falcosecurity
/
driverkit
mirror of https://github.com/falcosecurity/driverkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: falcosecurity:master
Branches Tags
falcosecurity:master
falcosecurity:owners/add-leogr-1
falcosecurity:chore/configure_cmake_c_compiler
falcosecurity:fix/bpf_build_new_libs
falcosecurity:dwindsor-patch-1
falcosecurity:new/per-distro-build-containers
falcosecurity:fix/reenable-integration-tests
falcosecurity:fix/disable-integration-tests
falcosecurity:fix/ubuntu-gcc-version
falcosecurity:remove-fntlnz
falcosecurity:owners/add-leogr
falcosecurity:builder/debian-buster
falcosecurity:leogr/docs/fix-slack-url
falcosecurity:testing/release
falcosecurity:feat/kernelbuild
falcosecurity:feat/linuxkit
falcosecurity:feat/asciicast
falcosecurity:v0.21.2
falcosecurity:v0.21.1
falcosecurity:v0.21.0
falcosecurity:v0.20.5
falcosecurity:v0.20.4
falcosecurity:v0.20.3
falcosecurity:v0.20.2
falcosecurity:v0.20.1
falcosecurity:v0.20.0
falcosecurity:v0.19.2
falcosecurity:v0.19.1
falcosecurity:v0.19.0
falcosecurity:v0.18.2
falcosecurity:v0.18.1
falcosecurity:v0.18.0
falcosecurity:v0.17.1
falcosecurity:v0.17.0
falcosecurity:v0.16.3
falcosecurity:v0.16.2
falcosecurity:v0.16.1
falcosecurity:v0.16.0
falcosecurity:v0.15.4
falcosecurity:v0.15.3
falcosecurity:v0.15.2
falcosecurity:v0.15.1
falcosecurity:v0.15.0
falcosecurity:v0.14.0
falcosecurity:v0.13.1
falcosecurity:v0.13.0
falcosecurity:v0.12.0
falcosecurity:v0.11.1
falcosecurity:v0.11.0
falcosecurity:v0.10.2
falcosecurity:v0.10.1
falcosecurity:v0.10.0
falcosecurity:v0.9.7
falcosecurity:v0.9.6
falcosecurity:v0.9.5
falcosecurity:v0.9.4
falcosecurity:v0.9.3
falcosecurity:v0.9.2
falcosecurity:v0.9.1
falcosecurity:v0.9.0
falcosecurity:v0.8.0
falcosecurity:v0.7.0
falcosecurity:v0.6.0
falcosecurity:v0.5.0
falcosecurity:v0.4.0
falcosecurity:v0.3.0
falcosecurity:v0.2.0
falcosecurity:v0.1.0
..
compare: falcosecurity:v0.16.1
Branches Tags
falcosecurity:master
falcosecurity:owners/add-leogr-1
falcosecurity:chore/configure_cmake_c_compiler
falcosecurity:fix/bpf_build_new_libs
falcosecurity:dwindsor-patch-1
falcosecurity:new/per-distro-build-containers
falcosecurity:fix/reenable-integration-tests
falcosecurity:fix/disable-integration-tests
falcosecurity:fix/ubuntu-gcc-version
falcosecurity:remove-fntlnz
falcosecurity:owners/add-leogr
falcosecurity:builder/debian-buster
falcosecurity:leogr/docs/fix-slack-url
falcosecurity:testing/release
falcosecurity:feat/kernelbuild
falcosecurity:feat/linuxkit
falcosecurity:feat/asciicast
falcosecurity:v0.21.2
falcosecurity:v0.21.1
falcosecurity:v0.21.0
falcosecurity:v0.20.5
falcosecurity:v0.20.4
falcosecurity:v0.20.3
falcosecurity:v0.20.2
falcosecurity:v0.20.1
falcosecurity:v0.20.0
falcosecurity:v0.19.2
falcosecurity:v0.19.1
falcosecurity:v0.19.0
falcosecurity:v0.18.2
falcosecurity:v0.18.1
falcosecurity:v0.18.0
falcosecurity:v0.17.1
falcosecurity:v0.17.0
falcosecurity:v0.16.3
falcosecurity:v0.16.2
falcosecurity:v0.16.1
falcosecurity:v0.16.0
falcosecurity:v0.15.4
falcosecurity:v0.15.3
falcosecurity:v0.15.2
falcosecurity:v0.15.1
falcosecurity:v0.15.0
falcosecurity:v0.14.0
falcosecurity:v0.13.1
falcosecurity:v0.13.0
falcosecurity:v0.12.0
falcosecurity:v0.11.1
falcosecurity:v0.11.0
falcosecurity:v0.10.2
falcosecurity:v0.10.1
falcosecurity:v0.10.0
falcosecurity:v0.9.7
falcosecurity:v0.9.6
falcosecurity:v0.9.5
falcosecurity:v0.9.4
falcosecurity:v0.9.3
falcosecurity:v0.9.2
falcosecurity:v0.9.1
falcosecurity:v0.9.0
falcosecurity:v0.8.0
falcosecurity:v0.7.0
falcosecurity:v0.6.0
falcosecurity:v0.5.0
falcosecurity:v0.4.0
falcosecurity:v0.3.0
falcosecurity:v0.2.0
falcosecurity:v0.1.0

No commits in common. "master" and "v0.16.1" have entirely different histories.
master ... v0.16.1

126 changed files with 2520 additions and 3286 deletions
Show Stats Expand all files Collapse all files

235
.circleci/config.yml Normal file
View File

@ -0,0 +1,235 @@
version: 2.1
jobs:
"build-test":
docker:
- image: golang:1.21-alpine
steps:
- checkout
- setup_remote_docker: # used by integration tests that runs driverkit binary that needs docker
version: 20.10.24
- run:
name: Install deps
command: apk add gcc musl-dev make bash git binutils-gold
- run:
name: Build
command: make build
- run:
name: Test
command: make test
- run:
name: Integration tests
command: make integration_test
- run:
name: Prepare Artifacts
command: |
mkdir -p /tmp/build-amd64
cp _output/bin/driverkit /tmp/build-amd64/
- store_artifacts:
path: /tmp/build-amd64/driverkit
destination: driverkit_amd64
- persist_to_workspace:
root: /tmp
paths:
- build-amd64/
"build-test-arm64":
machine:
enabled: true
image: ubuntu-2004:2022.04.1
resource_class: arm.medium
steps:
- checkout:
path: /tmp/source
- run:
name: Prepare project
command: |
docker run --rm -it -v /tmp/source:/source -v /var/run/docker.sock:/var/run/docker.sock -w /source --name alpine_sh -d golang:1.21-alpine sh
docker exec alpine_sh apk add gcc musl-dev make bash git docker binutils-gold
docker exec alpine_sh git config --global --add safe.directory /source
- run:
name: Build
command: docker exec alpine_sh make build
- run:
name: Test
command: docker exec alpine_sh make test
- run:
name: Integration tests
command: docker exec alpine_sh make integration_test
- run:
name: Prepare Artifacts
command: |
mkdir -p /tmp/build-arm64
cp /tmp/source/_output/bin/driverkit /tmp/build-arm64/
- store_artifacts:
path: /tmp/build-arm64/driverkit
destination: driverkit_arm64
- persist_to_workspace:
root: /tmp
paths:
- build-arm64/
"build-images":
docker:
- image: alpine:3.16
steps:
- attach_workspace:
at: /
- checkout
- setup_remote_docker:
version: 20.10.24
docker_layer_caching: true
- run:
name: Install deps
command: |
apk update
apk add make bash git docker docker-cli-buildx
- run:
name: Login to registry
command: echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
- run:
name: Prepare artifact for driverkit image
command: | # driverkit dockerfile expects the binary there
mkdir -p build-amd64
cp /build-amd64/driverkit build-amd64/
- run:
name: Build and Push docker images
command: GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/all
- run:
name: Push latest images
command: |
if [ -n "$CIRCLE_TAG" ]
then
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/latest
else
echo "Skipping (no git tag)"
fi
"build-images-arm64":
machine:
enabled: true
image: ubuntu-2004:2022.04.1
docker_layer_caching: true
resource_class: arm.medium
steps:
- attach_workspace:
at: /tmp
- checkout:
path: /tmp/source
- run:
name: Install deps
command: |
sudo apt update
sudo apt install make bash git
- run:
name: Login to registry
command: echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
- run:
name: Prepare artifact for driverkit image
command: | # driverkit dockerfile expects the binary there
mkdir -p /tmp/source/build-arm64
cp /tmp/build-arm64/driverkit /tmp/source/build-arm64/
- run:
name: Build and Push docker images
command: |
cd /tmp/source
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/all
- run:
name: Push latest images if needed
command: |
cd /tmp/source
if [ -n "$CIRCLE_TAG" ]
then
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/latest
else
echo "Skipping (no git tag)"
fi
"images":
docker:
- image: cimg/base:stable
user: root
steps:
- checkout
- setup_remote_docker:
version: 20.10.24
- run:
name: Prepare env
command: |
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
sudo apt update
sudo apt install make bash git
- run:
name: Build and Push manifest to registry
command: |
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make manifest/all
- run:
name: Push latest manifest if needed
command: |
if [ -n "$CIRCLE_TAG" ]
then
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make manifest/latest
else
echo "Skipping (no git tag)"
fi
"release":
docker:
- image: cimg/go:1.21
steps:
- checkout
- run:
name: Install goreleaser
command: |
echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
sudo apt update
sudo apt install goreleaser
- run:
name: Release
command: GIT_TAG="$CIRCLE_TAG" make release
workflows:
version: 2.1
build:
jobs:
- "build-test":
filters:
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
- "build-test-arm64":
filters:
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
- "build-images":
context: falco
filters:
branches:
only:
- master
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "build-test"
- "build-images-arm64":
context: falco
filters:
branches:
only:
- master
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "build-test-arm64"
- "images":
context: falco
filters:
branches:
only:
- master
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "build-images"
- "build-images-arm64"
- "release":
context: falco
filters:
branches:
ignore: /.*/
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "images"

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -66,5 +66,5 @@ For example, `action required: change the API interface of the rule engine`.
-->
```release-note
NONE
```

12
.github/dependabot.yml vendored
View File

@ -1,12 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
actions:
update-types:
- "minor"
- "patch"

77
.github/workflows/ci.yml vendored
View File

@ -1,77 +0,0 @@
name: CI Build
on:
pull_request:
branches: [master]
workflow_dispatch:
# Checks if any concurrent jobs under the same pull request or branch are being executed
# NOTE: this will cancel every workflow that is being ran against a PR as group is just the github ref (without the workflow name)
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build-test-dev:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
paths-filter:
runs-on: ubuntu-latest
outputs:
docker_needs_build: ${{ steps.filter.outputs.docker }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
docker:
- 'docker/**'
build-images-dev:
needs: [build-test-dev,paths-filter]
if: needs.paths-filter.outputs.docker_needs_build == 'true'
strategy:
matrix:
arch: [ amd64, arm64 ]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
push: false
secrets: inherit
gomodtidy:
name: Enforce go.mod tidiness
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: "${{ github.event.pull_request.head.sha }}"
repository: ${{github.event.pull_request.head.repo.full_name}}
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Execute go mod tidy and check the outcome
working-directory: ./
run: |
go mod tidy
exit_code=$(git diff --exit-code)
exit ${exit_code}
- name: Print a comment in case of failure
run: |
echo "The go.mod and/or go.sum files appear not to be correctly tidied.
Please, rerun go mod tidy to fix the issues."
exit 1
if: |
failure() && github.event.pull_request.head.repo.full_name == github.repository

36
.github/workflows/master.yml vendored
View File

@ -1,36 +0,0 @@
name: Master CI
on:
push:
branches: [master]
# Checks if any concurrent jobs is running for master CI and eventually cancel it
concurrency:
group: ci-master
cancel-in-progress: true
jobs:
build-test-master:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
push-images-master:
needs: build-test-master
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
push: true
secrets: inherit
images-master:
needs: push-images-master
uses: ./.github/workflows/reusable_manifest_images.yml
secrets: inherit

68
.github/workflows/release.yml vendored
View File

@ -1,68 +0,0 @@
name: Release
on:
push:
tags:
- v*
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
jobs:
build-test-release:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
push-images-release:
needs: build-test-release
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
tag: ${{ github.ref_name }}
is_latest: true
push: true
secrets: inherit
images-release:
needs: push-images-release
uses: ./.github/workflows/reusable_manifest_images.yml
with:
tag: ${{ github.ref_name }}
is_latest: true
secrets: inherit
release:
needs: images-release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Fetch
run: git fetch --prune --force --tags
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
with:
install-only: true
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_TAG: ${{ github.ref_name }}
run: make release

72
.github/workflows/reusable_build_push_images.yml vendored
View File

@ -1,72 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
arch:
description: amd64 or arm64
required: true
type: string
branch:
description: name of the branch
required: false
type: string
default: 'master'
tag:
description: The tag to use (e.g. "master" or "0.35.0")
required: false
type: string
default: ''
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
push:
description: Whether to also push images
required: false
type: boolean
default: false
jobs:
build-images:
runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
env:
GIT_BRANCH: ${{ inputs.branch }}
GIT_TAG: ${{ inputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create download folder
run: mkdir -p build-${{ inputs.arch }}
- name: Download Driverkit
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: driverkit-${{ inputs.arch }}
path: build-${{ inputs.arch }}
- name: Enforce executable bit
run: chmod +x build-${{ inputs.arch }}/driverkit
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to Docker Hub
if: inputs.push
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_SECRET }}
- name: Build and Push docker images
if: inputs.push
run: make push/all
- name: Build docker images
if: inputs.push == false
run: make image/all
- name: Push latest images if needed
if: inputs.push && inputs.is_latest
run: make push/latest

47
.github/workflows/reusable_build_test_driverkit.yml vendored
View File

@ -1,47 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
arch:
description: amd64 or arm64
required: true
type: string
jobs:
build-test:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Build
run: make build
- name: Test
run: make test
- name: Set integration tests DRIVERVERSIONS env
if: inputs.arch == 'amd64'
run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver 17f5df52a7d9ed6bb12d3b1768460def8439936d" >> $GITHUB_ENV
- name: Set integration tests DRIVERVERSIONS env
if: inputs.arch == 'arm64'
run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver" >> $GITHUB_ENV
- name: Integration tests
run: make integration_test
- name: Upload driverkit
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: driverkit-${{ inputs.arch }}
path: |
${{ github.workspace }}/_output/bin/driverkit

45
.github/workflows/reusable_manifest_images.yml vendored
View File

@ -1,45 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
branch:
description: name of the branch
required: false
type: string
default: 'master'
tag:
description: The tag to use (e.g. "master" or "0.35.0")
required: false
type: string
default: ''
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
jobs:
push-manifest:
runs-on: ubuntu-latest
env:
GIT_BRANCH: ${{ inputs.branch }}
GIT_TAG: ${{ inputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to Docker Hub
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_SECRET }}
- name: Build and Push manifest to registry
run: make manifest/all
- name: Push latest manifest if needed
if: inputs.is_latest
run: make manifest/latest

3
.goreleaser.yml
View File

@ -1,5 +1,3 @@
version: 2
project_name: driverkit
builds:
- id: "driverkit"
@ -13,6 +11,7 @@ builds:
main: .
flags:
- -v
- -buildmode=pie
ldflags:
- "{{.Env.LDFLAGS}}"
binary: driverkit

19
Makefile
View File

@ -16,8 +16,6 @@ ifeq ($(COMMITS_FROM_GIT_TAG),0)
endif
endif
DRIVERVERSIONS ?= master
DOCKER_ORG ?= falcosecurity
ARCH := $(shell uname -m)
@ -43,7 +41,7 @@ driverkit_docgen ?= _output/bin/docgen
build: clean ${driverkit}
${driverkit}:
CGO_ENABLED=0 GOEXPERIMENT=loopvar go build -v -ldflags '${LDFLAGS}' -o $@ .
CGO_ENABLED=0 GOEXPERIMENT=loopvar go build -v -buildmode=pie -ldflags '${LDFLAGS}' -o $@ .
.PHONY: release
release: clean
@ -89,27 +87,28 @@ manifest/all: manifest/driverkit
.PHONY: manifest/driverkit
manifest/driverkit:
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_REF) $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_aarch64
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT) $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_aarch64
$(DOCKER) manifest create $(IMAGE_NAME_DRIVERKIT):$(GIT_REF) $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_aarch64
$(DOCKER) manifest push $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)
$(DOCKER) manifest create $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT) $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_aarch64
$(DOCKER) manifest push $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)
.PHONY: manifest/latest
manifest/latest:
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):latest $(IMAGE_NAME_DRIVERKIT):latest_x86_64 $(IMAGE_NAME_DRIVERKIT):latest_aarch64
$(DOCKER) manifest create $(IMAGE_NAME_DRIVERKIT):latest $(IMAGE_NAME_DRIVERKIT):latest_x86_64 $(IMAGE_NAME_DRIVERKIT):latest_aarch64
$(DOCKER) manifest push $(IMAGE_NAME_DRIVERKIT):latest
.PHONY: test
test:
go clean -testcache
GOEXPERIMENT=loopvar go test -v -cover -race ./...
GOEXPERIMENT=loopvar go test -v -cover ./cmd
GOEXPERIMENT=loopvar go test -v -cover -buildmode=pie ./cmd
.PHONY: integration_test
integration_test: $(test_configs)
.PHONY: $(test_configs)
$(test_configs): ${driverkit}
$(foreach d,$(DRIVERVERSIONS),\
${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 --driverversion $d; \
)
${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600
.PHONY: ${driverkit_docgen}
${driverkit_docgen}: ${PWD}/docgen

2
OWNERS
View File

@ -4,7 +4,5 @@ approvers:
- fededp
- EXONER4TED
- lowaiz
- LucaGuerra
emeritus_approvers:
- fntlnz

2
RELEASE.md
View File

@ -1,6 +1,6 @@
# Release Process
Our release process is fully automated using [Github actions](.github/workflows/release.yml) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
Our release process is based upon [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/driverkit) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
When we release we do the following process:

29
cmd/cli_test.go
View File

@ -19,6 +19,8 @@ package cmd
import (
"bytes"
"io"
"io/ioutil"
"os"
"path/filepath"
"runtime"
@ -130,8 +132,6 @@ var tests = []testCase{
"ubuntu-aws",
"--output-module",
"/tmp/falco-ubuntu-aws.ko",
"--output-probe",
"/tmp/falco-ubuntu-aws.o",
"--loglevel",
"debug",
},
@ -144,7 +144,6 @@ var tests = []testCase{
env: map[string]string{
"DRIVERKIT_KERNELVERSION": "59",
"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
"DRIVERKIT_OUTPUT_PROBE": "/tmp/falco-ubuntu-aws.o",
},
args: []string{
"docker",
@ -316,14 +315,9 @@ var tests = []testCase{
func run(t *testing.T, test testCase) {
// Setup
configOpts, err := NewConfigOptions()
assert.NilError(t, err)
rootOpts, err := NewRootOptions()
assert.NilError(t, err)
var buf bytes.Buffer
configOpts.setOutput(&buf, true)
c := NewRootCmd(configOpts, rootOpts)
c.SetOutput(&buf)
c := NewRootCmd()
b := bytes.NewBufferString("")
c.SetOutput(b)
if len(test.args) == 0 || (test.args[0] != "__complete" && test.args[0] != "__completeNoDesc" && test.args[0] != "help" && test.args[0] != "completion") {
test.args = append(test.args, "--dryrun")
}
@ -334,18 +328,19 @@ func run(t *testing.T, test testCase) {
}
}
// Test
err = c.Execute()
err := c.Execute()
if err != nil {
if test.expect.err == "" {
t.Fatalf("error executing CLI: %v", err)
} else {
assert.Error(t, err, test.expect.err)
}
// Exactly same behavior as rootCmd.Start(), but here we use ERROR instead of FATAL to avoid leaving
configOpts.Printer.Logger.Error("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
}
out := buf.String()
res := stripansi.Strip(out)
out, err := io.ReadAll(b)
if err != nil {
t.Fatalf("error reading CLI output: %v", err)
}
res := stripansi.Strip(string(out))
assert.Equal(t, test.expect.out, res)
// Teardown
for k := range test.env {
@ -370,7 +365,7 @@ type testTemplateData struct {
}
func readTemplateFile(t *testing.T, s string) string {
out, err := os.ReadFile("testdata/templates/" + s)
out, err := ioutil.ReadFile("testdata/templates/" + s)
assert.NilError(t, err)
return string(out)
}

21
cmd/completion.go
View File

@ -17,7 +17,6 @@ package cmd
import (
"bytes"
"fmt"
"github.com/spf13/pflag"
"os"
"strings"
"text/template"
@ -47,12 +46,12 @@ func validateArgs() cobra.PositionalArgs {
if len(args) == 0 {
return nil
}
return cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs)(c, args)
return cobra.ExactValidArgs(1)(c, args)
}
}
// NewCompletionCmd ...
func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra.Command {
func NewCompletionCmd() *cobra.Command {
var long bytes.Buffer
tmpl := template.Must(template.New("long").Parse(longUsageTemplate))
tmpl.Execute(&long, map[string]interface{}{
@ -66,23 +65,25 @@ func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra
Args: validateArgs(),
ValidArgs: cmdArgs,
DisableAutoGenTag: true,
RunE: func(c *cobra.Command, args []string) error {
Run: func(c *cobra.Command, args []string) {
if len(args) == 0 {
return c.Help()
c.Help()
return
}
arg := args[0]
switch arg {
case "bash":
return c.Root().GenBashCompletion(os.Stdout)
c.Root().GenBashCompletion(os.Stdout)
break
case "zsh":
return c.Root().GenZshCompletion(os.Stdout)
c.Root().GenZshCompletion(os.Stdout)
break
case "fish":
return c.Root().GenFishCompletion(os.Stdout, true)
c.Root().GenFishCompletion(os.Stdout, true)
case "help":
return c.Help()
c.Help()
}
return nil
},
}

126
cmd/config_options.go
View File

@ -15,141 +15,51 @@ limitations under the License.
package cmd
import (
"errors"
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/mitchellh/go-homedir"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"io"
"fmt"
"log/slog"
"os"
"strings"
"github.com/creasty/defaults"
"github.com/falcosecurity/driverkit/validate"
"github.com/go-playground/validator/v10"
"github.com/pterm/pterm"
)
var validProcessors = []string{"docker", "kubernetes", "kubernetes-in-cluster", "local"}
var aliasProcessors = []string{"docker", "k8s", "k8s-ic"}
var configOptions *ConfigOptions
// ConfigOptions represent the persistent configuration flags of driverkit.
type ConfigOptions struct {
configFile string
ConfigFile string
LogLevel string `validate:"loglevel" name:"log level" default:"INFO"`
Timeout int `validate:"number,min=30" default:"120" name:"timeout"`
ProxyURL string `validate:"omitempty,proxy" name:"proxy url"`
dryRun bool
DryRun bool
// Printer used by all commands to output messages.
Printer *output.Printer
// writer is used to write the output of the printer.
writer io.Writer
logLevel *output.LogLevel
disableStyling bool
}
func (co *ConfigOptions) initPrinter() {
// DisableStyling is only enforced by tests.
if co.disableStyling {
pterm.DisableStyling()
}
co.Printer = output.NewPrinter(co.logLevel.ToPtermLogLevel(), pterm.LogFormatterColorful, co.writer)
if co.disableStyling {
// Disable time print for tests
co.Printer.Logger = co.Printer.Logger.WithTime(false)
}
}
// Called by tests to disable styling and set bytes buffer as output
func (co *ConfigOptions) setOutput(writer io.Writer, disableStyling bool) {
co.writer = writer
co.disableStyling = disableStyling
co.initPrinter()
configErrors bool
}
// NewConfigOptions creates an instance of ConfigOptions.
func NewConfigOptions() (*ConfigOptions, error) {
o := &ConfigOptions{
writer: os.Stdout,
logLevel: output.NewLogLevel(),
disableStyling: false,
}
o.initPrinter()
func NewConfigOptions() *ConfigOptions {
o := &ConfigOptions{}
if err := defaults.Set(o); err != nil {
// Return ConfigOptions anyway because we need the logger
return o, err
slog.With("err", err.Error(), "options", "ConfigOptions").Error("error setting driverkit options defaults")
os.Exit(1)
}
return o, nil
return o
}
// Validate validates the ConfigOptions fields.
func (co *ConfigOptions) validate() []error {
func (co *ConfigOptions) Validate() []error {
if err := validate.V.Struct(co); err != nil {
var errs validator.ValidationErrors
errors.As(err, &errs)
var errArr []error
for _, e := range errs {
errors := err.(validator.ValidationErrors)
errArr := []error{}
for _, e := range errors {
// Translate each error one at a time
errArr = append(errArr, errors.New(e.Translate(validate.T)))
errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
}
co.configErrors = true
return errArr
}
return nil
}
// AddFlags registers the common flags.
func (co *ConfigOptions) AddFlags(flags *pflag.FlagSet) {
flags.StringVarP(&co.configFile, "config", "c", co.configFile, "config file path (default $HOME/.driverkit.yaml if exists)")
flags.VarP(co.logLevel, "loglevel", "l", "set level for logs "+co.logLevel.Allowed())
flags.IntVar(&co.Timeout, "timeout", co.Timeout, "timeout in seconds")
flags.StringVar(&co.ProxyURL, "proxy", co.ProxyURL, "the proxy to use to download data")
flags.BoolVar(&co.dryRun, "dryrun", co.dryRun, "do not actually perform the action")
}
// Init reads in config file and ENV variables if set.
func (co *ConfigOptions) Init() bool {
configErr := false
if errs := co.validate(); errs != nil {
for _, err := range errs {
co.Printer.Logger.Error("error validating config options",
co.Printer.Logger.Args("err", err.Error()))
}
configErr = true
}
if co.configFile != "" {
viper.SetConfigFile(co.configFile)
} else {
// Find home directory.
home, err := homedir.Dir()
if err != nil {
co.Printer.Logger.Error("error getting the home directory",
co.Printer.Logger.Args("err", err.Error()))
// not setting configErr = true because we fallback to `$HOME/.driverkit.yaml` and try with it
}
viper.AddConfigPath(home)
viper.SetConfigName(".driverkit")
}
viper.AutomaticEnv()
viper.SetEnvPrefix("driverkit")
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
// If a config file is found, read it in.
err := viper.ReadInConfig()
// Init printer with either read or existent one,
// so that we can further log considering log level set.
co.initPrinter()
if err == nil {
co.Printer.Logger.Info("using config file",
co.Printer.Logger.Args("file", viper.ConfigFileUsed()))
} else {
var configFileNotFoundError viper.ConfigFileNotFoundError
if errors.As(err, &configFileNotFoundError) {
// Config file not found, ignore ...
co.Printer.Logger.Debug("running without a configuration file")
}
}
return configErr
}

38
cmd/docker.go
View File

@ -15,42 +15,32 @@ limitations under the License.
package cmd
import (
"bytes"
"log/slog"
"os"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)
// NewDockerCmd creates the `driverkit docker` command.
func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewDockerCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
dockerCmd := &cobra.Command{
Use: "docker",
Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
Run: func(c *cobra.Command, args []string) {
slog.With("processor", c.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
b := rootOpts.ToBuild()
if !b.HasOutputs() {
return
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
if err := driverbuilder.NewDockerBuildProcessor(viper.GetInt("timeout"), viper.GetString("proxy")).Start(b); err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
return driverbuilder.NewDockerBuildProcessor(configOpts.Timeout, configOpts.ProxyURL).Start(b)
}
return nil
},
}
// Add root flags

28
cmd/images.go
View File

@ -15,8 +15,7 @@ limitations under the License.
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"log/slog"
"os"
"github.com/olekukonko/tablewriter"
@ -25,30 +24,14 @@ import (
)
// NewImagesCmd creates the `driverkit images` command.
func NewImagesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewImagesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
imagesCmd := &cobra.Command{
Use: "images",
Short: "List builder images",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting loading images",
configOpts.Printer.Logger.Args("processor", c.Name()))
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var (
buf bytes.Buffer
b *builder.Build
)
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("listing images, it will take a few seconds")
}
Run: func(c *cobra.Command, args []string) {
slog.With("processor", c.Name()).Info("listing images")
b := rootOpts.ToBuild()
b.LoadImages()
if !configOpts.disableStyling {
_ = configOpts.Printer.Spinner.Stop()
configOpts.Printer.DefaultText.Print(buf.String())
}
table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"Image", "Target", "Arch", "GCC"})
@ -64,7 +47,6 @@ func NewImagesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *p
table.Append(data)
}
table.Render() // Send output
return nil
},
}
// Add root flags

62
cmd/kubernetes.go
View File

@ -15,8 +15,8 @@ limitations under the License.
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"log/slog"
"os"
"regexp"
"strings"
@ -24,11 +24,12 @@ import (
"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"k8s.io/cli-runtime/pkg/genericclioptions"
)
// NewKubernetesCmd creates the `driverkit kubernetes` command.
func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
kubernetesCmd := &cobra.Command{
Use: "kubernetes",
Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
@ -57,39 +58,34 @@ func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlag
kubefactory := factory.NewFactory(configFlags)
kubernetesCmd.RunE = func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
kubernetesCmd.Run = func(cmd *cobra.Command, args []string) {
slog.With("processor", cmd.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
if err := kubernetesRun(cmd, args, kubefactory, rootOpts); err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
}
return kubernetesRun(kubefactory, b, configOpts)
}
return nil
}
return kubernetesCmd
}
func kubernetesRun(kubefactory factory.Factory,
b *builder.Build,
configOpts *ConfigOptions,
) error {
func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factory, rootOpts *RootOptions) error {
f := cmd.Flags()
b := rootOpts.ToBuild()
if !b.HasOutputs() {
return nil
}
namespaceStr, err := f.GetString("namespace")
if err != nil {
return err
}
if len(namespaceStr) == 0 {
namespaceStr = "default"
}
kc, err := kubefactory.KubernetesClientSet()
if err != nil {
return err
@ -102,12 +98,6 @@ func kubernetesRun(kubefactory factory.Factory,
return err
}
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
clientConfig,
kubernetesOptions.RunAsUser,
kubernetesOptions.Namespace,
kubernetesOptions.ImagePullSecret,
configOpts.Timeout,
configOpts.ProxyURL)
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(), clientConfig, kubernetesOptions.RunAsUser, kubernetesOptions.Namespace, kubernetesOptions.ImagePullSecret, viper.GetInt("timeout"), viper.GetString("proxy"))
return buildProcessor.Start(b)
}

63
cmd/kubernetes_in_cluster.go
View File

@ -15,18 +15,20 @@ limitations under the License.
package cmd
import (
"bytes"
"log/slog"
"os"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)
// NewKubernetesInClusterCmd creates the `driverkit kubernetes` command.
func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewKubernetesInClusterCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
kubernetesInClusterCmd := &cobra.Command{
Use: "kubernetes-in-cluster",
Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
@ -40,42 +42,32 @@ func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions,
// Add root flags
kubernetesInClusterCmd.PersistentFlags().AddFlagSet(rootFlags)
kubernetesInClusterCmd.RunE = func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
kubernetesInClusterCmd.Run = func(cmd *cobra.Command, args []string) {
slog.With("processor", cmd.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
config, err := rest.InClusterConfig()
if err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
if err = factory.SetKubernetesDefaults(config); err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
if err = kubernetesInClusterRun(cmd, args, config, rootOpts); err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
return kubernetesInClusterRun(b, configOpts)
}
return nil
}
return kubernetesInClusterCmd
}
func kubernetesInClusterRun(b *builder.Build, configOpts *ConfigOptions) error {
kubeConfig, err := rest.InClusterConfig()
if err != nil {
return err
}
if err = factory.SetKubernetesDefaults(kubeConfig); err != nil {
return err
func kubernetesInClusterRun(_ *cobra.Command, _ []string, kubeConfig *rest.Config, rootOpts *RootOptions) error {
b := rootOpts.ToBuild()
if !b.HasOutputs() {
return nil
}
kc, err := kubernetes.NewForConfig(kubeConfig)
@ -83,12 +75,7 @@ func kubernetesInClusterRun(b *builder.Build, configOpts *ConfigOptions) error {
return err
}
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
kubeConfig,
kubernetesOptions.RunAsUser,
kubernetesOptions.Namespace,
kubernetesOptions.ImagePullSecret,
configOpts.Timeout,
configOpts.ProxyURL)
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(), kubeConfig, kubernetesOptions.RunAsUser, kubernetesOptions.Namespace, kubernetesOptions.ImagePullSecret, viper.GetInt("timeout"), viper.GetString("proxy"))
return buildProcessor.Start(b)
}

81
cmd/local.go
View File

@ -1,60 +1,58 @@
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"log/slog"
"os"
"os/user"
"runtime"
)
type localCmdOptions struct {
useDKMS bool
downloadHeaders bool
srcDir string
envMap map[string]string
useDKMS bool
srcDir string
envMap map[string]string
}
// NewLocalCmd creates the `driverkit local` command.
func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewLocalCmd(rootCommand *RootCmd, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
opts := localCmdOptions{}
localCmd := &cobra.Command{
Use: "local",
Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
Use: "local",
Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
PersistentPreRunE: persistentPreRunFunc(rootCommand, rootOpts),
Run: func(c *cobra.Command, args []string) {
slog.With("processor", c.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
b := rootOpts.ToBuild()
if !b.HasOutputs() {
return
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
if opts.useDKMS {
currentUser, err := user.Current()
if err != nil {
slog.With("err", err.Error()).Error("Failed to retrieve user. Exiting.")
os.Exit(1)
}
if currentUser.Username != "root" {
slog.Error("Must be run as root for DKMS build.")
os.Exit(1)
}
}
if err := driverbuilder.NewLocalBuildProcessor(viper.GetInt("timeout"), opts.useDKMS, opts.srcDir, opts.envMap).Start(b); err != nil {
slog.With("err", err.Error()).Error("exiting")
os.Exit(1)
}
return driverbuilder.NewLocalBuildProcessor(opts.useDKMS,
opts.downloadHeaders,
false,
opts.srcDir,
opts.envMap,
configOpts.Timeout).Start(b)
}
return nil
},
}
// Add root flags, but not the ones unneeded
unusedFlagsSet := map[string]struct{}{
"architecture": {},
"target": {},
"kernelurls": {},
"builderrepo": {},
"builderimage": {},
@ -73,9 +71,18 @@ func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pf
}
})
flagSet.BoolVar(&opts.useDKMS, "dkms", false, "Enforce usage of DKMS to build the kernel module.")
flagSet.BoolVar(&opts.downloadHeaders, "download-headers", false, "Try to automatically download kernel headers.")
flagSet.StringVar(&opts.srcDir, "src-dir", "", "Enforce usage of local source dir to build drivers.")
flagSet.StringToStringVar(&opts.envMap, "env", make(map[string]string), "Env variables to be enforced during the driver build.")
flagSet.StringToStringVar(&opts.envMap, "env", nil, "Env variables to be enforced during the driver build.")
localCmd.PersistentFlags().AddFlagSet(flagSet)
return localCmd
}
// Partially overrides rootCmd.persistentPreRunFunc setting some defaults before config init/validation stage.
func persistentPreRunFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
return func(c *cobra.Command, args []string) error {
// Default values
rootOpts.Target = "local"
rootOpts.Architecture = runtime.GOARCH
return rootCommand.c.PersistentPreRunE(c, args)
}
}

190
cmd/root.go
View File

@ -15,29 +15,32 @@ limitations under the License.
package cmd
import (
"errors"
"fmt"
"io"
"log/slog"
"os"
"runtime"
"sort"
"strings"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/driverkit/validate"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/version"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
homedir "github.com/mitchellh/go-homedir"
"github.com/spf13/viper"
)
func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
return func(c *cobra.Command, args []string) error {
var validationError = errors.New("exiting for validation errors")
configErr := configOpts.Init()
initConfig()
// Early exit if detect some error into config flags
if configErr {
return validationError
if configOptions.configErrors {
return fmt.Errorf("exiting for validation errors")
}
// Merge environment variables or config file values into the RootOptions instance
skip := map[string]bool{ // do not merge these
@ -58,13 +61,13 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
// rather than replace, it appends. Since viper will already have the cli options set
// if supplied, we only need this step if rootCommand doesn't already have them e.g.
// not set on CLI so read from config.
if cliURLs, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cliURLs) != 0 {
if cli_urls, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cli_urls) != 0 {
return
}
value := viper.GetStringSlice(name)
if len(value) != 0 {
strValue := strings.Join(value, ",")
_ = rootCommand.c.Flags().Set(name, strValue)
rootCommand.c.Flags().Set(name, strValue)
}
} else {
value := viper.GetString(name)
@ -76,7 +79,7 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
}
// set the value, if any, otherwise let the default
if value != "" {
_ = rootCommand.c.Flags().Set(name, value)
rootCommand.c.Flags().Set(name, value)
}
}
}
@ -89,12 +92,11 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
if c.Root() != c && c.Name() != "help" && c.Name() != "__complete" && c.Name() != "__completeNoDesc" && c.Name() != "completion" {
if errs := rootOpts.Validate(); errs != nil {
for _, err := range errs {
configOpts.Printer.Logger.Error("error validating build options",
configOpts.Printer.Logger.Args("err", err.Error()))
slog.With("err", err.Error()).Error("error validating build options")
}
return validationError
return fmt.Errorf("exiting for validation errors")
}
rootOpts.Log(configOpts.Printer)
rootOpts.Log()
}
return nil
}
@ -106,7 +108,9 @@ type RootCmd struct {
}
// NewRootCmd instantiates the root command.
func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
func NewRootCmd() *RootCmd {
configOptions = NewConfigOptions()
rootOpts := NewRootOptions()
rootCmd := &cobra.Command{
Use: "driverkit",
Short: "A command line tool to build Falco kernel modules and eBPF probes.",
@ -115,51 +119,74 @@ func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
Args: cobra.OnlyValidArgs,
DisableFlagsInUseLine: true,
DisableAutoGenTag: true,
SilenceErrors: true,
SilenceUsage: true,
Version: version.String(),
RunE: func(c *cobra.Command, args []string) error {
Run: func(c *cobra.Command, args []string) {
if len(args) == 0 {
configOpts.Printer.Logger.Info("specify a valid processor", configOpts.Printer.Logger.Args("processors", validProcessors))
slog.With("processors", validProcessors).Info("specify a valid processor")
}
// Fallback to help
return c.Help()
c.Help()
},
}
ret := &RootCmd{
c: rootCmd,
}
rootCmd.PersistentPreRunE = persistentValidateFunc(ret, configOpts, rootOpts)
rootCmd.PersistentPreRunE = persistentValidateFunc(ret, rootOpts)
flags := rootCmd.Flags()
targets := builder.Targets()
sort.Strings(targets)
configOpts.AddFlags(flags)
rootOpts.AddFlags(flags, targets)
flags.StringVarP(&configOptions.ConfigFile, "config", "c", configOptions.ConfigFile, "config file path (default $HOME/.driverkit.yaml if exists)")
flags.StringVarP(&configOptions.LogLevel, "loglevel", "l", configOptions.LogLevel, "log level")
flags.IntVar(&configOptions.Timeout, "timeout", configOptions.Timeout, "timeout in seconds")
flags.BoolVar(&configOptions.DryRun, "dryrun", configOptions.DryRun, "do not actually perform the action")
flags.StringVar(&configOptions.ProxyURL, "proxy", configOptions.ProxyURL, "the proxy to use to download data")
if err := viper.BindPFlags(flags); err != nil {
panic(err)
}
flags.StringVar(&rootOpts.Output.Module, "output-module", rootOpts.Output.Module, "filepath where to save the resulting kernel module")
flags.StringVar(&rootOpts.Output.Probe, "output-probe", rootOpts.Output.Probe, "filepath where to save the resulting eBPF probe")
flags.StringVar(&rootOpts.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
flags.StringVar(&rootOpts.DriverVersion, "driverversion", rootOpts.DriverVersion, "driver version as a git commit hash or as a git tag")
flags.StringVar(&rootOpts.KernelVersion, "kernelversion", rootOpts.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
flags.StringVar(&rootOpts.KernelRelease, "kernelrelease", rootOpts.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
flags.StringVarP(&rootOpts.Target, "target", "t", rootOpts.Target, "the system to target the build for, one of ["+strings.Join(targets, ",")+"]")
flags.StringVar(&rootOpts.KernelConfigData, "kernelconfigdata", rootOpts.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
flags.StringVar(&rootOpts.ModuleDeviceName, "moduledevicename", rootOpts.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
flags.StringVar(&rootOpts.ModuleDriverName, "moduledrivername", rootOpts.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
flags.StringVar(&rootOpts.BuilderImage, "builderimage", rootOpts.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
flags.StringVar(&rootOpts.GCCVersion, "gccversion", rootOpts.GCCVersion, "enforce a specific gcc version for the build")
flags.StringSliceVar(&rootOpts.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
flags.StringVar(&rootOpts.Repo.Org, "repo-org", rootOpts.Repo.Org, "repository github organization")
flags.StringVar(&rootOpts.Repo.Name, "repo-name", rootOpts.Repo.Name, "repository github name")
flags.StringVar(&rootOpts.Registry.Name, "registry-name", rootOpts.Registry.Name, "registry name to which authenticate")
flags.StringVar(&rootOpts.Registry.Username, "registry-user", rootOpts.Registry.Username, "registry username")
flags.StringVar(&rootOpts.Registry.Password, "registry-password", rootOpts.Registry.Password, "registry password")
flags.BoolVar(&rootOpts.Registry.PlainHTTP, "registry-plain-http", rootOpts.Registry.PlainHTTP, "allows interacting with remote registry via plain http requests")
viper.BindPFlags(flags)
// Flag annotations and custom completions
_ = rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
_ = rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return targets, cobra.ShellCompDirectiveDefault
})
_ = rootCmd.RegisterFlagCompletionFunc("architecture", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
rootCmd.RegisterFlagCompletionFunc("architecture", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return kernelrelease.SupportedArchs.Strings(), cobra.ShellCompDirectiveDefault
})
// Subcommands
rootCmd.AddCommand(NewKubernetesCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewKubernetesInClusterCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewDockerCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewLocalCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewImagesCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewCompletionCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewKubernetesCmd(rootOpts, flags))
rootCmd.AddCommand(NewKubernetesInClusterCmd(rootOpts, flags))
rootCmd.AddCommand(NewDockerCmd(rootOpts, flags))
rootCmd.AddCommand(NewLocalCmd(ret, rootOpts, flags))
rootCmd.AddCommand(NewImagesCmd(rootOpts, flags))
rootCmd.AddCommand(NewCompletionCmd())
ret.StripSensitive()
@ -188,15 +215,32 @@ func (r *RootCmd) Command() *cobra.Command {
return r.c
}
// SetArgs proxies the arguments to the underlying cobra.Command.
func (r *RootCmd) SetArgs(args []string) {
r.c.SetArgs(args)
func createDefaultLogger(w io.Writer) {
h := slog.NewTextHandler(w, &slog.HandlerOptions{
Level: validate.ProgramLevel,
ReplaceAttr: func(groups []string, a slog.Attr) slog.Attr {
if a.Key == slog.TimeKey {
return slog.Attr{}
}
return a
}})
slog.SetDefault(slog.New(h))
}
// SetOutput sets the main command output writer.
func (r *RootCmd) SetOutput(w io.Writer) {
r.c.SetOut(w)
r.c.SetErr(w)
createDefaultLogger(w)
}
func init() {
createDefaultLogger(os.Stdout)
}
// SetArgs proxies the arguments to the underlying cobra.Command.
func (r *RootCmd) SetArgs(args []string) {
r.c.SetArgs(args)
}
// Execute proxies the cobra.Command execution.
@ -206,30 +250,50 @@ func (r *RootCmd) Execute() error {
// Start creates the root command and runs it.
func Start() {
configOpts, err := NewConfigOptions()
if err != nil {
// configOpts will never be nil here
if configOpts != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
} else {
os.Exit(1)
}
}
rootOpts, err := NewRootOptions()
if err != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
}
// Cleanup spinner upon leaving if any
defer func() {
if configOpts.Printer.Spinner != nil {
_ = configOpts.Printer.Spinner.Stop()
}
}()
root := NewRootCmd(configOpts, rootOpts)
if err = root.Execute(); err != nil {
configOpts.Printer.Logger.Fatal("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
root := NewRootCmd()
if err := root.Execute(); err != nil {
slog.With("err", err.Error()).Error("error executing driverkit")
os.Exit(1)
}
}
// initConfig reads in config file and ENV variables if set.
func initConfig() {
if errs := configOptions.Validate(); errs != nil {
for _, err := range errs {
slog.With("err", err.Error()).Error("error validating config options")
}
// configOptions.configErrors should be true here
}
if configOptions.ConfigFile != "" {
viper.SetConfigFile(configOptions.ConfigFile)
} else {
// Find home directory.
home, err := homedir.Dir()
if err != nil {
slog.With("err", err.Error()).Debug("error getting the home directory")
// not setting configOptions.configErrors = true because we fallback to `$HOME/.driverkit.yaml` and try with it
}
viper.AddConfigPath(home)
viper.SetConfigName(".driverkit")
}
viper.AutomaticEnv()
viper.SetEnvPrefix("driverkit")
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
// If a config file is found, read it in.
if err := viper.ReadInConfig(); err == nil {
slog.With("file", viper.ConfigFileUsed()).Info("using config file")
} else {
if _, ok := err.(viper.ConfigFileNotFoundError); ok {
// Config file not found, ignore ...
slog.Debug("running without a configuration file")
} else {
// Config file was found but another error was produced
slog.With("file", viper.ConfigFileUsed(), "err", err.Error()).Debug("error running with config file")
configOptions.configErrors = true
}
}
}

92
cmd/root_options.go
View File

@ -15,12 +15,9 @@ limitations under the License.
package cmd
import (
"errors"
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/spf13/pflag"
"fmt"
"log/slog"
"os"
"runtime"
"strings"
"github.com/creasty/defaults"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
@ -35,10 +32,6 @@ type OutputOptions struct {
Probe string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
}
func (oo *OutputOptions) HasOutputs() bool {
return oo.Module != "" || oo.Probe != ""
}
type RepoOptions struct {
Org string `default:"falcosecurity" name:"organization name"`
Name string `default:"libs" name:"repo name"`
@ -75,23 +68,23 @@ func init() {
}
// NewRootOptions ...
func NewRootOptions() (*RootOptions, error) {
func NewRootOptions() *RootOptions {
rootOpts := &RootOptions{}
if err := defaults.Set(rootOpts); err != nil {
return nil, err
slog.With("err", err.Error(), "options", "RootOptions").Error("error setting driverkit options defaults")
os.Exit(1)
}
return rootOpts, nil
return rootOpts
}
// Validate validates the RootOptions fields.
func (ro *RootOptions) Validate() []error {
if err := validate.V.Struct(ro); err != nil {
var errs validator.ValidationErrors
errors.As(err, &errs)
errors := err.(validator.ValidationErrors)
errArr := []error{}
for _, e := range errs {
for _, e := range errors {
// Translate each error one at a time
errArr = append(errArr, errors.New(e.Translate(validate.T)))
errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
}
return errArr
}
@ -100,58 +93,31 @@ func (ro *RootOptions) Validate() []error {
kr := kernelrelease.FromString(ro.KernelRelease)
kr.Architecture = kernelrelease.Architecture(ro.Architecture)
if !kr.SupportsModule() && !kr.SupportsProbe() {
return []error{errors.New("both module and probe are not supported by given options")}
return []error{fmt.Errorf("both module and probe are not supported by given options")}
}
return nil
}
func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
flags.StringVar(&ro.KernelRelease, "kernelrelease", ro.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
flags.StringVarP(&ro.Target, "target", "t", ro.Target, "the system to target the build for, one of ["+strings.Join(targets, ",")+"]")
flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
flags.StringSliceVar(&ro.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
flags.StringVar(&ro.Repo.Org, "repo-org", ro.Repo.Org, "repository github organization")
flags.StringVar(&ro.Repo.Name, "repo-name", ro.Repo.Name, "repository github name")
flags.StringVar(&ro.Registry.Name, "registry-name", ro.Registry.Name, "registry name to which authenticate")
flags.StringVar(&ro.Registry.Username, "registry-user", ro.Registry.Username, "registry username")
flags.StringVar(&ro.Registry.Password, "registry-password", ro.Registry.Password, "registry password")
flags.BoolVar(&ro.Registry.PlainHTTP, "registry-plain-http", ro.Registry.PlainHTTP, "allows interacting with remote registry via plain http requests")
}
// Log emits a log line containing the receiving RootOptions for debugging purposes.
//
// Call it only after validation.
func (ro *RootOptions) Log(printer *output.Printer) {
printer.Logger.Debug("running with options",
printer.Logger.Args(
"output-module", ro.Output.Module,
"output-probe", ro.Output.Probe,
"driverversion", ro.DriverVersion,
"kernelrelease", ro.KernelRelease,
"kernelversion", ro.KernelVersion,
"target", ro.Target,
"arch", ro.Architecture,
"kernelurls", ro.KernelUrls,
"repo-org", ro.Repo.Org,
"repo-name", ro.Repo.Name,
))
func (ro *RootOptions) Log() {
slog.Debug("running with options",
"output-module", ro.Output.Module,
"output-probe", ro.Output.Probe,
"driverversion", ro.DriverVersion,
"kernelrelease", ro.KernelRelease,
"kernelversion", ro.KernelVersion,
"target", ro.Target,
"arch", ro.Architecture,
"kernelurls", ro.KernelUrls,
"repo-org", ro.Repo.Org,
"repo-name", ro.Repo.Name,
)
}
func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
func (ro *RootOptions) ToBuild() *builder.Build {
kernelConfigData := ro.KernelConfigData
if len(kernelConfigData) == 0 {
kernelConfigData = "bm8tZGF0YQ==" // no-data
@ -179,7 +145,6 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
RegistryUser: ro.Registry.Username,
RegistryPassword: ro.Registry.Password,
RegistryPlainHTTP: ro.Registry.PlainHTTP,
Printer: printer,
}
// loop over BuilderRepos to build the list ImagesListers based on the value of the builderRepo:
@ -195,8 +160,7 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
imageLister, err = builder.NewRepoImagesLister(builderRepo, build)
}
if err != nil {
printer.Logger.Warn("skipping repo",
printer.Logger.Args("repo", builderRepo, "err", err.Error()))
slog.With("err", err.Error()).Warn("Skipping repo", "repo", builderRepo)
} else {
build.ImagesListers = append(build.ImagesListers, imageLister)
}
@ -206,13 +170,11 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
kr := build.KernelReleaseFromBuildConfig()
if len(build.ModuleFilePath) > 0 && !kr.SupportsModule() {
build.ModuleFilePath = ""
printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
printer.Logger.Args("kernelrelease", kr.String()))
slog.Warn("Skipping build attempt of module for unsupported kernel release", "kernelrelease", kr.String())
}
if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
build.ProbeFilePath = ""
printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
printer.Logger.Args("kernelrelease", kr.String()))
slog.Warn("Skipping build attempt of probe for unsupported kernel release", "kernelrelease", kr.String())
}
return build
}

3
cmd/testdata/autohelp.txt vendored
View File

@ -1,5 +1,4 @@
INFO specify a valid processor
└ processors: [docker kubernetes kubernetes-in-cluster local]
level=INFO msg="specify a valid processor" processors="[docker kubernetes kubernetes-in-cluster local]"
{{ .Desc }}
{{ .Usage }}

1
cmd/testdata/configs/1.yaml vendored
View File

@ -3,5 +3,4 @@ kernelversion: 59
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master

1
cmd/testdata/configs/2.yaml vendored
View File

@ -7,5 +7,4 @@ kernelurls: [
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master

16
cmd/testdata/docker-from-config-debug.txt vendored
View File

@ -1,13 +1,3 @@
INFO using config file file: testdata/configs/1.yaml
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: []
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
level=INFO msg="using config file" file=testdata/configs/1.yaml
level=DEBUG msg="running with options" output-module=/tmp/falco-ubuntu-aws.ko output-probe="" driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 target=ubuntu-aws arch={{ .CurrentArch }} kernelurls=[] repo-org=falcosecurity repo-name=libs
level=INFO msg="driver building, it will take a few seconds" processor=docker

16
cmd/testdata/docker-override-from-config-debug.txt vendored
View File

@ -1,13 +1,3 @@
INFO using config file file: testdata/configs/1.yaml
DEBUG running with options
├ output-module: /tmp/override.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 229
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: []
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
level=INFO msg="using config file" file=testdata/configs/1.yaml
level=DEBUG msg="running with options" output-module=/tmp/override.ko output-probe="" driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=229 target=ubuntu-aws arch={{ .CurrentArch }} kernelurls=[] repo-org=falcosecurity repo-name=libs
level=INFO msg="driver building, it will take a few seconds" processor=docker

16
cmd/testdata/docker-override-urls-from-config-debug.txt vendored
View File

@ -1,13 +1,3 @@
INFO using config file file: testdata/configs/2.yaml
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
level=INFO msg="using config file" file=testdata/configs/2.yaml
level=DEBUG msg="running with options" output-module=/tmp/falco-ubuntu-aws.ko output-probe="" driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 target=ubuntu-aws arch={{ .CurrentArch }} kernelurls="[https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]" repo-org=falcosecurity repo-name=libs
level=INFO msg="driver building, it will take a few seconds" processor=docker

16
cmd/testdata/docker-related-target-debug.txt vendored
View File

@ -1,13 +1,3 @@
DEBUG running without a configuration file
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-azure.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-azure
├ kernelversion: 62
├ target: ubuntu-azure
├ arch: {{ .CurrentArch }}
├ kernelurls: [http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
level=DEBUG msg="running without a configuration file"
level=DEBUG msg="running with options" output-module=/tmp/falco-ubuntu-azure.ko output-probe="" driverversion=master kernelrelease=4.15.0-1057-azure kernelversion=62 target=ubuntu-azure arch={{ .CurrentArch }} kernelurls="[http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]" repo-org=falcosecurity repo-name=libs
level=INFO msg="driver building, it will take a few seconds" processor=docker

12
cmd/testdata/docker-target-redhat-validation-error-debug.txt vendored
View File

@ -1,4 +1,8 @@
DEBUG running without a configuration file
ERROR error validating build options
└ err: builder image is a required field when target is redhat
ERROR error executing driverkit err: exiting for validation errors
level=DEBUG msg="running without a configuration file"
level=ERROR msg="error validating build options" err="builder image is a required field when target is redhat"
Error: exiting for validation errors
Usage:
driverkit docker [flags]
{{ .Flags }}

16
cmd/testdata/docker-with-flags-debug.txt vendored
View File

@ -1,13 +1,3 @@
DEBUG running without a configuration file
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
level=DEBUG msg="running without a configuration file"
level=DEBUG msg="running with options" output-module=/tmp/falco-ubuntu-aws.ko output-probe="" driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 target=ubuntu-aws arch={{ .CurrentArch }} kernelurls="[https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]" repo-org=falcosecurity repo-name=libs
level=INFO msg="driver building, it will take a few seconds" processor=docker

2
cmd/testdata/docker-with-flags.txt vendored
View File

@ -1 +1 @@
INFO starting build processor: docker
level=INFO msg="driver building, it will take a few seconds" processor=docker

17
cmd/testdata/dockernoopts.txt vendored
View File

@ -1,7 +1,10 @@
ERROR error validating build options err: kernel release is a required field
ERROR error validating build options err: target is a required field
ERROR error validating build options
└ err: output module path is required when probe is missing
ERROR error validating build options
└ err: output probe path is required when module is missing
ERROR error executing driverkit err: exiting for validation errors
level=ERROR msg="error validating build options" err="kernel release is a required field"
level=ERROR msg="error validating build options" err="target is a required field"
level=ERROR msg="error validating build options" err="output module path is required when probe is missing"
level=ERROR msg="error validating build options" err="output probe path is required when module is missing"
Error: exiting for validation errors
Usage:
driverkit docker [flags]
{{ .Flags }}

14
cmd/testdata/invalid-proxyconfig.txt vendored
View File

@ -1,3 +1,11 @@
ERROR error validating config options
└ err: proxy url must start with http:// or https:// or socks5:// prefix
ERROR error executing driverkit err: exiting for validation errors
level=ERROR msg="error validating config options" err="proxy url must start with http:// or https:// or socks5:// prefix"
Error: exiting for validation errors
{{ .Usage }}
{{ .Commands }}
{{ .Flags }}
-v, --version version for driverkit
{{ .Info }}

11
cmd/testdata/non-existent-processor.txt vendored
View File

@ -1 +1,10 @@
ERROR error executing driverkit err: invalid argument "abc" for "driverkit"
Error: invalid argument "abc" for "driverkit"
{{ .Usage }}
{{ .Commands }}
{{ .Flags }}
-v, --version version for driverkit
{{ .Info }}

2
cmd/testdata/templates/flags.txt vendored
View File

@ -11,7 +11,7 @@ Flags:
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "INFO")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module

34
docgen/docgen.go
View File

@ -18,6 +18,8 @@ import (
"bytes"
"flag"
"fmt"
"io/ioutil"
"log/slog"
"os"
"path"
"strings"
@ -59,22 +61,7 @@ func main() {
flag.Parse()
// Get root command
configOpts, err := cmd.NewConfigOptions()
if err != nil {
// configOpts will never be nil here
if configOpts != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
} else {
os.Exit(1)
}
}
rootOpts, err := cmd.NewRootOptions()
if err != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
}
driverkit := cmd.NewRootCmd(configOpts, rootOpts)
driverkit := cmd.NewRootCmd()
root := driverkit.Command()
num := len(root.Commands()) + 1
@ -97,20 +84,23 @@ func main() {
}
// Generate markdown docs
err = doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
err := doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
if err != nil {
configOpts.Printer.Logger.Fatal("markdown generation", configOpts.Printer.Logger.Args("err", err.Error()))
slog.With("err", err.Error()).Error("markdown generation")
os.Exit(1)
}
if targetWebsite {
err = os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
if err != nil {
configOpts.Printer.Logger.Fatal("renaming main docs page", configOpts.Printer.Logger.Args("err", err.Error()))
slog.With("err", err.Error()).Error("renaming main docs page")
os.Exit(1)
}
}
if err = stripSensitive(); err != nil {
configOpts.Printer.Logger.Fatal("error replacing sensitive data", configOpts.Printer.Logger.Args("err", err.Error()))
slog.With("err", err.Error()).Error("error replacing sensitive data")
os.Exit(1)
}
}
@ -127,7 +117,7 @@ func stripSensitive() error {
for _, file := range files {
filePath := path.Join(outputDir, file.Name())
file, err := os.ReadFile(filePath)
file, err := ioutil.ReadFile(filePath)
if err != nil {
return err
}
@ -137,7 +127,7 @@ func stripSensitive() error {
target := []byte(os.Getenv(s))
file = bytes.ReplaceAll(file, target, append(envMark, []byte(s)...))
}
if err = os.WriteFile(filePath, file, 0666); err != nil {
if err = ioutil.WriteFile(filePath, file, 0666); err != nil {
return err
}
}

32
docker/builders/builder-amazonlinux2-x86_64_gcc10.0.0.Dockerfile
View File

@ -1,32 +0,0 @@
FROM amazonlinux:2.0.20240529.0
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
RUN yum -y install gcc10 \
clang \
llvm \
bash-completion \
bc \
ca-certificates \
curl \
gnupg2 \
libc6-dev \
elfutils-libelf-devel \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
wget \
binutils \
which \
make \
cmake3 \
tar \
zstd \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc10-cc /usr/bin/gcc-10.0.0
RUN ln -s /usr/bin/cmake3 /usr/bin/cmake

1
docker/builders/builder-any-aarch64_gcc13.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc13.0.0.Dockerfile

1
docker/builders/builder-any-aarch64_gcc14.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc14.0.0.Dockerfile

6
docker/builders/builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile
View File

@ -39,10 +39,8 @@ RUN apt-get update \
software-properties-common \
gpg \
zstd \
cmake \
git \
&& rm -rf /var/lib/apt/lists/*
&& rm -rf /var/lib/apt/lists/*
# Properly create soft link
RUN ln -s /usr/bin/gcc-9 /usr/bin/gcc-9.0.0
RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc-10.0.0
RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc-10.0.0

4
docker/builders/builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile
View File

@ -39,9 +39,7 @@ RUN apt-get update \
software-properties-common \
gpg \
zstd \
cmake \
git \
&& rm -rf /var/lib/apt/lists/*
&& rm -rf /var/lib/apt/lists/*
# Properly create soft links
RUN ln -s /usr/bin/gcc-11 /usr/bin/gcc-11.0.0

40
docker/builders/builder-any-x86_64_gcc13.0.0.Dockerfile
View File

@ -1,40 +0,0 @@
FROM fedora:39
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN dnf install -y \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
jq \
glibc-devel \
elfutils-libelf-devel \
netcat \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
ncurses-devel \
systemd-devel \
pciutils-devel \
binutils-devel \
lsb-release \
wget \
gpg \
zstd \
cmake \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc /usr/bin/gcc-13.0.0

40
docker/builders/builder-any-x86_64_gcc14.0.0.Dockerfile
View File

@ -1,40 +0,0 @@
FROM fedora:41
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN dnf install -y \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
jq \
glibc-devel \
elfutils-libelf-devel \
netcat \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
ncurses-devel \
systemd-devel \
pciutils-devel \
binutils-devel \
lsb-release \
wget \
gpg \
zstd \
cmake \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc /usr/bin/gcc-14.0.0

23
docker/builders/builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
View File

@ -1,4 +1,4 @@
FROM debian:buster
FROM debian:buster-backports
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
@ -6,23 +6,16 @@ ARG TARGETARCH
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
# Use 20250630T203427Z debian apt snapshot as it still contains support for buster.
RUN cat <<EOF > /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster main
deb http://snapshot.debian.org/archive/debian-security/20250630T203427Z buster/updates main
deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster-updates main
EOF
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash-completion \
bc \
clang \
llvm \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
dwarves/buster-backports \
gnupg2 \
gcc \
jq \
@ -47,8 +40,7 @@ RUN apt-get update \
zstd \
gawk \
mawk \
git \
&& rm -rf /var/lib/apt/lists/*
&& rm -rf /var/lib/apt/lists/*
RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get install -y --no-install-recommends libmpx2; fi
@ -131,13 +123,6 @@ RUN curl -L -o binutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dep
&& dpkg -i *binutils*.deb \
&& rm -f *binutils*.deb
# Install a recent version of cmake (debian buster has at most 3.13)
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
gzip -d /tmp/cmake.tar.gz; \
tar -xpf /tmp/cmake.tar --directory=/tmp; \
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
# Properly create soft link
RUN ln -s /usr/bin/gcc-4.8 /usr/bin/gcc-4.8.0
RUN if [ "$TARGETARCH" = "amd64" ] ; then ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.9.0; fi;

25
docker/builders/builder-centos-x86_64_gcc4.8.5.Dockerfile
View File

@ -2,19 +2,8 @@ FROM centos:7
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
# Fix broken mirrors - centos:7 eol
RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
RUN yum -y install centos-release-scl
# fix broken mirrors (again)
RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
RUN yum -y install gcc \
RUN yum -y install centos-release-scl && \
yum -y install gcc \
llvm-toolset-7.0 \
bash-completion \
bc \
@ -32,15 +21,7 @@ RUN yum -y install gcc \
wget \
binutils \
which \
make \
git
# Install cmake3.x (on centos7 `cmake` package installs cmake2.x)
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
gzip -d /tmp/cmake.tar.gz; \
tar -xpf /tmp/cmake.tar --directory=/tmp; \
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
make
# Properly create soft link
RUN ln -s /usr/bin/gcc /usr/bin/gcc-4.8.5

82
docs/builder.md
View File

@ -13,8 +13,7 @@ If that distribution is not yet supported by driverkit, the Falco Drivers Build
Adding support for a new distro is a multiple-step work:
* first of all, a new builder on driverkit must be created
* secondly, [kernel-crawler](https://github.com/falcosecurity/kernel-crawler) must also be updated to support the new distro; see [below](#5-kernel-crawler) section
* third, [dbg-go](https://github.com/falcosecurity/dbg-go) must [bump driverkit](https://github.com/falcosecurity/dbg-go?tab=readme-ov-file#bumping-driverkit) and enable support to generate configs for the new distro: https://github.com/falcosecurity/dbg-go/blob/main/pkg/root/distro.go#L30.
* lastly, [test-infra](https://github.com/falcosecurity/test-infra) must be updated to add the new [prow config](https://github.com/falcosecurity/test-infra/tree/master/config/jobs/build-drivers) for new distro related jobs and `dbg-go` images must be bumped, see https://github.com/falcosecurity/test-infra/tree/master/images/build-drivers and https://github.com/falcosecurity/test-infra/tree/master/images/update-dbg.
* lastly, [test-infra](https://github.com/falcosecurity/test-infra) must be updated to add the new [prow config](https://github.com/falcosecurity/test-infra/tree/master/config/jobs/build-drivers) for new distro related jobs
Here, we will only focus about driverkit part.
@ -38,7 +37,7 @@ Your builder will need a constant for the target it implements. Usually that con
can just be the ID of the distribution you are implementing, as taken reading `/etc/os-release` file.
A builder can implement more than one target at time. For example, the minikube builder is just a vanilla one.
Once you have the constant, you will need to add it to the [byTarget](https://github.com/falcosecurity/driverkit/blob/master/pkg/driverbuilder/builder/target.go) map.
Once you have the constant, you will need to add it to the `BuilderByTarget` map.
Open your file and you will need to add something like this:
```go
@ -49,7 +48,7 @@ type archLinux struct {
}
func init() {
byTarget[TargetTypeArchLinux] = &archLinux{}
BuilderByTarget[TargetTypeArchLinux] = &archLinux{}
}
```
@ -59,19 +58,15 @@ you just registered.
Here's a very minimalistic example:
```go
func (c *archlinux) Name() string {
func (c archlinux) Name() string {
return TargetTypeArchlinux.String()
}
func (c *archlinux) TemplateKernelUrlsScript() string {
return archlinuxKernelTemplate
func (c archlinux) TemplateScript() string {
return archlinuxTemplate
}
func (c *archlinux) TemplateScript() string {
return archlinuxTemplate
}
func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
func (c archlinux) URLs(cfg Config, kr kernelrelease.KernelRelease) ([]string, error) {
urls := []string{}
if kr.Architecture == kernelrelease.ArchitectureAmd64 {
urls = append(urls, fmt.Sprintf("https://archive.archlinux.org/packages/l/linux-headers/linux-headers-%s.%s-%d-%s.pkg.tar.xz",
@ -80,7 +75,7 @@ func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
cfg.KernelVersion,
kr.Architecture.ToNonDeb()))
} else {
urls = append(urls, fmt.Sprintf("https://alaa.ad24.cz/packages/l/linux-%s-headers/linux-%s-headers-%s-%d-%s.pkg.tar.xz",
urls = append(urls, fmt.Sprintf("http://tardis.tiny-vps.com/aarm/packages/l/linux-%s-headers/linux-%s-headers-%s-%d-%s.pkg.tar.xz",
kr.Architecture.ToNonDeb(),
kr.Architecture.ToNonDeb(),
kr.Fullversion,
@ -90,17 +85,17 @@ func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return urls, nil
}
func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c archlinux) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return archlinuxTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(),
KernelDownloadURL: urls[0],
}
}
```
Essentially, the various methods that you are implementing are needed to:
* fill the kernel download/extract script template, a `bash` script responsible to fetch and extract the kernel headers for the distro
* fill the build script template (see below), that is a `bash` script that will be executed by driverkit at build time
* return a list of possible kernel headers urls that will later be downloaded by the kernel download script, and then used for the driver build
* fill the script template (see below), that is a `bash` script that will be executed by driverkit at build time
* fetch kernel headers urls that will later be downloaded inside the builder container, and used for the driver build
Under `pkg/driverbuilder/builder/templates` folder, you can find all the template scripts for the supported builders.
Adding a new template there and using `go:embed` to include it in your builder, allows leaner code
@ -108,57 +103,14 @@ without mixing up templates and builder logic.
For example:
```go
//go:embed templates/archlinux_kernel.sh
var archlinuxKernelTemplate string
//go:embed templates/archlinux.sh
var archlinuxTemplate string
```
Depending on how the distro works, the "kernel" template script will fetch the kernel headers for it at the specific kernel version specified
in the `Config` struct at `c.Build.KernelVersion`, and then extracting them.
Finally, the script will also `export` the `KERNELDIR` variable to be consumed by the actual build script.
Example kernel download template for archlinux:
```bash
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
tar -xf kernel-devel.pkg.tar.xz
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/lib/modules/*/build/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel
```
Depending on how the distro works, the script will need to fetch the kernel headers for it at the specific kernel version specified
in the `Config` struct at `c.Build.KernelVersion`.
Once you have those, based on what that kernel can do and based on what was configured
by the user, the build script will build the kernel module driver and/or the eBPF probe driver.
Example build template for archlinux:
```bash
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
{{ end }}
```
by the user you will need to build the kernel module driver and/or the eBPF probe driver.
How does this work?
@ -193,4 +145,4 @@ can also support collecting the new builders kernel versions and header package
for the new builder are automatically built by [test-infra](https://github.com/falcosecurity/test-infra). If required, add a feature request
for support for the new builder on the kernel-crawler repository.
> **NOTE**: be sure that the crawler you are going to add is interesting for the community as a whole.
> **NOTE**: be sure that the crawler you are going to add is interesting for the community as a whole.

5
docs/driverkit.md
View File

@ -21,7 +21,7 @@ driverkit
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "INFO")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
@ -33,7 +33,7 @@ driverkit
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```
@ -44,5 +44,4 @@ driverkit
* [driverkit images](driverkit_images.md) - List builder images
* [driverkit kubernetes](driverkit_kubernetes.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
* [driverkit local](driverkit_local.md) - Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.

4
docs/driverkit_docker.md
View File

@ -21,7 +21,7 @@ driverkit docker [flags]
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "INFO")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
@ -33,7 +33,7 @@ driverkit docker [flags]
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```

4
docs/driverkit_images.md
View File

@ -21,7 +21,7 @@ driverkit images [flags]
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "INFO")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
@ -33,7 +33,7 @@ driverkit images [flags]
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```

4
docs/driverkit_kubernetes-in-cluster.md
View File

@ -22,7 +22,7 @@ driverkit kubernetes-in-cluster [flags]
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "INFO")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-n, --namespace string If present, the namespace scope for the pods and its config (default "default")
@ -36,7 +36,7 @@ driverkit kubernetes-in-cluster [flags]
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
--run-as-user int Pods runner user
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```

5
docs/driverkit_kubernetes.md
View File

@ -22,7 +22,6 @@ driverkit kubernetes [flags]
--cluster string the name of the kubeconfig cluster to use
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--context string the name of the kubeconfig context to use
--disable-compression if true, opt-out of response compression for all requests to the server
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
@ -34,7 +33,7 @@ driverkit kubernetes [flags]
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
--kubeconfig string path to the kubeconfig file to use for CLI requests
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
-l, --loglevel string log level (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-n, --namespace string If present, the namespace scope for the pods and its config (default "default")
@ -50,7 +49,7 @@ driverkit kubernetes [flags]
--request-timeout string the length of time to wait before giving up on a single server request, non-zero values should contain a corresponding time unit (e.g, 1s, 2m, 3h), a value of zero means don't timeout requests (default "0")
--run-as-user int Pods runner user
-s, --server string the address and port of the Kubernetes API server
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
--tls-server-name string server name to use for server certificate validation, if it is not provided, the hostname used to contact the server is used
--token string bearer token for authentication to the API server

36
docs/driverkit_local.md
View File

@ -1,36 +0,0 @@
## driverkit local
Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
```
driverkit local [flags]
```
### Options
```
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--dkms Enforce usage of DKMS to build the kernel module.
--download-headers Try to automatically download kernel headers.
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--env stringToString Env variables to be enforced during the driver build. (default [])
-h, --help help for local
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
--src-dir string Enforce usage of local source dir to build drivers.
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```
### SEE ALSO
* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes.

208
go.mod
View File

@ -1,162 +1,142 @@
module github.com/falcosecurity/driverkit
go 1.24.1
toolchain go1.24.2
go 1.21
require (
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
github.com/blang/semver/v4 v4.0.0
github.com/blang/semver v3.5.1+incompatible
github.com/containerd/containerd v1.7.5 // indirect
github.com/creasty/defaults v1.7.0
github.com/docker/docker v28.3.3+incompatible
github.com/falcosecurity/falcoctl v0.11.1
github.com/docker/docker v24.0.7+incompatible
github.com/go-playground/locales v0.14.1
github.com/go-playground/universal-translator v0.18.1
github.com/go-playground/validator/v10 v10.24.0
github.com/go-playground/validator/v10 v10.15.3
github.com/mitchellh/go-homedir v1.1.0
github.com/olekukonko/tablewriter v0.0.5
github.com/opencontainers/image-spec v1.1.1
github.com/pterm/pterm v0.12.80
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/spf13/viper v1.20.0
gopkg.in/yaml.v3 v3.0.1
github.com/opencontainers/image-spec v1.1.0-rc4
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/cobra v1.7.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.16.0
gotest.tools v2.2.0+incompatible
k8s.io/api v0.32.3
k8s.io/apimachinery v0.32.3
k8s.io/cli-runtime v0.30.0
k8s.io/client-go v0.32.3
k8s.io/kubectl v0.30.0
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite v1.29.9
oras.land/oras-go/v2 v2.5.0
k8s.io/api v0.28.1
k8s.io/apimachinery v0.28.1
k8s.io/cli-runtime v0.28.1
k8s.io/client-go v0.28.1
k8s.io/kubectl v0.28.1
k8s.io/utils v0.0.0-20230726121419-3b25d923346b
modernc.org/sqlite v1.25.0
)
require (
atomicgo.dev/cursor v0.2.0 // indirect
atomicgo.dev/keyboard v0.2.9 // indirect
atomicgo.dev/schedule v0.1.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/falcosecurity/falcoctl v0.6.0
github.com/olekukonko/tablewriter v0.0.5
gopkg.in/yaml.v3 v3.0.1
oras.land/oras-go/v2 v2.3.0
)
require (
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/chai2010/gettext-go v1.0.3 // indirect
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
github.com/creack/pty v1.1.21 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.10.0 // indirect
github.com/chai2010/gettext-go v1.0.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/docker/distribution v2.8.2+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/fatih/camelcase v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/fsnotify/fsnotify v1.6.0 // indirect
github.com/fvbommel/sortorder v1.1.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
github.com/go-errors/errors v1.5.1 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/btree v1.1.2 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gookit/color v1.5.4 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/google/uuid v1.3.1 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.18.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/klauspost/compress v1.16.7 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/lithammer/fuzzysearch v1.1.8 // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mattn/go-runewidth v0.0.15 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/go-archive v0.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/spdystream v0.5.0 // indirect
github.com/moby/sys/atomicwriter v0.1.0 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/user v0.4.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/moby/spdystream v0.2.0 // indirect
github.com/moby/sys/sequential v0.5.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/ncruces/go-strftime v0.1.9 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/opencontainers/runc v1.1.9 // indirect
github.com/pelletier/go-toml/v2 v2.1.0 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect
github.com/rivo/uniseg v0.4.4 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.7.0 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.12.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/sergi/go-diff v1.2.0 // indirect
github.com/spf13/afero v1.9.5 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
go.opentelemetry.io/otel v1.34.0 // indirect
go.opentelemetry.io/otel/metric v1.34.0 // indirect
go.opentelemetry.io/otel/trace v1.34.0 // indirect
go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.36.0 // indirect
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/oauth2 v0.28.0 // indirect
golang.org/x/sync v0.12.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/time v0.11.0 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
go.starlark.net v0.0.0-20230831151029-c9e9adf3fde2 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/mod v0.12.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.11.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gotest.tools/v3 v3.5.2 // indirect
k8s.io/component-base v0.30.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b // indirect
modernc.org/libc v1.50.5 // indirect
gotest.tools/v3 v3.4.0 // indirect
k8s.io/component-base v0.28.1 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230901164831-6c774f458599 // indirect
lukechampine.com/uint128 v1.3.0 // indirect
modernc.org/cc/v3 v3.41.0 // indirect
modernc.org/ccgo/v3 v3.16.15 // indirect
modernc.org/libc v1.24.1 // indirect
modernc.org/mathutil v1.6.0 // indirect
modernc.org/memory v1.8.0 // indirect
modernc.org/memory v1.7.1 // indirect
modernc.org/opt v0.1.3 // indirect
modernc.org/strutil v1.2.0 // indirect
modernc.org/token v1.1.0 // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/kustomize/api v0.17.1 // indirect
sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.14.0 // indirect
sigs.k8s.io/kustomize/kyaml v0.14.3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

928
go.sum
View File

File diff suppressed because it is too large Load Diff

13
pkg/driverbuilder/builder/aliyunlinux.go
View File

@ -21,9 +21,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/alinux_kernel.sh
var alinuxKernelTemplate string
//go:embed templates/alinux.sh
var alinuxTemplate string
@ -35,6 +32,7 @@ func init() {
}
type alinuxTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -45,10 +43,6 @@ func (c *alinux) Name() string {
return TargetTypeAlinux.String()
}
func (c *alinux) TemplateKernelUrlsScript() string {
return alinuxKernelTemplate
}
func (c *alinux) TemplateScript() string {
return alinuxTemplate
}
@ -57,9 +51,10 @@ func (c *alinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAlinuxKernelURLS(kr), nil
}
func (c *alinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *alinux) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return alinuxTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

13
pkg/driverbuilder/builder/almalinux.go
View File

@ -21,9 +21,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/almalinux_kernel.sh
var almaKernelTemplate string
//go:embed templates/almalinux.sh
var almaTemplate string
@ -35,6 +32,7 @@ func init() {
}
type almaTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -46,10 +44,6 @@ func (c *alma) Name() string {
return TargetTypeAlma.String()
}
func (c *alma) TemplateKernelUrlsScript() string {
return almaKernelTemplate
}
func (c *alma) TemplateScript() string {
return almaTemplate
}
@ -58,9 +52,10 @@ func (c *alma) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAlmaKernelURLS(kr), nil
}
func (c *alma) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *alma) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return almaTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

191
pkg/driverbuilder/builder/amazonlinux.go
View File

@ -22,9 +22,10 @@ import (
"database/sql"
_ "embed"
"fmt"
"github.com/blang/semver/v4"
"io"
"io/ioutil"
"log"
"log/slog"
"net/http"
"os"
"strings"
@ -34,9 +35,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/amazonlinux_kernel.sh
var amazonlinuxKernelTemplate string
//go:embed templates/amazonlinux.sh
var amazonlinuxTemplate string
@ -82,6 +80,7 @@ func init() {
}
type amazonlinuxTemplateData struct {
commonTemplateData
KernelDownloadURLs []string
}
@ -89,8 +88,6 @@ func (a *amazonlinux) Name() string {
return TargetTypeAmazonLinux.String()
}
func (a *amazonlinux) TemplateKernelUrlsScript() string { return amazonlinuxKernelTemplate }
func (a *amazonlinux) TemplateScript() string {
return amazonlinuxTemplate
}
@ -99,8 +96,9 @@ func (a *amazonlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (a *amazonlinux) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return amazonlinuxTemplateData{
commonTemplateData: c.toTemplateData(a, kr),
KernelDownloadURLs: urls,
}
}
@ -164,7 +162,7 @@ func (a *amazonlinux2023) repos() []string {
}
func (a *amazonlinux2023) baseUrl() string {
return "https://cdn.amazonlinux.com/al2023/core/mirrors"
return "https://cdn.amazonlinux.com/al2023/core/mirrors/"
}
func (a *amazonlinux2023) ext() string {
@ -179,14 +177,6 @@ func (a *amazonlinux2) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux2) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
// 5.10 amazonlinux2 kernels need gcc 10
if kr.Major == 5 && kr.Minor == 10 {
return semver.Version{Major: 10}
}
return semver.Version{}
}
func (a *amazonlinux2) repos() []string {
return []string{
"core/2.0",
@ -210,13 +200,16 @@ func buildMirror(a amazonBuilder, r string, kv kernelrelease.KernelRelease) (str
switch a.(type) {
case *amazonlinux:
baseURL = fmt.Sprintf("%s/%s", a.baseUrl(), r)
case *amazonlinux2, *amazonlinux2022, *amazonlinux2023:
case *amazonlinux2:
baseURL = fmt.Sprintf("%s/%s/%s", a.baseUrl(), r, kv.Architecture.ToNonDeb())
case *amazonlinux2022:
baseURL = fmt.Sprintf("%s/%s/%s", a.baseUrl(), r, kv.Architecture.ToNonDeb())
default:
return "", fmt.Errorf("unsupported target")
}
mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
slog.With("url", mirror, "version", r).Debug("looking for repo...")
return mirror, nil
}
@ -237,92 +230,92 @@ func fetchAmazonLinuxPackagesURLs(a amazonBuilder, kv kernelrelease.KernelReleas
visited := make(map[string]struct{})
for _, v := range a.repos() {
err := func() error {
mirror, err := buildMirror(a, v, kv)
if err != nil {
return err
}
// Obtain the repo URL by getting mirror URL content
mirrorRes, err := http.Get(mirror)
if err != nil {
return err
}
defer mirrorRes.Body.Close()
var repo string
scanner := bufio.NewScanner(mirrorRes.Body)
if scanner.Scan() {
repo = scanner.Text()
}
if repo == "" {
return fmt.Errorf("repository not found")
}
repo = strings.ReplaceAll(strings.TrimSuffix(repo, "\n"), "$basearch", kv.Architecture.ToNonDeb())
repo = strings.TrimSuffix(repo, "/")
repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, a.ext())
if _, ok := visited[repoDatabaseURL]; ok {
return nil
}
// Download the repo database
repoRes, err := http.Get(repoDatabaseURL)
if err != nil {
return err
}
defer repoRes.Body.Close()
visited[repoDatabaseURL] = struct{}{}
unzip, err := unzipFuncFromBuilder(a)
if err != nil {
return err
}
dbBytes, err := unzip(repoRes.Body)
if err != nil {
return err
}
// Create the temporary database file
dbFile, err := os.CreateTemp(os.TempDir(), fmt.Sprintf("%s-*.sqlite", a.Name()))
if err != nil {
return err
}
defer os.Remove(dbFile.Name())
if _, err := dbFile.Write(dbBytes); err != nil {
return err
}
// Open the database
db, err := sql.Open("sqlite", dbFile.Name())
if err != nil {
return err
}
defer db.Close()
// Query the database
rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", kv.Architecture.ToNonDeb())), "-")
q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel-devel%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
stmt, err := db.Prepare(q)
if err != nil {
return err
}
defer stmt.Close()
rows, err := stmt.Query()
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var href string
err = rows.Scan(&href)
if err != nil {
log.Fatal(err)
}
urls = append(urls, fmt.Sprintf("%s/%s", repo, href))
}
return dbFile.Close()
}()
mirror, err := buildMirror(a, v, kv)
if err != nil {
return nil, err
}
// Obtain the repo URL by getting mirror URL content
mirrorRes, err := http.Get(mirror)
if err != nil {
return nil, err
}
defer mirrorRes.Body.Close()
var repo string
scanner := bufio.NewScanner(mirrorRes.Body)
if scanner.Scan() {
repo = scanner.Text()
}
if repo == "" {
return nil, fmt.Errorf("repository not found")
}
repo = strings.ReplaceAll(strings.TrimSuffix(repo, "\n"), "$basearch", kv.Architecture.ToNonDeb())
repo = strings.TrimSuffix(repo, "/")
repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, a.ext())
if _, ok := visited[repoDatabaseURL]; ok {
continue
}
// Download the repo database
repoRes, err := http.Get(repoDatabaseURL)
slog.With("url", repoDatabaseURL).Debug("downloading...")
if err != nil {
return nil, err
}
defer repoRes.Body.Close()
visited[repoDatabaseURL] = struct{}{}
unzip, err := unzipFuncFromBuilder(a)
if err != nil {
return nil, err
}
dbBytes, err := unzip(repoRes.Body)
if err != nil {
return nil, err
}
// Create the temporary database file
dbFile, err := ioutil.TempFile(os.TempDir(), fmt.Sprintf("%s-*.sqlite", a.Name()))
if err != nil {
return nil, err
}
defer os.Remove(dbFile.Name())
if _, err := dbFile.Write(dbBytes); err != nil {
return nil, err
}
// Open the database
db, err := sql.Open("sqlite", dbFile.Name())
if err != nil {
return nil, err
}
defer db.Close()
slog.With("db", dbFile.Name()).Debug("connecting to database...")
// Query the database
rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", kv.Architecture.ToNonDeb())), "-")
q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel-devel%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
stmt, err := db.Prepare(q)
if err != nil {
return nil, err
}
defer stmt.Close()
rows, err := stmt.Query()
if err != nil {
return nil, err
}
defer rows.Close()
for rows.Next() {
var href string
err = rows.Scan(&href)
if err != nil {
log.Fatal(err)
}
urls = append(urls, fmt.Sprintf("%s/%s", repo, href))
}
if err := dbFile.Close(); err != nil {
return nil, err
}
// Found, do not continue
if len(urls) > 0 {
break

49
pkg/driverbuilder/builder/archlinux.go
View File

@ -22,9 +22,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/archlinux_kernel.sh
var archlinuxKernelTemplate string
//go:embed templates/archlinux.sh
var archlinuxTemplate string
@ -40,6 +37,7 @@ type archlinux struct {
}
type archlinuxTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -47,19 +45,11 @@ func (c *archlinux) Name() string {
return TargetTypeArchlinux.String()
}
func (c *archlinux) TemplateKernelUrlsScript() string { return archlinuxKernelTemplate }
func (c *archlinux) TemplateScript() string {
return archlinuxTemplate
}
func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
// uname -r returns "6.8.1-arch1-1" but headers URL is "6.8.1.arch1-1"
// Also, for 0-patch releases, like: "6.8.0-arch1-1", headers url is "6.8.arch1-1"
kr.FullExtraversion = strings.Replace(kr.FullExtraversion, "-arch", ".arch", 1)
if kr.Patch == 0 {
kr.Fullversion = strings.TrimSuffix(kr.Fullversion, ".0")
}
urls := []string{}
possibleCompressionSuffixes := []string{
@ -75,10 +65,10 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-headers-%s-%s-%s.pkg.tar.%s",
"%s/linux-headers-%s%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Fullversion,
kr.FullExtraversion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
@ -90,10 +80,10 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-hardened-headers-%s-%s-%s.pkg.tar.%s",
"%s/linux-hardened-headers-%s%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Fullversion,
kr.FullExtraversion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
@ -105,10 +95,10 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-zen-headers-%s-%s-%s.pkg.tar.%s",
"%s/linux-zen-headers-%s%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Fullversion,
kr.FullExtraversion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
@ -120,10 +110,10 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-lts-headers-%s-%s-%s.pkg.tar.%s",
"%s/linux-lts-headers-%s%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Fullversion,
kr.FullExtraversion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
@ -131,15 +121,15 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
}
}
} else if kr.Architecture.ToNonDeb() == "aarch64" {
baseURL := "https://alaa.ad24.cz/packages/l/linux-aarch64-headers/"
baseURL := "http://tardis.tiny-vps.com/aarm/packages/l/linux-aarch64-headers/"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-aarch64-headers-%s-%s-%s.pkg.tar.%s",
"%s/linux-aarch64-headers-%s%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Fullversion,
kr.FullExtraversion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
@ -150,8 +140,9 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return urls, nil
}
func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *archlinux) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return archlinuxTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

3
pkg/driverbuilder/builder/bottlerocket.go
View File

@ -35,8 +35,9 @@ func (b *bottlerocket) Name() string {
return TargetTypeBottlerocket.String()
}
func (b *bottlerocket) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
func (b *bottlerocket) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
commonTemplateData: c.toTemplateData(b, kr),
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}

7
pkg/driverbuilder/builder/build.go
View File

@ -17,7 +17,6 @@ package builder
import (
"context"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
@ -50,8 +49,6 @@ type Build struct {
RegistryUser string
RegistryPassword string
RegistryPlainHTTP bool
*output.Printer
}
func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {
@ -111,3 +108,7 @@ func (b *Build) ClientForRegistry(registry string) *auth.Client {
return client
}
func (b *Build) HasOutputs() bool {
return b.ModuleFilePath != "" || b.ProbeFilePath != ""
}

193
pkg/driverbuilder/builder/builders.go
View File

@ -16,43 +16,34 @@ package builder
import (
"bytes"
_ "embed"
"errors"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"log/slog"
"net/http"
"net/url"
"os"
"path"
"strings"
"text/template"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
// DriverDirectory is the directory the processor uses to store the driver.
const (
DriverDirectory = "/tmp/driver"
cmakeCmdFmt = `cmake -Wno-dev \
-DUSE_BUNDLED_DEPS=On \
-DCREATE_TEST_TARGETS=Off \
-DBUILD_LIBSCAP_GVISOR=Off \
-DBUILD_LIBSCAP_MODERN_BPF=Off \
-DENABLE_DRIVERS_TESTS=Off \
-DDRIVER_NAME=%s \
-DPROBE_NAME=%s \
-DBUILD_BPF=On \
-DDRIVER_VERSION=%s \
-DPROBE_VERSION=%s \
-DGIT_COMMIT=%s \
-DDRIVER_DEVICE_NAME=%s \
-DPROBE_DEVICE_NAME=%s \
.. && \
sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h`
)
const DriverDirectory = "/tmp/driver"
//go:embed templates/libs_download.sh
var libsDownloadTemplate string
// ModuleFileName is the standard file name for the kernel module.
const ModuleFileName = "module.ko"
// ProbeFileName is the standard file name for the eBPF probe.
const ProbeFileName = "probe.o"
// ModuleFullPath is the standard path for the kernel module. Builders must place the compiled module at this location.
var ModuleFullPath = path.Join(DriverDirectory, ModuleFileName)
// ProbeFullPath is the standard path for the eBPF probe. Builders must place the compiled probe at this location.
var ProbeFullPath = path.Join(DriverDirectory, "bpf", ProbeFileName)
var HeadersNotFoundErr = errors.New("kernel headers not found")
@ -64,80 +55,33 @@ type Config struct {
*Build
}
func (c Config) ToDriverFullPath() string {
return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName))
}
func (c Config) ToProbeFullPath() string {
return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o")
}
type commonTemplateData struct {
DriverBuildDir string
ModuleDriverName string
ModuleFullPath string
BuildModule bool
BuildProbe bool
GCCVersion string
CmakeCmd string
DriverBuildDir string
ModuleDownloadURL string
ModuleDriverName string
ModuleFullPath string
BuildModule bool
BuildProbe bool
GCCVersion string
}
// Builder represents a builder capable of generating a script for a driverkit target.
type Builder interface {
Name() string
TemplateKernelUrlsScript() string
TemplateScript() string
URLs(kr kernelrelease.KernelRelease) ([]string, error)
KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed
TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed
}
// MinimumURLsBuilder is an optional interface implemented by builders
// MinimumURLsBuilder is an optional interface
// to specify minimum number of requested headers urls
type MinimumURLsBuilder interface {
MinimumURLs() int
}
// TemplateDataSpecifier is an optional interface implemented by builders
// to specify a custom template data instead of the default one.
type TemplateDataSpecifier interface {
TemplateData(c Config, kr kernelrelease.KernelRelease) interface{}
}
type libsDownloadTemplateData struct {
DriverBuildDir string
ModuleDownloadURL string
}
// LibsDownloadScript returns the script that downloads and configures libs repo at requested commit/tag
func LibsDownloadScript(c Config) (string, error) {
t := template.New("download-libs")
parsed, err := t.Parse(libsDownloadTemplate)
if err != nil {
return "", err
}
td := libsDownloadTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
// KernelDownloadScript returns the script that will download and extract kernel headers
func KernelDownloadScript(b Builder,
kernelurls []string,
kr kernelrelease.KernelRelease,
printer *output.Printer,
) (string, error) {
t := template.New("download-kernel")
parsed, err := t.Parse(b.TemplateKernelUrlsScript())
func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) {
t := template.New(b.Name())
parsed, err := t.Parse(b.TemplateScript())
if err != nil {
return "", err
}
@ -148,7 +92,7 @@ func KernelDownloadScript(b Builder,
minimumURLs = bb.MinimumURLs()
}
if kernelurls == nil {
if c.KernelUrls == nil {
urls, err = b.URLs(kr)
if err != nil {
return "", err
@ -160,7 +104,7 @@ func KernelDownloadScript(b Builder,
urls, err = GetResolvingURLs(urls)
}
} else {
urls, err = GetResolvingURLs(kernelurls)
urls, err = GetResolvingURLs(c.KernelUrls)
}
if err != nil {
return "", err
@ -170,10 +114,7 @@ func KernelDownloadScript(b Builder,
return "", fmt.Errorf("not enough headers packages found; expected %d, found %d", minimumURLs, len(urls))
}
printer.Logger.Debug("kernel headers found",
printer.Logger.Args("urls", urls))
td := b.KernelTemplateData(kr, urls)
td := b.TemplateData(c, kr, urls)
if tdErr, ok := td.(error); ok {
return "", tdErr
}
@ -183,31 +124,6 @@ func KernelDownloadScript(b Builder,
if err != nil {
return "", err
}
return buf.String(), nil
}
// Script retrieves the actually drivers building script
func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) {
t := template.New(b.Name())
parsed, err := t.Parse(b.TemplateScript())
if err != nil {
return "", err
}
var td interface{}
if bb, ok := b.(TemplateDataSpecifier); ok {
td = bb.TemplateData(c, kr)
} else {
td = c.toTemplateData(b, kr)
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
@ -219,14 +135,6 @@ type GCCVersionRequestor interface {
func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
switch kr.Major {
case 6:
if kr.Minor >= 9 {
return semver.Version{Major: 14}
}
if kr.Minor >= 5 {
return semver.Version{Major: 13}
}
return semver.Version{Major: 12}
case 5:
if kr.Minor >= 15 {
return semver.Version{Major: 12}
@ -242,7 +150,7 @@ func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
case 2:
return semver.Version{Major: 4, Minor: 8}
default:
return semver.Version{Major: 14}
return semver.Version{Major: 12}
}
}
@ -306,10 +214,8 @@ func (b *Build) setGCCVersion(builder Builder, kr kernelrelease.KernelRelease) {
proposedGCCs := make([]semver.Version, 0)
for _, img := range b.Images {
proposedGCCs = append(proposedGCCs, img.GCCVersion)
b.Logger.Debug("proposed GCC",
b.Logger.Args("image", img.Name,
"targetGCC", targetGCC.String(),
"proposedGCC", img.GCCVersion.String()))
slog.With("image", img.Name, "targetGCC", targetGCC.String()).
Debug("proposedGCC", "version", img.GCCVersion.String())
}
// Now, sort versions and fetch
@ -324,8 +230,8 @@ func (b *Build) setGCCVersion(builder Builder, kr kernelrelease.KernelRelease) {
}
b.GCCVersion = lastGCC.String()
}
b.Logger.Debug("found GCC",
b.Logger.Args("targetGCC", targetGCC.String(), "version", b.GCCVersion))
slog.With("targetGCC", targetGCC.String()).
Debug("foundGCC", "version", b.GCCVersion)
}
type BuilderImageNetworkMode interface {
@ -379,32 +285,26 @@ func Targets() []string {
func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) commonTemplateData {
c.setGCCVersion(b, kr)
return commonTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDriverName: c.DriverName,
ModuleFullPath: c.ToDriverFullPath(),
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: c.GCCVersion,
CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
c.DriverName,
c.DriverName,
c.DriverVersion,
c.DriverVersion,
c.DriverVersion,
c.DeviceName,
c.DeviceName,
c.DriverVersion),
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
ModuleDriverName: c.DriverName,
ModuleFullPath: ModuleFullPath,
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: c.GCCVersion,
}
}
func resolveURLReference(u string) string {
uu, err := url.Parse(u)
if err != nil {
panic(err)
slog.Error(err.Error())
os.Exit(1)
}
base, err := url.Parse(uu.Host)
if err != nil {
panic(err)
slog.Error(err.Error())
os.Exit(1)
}
return base.ResolveReference(uu).String()
}
@ -424,6 +324,7 @@ func GetResolvingURLs(urls []string) ([]string, error) {
}
if res.StatusCode == http.StatusOK {
results = append(results, u)
slog.With("url", u).Debug("kernel header url found")
}
}
if len(results) == 0 {

2
pkg/driverbuilder/builder/builders_test.go
View File

@ -17,7 +17,7 @@ package builder
import (
"testing"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)

13
pkg/driverbuilder/builder/centos.go
View File

@ -18,13 +18,10 @@ import (
_ "embed"
"fmt"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/centos_kernel.sh
var centosKernelTemplate string
//go:embed templates/centos.sh
var centosTemplate string
@ -40,6 +37,7 @@ type centos struct {
}
type centosTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -47,8 +45,6 @@ func (c *centos) Name() string {
return TargetTypeCentos.String()
}
func (c *centos) TemplateKernelUrlsScript() string { return centosKernelTemplate }
func (c *centos) TemplateScript() string {
return centosTemplate
}
@ -180,9 +176,10 @@ func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return urls, nil
}
func (c *centos) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *centos) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return centosTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

29
pkg/driverbuilder/builder/debian.go
View File

@ -17,7 +17,6 @@ package builder
import (
_ "embed"
"fmt"
"io"
"io/ioutil"
"net/http"
"regexp"
@ -26,9 +25,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/debian_kernel.sh
var debianKernelTemplate string
//go:embed templates/debian.sh
var debianTemplate string
@ -46,6 +42,7 @@ func init() {
}
type debianTemplateData struct {
commonTemplateData
KernelDownloadURLS []string
KernelLocalVersion string
KernelHeadersPattern string
@ -59,8 +56,6 @@ func (v *debian) Name() string {
return TargetTypeDebian.String()
}
func (v *debian) TemplateKernelUrlsScript() string { return debianKernelTemplate }
func (v *debian) TemplateScript() string {
return debianTemplate
}
@ -69,17 +64,16 @@ func (v *debian) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchDebianKernelURLs(kr)
}
func (v *debian) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
func (v *debian) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
var KernelHeadersPattern string
if strings.HasSuffix(kr.Extraversion, "pve") {
KernelHeadersPattern = "linux-headers-*pve"
} else if strings.Contains(kr.FullExtraversion, "rpi") {
KernelHeadersPattern = "linux-headers-*-rpi-v*"
} else {
KernelHeadersPattern = "linux-headers-*" + kr.Architecture.String()
}
return debianTemplateData{
commonTemplateData: c.toTemplateData(v, kr),
KernelDownloadURLS: urls,
KernelLocalVersion: kr.FullExtraversion,
KernelHeadersPattern: KernelHeadersPattern,
@ -135,18 +129,9 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
matchExtraGroupCommon := "common"
// match for kernel versions like 4.19.0-6-cloud-amd64
supportedExtraFlavors := []string{"cloud", "rt", "rpi"}
for _, supportedExtraFlavor := range supportedExtraFlavors {
if strings.Contains(kr.FullExtraversion, "-"+supportedExtraFlavor) {
extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-"+supportedExtraFlavor)
matchExtraGroup = supportedExtraFlavor + "-" + matchExtraGroup
// rpi and rt have a different common package, named `common-{rt,rpi}`
if supportedExtraFlavor == "rt" || supportedExtraFlavor == "rpi" {
matchExtraGroupCommon += "-" + supportedExtraFlavor
}
break
}
if strings.Contains(kr.FullExtraversion, "-cloud") {
extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-cloud")
matchExtraGroup = "cloud-" + matchExtraGroup
}
// download index
@ -155,7 +140,7 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
return nil, err
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}

18
pkg/driverbuilder/builder/fedora.go
View File

@ -22,9 +22,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/fedora_kernel.sh
var fedoraKernelTemplate string
//go:embed templates/fedora.sh
var fedoraTemplate string
@ -40,6 +37,7 @@ type fedora struct {
}
type fedoraTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -47,8 +45,6 @@ func (c *fedora) Name() string {
return TargetTypeFedora.String()
}
func (c *fedora) TemplateKernelUrlsScript() string { return fedoraKernelTemplate }
func (c *fedora) TemplateScript() string {
return fedoraTemplate
}
@ -85,21 +81,15 @@ func (c *fedora) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // updates-archive
"https://fedoraproject-updates-archive.fedoraproject.org/fedora/%s/%s/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
}
// return out all possible urls
return urls, nil
}
func (c *fedora) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *fedora) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return fedoraTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

15
pkg/driverbuilder/builder/flatcar.go
View File

@ -21,13 +21,10 @@ import (
"net/http"
"strings"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/flatcar_kernel.sh
var flatcarKernelTemplate string
//go:embed templates/flatcar.sh
var flatcarTemplate string
@ -39,6 +36,7 @@ func init() {
}
type flatcarTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -51,10 +49,6 @@ func (f *flatcar) Name() string {
return TargetTypeFlatcar.String()
}
func (f *flatcar) TemplateKernelUrlsScript() string {
return flatcarKernelTemplate
}
func (f *flatcar) TemplateScript() string {
return flatcarTemplate
}
@ -66,7 +60,7 @@ func (f *flatcar) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchFlatcarKernelURLS(f.info.KernelVersion), nil
}
func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
func (f *flatcar) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
// This happens when `kernelurls` option is passed,
// therefore URLs() method is not called.
if f.info == nil {
@ -76,7 +70,8 @@ func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []stri
}
return flatcarTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: c.toTemplateData(f, kr),
KernelDownloadURL: urls[0],
}
}

40
pkg/driverbuilder/builder/image.go
View File

@ -17,12 +17,12 @@ package builder
import (
"context"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"log/slog"
"os"
"regexp"
"strings"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/falcoctl/pkg/oci/repository"
"gopkg.in/yaml.v3"
@ -47,7 +47,7 @@ type Image struct {
}
type ImagesLister interface {
LoadImages(printer *output.Printer) []Image
LoadImages() []Image
}
type FileImagesLister struct {
@ -98,7 +98,7 @@ func NewFileImagesLister(filePath string, build *Build) (*FileImagesLister, erro
}, nil
}
func (f *FileImagesLister) LoadImages(printer *output.Printer) []Image {
func (f *FileImagesLister) LoadImages() []Image {
var (
res []Image
imageList YAMLImagesList
@ -107,43 +107,37 @@ func (f *FileImagesLister) LoadImages(printer *output.Printer) []Image {
// loop over lines in file to print them
fileData, err := os.ReadFile(f.FilePath)
if err != nil {
printer.Logger.Warn("error opening builder repo file",
printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
slog.With("err", err.Error(), "FilePath", f.FilePath).Warn("Error opening builder repo file")
return res
}
err = yaml.Unmarshal(fileData, &imageList)
if err != nil {
printer.Logger.Warn("error unmarshalling builder repo file",
printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
slog.With("err", err.Error(), "FilePath", f.FilePath).Warn("Error unmarshalling builder repo file")
return res
}
for _, image := range imageList.Images {
logger := slog.With("FilePath", f.FilePath, "image", image)
// Values checks
if image.Arch != f.Arch {
printer.Logger.Debug("skipping wrong-arch image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
logger.Debug("Skipping wrong-arch image")
continue
}
if image.Tag != f.Tag {
printer.Logger.Debug("skipping wrong-tag image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
logger.Debug("Skipping wrong-tag image")
continue
}
if image.Target != "any" && image.Target != f.Target {
printer.Logger.Debug("skipping wrong-target image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
logger.Debug("Skipping wrong-target image")
continue
}
if image.Name == "" {
printer.Logger.Debug("skipping empty name image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
logger.Debug("Skipping empty name image")
continue
}
if len(image.GCCVersions) == 0 {
printer.Logger.Debug("expected at least 1 gcc version",
printer.Logger.Args("filepath", f.FilePath, "image", image))
logger.Debug("Expected at least 1 gcc version")
continue
}
@ -184,11 +178,10 @@ func NewRepoImagesLister(repo string, build *Build) (*RepoImagesLister, error) {
return &RepoImagesLister{repoOCI}, nil
}
func (repo *RepoImagesLister) LoadImages(printer *output.Printer) []Image {
func (repo *RepoImagesLister) LoadImages() []Image {
tags, err := repo.Tags(context.Background())
if err != nil {
printer.Logger.Warn("skipping repo",
printer.Logger.Args("repo", repo.Reference, "err", err.Error()))
slog.With("Repo", repo.Reference, "err", err.Error()).Warn("Skipping repo")
return nil
}
@ -236,7 +229,7 @@ func (repo *RepoImagesLister) LoadImages(printer *output.Printer) []Image {
func (b *Build) LoadImages() {
for _, imagesLister := range b.ImagesListers {
for _, image := range imagesLister.LoadImages(b.Printer) {
for _, image := range imagesLister.LoadImages() {
// User forced a gcc version? Only load images matching the requested gcc version.
if b.GCCVersion != "" && b.GCCVersion != image.GCCVersion.String() {
continue
@ -248,7 +241,8 @@ func (b *Build) LoadImages() {
}
}
if len(b.Images) == 0 {
b.Printer.Logger.Fatal("Could not load any builder image. Leaving.")
slog.Error("Could not load any builder image. Leaving.")
os.Exit(1)
}
}

12
pkg/driverbuilder/builder/image_test.go
View File

@ -15,14 +15,12 @@ limitations under the License.
package builder
import (
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/pterm/pterm"
"io"
"net/http"
"os"
"testing"
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/docker/docker/testutil/registry"
"gotest.tools/assert"
)
@ -238,8 +236,6 @@ images:
}
func TestFileImagesLister(t *testing.T) {
printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
// setup images file
f, err := os.CreateTemp(t.TempDir(), "imagetest")
if err != nil {
@ -273,13 +269,11 @@ func TestFileImagesLister(t *testing.T) {
t.Fatal(err)
}
assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
assert.DeepEqual(t, test.expected, lister.LoadImages())
}
}
func TestRepoImagesLister(t *testing.T) {
printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
mock, err := registry.NewMock(t)
assert.NilError(t, err)
defer mock.Close()
@ -306,6 +300,6 @@ func TestRepoImagesLister(t *testing.T) {
mock.RegisterHandler("/v2/foo/test/tags/list", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(test.jsonData))
})
assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
assert.DeepEqual(t, test.expected, lister.LoadImages())
}
}

50
pkg/driverbuilder/builder/local.go
View File

@ -4,7 +4,6 @@ import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"path/filepath"
)
// NOTE: since this is only used by local build,
@ -24,10 +23,6 @@ func (l *LocalBuilder) Name() string {
return "local"
}
func (l *LocalBuilder) TemplateKernelUrlsScript() string {
panic("cannot be called on local builder")
}
func (l *LocalBuilder) TemplateScript() string {
return localTemplate
}
@ -49,28 +44,16 @@ type localTemplateData struct {
KernelRelease string
}
func (l *LocalBuilder) KernelTemplateData(_ kernelrelease.KernelRelease, _ []string) interface{} {
panic("cannot be called on local builder")
}
func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} {
func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} {
return localTemplateData{
commonTemplateData: commonTemplateData{
DriverBuildDir: l.GetDriverBuildDir(),
ModuleDriverName: c.DriverName,
ModuleFullPath: l.GetModuleFullPath(c, kr),
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: l.GccPath,
CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
c.DriverName,
c.DriverName,
c.DriverVersion,
c.DriverVersion,
c.DriverVersion,
c.DeviceName,
c.DeviceName,
c.DriverVersion),
DriverBuildDir: l.GetDriverBuildDir(),
ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
ModuleDriverName: c.DriverName,
ModuleFullPath: l.GetModuleFullPath(c, kr),
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: l.GccPath,
},
UseDKMS: l.UseDKMS,
DownloadSrc: len(l.SrcDir) == 0, // if no srcdir is provided, download src!
@ -80,26 +63,17 @@ func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) in
}
func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelRelease) string {
moduleFullPath := ModuleFullPath
if l.UseDKMS {
// When using dkms, we will use a GLOB to match the pattern; ModuleFullPath won't be used in the templated script anyway.
return fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName)
moduleFullPath = fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName)
}
if l.SrcDir != "" {
return filepath.Join(l.SrcDir, fmt.Sprintf("%s.ko", c.DriverName))
}
return c.ToDriverFullPath()
}
func (l *LocalBuilder) GetProbeFullPath(c Config) string {
if l.SrcDir != "" {
return filepath.Join(l.SrcDir, "bpf", "probe.o")
}
return c.ToProbeFullPath()
return moduleFullPath
}
func (l *LocalBuilder) GetDriverBuildDir() string {
driverBuildDir := DriverDirectory
if l.SrcDir != "" {
if len(l.SrcDir) > 0 {
driverBuildDir = l.SrcDir
}
return driverBuildDir

5
pkg/driverbuilder/builder/minikube.go
View File

@ -15,7 +15,7 @@ limitations under the License.
package builder
import (
"github.com/blang/semver/v4"
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
@ -36,8 +36,9 @@ func (m *minikube) Name() string {
return TargetTypeMinikube.String()
}
func (m *minikube) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
func (m *minikube) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
commonTemplateData: c.toTemplateData(m, kr),
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}

13
pkg/driverbuilder/builder/opensuse.go
View File

@ -22,9 +22,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/opensuse_kernel.sh
var opensuseKernelTemplate string
//go:embed templates/opensuse.sh
var opensuseTemplate string
@ -47,7 +44,7 @@ var baseURLs []string = []string{
}
// all known releases - will need to expand as more are added
var releases = []string{
var releases []string = []string{
// openSUSE leap
"43.2",
"15.0",
@ -72,6 +69,7 @@ type opensuse struct {
}
type opensuseTemplateData struct {
commonTemplateData
KernelDownloadURLs []string
}
@ -83,10 +81,6 @@ func (o *opensuse) Name() string {
return TargetTypeOpenSUSE.String()
}
func (o *opensuse) TemplateKernelUrlsScript() string {
return opensuseKernelTemplate
}
func (o *opensuse) TemplateScript() string {
return opensuseTemplate
}
@ -265,8 +259,9 @@ func validateURLs(urls []string, kernelDefaultDevelPattern string, kernelDevelNo
}
func (o *opensuse) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (o *opensuse) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return opensuseTemplateData{
commonTemplateData: cfg.toTemplateData(o, kr),
KernelDownloadURLs: urls,
}
}

13
pkg/driverbuilder/builder/oracle.go
View File

@ -22,9 +22,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/oracle_kernel.sh
var oracleKernelTemplate string
//go:embed templates/oracle.sh
var oracleTemplate string
@ -40,6 +37,7 @@ type oracle struct {
}
type oracleTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -47,10 +45,6 @@ func (c *oracle) Name() string {
return TargetTypeoracle.String()
}
func (c *oracle) TemplateKernelUrlsScript() string {
return oracleKernelTemplate
}
func (c *oracle) TemplateScript() string {
return oracleTemplate
}
@ -125,8 +119,9 @@ func (c *oracle) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return urls, nil
}
func (c *oracle) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *oracle) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return oracleTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

13
pkg/driverbuilder/builder/photon.go
View File

@ -24,9 +24,6 @@ import (
// TargetTypePhoton identifies the Photon target.
const TargetTypePhoton Type = "photon"
//go:embed templates/photonos_kernel.sh
var photonKernelTemplate string
//go:embed templates/photonos.sh
var photonTemplate string
@ -39,6 +36,7 @@ type photon struct {
}
type photonTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -46,10 +44,6 @@ func (p *photon) Name() string {
return TargetTypePhoton.String()
}
func (p *photon) TemplateKernelUrlsScript() string {
return photonKernelTemplate
}
func (p *photon) TemplateScript() string {
return photonTemplate
}
@ -58,9 +52,10 @@ func (p *photon) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchPhotonKernelURLS(kr), nil
}
func (p *photon) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (p *photon) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return photonTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(p, kr),
KernelDownloadURL: urls[0],
}
}

15
pkg/driverbuilder/builder/redhat.go
View File

@ -20,9 +20,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/redhat_kernel.sh
var redhatKernelTemplate string
//go:embed templates/redhat.sh
var redhatTemplate string
@ -38,6 +35,7 @@ func init() {
}
type redhatTemplateData struct {
commonTemplateData
KernelPackage string
}
@ -45,15 +43,11 @@ func (v *redhat) Name() string {
return TargetTypeRedhat.String()
}
func (v *redhat) TemplateKernelUrlsScript() string {
return redhatKernelTemplate
}
func (v *redhat) TemplateScript() string {
return redhatTemplate
}
func (v *redhat) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
func (v *redhat) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return nil, nil
}
@ -62,8 +56,9 @@ func (v *redhat) MinimumURLs() int {
return 0
}
func (v *redhat) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
func (v *redhat) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} {
return redhatTemplateData{
KernelPackage: kr.Fullversion + kr.FullExtraversion,
commonTemplateData: c.toTemplateData(v, kr),
KernelPackage: kr.Fullversion + kr.FullExtraversion,
}
}

13
pkg/driverbuilder/builder/rocky.go
View File

@ -21,9 +21,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/rocky_kernel.sh
var rockyKernelTemplate string
//go:embed templates/rocky.sh
var rockyTemplate string
@ -35,6 +32,7 @@ func init() {
}
type rockyTemplateData struct {
commonTemplateData
KernelDownloadURL string
}
@ -46,10 +44,6 @@ func (c *rocky) Name() string {
return TargetTypeRocky.String()
}
func (c *rocky) TemplateKernelUrlsScript() string {
return rockyKernelTemplate
}
func (c *rocky) TemplateScript() string {
return rockyTemplate
}
@ -58,9 +52,10 @@ func (c *rocky) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchRockyKernelURLS(kr), nil
}
func (c *rocky) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
func (c *rocky) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return rockyTemplateData{
KernelDownloadURL: urls[0],
commonTemplateData: cfg.toTemplateData(c, kr),
KernelDownloadURL: urls[0],
}
}

15
pkg/driverbuilder/builder/sles.go
View File

@ -20,9 +20,6 @@ import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/sles_kernel.sh
var slesKernelTemplate string
//go:embed templates/sles.sh
var slesTemplate string
@ -38,6 +35,7 @@ func init() {
}
type slesTemplateData struct {
commonTemplateData
KernelPackage string
}
@ -45,15 +43,11 @@ func (v *sles) Name() string {
return TargetTypeSLES.String()
}
func (v *sles) TemplateKernelUrlsScript() string {
return slesKernelTemplate
}
func (v *sles) TemplateScript() string {
return slesTemplate
}
func (v *sles) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
func (v *sles) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return nil, nil
}
@ -62,9 +56,10 @@ func (v *sles) MinimumURLs() int {
return 0
}
func (v *sles) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
func (v *sles) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} {
return slesTemplateData{
KernelPackage: kr.Fullversion + kr.FullExtraversion,
commonTemplateData: c.toTemplateData(v, kr),
KernelPackage: kr.Fullversion + kr.FullExtraversion,
}
}

3
pkg/driverbuilder/builder/talos.go
View File

@ -35,8 +35,9 @@ func (b *talos) Name() string {
return TargetTypeTalos.String()
}
func (b *talos) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
func (b *talos) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
commonTemplateData: c.toTemplateData(b, kr),
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}

31
pkg/driverbuilder/builder/templates/alinux.sh
View File

@ -22,13 +22,31 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +54,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

35
pkg/driverbuilder/builder/templates/alinux_kernel.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

31
pkg/driverbuilder/builder/templates/almalinux.sh
View File

@ -22,13 +22,31 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +54,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

35
pkg/driverbuilder/builder/templates/almalinux_kernel.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

38
pkg/driverbuilder/builder/templates/amazonlinux.sh
View File

@ -22,20 +22,42 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLs }}
curl --silent -o kernel.rpm -SL {{ $url }}
rpm2cpio kernel.rpm | cpio --extract --make-directories
rm -rf kernel.rpm
{{ end }}
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE="" driver
strip -g {{ .ModuleFullPath }}
# Build the kernel module
cd {{ .DriverBuildDir }}
make KERNELDIR=/tmp/kernel CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE=""
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

38
pkg/driverbuilder/builder/templates/amazonlinux_kernel.sh
View File

@ -1,38 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLs }}
curl --silent -o kernel.rpm -SL {{ $url }}
rpm2cpio kernel.rpm | cpio --extract --make-directories
rm -rf kernel.rpm
{{ end }}
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

31
pkg/driverbuilder/builder/templates/archlinux.sh
View File

@ -22,13 +22,31 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
tar -xf kernel-devel.pkg.tar.xz
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/lib/modules/*/build/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +54,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

35
pkg/driverbuilder/builder/templates/archlinux_kernel.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
tar -xf kernel-devel.pkg.tar.xz
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/lib/modules/*/build/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

33
pkg/driverbuilder/builder/templates/centos.sh
View File

@ -22,14 +22,32 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
sed -i 's/$(MAKE) -C $(KERNELDIR)/$(MAKE) KCFLAGS="-Wno-incompatible-pointer-types" -C $(KERNELDIR)/g' driver/Makefile.in
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
sed -i 's/make -C $(KERNELDIR)/make KCFLAGS="-Wno-incompatible-pointer-types" -C $(KERNELDIR)/g' Makefile
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -37,6 +55,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

35
pkg/driverbuilder/builder/templates/centos_kernel.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

39
pkg/driverbuilder/builder/templates/debian.sh
View File

@ -22,13 +22,39 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLS }}
curl --silent -o kernel.deb -SL {{ $url }}
ar x kernel.deb
tar -xvf data.tar.xz
{{ end }}
cd /tmp/kernel-download/
cp -r usr/* /usr
cp -r lib/* /lib
cd /usr/src
sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f)
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +62,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=$sourcedir
ls -l probe.o
{{ end }}

41
pkg/driverbuilder/builder/templates/debian_kernel.sh
View File

@ -1,41 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLS }}
curl --silent -o kernel.deb -SL {{ $url }}
ar x kernel.deb
tar -xf data.tar.xz
{{ end }}
cd usr/src/
sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f)
# Patch makefile to avoid using absolute `/usr/src` path; instead use `..` relative one.
sed -i 's/\/usr\/src/../g' $sourcedir/Makefile
# exit value
export KERNELDIR=$sourcedir

31
pkg/driverbuilder/builder/templates/fedora.sh
View File

@ -22,13 +22,31 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +54,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

35
pkg/driverbuilder/builder/templates/fedora_kernel.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel

38
pkg/driverbuilder/builder/templates/flatcar.sh
View File

@ -22,13 +22,38 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv /tmp/kernel-download/*/* /tmp/kernel
# Prepare the kernel
cd /tmp/kernel
cp /driverkit/kernel.config /tmp/kernel.config
sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile
make KCONFIG_CONFIG=/tmp/kernel.config oldconfig
make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +61,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

42
pkg/driverbuilder/builder/templates/flatcar_kernel.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv /tmp/kernel-download/*/* /tmp/kernel
# Prepare the kernel
cd /tmp/kernel
cp /driverkit/kernel.config /tmp/kernel.config
sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile
make KCONFIG_CONFIG=/tmp/kernel.config oldconfig
make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare
# exit value
export KERNELDIR=/tmp/kernel

33
pkg/driverbuilder/builder/templates/libs_download.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/* {{ .DriverBuildDir }}
rm -Rf /tmp/module-download

52
pkg/driverbuilder/builder/templates/local.sh
View File

@ -20,15 +20,20 @@
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeo pipefail
set -xeuo pipefail
{{ if or .BuildProbe (and .BuildModule (not .UseDKMS)) }}
cd {{ .DriverBuildDir }}
{{ if .DownloadSrc }}
echo "* Configuring sources with cmake"
mkdir -p build && cd build
{{ .CmakeCmd }}
{{ end }}
echo "* Downloading driver sources"
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /tmp/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /tmp/fill-driver-config.sh {{ .DriverBuildDir }}
{{ end }}
{{ if .BuildModule }}
@ -38,21 +43,14 @@ echo "* Building kmod with DKMS"
echo "#!/usr/bin/env bash" > "/tmp/falco-dkms-make"
echo "make CC={{ .GCCVersion }} \$@" >> "/tmp/falco-dkms-make"
chmod +x "/tmp/falco-dkms-make"
if [[ -n "${KERNELDIR}" ]]; then
dkms install --kernelsourcedir ${KERNELDIR} --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}"
else
dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}"
fi
dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}"
rm -Rf "/tmp/falco-dkms-make"
{{ else }}
echo "* Building kmod"
{{ if .DownloadSrc }}
# Build the module - cmake configured
make CC={{ .GCCVersion }} driver
{{ else }}
# Build the module - preconfigured sources
# Build the module
cd {{ .DriverBuildDir }}
make CC={{ .GCCVersion }}
{{ end }}
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -61,20 +59,10 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
echo "* Building eBPF probe"
if [ ! -d /sys/kernel/debug/tracing ]; then
echo "* Mounting debugfs"
# Do not fail if this fails.
mount -t debugfs nodev /sys/kernel/debug || :
fi
{{ if .DownloadSrc }}
# Build the eBPF probe - cmake configured
make bpf
ls -l driver/bpf/probe.o
{{ else }}
# Build the eBPF probe - preconfigured sources
cd bpf
# Build the eBPF probe
cd {{ .DriverBuildDir }}/bpf
make
ls -l probe.o
{{ end }}
{{ end }}
rm -Rf /tmp/module-download

34
pkg/driverbuilder/builder/templates/opensuse.sh
View File

@ -22,13 +22,34 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{range $url := .KernelDownloadURLs}}
curl --silent -o kernel-devel.rpm -SL {{ $url }}
# cpio will warn *extremely verbose* when trying to duplicate over the same directory - redirect stderr to null
rpm2cpio kernel-devel.rpm | cpio --quiet --extract --make-directories 2> /dev/null
{{end}}
cd /tmp/kernel-download/usr/src
ls -alh /tmp/kernel-download/usr/src
sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default"
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +57,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

37
pkg/driverbuilder/builder/templates/opensuse_kernel.sh
View File

@ -1,37 +0,0 @@
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2023 The Falco Authors.
#
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Simple script that desperately tries to load the kernel instrumentation by
# looking for it in a bunch of ways. Convenient when running Falco inside
# a container or in other weird environments.
#
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{range $url := .KernelDownloadURLs}}
curl --silent -o kernel-devel.rpm -SL {{ $url }}
# cpio will warn *extremely verbose* when trying to duplicate over the same directory - redirect stderr to null
rpm2cpio kernel-devel.rpm | cpio --quiet --extract --make-directories 2> /dev/null
{{end}}
cd /tmp/kernel-download/usr/src
sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default"
# exit value
export KERNELDIR=$sourcedir

31
pkg/driverbuilder/builder/templates/oracle.sh
View File

@ -22,13 +22,31 @@
#
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
@ -36,6 +54,7 @@ modinfo {{ .ModuleFullPath }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
cd {{ .DriverBuildDir }}/bpf
make KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}

Some files were not shown because too many files have changed in this diff Show More