
-    hash = "sha256-ZD19Q2MxMQd3yEKbY90GFCrerie5/jzgO8do4JQDoKM=";
+    rev = "v1.0.2";
+    hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo=";
  };

-  # https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/driver.cmake
+  # https://github.com/draios/sysdig/blob/0.36.0/cmake/modules/driver.cmake
  driver = fetchFromGitHub {
    owner = "falcosecurity";
    repo = "libs";
    rev = "7.0.0+driver";
    hash = "sha256-kXqvfM7HbGh2wEGaO4KBkFDW+m5gpOShJZKJLu9McKk=";
  };
-in
-stdenv.mkDerivation rec {
+in stdenv.mkDerivation rec {
  pname = "sysdig";
-  version = "0.35.3";
+  version = "0.36.0";

  src = fetchFromGitHub {
    owner = "draios";
    repo = "sysdig";
    rev = version;
-    hash = "sha256-wvCnWzQbkkM8qEG93li22P67WX1bGX9orTk+2vsBHZY=";
+    hash = "sha256-EQnmtxByTsSawQPFmTe2pBMcv5rFaNtST+2KXZSFuoo=";
  };

  nativeBuildInputs = [ cmake perl installShellFiles pkg-config ];
@ -58,12 +56,14 @@ stdenv.mkDerivation rec {
  hardeningDisable = [ "pic" ];

  postUnpack = ''
-    cp -r ${fetchFromGitHub {
-      owner = "falcosecurity";
-      repo = "libs";
-      rev = libsRev;
-      hash = libsHash;
-    }} libs
+    cp -r ${
+      fetchFromGitHub {
+        owner = "falcosecurity";
+        repo = "libs";
+        rev = libsRev;
+        hash = libsHash;
+      }
+    } libs
    chmod -R +w libs

    substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \
@ -72,6 +72,13 @@ stdenv.mkDerivation rec {

    cp -r ${driver} driver-src
    chmod -R +w driver-src
+
+    # Hacky but needed until https://github.com/draios/sysdig/issues/2077 is resolved for kernel >= 6.8 as strlcpy got removed and build fails
+    ${lib.optionalString
+    (kernel != null && lib.versionAtLeast kernel.version "6.8") ''
+      substituteInPlace libs/driver/ppm_events.c driver-src/driver/ppm_events.c --replace-fail "strlcpy" "strscpy"
+    ''}
+
    cmakeFlagsArray+=(
      "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs"
      "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver"
@ -91,10 +98,10 @@ stdenv.mkDerivation rec {
  ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF";

  env.NIX_CFLAGS_COMPILE =
-   # needed since luajit-2.1.0-beta3
-   "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i)) " +
-   # fix compiler warnings been treated as errors
-   "-Wno-error";
+    # needed since luajit-2.1.0-beta3
+    "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i)) " +
+    # fix compiler warnings been treated as errors
+    "-Wno-error";

  preConfigure = ''
    if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then
@ -107,39 +114,37 @@ stdenv.mkDerivation rec {
    export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
  '';

-  postInstall =
-    ''
-      # Fix the bash completion location
-      installShellCompletion --bash $out/etc/bash_completion.d/sysdig
-      rm $out/etc/bash_completion.d/sysdig
-      rmdir $out/etc/bash_completion.d
-      rmdir $out/etc
-    ''
-    + lib.optionalString (kernel != null) ''
-      make install_driver
-      kernel_dev=${kernel.dev}
-      kernel_dev=''${kernel_dev#${builtins.storeDir}/}
-      kernel_dev=''${kernel_dev%%-linux*dev*}
-      if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
-          sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
-      else
-          for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do
-            if test -f "$i"; then
-              xz -d $i
-              sed -i "s#$kernel_dev#................................#g" ''${i%.xz}
-              xz -9 ''${i%.xz}
-            fi
-          done
-      fi
-    '';
-
+  postInstall = ''
+    # Fix the bash completion location
+    installShellCompletion --bash $out/etc/bash_completion.d/sysdig
+    rm $out/etc/bash_completion.d/sysdig
+    rmdir $out/etc/bash_completion.d
+    rmdir $out/etc
+  '' + lib.optionalString (kernel != null) ''
+    make install_driver
+    kernel_dev=${kernel.dev}
+    kernel_dev=''${kernel_dev#${builtins.storeDir}/}
+    kernel_dev=''${kernel_dev%%-linux*dev*}
+    if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
+        sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
+    else
+        for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do
+          if test -f "$i"; then
+            xz -d $i
+            sed -i "s#$kernel_dev#................................#g" ''${i%.xz}
+            xz -9 ''${i%.xz}
+          fi
+        done
+    fi
+  '';

  meta = with lib; {
-    description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
+    description =
+      "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
    license = with licenses; [ asl20 gpl2 mit ];
-    maintainers = [maintainers.raskin];
-    platforms = ["x86_64-linux"] ++ platforms.darwin;
-    broken = kernel != null && versionOlder kernel.version "4.14";
+    maintainers = [ maintainers.raskin ];
+    platforms = [ "x86_64-linux" ] ++ platforms.darwin;
+    broken = kernel != null && ((versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen);
    homepage = "https://sysdig.com/opensource/";
    downloadPage = "https://github.com/draios/sysdig/releases";
  };