falcosecurity
/
driverkit
mirror of https://github.com/falcosecurity/driverkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: falcosecurity:master
Branches Tags
falcosecurity:master
falcosecurity:owners/add-leogr-1
falcosecurity:chore/configure_cmake_c_compiler
falcosecurity:fix/bpf_build_new_libs
falcosecurity:dwindsor-patch-1
falcosecurity:new/per-distro-build-containers
falcosecurity:fix/reenable-integration-tests
falcosecurity:fix/disable-integration-tests
falcosecurity:fix/ubuntu-gcc-version
falcosecurity:remove-fntlnz
falcosecurity:owners/add-leogr
falcosecurity:builder/debian-buster
falcosecurity:leogr/docs/fix-slack-url
falcosecurity:testing/release
falcosecurity:feat/kernelbuild
falcosecurity:feat/linuxkit
falcosecurity:feat/asciicast
falcosecurity:v0.21.2
falcosecurity:v0.21.1
falcosecurity:v0.21.0
falcosecurity:v0.20.5
falcosecurity:v0.20.4
falcosecurity:v0.20.3
falcosecurity:v0.20.2
falcosecurity:v0.20.1
falcosecurity:v0.20.0
falcosecurity:v0.19.2
falcosecurity:v0.19.1
falcosecurity:v0.19.0
falcosecurity:v0.18.2
falcosecurity:v0.18.1
falcosecurity:v0.18.0
falcosecurity:v0.17.1
falcosecurity:v0.17.0
falcosecurity:v0.16.3
falcosecurity:v0.16.2
falcosecurity:v0.16.1
falcosecurity:v0.16.0
falcosecurity:v0.15.4
falcosecurity:v0.15.3
falcosecurity:v0.15.2
falcosecurity:v0.15.1
falcosecurity:v0.15.0
falcosecurity:v0.14.0
falcosecurity:v0.13.1
falcosecurity:v0.13.0
falcosecurity:v0.12.0
falcosecurity:v0.11.1
falcosecurity:v0.11.0
falcosecurity:v0.10.2
falcosecurity:v0.10.1
falcosecurity:v0.10.0
falcosecurity:v0.9.7
falcosecurity:v0.9.6
falcosecurity:v0.9.5
falcosecurity:v0.9.4
falcosecurity:v0.9.3
falcosecurity:v0.9.2
falcosecurity:v0.9.1
falcosecurity:v0.9.0
falcosecurity:v0.8.0
falcosecurity:v0.7.0
falcosecurity:v0.6.0
falcosecurity:v0.5.0
falcosecurity:v0.4.0
falcosecurity:v0.3.0
falcosecurity:v0.2.0
falcosecurity:v0.1.0
..
compare: falcosecurity:v0.3.0
Branches Tags
falcosecurity:master
falcosecurity:owners/add-leogr-1
falcosecurity:chore/configure_cmake_c_compiler
falcosecurity:fix/bpf_build_new_libs
falcosecurity:dwindsor-patch-1
falcosecurity:new/per-distro-build-containers
falcosecurity:fix/reenable-integration-tests
falcosecurity:fix/disable-integration-tests
falcosecurity:fix/ubuntu-gcc-version
falcosecurity:remove-fntlnz
falcosecurity:owners/add-leogr
falcosecurity:builder/debian-buster
falcosecurity:leogr/docs/fix-slack-url
falcosecurity:testing/release
falcosecurity:feat/kernelbuild
falcosecurity:feat/linuxkit
falcosecurity:feat/asciicast
falcosecurity:v0.21.2
falcosecurity:v0.21.1
falcosecurity:v0.21.0
falcosecurity:v0.20.5
falcosecurity:v0.20.4
falcosecurity:v0.20.3
falcosecurity:v0.20.2
falcosecurity:v0.20.1
falcosecurity:v0.20.0
falcosecurity:v0.19.2
falcosecurity:v0.19.1
falcosecurity:v0.19.0
falcosecurity:v0.18.2
falcosecurity:v0.18.1
falcosecurity:v0.18.0
falcosecurity:v0.17.1
falcosecurity:v0.17.0
falcosecurity:v0.16.3
falcosecurity:v0.16.2
falcosecurity:v0.16.1
falcosecurity:v0.16.0
falcosecurity:v0.15.4
falcosecurity:v0.15.3
falcosecurity:v0.15.2
falcosecurity:v0.15.1
falcosecurity:v0.15.0
falcosecurity:v0.14.0
falcosecurity:v0.13.1
falcosecurity:v0.13.0
falcosecurity:v0.12.0
falcosecurity:v0.11.1
falcosecurity:v0.11.0
falcosecurity:v0.10.2
falcosecurity:v0.10.1
falcosecurity:v0.10.0
falcosecurity:v0.9.7
falcosecurity:v0.9.6
falcosecurity:v0.9.5
falcosecurity:v0.9.4
falcosecurity:v0.9.3
falcosecurity:v0.9.2
falcosecurity:v0.9.1
falcosecurity:v0.9.0
falcosecurity:v0.8.0
falcosecurity:v0.7.0
falcosecurity:v0.6.0
falcosecurity:v0.5.0
falcosecurity:v0.4.0
falcosecurity:v0.3.0
falcosecurity:v0.2.0
falcosecurity:v0.1.0

No commits in common. "master" and "v0.3.0" have entirely different histories.
master ... v0.3.0

169 changed files with 2581 additions and 10438 deletions
Show Stats Expand all files Collapse all files

77
.circleci/config.yml Normal file
View File

@ -0,0 +1,77 @@
version: 2
jobs:
"test":
docker:
- image: docker.io/golang:1.14.0
steps:
- checkout
- run:
name: Test
command: make test
"images":
docker:
- image: docker:stable
steps:
- checkout
- setup_remote_docker
- run:
name: Prepare env
command: |
echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
apk update
apk add make bash git
- run:
name: Build all the docker images
command: GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make image/all
- run:
name: Push images
command: GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/all
- run:
name: Push latest images
command: |
if [ -n "$CIRCLE_TAG" ]
then
GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/latest
else
echo "Skipping (no git tag)"
fi
"release":
docker:
- image: circleci/golang:1.14
steps:
- checkout
- run:
name: Install goreleaser
command: |
curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | BINDIR=$HOME/.local/bin sh
- run:
name: Release
command: GIT_TAG="$CIRCLE_TAG" make release
workflows:
version: 2
build:
jobs:
- "test":
filters:
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
- "images":
context: falco
filters:
branches:
only:
- master
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "test"
- "release":
context: falco
filters:
branches:
ignore: /.*/
tags:
only: /v[0-9]+(\.[0-9]+)*(-.*)*/
requires:
- "test"
- "images"

2
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@ -66,5 +66,5 @@ For example, `action required: change the API interface of the rule engine`.
-->
```release-note
NONE
```

12
.github/dependabot.yml vendored
View File

@ -1,12 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
groups:
actions:
update-types:
- "minor"
- "patch"

77
.github/workflows/ci.yml vendored
View File

@ -1,77 +0,0 @@
name: CI Build
on:
pull_request:
branches: [master]
workflow_dispatch:
# Checks if any concurrent jobs under the same pull request or branch are being executed
# NOTE: this will cancel every workflow that is being ran against a PR as group is just the github ref (without the workflow name)
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build-test-dev:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
paths-filter:
runs-on: ubuntu-latest
outputs:
docker_needs_build: ${{ steps.filter.outputs.docker }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: filter
with:
filters: |
docker:
- 'docker/**'
build-images-dev:
needs: [build-test-dev,paths-filter]
if: needs.paths-filter.outputs.docker_needs_build == 'true'
strategy:
matrix:
arch: [ amd64, arm64 ]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
push: false
secrets: inherit
gomodtidy:
name: Enforce go.mod tidiness
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: "${{ github.event.pull_request.head.sha }}"
repository: ${{github.event.pull_request.head.repo.full_name}}
persist-credentials: false
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Execute go mod tidy and check the outcome
working-directory: ./
run: |
go mod tidy
exit_code=$(git diff --exit-code)
exit ${exit_code}
- name: Print a comment in case of failure
run: |
echo "The go.mod and/or go.sum files appear not to be correctly tidied.
Please, rerun go mod tidy to fix the issues."
exit 1
if: |
failure() && github.event.pull_request.head.repo.full_name == github.repository

36
.github/workflows/master.yml vendored
View File

@ -1,36 +0,0 @@
name: Master CI
on:
push:
branches: [master]
# Checks if any concurrent jobs is running for master CI and eventually cancel it
concurrency:
group: ci-master
cancel-in-progress: true
jobs:
build-test-master:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
push-images-master:
needs: build-test-master
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
push: true
secrets: inherit
images-master:
needs: push-images-master
uses: ./.github/workflows/reusable_manifest_images.yml
secrets: inherit

68
.github/workflows/release.yml vendored
View File

@ -1,68 +0,0 @@
name: Release
on:
push:
tags:
- v*
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
jobs:
build-test-release:
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_test_driverkit.yml
with:
arch: ${{ matrix.arch }}
push-images-release:
needs: build-test-release
strategy:
matrix:
arch: [amd64, arm64]
uses: ./.github/workflows/reusable_build_push_images.yml
with:
arch: ${{ matrix.arch }}
tag: ${{ github.ref_name }}
is_latest: true
push: true
secrets: inherit
images-release:
needs: push-images-release
uses: ./.github/workflows/reusable_manifest_images.yml
with:
tag: ${{ github.ref_name }}
is_latest: true
secrets: inherit
release:
needs: images-release
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Fetch
run: git fetch --prune --force --tags
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Install GoReleaser
uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
with:
install-only: true
- name: Release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_TAG: ${{ github.ref_name }}
run: make release

72
.github/workflows/reusable_build_push_images.yml vendored
View File

@ -1,72 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
arch:
description: amd64 or arm64
required: true
type: string
branch:
description: name of the branch
required: false
type: string
default: 'master'
tag:
description: The tag to use (e.g. "master" or "0.35.0")
required: false
type: string
default: ''
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
push:
description: Whether to also push images
required: false
type: boolean
default: false
jobs:
build-images:
runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
env:
GIT_BRANCH: ${{ inputs.branch }}
GIT_TAG: ${{ inputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Create download folder
run: mkdir -p build-${{ inputs.arch }}
- name: Download Driverkit
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
with:
name: driverkit-${{ inputs.arch }}
path: build-${{ inputs.arch }}
- name: Enforce executable bit
run: chmod +x build-${{ inputs.arch }}/driverkit
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to Docker Hub
if: inputs.push
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_SECRET }}
- name: Build and Push docker images
if: inputs.push
run: make push/all
- name: Build docker images
if: inputs.push == false
run: make image/all
- name: Push latest images if needed
if: inputs.push && inputs.is_latest
run: make push/latest

47
.github/workflows/reusable_build_test_driverkit.yml vendored
View File

@ -1,47 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
arch:
description: amd64 or arm64
required: true
type: string
jobs:
build-test:
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
with:
go-version-file: 'go.mod'
- name: Build
run: make build
- name: Test
run: make test
- name: Set integration tests DRIVERVERSIONS env
if: inputs.arch == 'amd64'
run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver 17f5df52a7d9ed6bb12d3b1768460def8439936d" >> $GITHUB_ENV
- name: Set integration tests DRIVERVERSIONS env
if: inputs.arch == 'arm64'
run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver" >> $GITHUB_ENV
- name: Integration tests
run: make integration_test
- name: Upload driverkit
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: driverkit-${{ inputs.arch }}
path: |
${{ github.workspace }}/_output/bin/driverkit

45
.github/workflows/reusable_manifest_images.yml vendored
View File

@ -1,45 +0,0 @@
# This is a reusable workflow used by master and release CI
on:
workflow_call:
inputs:
branch:
description: name of the branch
required: false
type: string
default: 'master'
tag:
description: The tag to use (e.g. "master" or "0.35.0")
required: false
type: string
default: ''
is_latest:
description: Update the latest tag with the new image
required: false
type: boolean
default: false
jobs:
push-manifest:
runs-on: ubuntu-latest
env:
GIT_BRANCH: ${{ inputs.branch }}
GIT_TAG: ${{ inputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
- name: Login to Docker Hub
uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_SECRET }}
- name: Build and Push manifest to registry
run: make manifest/all
- name: Push latest manifest if needed
if: inputs.is_latest
run: make manifest/latest

4
.gitignore vendored
View File

@ -1,7 +1,5 @@
_output/
dist/
vendor/
.idea/
driverkit
coverage.out
driverkit

8
.goreleaser.yml
View File

@ -1,22 +1,18 @@
version: 2
project_name: driverkit
builds:
- id: "driverkit"
env:
- GOEXPERIMENT=loopvar
goos:
- linux
goarch:
- amd64
- arm64
main: .
flags:
- -v
- "-tags={{ .Env.GOTAGS }}"
ldflags:
- "{{.Env.LDFLAGS}}"
binary: driverkit
release:
github:
prerelease: auto
prerelease: auto

385
Example_configs.md
View File

@ -1,385 +0,0 @@
# Example Configs
## aliyun linux 2 (Alibaba Cloud Linux 2)
```yaml
kernelrelease: 4.19.91-26.al7.x86_64
target: alinux
output:
module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
driverversion: master
```
## aliyun linux 3 (Alibaba Cloud Linux 3)
```yaml
kernelrelease: 5.10.84-10.4.al8.x86_64
target: alinux
output:
module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
driverversion: master
```
## alma linux
```yaml
kernelrelease: 5.14.0-162.12.1.el9_1.x86_64
target: almalinux
output:
module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko
probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o
driverversion: master
```
## amazonlinux
```yaml
kernelrelease: 4.14.26-46.32.amzn1.x86_64
target: amazonlinux
output:
module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
driverversion: master
```
## amazonlinux 2
```yaml
kernelrelease: 4.14.171-136.231.amzn2.x86_64
target: amazonlinux2
output:
module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
driverversion: master
```
## amazonlinux 2022
```yaml
kernelrelease: 5.10.96-90.460.amzn2022.x86_64
target: amazonlinux2022
output:
module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko
probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o
driverversion: master
```
## archlinux
Example configuration file to build both the Kernel module and eBPF probe for Archlinux.
Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch
all ever supported kernel releases.
For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/.
The mirror has been up and updated since 2015.
```yaml
kernelversion: 1
kernelrelease: 6.0.6.arch1-1
target: arch
output:
module: /tmp/falco-arch.ko
probe: /tmp/falco-arch.o
driverversion: master
builderimage: ${ARCH_BUILD_IMAGE_HERE}
```
## centos 6
```yaml
kernelrelease: 2.6.32-754.14.2.el6.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos6.ko
driverversion: master
```
## centos 7
```yaml
kernelrelease: 3.10.0-957.12.2.el7.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos7.ko
driverversion: master
```
## centos 8
```yaml
kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos8.ko
driverversion: master
```
## debian
Example configuration file to build both the Kernel module and eBPF probe for Debian.
```yaml
kernelrelease: 4.19.0-6-amd64
kernelversion: 1
output:
module: /tmp/falco-debian.ko
probe: /tmp/falco-debian.o
target: debian
driverversion: master
```
## fedora
```yaml
kernelrelease: 5.19.16-200.fc36.x86_64
kernelversion: 1
target: fedora
output:
module: /tmp/falco-fedora.ko
driverversion: master
```
## flatcar
Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version;
moreover, kernelconfigdata must be provided.
```yaml
kernelrelease: 3185.0.0
target: flatcar
output:
module: /tmp/falco-flatcar-3185.0.0.ko
probe: /tmp/falco-flatcar-3185.0.0.o
driverversion: master
kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
```
## minikube
Example configuration file to build both the Kernel module and eBPF probe for Minikube.
```yaml
kernelversion: 1_1.26.0
kernelrelease: 5.10.57
target: minikube
architecture: amd64
output:
module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko
probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o
kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
```
## oracle linux 8
```yaml
kernelrelease: 5.4.17-2011.3.2.1.el8uek.x86_64
kernelversion: 1
target: ol
output:
module: /tmp/falco-ol8.ko
driverversion: master
```
## redhat 7
```yaml
kernelrelease: 3.10.0-1160.66.1.el7.x86_64
target: redhat
output:
module: /tmp/falco-redhat7.ko
driverversion: master
builderimage: registry.redhat.io/rhel7:rhel7_driverkit
```
The image used for this build was created with the following command:
```bash
docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t registry.redhat.io/rhel7:rhel7_driverkit -f Dockerfile.rhel7 .
````
| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
|--------------------------------------------------------------------------------------------|
and Dockerfile.rhel7:
```bash
FROM registry.redhat.io/rhel7
ARG rh_username
ARG rh_password
RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
RUN yum install gcc elfutils-libelf-devel make -y
```
| :warning: **Base image requires Redhat subscription to pull**:```docker login registry.redhat.io``` |
|-----------------------------------------------------------------------------------------------------|
## redhat 8
```yaml
kernelrelease: 4.18.0-372.9.1.el8.x86_64
target: redhat
output:
module: /tmp/falco-redhat8.ko
probe: /tmp/falco-redhat8.o
driverversion: master
builderimage: redhat/ubi8:rhel8_driverkit
```
The image used for this build was created with the following command:
```bash
docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t redhat/ubi8:rhel8_driverkit -f Dockerfile.rhel8 .
````
| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
|--------------------------------------------------------------------------------------------|
and Dockerfile.rhel8:
```bash
FROM redhat/ubi8
ARG rh_username
ARG rh_password
RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
RUN yum install gcc curl elfutils-libelf-devel kmod make \
llvm-toolset-0:12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64 cpio -y
```
## redhat 9
```yaml
kernelrelease: 5.14.0-70.13.1.el9_0.x86_64
target: redhat
output:
module: /tmp/falco-redhat9.ko
probe: /tmp/falco-redhat9.o
driverversion: master
builderimage: docker.io/redhat/ubi9:rhel9_driverkit
```
The image used for this build was created with the following command:
```bash
docker build -t docker.io/redhat/ubi9:rhel9_driverkit -f Dockerfile.rhel9 .
````
and Dockerfile.rhel9:
```bash
FROM docker.io/redhat/ubi9
RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
```
The `ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11` command creates a symbolic link which makes sure driverkit finds the correct compiler binary.
| :exclamation: **subscription-manager does not work on RHEL9 containers**: Host must have a valid RHEL subscription. However, if you want to build the Docker image on a host that is not RHEL9, the container will not have access to the required repositories. In that case, the subscription manager can be enabled with some additional adjustments. |
|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Dockerfile.rhel9.containerSkip:
```bash
FROM docker.io/redhat/ubi9
ENV SMDEV_CONTAINER_OFF 1
ARG REDHAT_USERNAME
ARG REDHAT_PASSWORD
RUN subscription-manager register --username $REDHAT_USERNAME --password $REDHAT_PASSWORD --auto-attach
RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
```
Setting `SMDEV_CONTAINER_OFF 1` makes sure the container detection is skipped and therefore enables the subscription manager again.
## rocky linux
```yaml
kernelrelease: 5.14.0-162.18.1.el9_1.x86_64
target: rocky
output:
module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko
probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o
driverversion: master
```
## ubuntu
Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!).
```yaml
kernelrelease: 5.0.0-1021-aws-5.0
kernelversion: 24~18.04.1
target: ubuntu
output:
module: /tmp/falco-ubuntu-generic.ko
probe: /tmp/falco-ubuntu-generic.o
driverversion: master
```
## ubuntu-aws
Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
```yaml
kernelrelease: 4.15.0-1057-aws
kernelversion: 59
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master
```
> **NOTE:** ubuntu-aws exists to retain backward compatibility only,
> and should not be used in new configs.
## ubuntu-generic
Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
```yaml
kernelrelease: 4.15.0-72-generic
kernelversion: 81
target: ubuntu-generic
output:
module: /tmp/falco-ubuntu-generic.ko
probe: /tmp/falco-ubuntu-generic.o
driverversion: master
```
> **NOTE:** ubuntu-generic exists to retain backward compatibility only,
> and should not be used in new configs.
## vanilla
In case of vanilla, you also need to pass the kernel config data in base64 format.
In most systems you can get `kernelconfigdata` by reading `/proc/config.gz`.
```yaml
kernelrelease: 5.5.2
kernelversion: 1
target: vanilla
output:
module: /tmp/falco-vanilla.ko
probe: /tmp/falco-vanilla.o
driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
```
Now you can add the `kernelconfigdata` to the configuration file, to do so:
```bash
zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
```
The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
### Note
Usually, building for a `vanilla` target requires more time.
So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
```bash
driverkit docker -c /tmp/vanilla.yaml --timeout=300
```

91
Makefile
View File

@ -16,25 +16,29 @@ ifeq ($(COMMITS_FROM_GIT_TAG),0)
endif
endif
DRIVERVERSIONS ?= master
IMAGE_NAME_BUILDER ?= docker.io/falcosecurity/driverkit-builder
DOCKER_ORG ?= falcosecurity
IMAGE_NAME_BUILDER_REF := $(IMAGE_NAME_BUILDER):$(GIT_REF)
IMAGE_NAME_BUILDER_COMMIT := $(IMAGE_NAME_BUILDER):$(GIT_COMMIT)
IMAGE_NAME_BUILDER_LATEST := $(IMAGE_NAME_BUILDER):latest
ARCH := $(shell uname -m)
IMAGE_NAME_DRIVERKIT ?= docker.io/falcosecurity/driverkit
BUILDERS := $(patsubst docker/builders/builder-%.Dockerfile,%,$(wildcard docker/builders/builder*$(ARCH)*.Dockerfile))
IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)
IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)
IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest
IMAGE_NAME_BUILDER_BASE ?= docker.io/$(DOCKER_ORG)/driverkit-builder
LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder.builderBaseImage=${IMAGE_NAME_BUILDER_COMMIT}
IMAGE_NAME_DRIVERKIT ?= docker.io/$(DOCKER_ORG)/driverkit
OS_NAME := $(shell uname -s | tr A-Z a-z)
SQLITE_TAGS :=
ifeq ($(OS_NAME),darwin)
SQLITE_TAGS +=sqlite_omit_load_extension libsqlite3 darwin
else ifeq ($(OS_NAME),linux)
SQLITE_TAGS +=sqlite_omit_load_extension linux
endif
IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_$(ARCH)
IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_$(ARCH)
IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest_$(ARCH)
LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder/builder.defaultImageTag=$(GIT_COMMIT)
TARGET_TEST_ARCH ?= $(ARCH)
test_configs := $(wildcard test/$(TARGET_TEST_ARCH)/configs/*.yaml)
GOTAGS := ${SQLITE_TAGS}
driverkit ?= _output/bin/driverkit
driverkit_docgen ?= _output/bin/docgen
@ -43,11 +47,11 @@ driverkit_docgen ?= _output/bin/docgen
build: clean ${driverkit}
${driverkit}:
CGO_ENABLED=0 GOEXPERIMENT=loopvar go build -v -ldflags '${LDFLAGS}' -o $@ .
CGO_ENABLED=1 go build -v -ldflags '${LDFLAGS}' -tags '${GOTAGS}' -o $@ .
.PHONY: release
release: clean
CGO_ENABLED=0 LDFLAGS="${LDFLAGS}" $(GORELEASER) release
CGO_ENABLED=1 LDFLAGS="${LDFLAGS}" GOTAGS="${GOTAGS}" $(GORELEASER) release
.PHONY: clean
clean:
@ -58,58 +62,41 @@ image/all: image/builder image/driverkit
.PHONY: image/builder
image/builder:
$(foreach b,$(BUILDERS),\
$(DOCKER) buildx build -o type=image,push="false" -f docker/builders/builder-$b.Dockerfile . ; \
)
$(DOCKER) build \
-t "$(IMAGE_NAME_BUILDER_REF)" \
-t "$(IMAGE_NAME_BUILDER_COMMIT)" \
-f build/builder.Dockerfile .
.PHONY: image/driverkit
image/driverkit:
$(DOCKER) buildx build -o type=image,push="false" -f docker/driverkit.Dockerfile .
$(DOCKER) build \
-t "$(IMAGE_NAME_DRIVERKIT_REF)" \
-t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" \
-f build/driverkit.Dockerfile .
push/all: push/builder push/driverkit
.PHONY: push/builder
push/builder:
$(foreach b,$(BUILDERS),\
$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_REF)" -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_COMMIT)" -f docker/builders/builder-$b.Dockerfile . ; \
)
$(DOCKER) push $(IMAGE_NAME_BUILDER_REF)
$(DOCKER) push $(IMAGE_NAME_BUILDER_COMMIT)
.PHONY: push/driverkit
push/driverkit:
$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_REF)" -t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" -f docker/driverkit.Dockerfile .
$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_REF)
$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_COMMIT)
.PHONY: push/latest
push/latest:
$(foreach b,$(BUILDERS),\
$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-latest" -f docker/builders/builder-$b.Dockerfile . ; \
)
$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_LATEST)" -f docker/driverkit.Dockerfile .
manifest/all: manifest/driverkit
.PHONY: manifest/driverkit
manifest/driverkit:
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_REF) $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_aarch64
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT) $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_aarch64
.PHONY: manifest/latest
manifest/latest:
$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):latest $(IMAGE_NAME_DRIVERKIT):latest_x86_64 $(IMAGE_NAME_DRIVERKIT):latest_aarch64
$(DOCKER) tag $(IMAGE_NAME_BUILDER_COMMIT) $(IMAGE_NAME_BUILDER_LATEST)
$(DOCKER) push $(IMAGE_NAME_BUILDER_LATEST)
$(DOCKER) tag $(IMAGE_NAME_DRIVERKIT_COMMIT) $(IMAGE_NAME_DRIVERKIT_LATEST)
$(DOCKER) push $(IMAGE_NAME_DRIVERKIT_LATEST)
.PHONY: test
test:
go clean -testcache
GOEXPERIMENT=loopvar go test -v -cover -race ./...
GOEXPERIMENT=loopvar go test -v -cover ./cmd
.PHONY: integration_test
integration_test: $(test_configs)
.PHONY: $(test_configs)
$(test_configs): ${driverkit}
$(foreach d,$(DRIVERVERSIONS),\
${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 --driverversion $d; \
)
go test -v -race ./...
go test -v ./cmd
.PHONY: ${driverkit_docgen}
${driverkit_docgen}: ${PWD}/docgen
@ -117,6 +104,6 @@ ${driverkit_docgen}: ${PWD}/docgen
.PHONY: docs
docs: ${driverkit_docgen}
$(RM) -R docs/driverkit*
$(RM) -R docs/*
@mkdir -p docs
${driverkit_docgen}
${driverkit_docgen}

12
OWNERS
View File

@ -1,10 +1,6 @@
approvers:
- leodido
- dwindsor
- fededp
- EXONER4TED
- lowaiz
- LucaGuerra
emeritus_approvers:
- fntlnz
- leodido
reviewers:
- fntlnz
- leodido

280
README.md
View File

@ -1,15 +1,11 @@
# driverkit
[![Falco Ecosystem Repository](https://github.com/falcosecurity/evolution/blob/main/repos/badges/falco-ecosystem-blue.svg)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#ecosystem-scope) [![Incubating](https://img.shields.io/badge/status-incubating-orange?style=for-the-badge)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#incubating)
Status: **Under development**
[![Latest](https://img.shields.io/github/v/release/falcosecurity/driverkit?style=for-the-badge)](https://github.com/falcosecurity/driverkit/releases/latest)
![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64-blueviolet?style=for-the-badge)
[![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit)
[![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit)
A command line tool that can be used to build the Falco kernel module and eBPF probe.
A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe.
## Glossary
## Usage
When you meet `kernelversion` that refers to the version you get executing `uname -v`:
@ -27,54 +23,19 @@ uname -r
4.15.0-1057-aws
```
## Help
By checking driverkit help, you can quickly discover info about:
* Supported options
* Supported commands
* Supported architectures
* Supported targets
* Default options
```
driverkit help
```
## Architecture
The target architecture is taken from runtime environment, but it can be overridden through `architecture` config.
Driverkit also supports cross building for arm64 using qemu from an x86_64 host.
> **NOTE:** we could not automatically fetch correct architecture given a kernelrelease,
> because some kernel names do not have any architecture suffix, namely Ubuntu ones.
## Headers
Driverkit has an internal logic to retrieve headers urls given a target and desired kernelrelease/kernelversion.
Unfortunately, the logic is quite hard to implement correctly for every supported target.
As of today, the preferred method is to instead use the `kernelurls` configuration param,
that allows to specify a list of headers.
> **NOTE:** the internal headers fetching logic should be considered a fallback that will be, sooner or later, deprecated.
A solution to crawl all supported kernels by multiple distro was recently developed,
and it provides a json output with aforementioned `kernelheaders`: https://github.com/falcosecurity/kernel-crawler.
Json for supported architectures can be found at https://falcosecurity.github.io/kernel-crawler/.
## How to use
### Against a Kubernetes cluster
```bash
driverkit kubernetes --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=master --target=ubuntu-generic
driverkit kubernetes --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=dev --target=ubuntu-generic
```
### Against a Docker daemon
```bash
driverkit docker --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=master --target=ubuntu-generic
driverkit docker --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=dev --target=ubuntu-generic
```
### Build using a configuration file
Create a file named `ubuntu-aws.yaml` containing the following content:
@ -86,7 +47,7 @@ target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master
driverversion: dev
```
Now run driverkit using the configuration file:
@ -95,26 +56,233 @@ Now run driverkit using the configuration file:
driverkit docker -c ubuntu-aws.yaml
```
### Configure the kernel module name
## Supported targets
It is possible to customize the kernel module name that is produced by Driverkit with the `moduledevicename` and `moduledrivername` options.
In this context, the _device name_ is the prefix used for the devices in `/dev/`, while the _driver name_ is the kernel module name as reported by `modinfo` or `lsmod` once the module is loaded.
### ubuntu-generic
Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
## Examples
```yaml
kernelrelease: 4.15.0-72-generic
kernelversion: 81
target: ubuntu-generic
output:
module: /tmp/falco-ubuntu-generic.ko
probe: /tmp/falco-ubuntu-generic.o
driverversion: dev
```
For a comprehensive list of examples, heads to [example configs](Example_configs.md)!
### ubuntu-aws
## Support a new target
Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
To add support for a new target, a new builder must be added.
For more info, you can find specific docs in [docs/builder.md](docs/builder.md) file.
```yaml
kernelrelease: 4.15.0-1057-aws
kernelversion: 59
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: dev
```
## Support a new builder image
### centos 6
To add support for a new builder image, follow the doc at [docs/builder_images.md](docs/builder_images.md) file.
```yaml
kernelrelease: 2.6.32-754.14.2.el6.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos6.ko
driverversion: dev
```
### centos 7
```yaml
kernelrelease: 3.10.0-957.12.2.el7.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos7.ko
driverversion: dev
```
### centos 8
```yaml
kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
kernelversion: 1
target: centos
output:
module: /tmp/falco-centos8.ko
driverversion: dev
```
### amazonlinux
```yaml
kernelrelease: 4.14.26-46.32.amzn1.x86_64
target: amazonlinux
output:
module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
```
### amazonlinux 2
```yaml
kernelrelease: 4.14.171-136.231.amzn2.x86_64
target: amazonlinux2
output:
module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
```
### debian
Example configuration file to build both the Kernel module and eBPF probe for Debian.
```yaml
kernelrelease: 4.19.0-6-amd64
kernelversion: 1
output:
module: /tmp/falco-debian.ko
probe: /tmp/falco-debian.o
target: debian
driverversion: dev
```
### vanilla
In case of vanilla, you also need to pass the kernel config data in base64 format.
In most systems you can get `kernelconfigdata` by reading `/proc/config.gz`.
```yaml
kernelrelease: 5.5.2
kernelversion: 1
target: vanilla
output:
module: /tmp/falco-vanilla.ko
probe: /tmp/falco-vanilla.o
driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
```
Now you can add the `kernelconfigdata` to the configuration file, to do so:
```bash
zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
```
The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
#### Note
Usually, building for a `vanilla` target requires more time.
So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
```bash
driverkit docker -c /tmp/vanilla.yaml --timeout=300
```
## Goals
- [x] Have a package that can build the Falco kernel module in k8s
- [x] Have a package that can build the Falco kernel module in docker
- [x] Have a package that can build the Falco eBPF probe in k8s
- [x] Have a package that can build the Falco eBPF probe in docker
- [x] Support the top distributions in our [Survey](http://bit.ly/driverkit-survey-vote) and the Vanilla Kernel
- [x] Ubuntu (`ubuntu-aws`, `ubuntu-generic`)
- [x] CentOS 8
- [x] CentOS 7
- [x] CentOS 6
- [x] AmazonLinux (`amazonlinux`, `amazonlinux2`)
- [x] Debian
- [x] Vanilla kernel (`vanilla`)
## Survey
We are conducting a [survey](http://bit.ly/driverkit-survey-vote) to know what is the most interesting set of Operating Systems we must support first in driverkit.
You can find the results of the survey [here](http://bit.ly/driverkit-survey-results)
## Creating a new Builder
You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
build drivers for a specific distro you care about.
If that distribution is not supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.
You can find the specific distribution files into the [pkg/driverbuilder/builder](/pkg/driverbuilder/builder) folder.
Here's the [Ubuntu](/pkg/driverbuilder/builder/ubuntu.go) one for reference.
Following this simple set of instructions should help you while you implement a new `builder.Builder`.
### 1. Builder file
Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
```bash
touch pkg/driverbuilder/builder/archlinux.go
```
### 2. Target name
Your builder will need a constant for the target it implements. Usually that constant
can just be the name of the distribution you are implementing. A builder can implement
more than one target at time. For example, the Ubuntu builder implements both `ubuntu-generic` and `ubuntu-aws`
to reflect the organization that the distro itself has.
Once you have the constant, you will need to add it to the `BuilderByTarget` map.
Open your file and you will need to have something like this:
```go
// TargetTypeArchLinux identifies the Arch Linux target.
const TargetTypeArchLinux Type = "archlinux"
type archLinux struct {
}
func init() {
BuilderByTarget[TargetTypeArchLinux] = &archLinux{}
}
```
Now, you can implement the `builder.Builder` interface for the `archlinux` struct
you just registered.
Here's a very minimalistic example.
```go
func (v archLinux) Script(c Config) (string, error) {
return "echo 'hello world'", nil
}
```
Essentially, the `Script` function that you are implementing will need to return a string containing
a `bash` script that will be executed by driverkit at build time.
Depending on how the distro works, the script will need to fetch the kernel headers for it at the specific kernel version specified
in the `Config` struct at `c.Build.KernelVersion`.
Once you have those, based on what that kernel can do and based on what was configured
by the user you will need to build the kernel module driver and/or the eBPF probe driver.
How does this work?
If the user specifies:
- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.ko`
The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
If you look at the various builder implemented, you will see that the task of creating a new builder
can be easy or difficult depending on how the distribution ships their artifacts.

4
RELEASE.md
View File

@ -1,10 +1,10 @@
# Release Process
Our release process is fully automated using [Github actions](.github/workflows/release.yml) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
Our release process is based upon [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/driverkit) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
When we release we do the following process:
1. We decide together (usually in the #falco channel in [slack](https://kubernetes.slack.com/messages/falco)) what's the next version to tag
1. We decide together (usually in the #falco channel in [slack](https://sysdig.slack.com)) what's the next version to tag
2. A person with repository rights does the tag
3. The same person runs commands in their machine following the "Release commands" section below
4. Once the CI has done its job, the tag is live on [Github](https://github.com/falcosecurity/driverkit/releases) with the artifacts, and the container image is live on [DockerHub](https://hub.docker.com/r/falcosecurity/driverkit) with proper tags

94
build/builder.Dockerfile Normal file
View File

@ -0,0 +1,94 @@
FROM debian:stable
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash-completion \
bc \
clang-7 \
ca-certificates \
curl \
dkms \
gnupg2 \
gcc \
jq \
libc6-dev \
libelf-dev \
libmpx2 \
llvm-7 \
netcat \
xz-utils \
rpm2cpio \
cpio \
flex \
bison \
openssl \
libssl-dev \
libncurses-dev \
libudev-dev \
libpci-dev \
libiberty-dev \
&& rm -rf /var/lib/apt/lists/*
# gcc 6 is no longer included in debian stable, but we need it to
# build kernel modules on the default debian-based ami used by
# kops. So grab copies we've saved from debian snapshots with the
# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z
# or so.
RUN curl -L -o cpp-6_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/cpp-6_6.3.0-18_amd64.deb \
&& curl -L -o gcc-6-base_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-6-base_6.3.0-18_amd64.deb \
&& curl -L -o gcc-6_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-6_6.3.0-18_amd64.deb \
&& curl -L -o libasan3_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libasan3_6.3.0-18_amd64.deb \
&& curl -L -o libcilkrts5_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libcilkrts5_6.3.0-18_amd64.deb \
&& curl -L -o libgcc-6-dev_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libgcc-6-dev_6.3.0-18_amd64.deb \
&& curl -L -o libubsan0_6.3.0-18_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libubsan0_6.3.0-18_amd64.deb \
&& curl -L -o libmpfr4_3.1.3-2_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libmpfr4_3.1.3-2_amd64.deb \
&& curl -L -o libisl15_0.18-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libisl15_0.18-1_amd64.deb \
&& dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \
&& rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb
# gcc 5 is no longer included in debian stable, but we need it to
# build centos kernels, which are 3.x based and explicitly want a gcc
# version 3, 4, or 5 compiler. So grab copies we've saved from debian
# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z.
RUN curl -L -o cpp-5_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/cpp-5_5.5.0-12_amd64.deb \
&& curl -L -o gcc-5-base_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-5-base_5.5.0-12_amd64.deb \
&& curl -L -o gcc-5_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-5_5.5.0-12_amd64.deb \
&& curl -L -o libasan2_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libasan2_5.5.0-12_amd64.deb \
&& curl -L -o libgcc-5-dev_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \
&& curl -L -o libisl15_0.18-4_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libisl15_0.18-4_amd64.deb \
&& curl -L -o libmpx0_5.5.0-12_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libmpx0_5.5.0-12_amd64.deb \
&& dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \
&& rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb
# gcc 4 is no longer included in debian stable, but we need it to
# build centos kernels, which are 2.x based and explicitly want a gcc
# version 4 compiler. So grab copies we've saved from debian
# snapshots with the prefix http://ftp.debian.org/debian/pool/main/g/gcc-4.8/.
RUN curl -L -o cpp-4.8_4.8.4-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/cpp-4.8_4.8.4-1_amd64.deb \
&& curl -L -o gcc-4.8-base_4.8.4-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-4.8-base_4.8.4-1_amd64.deb \
&& curl -L -o gcc-4.8_4.8.4-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/gcc-4.8_4.8.4-1_amd64.deb \
&& curl -L -o libasan0_4.8.4-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libasan0_4.8.4-1_amd64.deb \
&& curl -L -o libgcc-4.8-dev_4.8.4-1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libgcc-4.8-dev_4.8.4-1_amd64.deb \
&& curl -L -o libisl10_0.12.2-2_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libisl10_0.12.2-2_amd64.deb \
&& curl -L -o multiarch-support_2.19-18+deb8u10_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/multiarch-support_2.19-18+deb8u10_amd64.deb \
&& curl -L -o libcloog-isl4_0.18.4-1+b1_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libcloog-isl4_0.18.4-1+b1_amd64.deb \
&& dpkg -i multiarch-support_2.19-18+deb8u10_amd64.deb \
&& dpkg -i libisl10_0.12.2-2_amd64.deb gcc-4.8-base_4.8.4-1_amd64.deb libasan0_4.8.4-1_amd64.deb libgcc-4.8-dev_4.8.4-1_amd64.deb libcloog-isl4_0.18.4-1+b1_amd64.deb cpp-4.8_4.8.4-1_amd64.deb gcc-4.8_4.8.4-1_amd64.deb \
&& rm -f multiarch-support_2.19-18+deb8u10_amd64.deb libisl10_0.12.2-2_amd64.deb gcc-4.8-base_4.8.4-1_amd64.deb libasan0_4.8.4-1_amd64.deb libgcc-4.8-dev_4.8.4-1_amd64.deb libcloog-isl4_0.18.4-1+b1_amd64.deb cpp-4.8_4.8.4-1_amd64.deb gcc-4.8_4.8.4-1_amd64.deb
# debian:stable head contains binutils 2.31, which generates
# binaries that are incompatible with kernels < 4.16. So manually
# forcibly install binutils 2.30-22 instead.
RUN curl -L -o binutils_2.30-22_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/binutils_2.30-22_amd64.deb \
&& curl -L -o libbinutils_2.30-22_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/libbinutils_2.30-22_amd64.deb \
&& curl -L -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \
&& curl -L -o binutils-common_2.30-22_amd64.deb https://dl.bintray.com/falcosecurity/dependencies/binutils-common_2.30-22_amd64.deb \
&& dpkg -i *binutils*.deb \
&& rm -f *binutils*.deb

15
build/driverkit.Dockerfile Normal file
View File

@ -0,0 +1,15 @@
FROM docker.io/golang:1.14-alpine3.11 as builder
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
RUN apk add --no-cache --update
RUN apk add gcc musl-dev make bash git
ADD . /driverkit
WORKDIR /driverkit
RUN make build
FROM docker.io/alpine:3.11
COPY --from=builder /driverkit/_output/bin/driverkit /bin/driverkit
CMD ["/bin/driverkit"]

193
cmd/cli_test.go
View File

@ -1,34 +1,14 @@
//go:build !race
// +build !race
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"io/ioutil"
"os"
"path/filepath"
"runtime"
"sort"
"strings"
"testing"
"text/template"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/acarl005/stripansi"
"gotest.tools/assert"
@ -93,10 +73,6 @@ var tests = []testCase{
"4.15.0-1057-aws",
"--kernelversion",
"59",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
"--target",
"ubuntu-aws",
"--output-module",
@ -122,16 +98,10 @@ var tests = []testCase{
"4.15.0-1057-aws",
"--kernelversion",
"59",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
"--target",
"ubuntu-aws",
"--output-module",
"/tmp/falco-ubuntu-aws.ko",
"--output-probe",
"/tmp/falco-ubuntu-aws.o",
"--loglevel",
"debug",
},
@ -144,16 +114,11 @@ var tests = []testCase{
env: map[string]string{
"DRIVERKIT_KERNELVERSION": "59",
"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
"DRIVERKIT_OUTPUT_PROBE": "/tmp/falco-ubuntu-aws.o",
},
args: []string{
"docker",
"--kernelrelease",
"4.15.0-1057-aws",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
"--kernelurls",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
"-t",
"ubuntu-aws",
"--loglevel",
@ -176,19 +141,6 @@ var tests = []testCase{
out: "testdata/docker-from-config-debug.txt",
},
},
{
descr: "docker/from-config-file-using-urls",
args: []string{
"docker",
"-c",
"testdata/configs/2.yaml",
"--loglevel",
"debug",
},
expect: expect{
out: "testdata/docker-override-urls-from-config-debug.txt",
},
},
{
descr: "docker/override-from-config-file",
env: map[string]string{
@ -206,47 +158,6 @@ var tests = []testCase{
out: "testdata/docker-override-from-config-debug.txt",
},
},
{
descr: "docker/build-related-target-azure",
args: []string{
"docker",
"--kernelrelease",
"4.15.0-1057-azure",
"--kernelversion",
"62",
"--kernelurls",
"http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb",
"--kernelurls",
"http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb",
"--target",
"ubuntu-azure",
"--output-module",
"/tmp/falco-ubuntu-azure.ko",
"--loglevel",
"debug",
},
expect: expect{
out: "testdata/docker-related-target-debug.txt",
},
},
{
descr: "docker/build-target-check-validation-redhat",
args: []string{
"docker",
"--kernelrelease",
"4.18.0-348.el8.x86_64",
"--target",
"redhat",
"--output-module",
"/tmp/falco-redhat.ko",
"--loglevel",
"debug",
},
expect: expect{
out: "testdata/docker-target-redhat-validation-error-debug.txt",
err: "exiting for validation errors",
},
},
{
descr: "complete/docker/targets",
args: []string{
@ -316,14 +227,9 @@ var tests = []testCase{
func run(t *testing.T, test testCase) {
// Setup
configOpts, err := NewConfigOptions()
assert.NilError(t, err)
rootOpts, err := NewRootOptions()
assert.NilError(t, err)
var buf bytes.Buffer
configOpts.setOutput(&buf, true)
c := NewRootCmd(configOpts, rootOpts)
c.SetOutput(&buf)
c := NewRootCmd()
b := bytes.NewBufferString("")
c.SetOutput(b)
if len(test.args) == 0 || (test.args[0] != "__complete" && test.args[0] != "__completeNoDesc" && test.args[0] != "help" && test.args[0] != "completion") {
test.args = append(test.args, "--dryrun")
}
@ -334,18 +240,19 @@ func run(t *testing.T, test testCase) {
}
}
// Test
err = c.Execute()
err := c.Execute()
if err != nil {
if test.expect.err == "" {
t.Fatalf("error executing CLI: %v", err)
} else {
assert.Error(t, err, test.expect.err)
}
// Exactly same behavior as rootCmd.Start(), but here we use ERROR instead of FATAL to avoid leaving
configOpts.Printer.Logger.Error("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
}
out := buf.String()
res := stripansi.Strip(out)
out, err := ioutil.ReadAll(b)
if err != nil {
t.Fatalf("error reading CLI output: %v", err)
}
res := stripansi.Strip(string(out))
assert.Equal(t, test.expect.out, res)
// Teardown
for k := range test.env {
@ -355,81 +262,6 @@ func run(t *testing.T, test testCase) {
}
}
// Simple explanation:
// basically we leverage text.template to execute templates for test data.
// testTemplateData is the actual template structure used to fill the test requested output.
// It internally stores all the help text, split in section { Desc, Usage, Commands, Flags, Info }
// plus the flagsTemplateData (that is the template data used to fill Flags fields basically).
type testTemplateData struct {
Desc string
Usage string
Commands string
Flags string
Info string
flagsTemplateData
}
func readTemplateFile(t *testing.T, s string) string {
out, err := os.ReadFile("testdata/templates/" + s)
assert.NilError(t, err)
return string(out)
}
func initTestTemplateData(t *testing.T, args []string) testTemplateData {
td := initFlagsTemplateData(args)
return testTemplateData{
Usage: readTemplateFile(t, "usage.txt"),
Commands: readTemplateFile(t, "commands.txt"),
Flags: runTemplate(t, readTemplateFile(t, "flags.txt"), td),
Desc: readTemplateFile(t, "desc.txt"),
Info: readTemplateFile(t, "info.txt"),
flagsTemplateData: td,
}
}
type flagsTemplateData struct {
Targets string
CurrentArch string
Architectures string
TargetsVerticalList string
// It is the subcmd being called, ie: driverkit (root) or docker,kubernetes.
// It is automatically fetched by args passed to each test case
Cmd string
}
func initFlagsTemplateData(args []string) flagsTemplateData {
targets := builder.Targets()
sort.Strings(targets)
cmd := "driverkit"
if len(args) > 0 {
if args[0] == "docker" {
cmd = "docker"
} else if args[0] == "kubernetes" {
cmd = "kubernetes"
}
}
return flagsTemplateData{
Targets: "[" + strings.Join(targets, ",") + "]",
CurrentArch: runtime.GOARCH,
Architectures: kernelrelease.SupportedArchs.String(),
TargetsVerticalList: strings.Join(targets, "\n"),
Cmd: cmd,
}
}
func runTemplate(t *testing.T, f string, td interface{}) string {
tplate := template.New("test")
parsed, err := tplate.Parse(f)
assert.NilError(t, err)
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
assert.NilError(t, err)
return buf.String()
}
func TestCLI(t *testing.T) {
for _, test := range tests {
descr := test.descr
@ -440,12 +272,11 @@ func TestCLI(t *testing.T) {
test.descr = strings.TrimSuffix(filepath.Base(test.expect.out), ".txt")
}
if test.expect.out != "" {
out, err := os.ReadFile(test.expect.out)
out, err := ioutil.ReadFile(test.expect.out)
if err != nil {
t.Fatalf("output fixture not found: %v", err)
}
td := initTestTemplateData(t, test.args)
test.expect.out = runTemplate(t, string(out), td)
test.expect.out = string(out)
}
t.Run(test.descr, func(t *testing.T) {

35
cmd/completion.go
View File

@ -1,23 +1,8 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"fmt"
"github.com/spf13/pflag"
"os"
"strings"
"text/template"
@ -47,12 +32,12 @@ func validateArgs() cobra.PositionalArgs {
if len(args) == 0 {
return nil
}
return cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs)(c, args)
return cobra.ExactValidArgs(1)(c, args)
}
}
// NewCompletionCmd ...
func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra.Command {
func NewCompletionCmd() *cobra.Command {
var long bytes.Buffer
tmpl := template.Must(template.New("long").Parse(longUsageTemplate))
tmpl.Execute(&long, map[string]interface{}{
@ -66,23 +51,25 @@ func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra
Args: validateArgs(),
ValidArgs: cmdArgs,
DisableAutoGenTag: true,
RunE: func(c *cobra.Command, args []string) error {
Run: func(c *cobra.Command, args []string) {
if len(args) == 0 {
return c.Help()
c.Help()
return
}
arg := args[0]
switch arg {
case "bash":
return c.Root().GenBashCompletion(os.Stdout)
c.Root().GenBashCompletion(os.Stdout)
break
case "zsh":
return c.Root().GenZshCompletion(os.Stdout)
c.Root().GenZshCompletion(os.Stdout)
break
case "fish":
return c.Root().GenFishCompletion(os.Stdout, true)
c.Root().GenFishCompletion(os.Stdout, true)
case "help":
return c.Help()
c.Help()
}
return nil
},
}

146
cmd/config_options.go
View File

@ -1,155 +1,49 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"errors"
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/mitchellh/go-homedir"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"io"
"os"
"strings"
"fmt"
"github.com/creasty/defaults"
"github.com/falcosecurity/driverkit/validate"
"github.com/go-playground/validator/v10"
"github.com/pterm/pterm"
logger "github.com/sirupsen/logrus"
)
var validProcessors = []string{"docker", "kubernetes", "kubernetes-in-cluster", "local"}
var aliasProcessors = []string{"docker", "k8s", "k8s-ic"}
var validProcessors = []string{"docker", "kubernetes"}
var aliasProcessors = []string{"docker", "k8s"}
var configOptions *ConfigOptions
// ConfigOptions represent the persistent configuration flags of driverkit.
type ConfigOptions struct {
configFile string
Timeout int `validate:"number,min=30" default:"120" name:"timeout"`
ConfigFile string
LogLevel string `validate:"logrus" name:"log level" default:"info"`
Timeout int `validate:"number,min=30" default:"60" name:"timeout"`
ProxyURL string `validate:"omitempty,proxy" name:"proxy url"`
dryRun bool
DryRun bool
// Printer used by all commands to output messages.
Printer *output.Printer
// writer is used to write the output of the printer.
writer io.Writer
logLevel *output.LogLevel
disableStyling bool
}
func (co *ConfigOptions) initPrinter() {
// DisableStyling is only enforced by tests.
if co.disableStyling {
pterm.DisableStyling()
}
co.Printer = output.NewPrinter(co.logLevel.ToPtermLogLevel(), pterm.LogFormatterColorful, co.writer)
if co.disableStyling {
// Disable time print for tests
co.Printer.Logger = co.Printer.Logger.WithTime(false)
}
}
// Called by tests to disable styling and set bytes buffer as output
func (co *ConfigOptions) setOutput(writer io.Writer, disableStyling bool) {
co.writer = writer
co.disableStyling = disableStyling
co.initPrinter()
configErrors bool
}
// NewConfigOptions creates an instance of ConfigOptions.
func NewConfigOptions() (*ConfigOptions, error) {
o := &ConfigOptions{
writer: os.Stdout,
logLevel: output.NewLogLevel(),
disableStyling: false,
}
o.initPrinter()
func NewConfigOptions() *ConfigOptions {
o := &ConfigOptions{}
if err := defaults.Set(o); err != nil {
// Return ConfigOptions anyway because we need the logger
return o, err
logger.WithError(err).WithField("options", "ConfigOptions").Fatal("error setting driverkit options defaults")
}
return o, nil
return o
}
// Validate validates the ConfigOptions fields.
func (co *ConfigOptions) validate() []error {
func (co *ConfigOptions) Validate() []error {
if err := validate.V.Struct(co); err != nil {
var errs validator.ValidationErrors
errors.As(err, &errs)
var errArr []error
for _, e := range errs {
errors := err.(validator.ValidationErrors)
errArr := []error{}
for _, e := range errors {
// Translate each error one at a time
errArr = append(errArr, errors.New(e.Translate(validate.T)))
errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
}
co.configErrors = true
return errArr
}
return nil
}
// AddFlags registers the common flags.
func (co *ConfigOptions) AddFlags(flags *pflag.FlagSet) {
flags.StringVarP(&co.configFile, "config", "c", co.configFile, "config file path (default $HOME/.driverkit.yaml if exists)")
flags.VarP(co.logLevel, "loglevel", "l", "set level for logs "+co.logLevel.Allowed())
flags.IntVar(&co.Timeout, "timeout", co.Timeout, "timeout in seconds")
flags.StringVar(&co.ProxyURL, "proxy", co.ProxyURL, "the proxy to use to download data")
flags.BoolVar(&co.dryRun, "dryrun", co.dryRun, "do not actually perform the action")
}
// Init reads in config file and ENV variables if set.
func (co *ConfigOptions) Init() bool {
configErr := false
if errs := co.validate(); errs != nil {
for _, err := range errs {
co.Printer.Logger.Error("error validating config options",
co.Printer.Logger.Args("err", err.Error()))
}
configErr = true
}
if co.configFile != "" {
viper.SetConfigFile(co.configFile)
} else {
// Find home directory.
home, err := homedir.Dir()
if err != nil {
co.Printer.Logger.Error("error getting the home directory",
co.Printer.Logger.Args("err", err.Error()))
// not setting configErr = true because we fallback to `$HOME/.driverkit.yaml` and try with it
}
viper.AddConfigPath(home)
viper.SetConfigName(".driverkit")
}
viper.AutomaticEnv()
viper.SetEnvPrefix("driverkit")
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
// If a config file is found, read it in.
err := viper.ReadInConfig()
// Init printer with either read or existent one,
// so that we can further log considering log level set.
co.initPrinter()
if err == nil {
co.Printer.Logger.Info("using config file",
co.Printer.Logger.Args("file", viper.ConfigFileUsed()))
} else {
var configFileNotFoundError viper.ConfigFileNotFoundError
if errors.As(err, &configFileNotFoundError) {
// Config file not found, ignore ...
co.Printer.Logger.Debug("running without a configuration file")
}
}
return configErr
}

48
cmd/docker.go
View File

@ -1,56 +1,26 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/sirupsen/logrus"
logger "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
)
// NewDockerCmd creates the `driverkit docker` command.
func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewDockerCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
dockerCmd := &cobra.Command{
Use: "docker",
Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
Run: func(c *cobra.Command, args []string) {
logrus.WithField("processor", c.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
if err := driverbuilder.NewDockerBuildProcessor(viper.GetInt("timeout"), viper.GetString("proxy")).Start(rootOpts.toBuild()); err != nil {
logger.WithError(err).Fatal("exiting")
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
}
return driverbuilder.NewDockerBuildProcessor(configOpts.Timeout, configOpts.ProxyURL).Start(b)
}
return nil
},
}
// Add root flags

74
cmd/images.go
View File

@ -1,74 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"os"
"github.com/olekukonko/tablewriter"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)
// NewImagesCmd creates the `driverkit images` command.
func NewImagesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
imagesCmd := &cobra.Command{
Use: "images",
Short: "List builder images",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting loading images",
configOpts.Printer.Logger.Args("processor", c.Name()))
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var (
buf bytes.Buffer
b *builder.Build
)
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("listing images, it will take a few seconds")
}
b.LoadImages()
if !configOpts.disableStyling {
_ = configOpts.Printer.Spinner.Stop()
configOpts.Printer.DefaultText.Print(buf.String())
}
table := tablewriter.NewWriter(os.Stdout)
table.SetHeader([]string{"Image", "Target", "Arch", "GCC"})
table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false})
table.SetCenterSeparator("|")
for _, img := range b.Images {
data := make([]string, 4)
data[0] = img.Name
data[1] = img.Target.String()
data[2] = b.Architecture
data[3] = img.GCCVersion.String()
table.Append(data)
}
table.Render() // Send output
return nil
},
}
// Add root flags
imagesCmd.PersistentFlags().AddFlagSet(rootFlags)
return imagesCmd
}

77
cmd/kubernetes.go
View File

@ -1,34 +1,21 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"regexp"
"strings"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
"github.com/sirupsen/logrus"
logger "github.com/sirupsen/logrus"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"k8s.io/cli-runtime/pkg/genericclioptions"
)
// NewKubernetesCmd creates the `driverkit kubernetes` command.
func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
kubernetesCmd := &cobra.Command{
Use: "kubernetes",
Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
@ -48,48 +35,35 @@ func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlag
f.Usage = upperAfterPointRegexp.ReplaceAllString(f.Usage, ", ${1}")
f.Usage = upperAfterCommaRegexp.ReplaceAllStringFunc(f.Usage, strings.ToLower)
})
// Add Kubernetes pods options flags
flags := kubernetesCmd.Flags()
addKubernetesFlags(flags)
kubernetesCmd.PersistentFlags().AddFlagSet(flags)
// Add root flags
kubernetesCmd.PersistentFlags().AddFlagSet(rootFlags)
kubefactory := factory.NewFactory(configFlags)
kubernetesCmd.RunE = func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
kubernetesCmd.Run = func(cmd *cobra.Command, args []string) {
logrus.WithField("processor", cmd.Name()).Info("driver building, it will take a few seconds")
if !configOptions.DryRun {
if err := kubernetesRun(cmd, args, kubefactory, rootOpts); err != nil {
logger.WithError(err).Fatal("exiting")
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
}
return kubernetesRun(kubefactory, b, configOpts)
}
return nil
}
return kubernetesCmd
}
func kubernetesRun(kubefactory factory.Factory,
b *builder.Build,
configOpts *ConfigOptions,
) error {
func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factory, rootOpts *RootOptions) error {
f := cmd.Flags()
b := rootOpts.toBuild()
namespaceStr, err := f.GetString("namespace")
if err != nil {
return err
}
if len(namespaceStr) == 0 {
namespaceStr = "default"
}
kc, err := kubefactory.KubernetesClientSet()
if err != nil {
return err
@ -102,12 +76,7 @@ func kubernetesRun(kubefactory factory.Factory,
return err
}
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
clientConfig,
kubernetesOptions.RunAsUser,
kubernetesOptions.Namespace,
kubernetesOptions.ImagePullSecret,
configOpts.Timeout,
configOpts.ProxyURL)
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(), clientConfig, namespaceStr, viper.GetInt("timeout"), viper.GetString("proxy"))
return buildProcessor.Start(b)
}

94
cmd/kubernetes_in_cluster.go
View File

@ -1,94 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
)
// NewKubernetesInClusterCmd creates the `driverkit kubernetes` command.
func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
kubernetesInClusterCmd := &cobra.Command{
Use: "kubernetes-in-cluster",
Short: "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
Aliases: []string{"k8s-ic"},
}
// Add Kubernetes pods options flags
flags := kubernetesInClusterCmd.Flags()
addKubernetesFlags(flags)
kubernetesInClusterCmd.PersistentFlags().AddFlagSet(flags)
// Add root flags
kubernetesInClusterCmd.PersistentFlags().AddFlagSet(rootFlags)
kubernetesInClusterCmd.RunE = func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
}
return kubernetesInClusterRun(b, configOpts)
}
return nil
}
return kubernetesInClusterCmd
}
func kubernetesInClusterRun(b *builder.Build, configOpts *ConfigOptions) error {
kubeConfig, err := rest.InClusterConfig()
if err != nil {
return err
}
if err = factory.SetKubernetesDefaults(kubeConfig); err != nil {
return err
}
kc, err := kubernetes.NewForConfig(kubeConfig)
if err != nil {
return err
}
buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
kubeConfig,
kubernetesOptions.RunAsUser,
kubernetesOptions.Namespace,
kubernetesOptions.ImagePullSecret,
configOpts.Timeout,
configOpts.ProxyURL)
return buildProcessor.Start(b)
}

31
cmd/kubernetes_options.go
View File

@ -1,31 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import flag "github.com/spf13/pflag"
var kubernetesOptions = &KubeOptions{}
type KubeOptions struct {
RunAsUser int64 `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser" default:"0"`
Namespace string `validate:"required" name:"namespace" default:"default"`
ImagePullSecret string `validate:"omitempty" name:"image-pull-secret" default:""`
}
func addKubernetesFlags(flags *flag.FlagSet) {
flags.StringVarP(&kubernetesOptions.Namespace, "namespace", "n", "default", "If present, the namespace scope for the pods and its config ")
flags.Int64Var(&kubernetesOptions.RunAsUser, "run-as-user", 0, "Pods runner user")
flags.StringVar(&kubernetesOptions.ImagePullSecret, "image-pull-secret", "", "ImagePullSecret")
}

81
cmd/local.go
View File

@ -1,81 +0,0 @@
package cmd
import (
"bytes"
"github.com/falcosecurity/driverkit/pkg/driverbuilder"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
)
type localCmdOptions struct {
useDKMS bool
downloadHeaders bool
srcDir string
envMap map[string]string
}
// NewLocalCmd creates the `driverkit local` command.
func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
opts := localCmdOptions{}
localCmd := &cobra.Command{
Use: "local",
Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
RunE: func(c *cobra.Command, args []string) error {
configOpts.Printer.Logger.Info("starting build",
configOpts.Printer.Logger.Args("processor", c.Name()))
if !configOpts.dryRun {
if !rootOpts.Output.HasOutputs() {
configOpts.Printer.Logger.Info("no output specified")
return nil
}
// Since we use a spinner, cache log data to a bytesbuffer;
// we will later print it once we stop the spinner.
var b *builder.Build
if configOpts.disableStyling {
b = rootOpts.ToBuild(configOpts.Printer)
} else {
var buf bytes.Buffer
b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
defer func() {
configOpts.Printer.DefaultText.Print(buf.String())
}()
}
return driverbuilder.NewLocalBuildProcessor(opts.useDKMS,
opts.downloadHeaders,
false,
opts.srcDir,
opts.envMap,
configOpts.Timeout).Start(b)
}
return nil
},
}
// Add root flags, but not the ones unneeded
unusedFlagsSet := map[string]struct{}{
"architecture": {},
"kernelurls": {},
"builderrepo": {},
"builderimage": {},
"gccversion": {},
"kernelconfigdata": {},
"proxy": {},
"registry-name": {},
"registry-password": {},
"registry-plain-http": {},
"registry-user": {},
}
flagSet := pflag.NewFlagSet("local", pflag.ExitOnError)
rootFlags.VisitAll(func(flag *pflag.Flag) {
if _, ok := unusedFlagsSet[flag.Name]; !ok {
flagSet.AddFlag(flag)
}
})
flagSet.BoolVar(&opts.useDKMS, "dkms", false, "Enforce usage of DKMS to build the kernel module.")
flagSet.BoolVar(&opts.downloadHeaders, "download-headers", false, "Try to automatically download kernel headers.")
flagSet.StringVar(&opts.srcDir, "src-dir", "", "Enforce usage of local source dir to build drivers.")
flagSet.StringToStringVar(&opts.envMap, "env", make(map[string]string), "Env variables to be enforced during the driver build.")
localCmd.PersistentFlags().AddFlagSet(flagSet)
return localCmd
}

209
cmd/root.go
View File

@ -1,21 +1,6 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"errors"
"fmt"
"io"
"os"
@ -23,21 +8,20 @@ import (
"strings"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/driverkit/pkg/version"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
homedir "github.com/mitchellh/go-homedir"
logger "github.com/sirupsen/logrus"
"github.com/spf13/viper"
)
func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
return func(c *cobra.Command, args []string) error {
var validationError = errors.New("exiting for validation errors")
configErr := configOpts.Init()
// Early exit if detect some error into config flags
if configErr {
return validationError
if configOptions.configErrors {
return fmt.Errorf("exiting for validation errors")
}
// Merge environment variables or config file values into the RootOptions instance
skip := map[string]bool{ // do not merge these
@ -53,32 +37,17 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
}
rootCommand.c.Flags().VisitAll(func(f *pflag.Flag) {
if name := f.Name; !skip[name] {
if name == "kernelurls" {
// Slice types need special treatment when used as flags. If we call 'Set(name, value)',
// rather than replace, it appends. Since viper will already have the cli options set
// if supplied, we only need this step if rootCommand doesn't already have them e.g.
// not set on CLI so read from config.
if cliURLs, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cliURLs) != 0 {
return
}
value := viper.GetStringSlice(name)
if len(value) != 0 {
strValue := strings.Join(value, ",")
_ = rootCommand.c.Flags().Set(name, strValue)
}
} else {
value := viper.GetString(name)
if value == "" {
// fallback to nested options in config file, if any
if nestedName, ok := nested[name]; ok {
value = viper.GetString(nestedName)
}
}
// set the value, if any, otherwise let the default
if value != "" {
_ = rootCommand.c.Flags().Set(name, value)
value := viper.GetString(name)
if value == "" {
// fallback to nested options in config file, if any
if nestedName, ok := nested[name]; ok {
value = viper.GetString(nestedName)
}
}
// set the value, if any, otherwise let the default
if value != "" {
rootCommand.c.Flags().Set(name, value)
}
}
})
@ -89,12 +58,11 @@ func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, roo
if c.Root() != c && c.Name() != "help" && c.Name() != "__complete" && c.Name() != "__completeNoDesc" && c.Name() != "completion" {
if errs := rootOpts.Validate(); errs != nil {
for _, err := range errs {
configOpts.Printer.Logger.Error("error validating build options",
configOpts.Printer.Logger.Args("err", err.Error()))
logger.WithError(err).Error("error validating build options")
}
return validationError
return fmt.Errorf("exiting for validation errors")
}
rootOpts.Log(configOpts.Printer)
rootOpts.Log()
}
return nil
}
@ -106,7 +74,9 @@ type RootCmd struct {
}
// NewRootCmd instantiates the root command.
func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
func NewRootCmd() *RootCmd {
configOptions = NewConfigOptions()
rootOpts := NewRootOptions()
rootCmd := &cobra.Command{
Use: "driverkit",
Short: "A command line tool to build Falco kernel modules and eBPF probes.",
@ -115,51 +85,50 @@ func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
Args: cobra.OnlyValidArgs,
DisableFlagsInUseLine: true,
DisableAutoGenTag: true,
SilenceErrors: true,
SilenceUsage: true,
Version: version.String(),
RunE: func(c *cobra.Command, args []string) error {
Run: func(c *cobra.Command, args []string) {
if len(args) == 0 {
configOpts.Printer.Logger.Info("specify a valid processor", configOpts.Printer.Logger.Args("processors", validProcessors))
logger.WithField("processors", validProcessors).Info("specify a valid processor")
}
// Fallback to help
return c.Help()
c.Help()
},
}
ret := &RootCmd{
c: rootCmd,
}
rootCmd.PersistentPreRunE = persistentValidateFunc(ret, configOpts, rootOpts)
rootCmd.PersistentPreRunE = persistentValidateFunc(ret, rootOpts)
flags := rootCmd.Flags()
targets := builder.Targets()
sort.Strings(targets)
flags.StringVarP(&configOptions.ConfigFile, "config", "c", configOptions.ConfigFile, "config file path (default $HOME/.driverkit.yaml if exists)")
flags.StringVarP(&configOptions.LogLevel, "loglevel", "l", configOptions.LogLevel, "log level")
flags.IntVar(&configOptions.Timeout, "timeout", configOptions.Timeout, "timeout in seconds")
flags.BoolVar(&configOptions.DryRun, "dryrun", configOptions.DryRun, "do not actually perform the action")
flags.StringVar(&configOptions.ProxyURL, "proxy", configOptions.ProxyURL, "the proxy to use to download data")
configOpts.AddFlags(flags)
rootOpts.AddFlags(flags, targets)
if err := viper.BindPFlags(flags); err != nil {
panic(err)
}
flags.StringVar(&rootOpts.Output.Module, "output-module", rootOpts.Output.Module, "filepath where to save the resulting kernel module")
flags.StringVar(&rootOpts.Output.Probe, "output-probe", rootOpts.Output.Probe, "filepath where to save the resulting eBPF probe")
flags.StringVar(&rootOpts.DriverVersion, "driverversion", rootOpts.DriverVersion, "driver version as a git commit hash or as a git tag")
flags.Uint16Var(&rootOpts.KernelVersion, "kernelversion", rootOpts.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
flags.StringVar(&rootOpts.KernelRelease, "kernelrelease", rootOpts.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
flags.StringVarP(&rootOpts.Target, "target", "t", rootOpts.Target, "the system to target the build for")
flags.StringVar(&rootOpts.KernelConfigData, "kernelconfigdata", rootOpts.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
viper.BindPFlags(flags)
// Flag annotations and custom completions
_ = rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
_ = rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
targets := builder.BuilderByTarget.Targets()
sort.Strings(targets)
return targets, cobra.ShellCompDirectiveDefault
})
_ = rootCmd.RegisterFlagCompletionFunc("architecture", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
return kernelrelease.SupportedArchs.Strings(), cobra.ShellCompDirectiveDefault
})
// Subcommands
rootCmd.AddCommand(NewKubernetesCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewKubernetesInClusterCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewDockerCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewLocalCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewImagesCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewCompletionCmd(configOpts, rootOpts, flags))
rootCmd.AddCommand(NewKubernetesCmd(rootOpts, flags))
rootCmd.AddCommand(NewDockerCmd(rootOpts, flags))
rootCmd.AddCommand(NewCompletionCmd())
ret.StripSensitive()
@ -188,15 +157,16 @@ func (r *RootCmd) Command() *cobra.Command {
return r.c
}
// SetArgs proxies the arguments to the underlying cobra.Command.
func (r *RootCmd) SetArgs(args []string) {
r.c.SetArgs(args)
}
// SetOutput sets the main command output writer.
func (r *RootCmd) SetOutput(w io.Writer) {
r.c.SetOut(w)
r.c.SetErr(w)
logger.SetOutput(w)
}
// SetArgs proxies the arguments to the underlying cobra.Command.
func (r *RootCmd) SetArgs(args []string) {
r.c.SetArgs(args)
}
// Execute proxies the cobra.Command execution.
@ -206,30 +176,59 @@ func (r *RootCmd) Execute() error {
// Start creates the root command and runs it.
func Start() {
configOpts, err := NewConfigOptions()
if err != nil {
// configOpts will never be nil here
if configOpts != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
} else {
os.Exit(1)
}
}
rootOpts, err := NewRootOptions()
if err != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
}
// Cleanup spinner upon leaving if any
defer func() {
if configOpts.Printer.Spinner != nil {
_ = configOpts.Printer.Spinner.Stop()
}
}()
root := NewRootCmd(configOpts, rootOpts)
if err = root.Execute(); err != nil {
configOpts.Printer.Logger.Fatal("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
root := NewRootCmd()
if err := root.Execute(); err != nil {
logger.WithError(err).Fatal("error executing driverkit")
}
}
func init() {
logger.SetFormatter(&logger.TextFormatter{
ForceColors: true,
DisableLevelTruncation: false,
DisableTimestamp: true,
})
cobra.OnInitialize(initConfig)
}
// initConfig reads in config file and ENV variables if set.
func initConfig() {
if errs := configOptions.Validate(); errs != nil {
for _, err := range errs {
logger.WithError(err).Error("error validating config options")
}
// configOptions.configErrors should be true here
}
if configOptions.ConfigFile != "" {
viper.SetConfigFile(configOptions.ConfigFile)
} else {
// Find home directory.
home, err := homedir.Dir()
if err != nil {
logger.WithError(err).Debug("error getting the home directory")
// not setting configOptions.configErrors = true because we fallback to `$HOME/.driverkit.yaml` and try with it
}
viper.AddConfigPath(home)
viper.SetConfigName(".driverkit")
}
viper.AutomaticEnv()
viper.SetEnvPrefix("driverkit")
viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
// If a config file is found, read it in.
if err := viper.ReadInConfig(); err == nil {
logger.WithField("file", viper.ConfigFileUsed()).Info("using config file")
} else {
if _, ok := err.(viper.ConfigFileNotFoundError); ok {
// Config file not found, ignore ...
logger.Debug("running without a configuration file")
} else {
// Config file was found but another error was produced
logger.WithField("file", viper.ConfigFileUsed()).WithError(err).Debug("error running with config file")
configOptions.configErrors = true
}
}
}

226
cmd/root_options.go
View File

@ -1,32 +1,13 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cmd
import (
"errors"
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/spf13/pflag"
"os"
"runtime"
"strings"
"fmt"
"github.com/creasty/defaults"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/driverkit/validate"
"github.com/go-playground/validator/v10"
logger "github.com/sirupsen/logrus"
)
// OutputOptions wraps the two drivers that driverkit builds.
@ -35,39 +16,15 @@ type OutputOptions struct {
Probe string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
}
func (oo *OutputOptions) HasOutputs() bool {
return oo.Module != "" || oo.Probe != ""
}
type RepoOptions struct {
Org string `default:"falcosecurity" name:"organization name"`
Name string `default:"libs" name:"repo name"`
}
type Registry struct {
Name string `validate:"required_with=Username Password" name:"registry name"`
Username string `validate:"required_with=Registry Password" name:"registry username"`
Password string `validate:"required_with=Username Registry" name:"registry password"`
PlainHTTP bool `default:"false" name:"registry plain http"`
}
// RootOptions ...
type RootOptions struct {
Architecture string `validate:"required,architecture" name:"architecture"`
DriverVersion string `default:"master" validate:"eq=master|sha1|semver" name:"driver version"`
KernelVersion string `default:"1" validate:"omitempty" name:"kernel version"`
ModuleDriverName string `default:"falco" validate:"max=60" name:"kernel module driver name"`
ModuleDeviceName string `default:"falco" validate:"excludes=/,max=255" name:"kernel module device name"`
KernelRelease string `validate:"required,ascii" name:"kernel release"`
Target string `validate:"required,target" name:"target"`
KernelConfigData string `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
BuilderImage string `validate:"omitempty,imagename" name:"builder image"`
BuilderRepos []string `default:"[\"docker.io/falcosecurity/driverkit-builder\"]" validate:"omitempty" name:"docker repositories to look for builder images or absolute path pointing to a yaml file containing builder images index"`
GCCVersion string `validate:"omitempty,semvertolerant" name:"gcc version"`
KernelUrls []string `name:"kernel header urls"`
Repo RepoOptions
Architecture string `default:"x86_64" validate:"required,oneof=x86_64" name:"architecture"`
DriverVersion string `default:"dev" validate:"eq=dev|sha1|semver" name:"driver version"`
KernelVersion uint16 `default:"1" validate:"omitempty,number" name:"kernel version"`
KernelRelease string `validate:"required,ascii" name:"kernel release"`
Target string `validate:"required,target" name:"target"`
KernelConfigData string `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
Output OutputOptions
Registry Registry
}
func init() {
@ -75,146 +32,72 @@ func init() {
}
// NewRootOptions ...
func NewRootOptions() (*RootOptions, error) {
func NewRootOptions() *RootOptions {
rootOpts := &RootOptions{}
if err := defaults.Set(rootOpts); err != nil {
return nil, err
logger.WithError(err).WithField("options", "RootOptions").Fatal("error setting driverkit options defaults")
}
return rootOpts, nil
return rootOpts
}
// Validate validates the RootOptions fields.
func (ro *RootOptions) Validate() []error {
if err := validate.V.Struct(ro); err != nil {
var errs validator.ValidationErrors
errors.As(err, &errs)
errors := err.(validator.ValidationErrors)
errArr := []error{}
for _, e := range errs {
for _, e := range errors {
// Translate each error one at a time
errArr = append(errArr, errors.New(e.Translate(validate.T)))
errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
}
return errArr
}
// check that the kernel versions supports at least one of probe and module
kr := kernelrelease.FromString(ro.KernelRelease)
kr.Architecture = kernelrelease.Architecture(ro.Architecture)
if !kr.SupportsModule() && !kr.SupportsProbe() {
return []error{errors.New("both module and probe are not supported by given options")}
}
return nil
}
func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
flags.StringVar(&ro.KernelRelease, "kernelrelease", ro.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
flags.StringVarP(&ro.Target, "target", "t", ro.Target, "the system to target the build for, one of ["+strings.Join(targets, ",")+"]")
flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
flags.StringSliceVar(&ro.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
flags.StringVar(&ro.Repo.Org, "repo-org", ro.Repo.Org, "repository github organization")
flags.StringVar(&ro.Repo.Name, "repo-name", ro.Repo.Name, "repository github name")
flags.StringVar(&ro.Registry.Name, "registry-name", ro.Registry.Name, "registry name to which authenticate")
flags.StringVar(&ro.Registry.Username, "registry-user", ro.Registry.Username, "registry username")
flags.StringVar(&ro.Registry.Password, "registry-password", ro.Registry.Password, "registry password")
flags.BoolVar(&ro.Registry.PlainHTTP, "registry-plain-http", ro.Registry.PlainHTTP, "allows interacting with remote registry via plain http requests")
}
// Log emits a log line containing the receiving RootOptions for debugging purposes.
//
// Call it only after validation.
func (ro *RootOptions) Log(printer *output.Printer) {
printer.Logger.Debug("running with options",
printer.Logger.Args(
"output-module", ro.Output.Module,
"output-probe", ro.Output.Probe,
"driverversion", ro.DriverVersion,
"kernelrelease", ro.KernelRelease,
"kernelversion", ro.KernelVersion,
"target", ro.Target,
"arch", ro.Architecture,
"kernelurls", ro.KernelUrls,
"repo-org", ro.Repo.Org,
"repo-name", ro.Repo.Name,
))
func (ro *RootOptions) Log() {
fields := logger.Fields{}
if ro.Output.Module != "" {
fields["output-module"] = ro.Output.Module
}
if ro.Output.Probe != "" {
fields["output-probe"] = ro.Output.Probe
}
if ro.DriverVersion != "" {
fields["driverversion"] = ro.DriverVersion
}
if ro.KernelRelease != "" {
fields["kernelrelease"] = ro.KernelRelease
}
if ro.KernelVersion > 0 {
fields["kernelversion"] = ro.KernelVersion
}
if ro.Target != "" {
fields["target"] = ro.Target
}
logger.WithFields(fields).Debug("running with options")
}
func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
func (ro *RootOptions) toBuild() *builder.Build {
kernelConfigData := ro.KernelConfigData
if len(kernelConfigData) == 0 {
kernelConfigData = "bm8tZGF0YQ==" // no-data
}
build := &builder.Build{
TargetType: builder.Type(ro.Target),
DriverVersion: ro.DriverVersion,
KernelVersion: ro.KernelVersion,
KernelRelease: ro.KernelRelease,
Architecture: ro.Architecture,
KernelConfigData: kernelConfigData,
ModuleFilePath: ro.Output.Module,
ProbeFilePath: ro.Output.Probe,
ModuleDriverName: ro.ModuleDriverName,
ModuleDeviceName: ro.ModuleDeviceName,
GCCVersion: ro.GCCVersion,
BuilderImage: ro.BuilderImage,
BuilderRepos: ro.BuilderRepos,
KernelUrls: ro.KernelUrls,
RepoOrg: ro.Repo.Org,
RepoName: ro.Repo.Name,
Images: make(builder.ImagesMap),
RegistryName: ro.Registry.Name,
RegistryUser: ro.Registry.Username,
RegistryPassword: ro.Registry.Password,
RegistryPlainHTTP: ro.Registry.PlainHTTP,
Printer: printer,
return &builder.Build{
TargetType: builder.Type(ro.Target),
DriverVersion: ro.DriverVersion,
KernelVersion: ro.KernelVersion,
KernelRelease: ro.KernelRelease,
Architecture: ro.Architecture,
KernelConfigData: kernelConfigData,
ModuleFilePath: ro.Output.Module,
ProbeFilePath: ro.Output.Probe,
}
// loop over BuilderRepos to build the list ImagesListers based on the value of the builderRepo:
// if it's a local path use FileImagesLister, otherwise use RepoImagesLister
var (
imageLister builder.ImagesLister
err error
)
for _, builderRepo := range build.BuilderRepos {
if _, err = os.Stat(builderRepo); err == nil {
imageLister, err = builder.NewFileImagesLister(builderRepo, build)
} else {
imageLister, err = builder.NewRepoImagesLister(builderRepo, build)
}
if err != nil {
printer.Logger.Warn("skipping repo",
printer.Logger.Args("repo", builderRepo, "err", err.Error()))
} else {
build.ImagesListers = append(build.ImagesListers, imageLister)
}
}
// attempt the build in case it comes from an invalid config
kr := build.KernelReleaseFromBuildConfig()
if len(build.ModuleFilePath) > 0 && !kr.SupportsModule() {
build.ModuleFilePath = ""
printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
printer.Logger.Args("kernelrelease", kr.String()))
}
if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
build.ProbeFilePath = ""
printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
printer.Logger.Args("kernelrelease", kr.String()))
}
return build
}
// RootOptionsLevelValidation validates KernelConfigData and Target at the same time.
@ -223,20 +106,11 @@ func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
func RootOptionsLevelValidation(level validator.StructLevel) {
opts := level.Current().Interface().(RootOptions)
if opts.Target == builder.TargetTypeVanilla.String() ||
opts.Target == builder.TargetTypeMinikube.String() ||
opts.Target == builder.TargetTypeFlatcar.String() {
if len(opts.KernelConfigData) == 0 {
level.ReportError(opts.KernelConfigData, "kernelConfigData", "KernelConfigData", "required_kernelconfigdata_with_target_vanilla", "")
}
if len(opts.KernelConfigData) == 0 && opts.Target == builder.TargetTypeVanilla.String() {
level.ReportError(opts.KernelConfigData, "kernelConfigData", "KernelConfigData", "required_kernelconfigdata_with_target_vanilla", "")
}
if opts.KernelVersion == "" && (opts.Target == builder.TargetTypeUbuntu.String()) {
if opts.KernelVersion == 0 && (opts.Target == builder.TargetTypeUbuntuAWS.String() || opts.Target == builder.TargetTypeUbuntuGeneric.String()) {
level.ReportError(opts.KernelVersion, "kernelVersion", "KernelVersion", "required_kernelversion_with_target_ubuntu", "")
}
// Target redhat requires a valid build image (has to be registered in order to download packages)
if opts.Target == builder.TargetTypeRedhat.String() && opts.BuilderImage == "" {
level.ReportError(opts.BuilderImage, "builderimage", "builderimage", "required_builderimage_with_target_redhat", "")
}
}

34
cmd/testdata/autohelp.txt vendored
View File

@ -1,12 +1,30 @@
INFO specify a valid processor
└ processors: [docker kubernetes kubernetes-in-cluster local]
{{ .Desc }}
INFO specify a valid processor processors="[docker kubernetes]"
A command line tool to build Falco kernel modules and eBPF probes.
{{ .Usage }}
Usage:
driverkit
driverkit [command]
{{ .Commands }}
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
{{ .Flags }}
-v, --version version for driverkit
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
-v, --version version for driverkit
{{ .Info }}
Use "driverkit [command] --help" for more information about a command.

8
cmd/testdata/completion-targets.txt vendored
View File

@ -1,3 +1,9 @@
{{ .TargetsVerticalList }}
amazonlinux
amazonlinux2
centos
debian
ubuntu-aws
ubuntu-generic
vanilla
:0
Completion ended with directive: ShellCompDirectiveDefault

3
cmd/testdata/configs/1.yaml vendored
View File

@ -3,5 +3,4 @@ kernelversion: 59
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master
driverversion: dev

11
cmd/testdata/configs/2.yaml vendored
View File

@ -1,11 +0,0 @@
kernelrelease: 4.15.0-1057-aws
kernelversion: 59
kernelurls: [
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb",
"https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb",
]
target: ubuntu-aws
output:
module: /tmp/falco-ubuntu-aws.ko
probe: /tmp/falco-ubuntu-aws.o
driverversion: master

16
cmd/testdata/docker-from-config-debug.txt vendored
View File

@ -1,13 +1,3 @@
INFO using config file file: testdata/configs/1.yaml
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: []
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
INFO using config file file=testdata/configs/1.yaml
DEBU running with options driverversion=dev kernelrelease=4.15.0-1057-aws kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
INFO driver building, it will take a few seconds processor=docker

16
cmd/testdata/docker-override-from-config-debug.txt vendored
View File

@ -1,13 +1,3 @@
INFO using config file file: testdata/configs/1.yaml
DEBUG running with options
├ output-module: /tmp/override.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 229
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: []
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
INFO using config file file=testdata/configs/1.yaml
DEBU running with options driverversion=dev kernelrelease=4.15.0-1057-aws kernelversion=229 output-module=/tmp/override.ko target=ubuntu-aws
INFO driver building, it will take a few seconds processor=docker

13
cmd/testdata/docker-override-urls-from-config-debug.txt vendored
View File

@ -1,13 +0,0 @@
INFO using config file file: testdata/configs/2.yaml
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker

13
cmd/testdata/docker-related-target-debug.txt vendored
View File

@ -1,13 +0,0 @@
DEBUG running without a configuration file
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-azure.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-azure
├ kernelversion: 62
├ target: ubuntu-azure
├ arch: {{ .CurrentArch }}
├ kernelurls: [http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker

4
cmd/testdata/docker-target-redhat-validation-error-debug.txt vendored
View File

@ -1,4 +0,0 @@
DEBUG running without a configuration file
ERROR error validating build options
└ err: builder image is a required field when target is redhat
ERROR error executing driverkit err: exiting for validation errors

16
cmd/testdata/docker-with-flags-debug.txt vendored
View File

@ -1,13 +1,3 @@
DEBUG running without a configuration file
DEBUG running with options
├ output-module: /tmp/falco-ubuntu-aws.ko
├ output-probe: /tmp/falco-ubuntu-aws.o
├ driverversion: master
├ kernelrelease: 4.15.0-1057-aws
├ kernelversion: 59
├ target: ubuntu-aws
├ arch: {{ .CurrentArch }}
├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
├ repo-org: falcosecurity
└ repo-name: libs
INFO starting build processor: docker
DEBU running without a configuration file
DEBU running with options driverversion=dev kernelrelease=4.15.0-1057-aws kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
INFO driver building, it will take a few seconds processor=docker

2
cmd/testdata/docker-with-flags.txt vendored
View File

@ -1 +1 @@
INFO starting build processor: docker
INFO driver building, it will take a few seconds processor=docker

30
cmd/testdata/dockernoopts.txt vendored
View File

@ -1,7 +1,23 @@
ERROR error validating build options err: kernel release is a required field
ERROR error validating build options err: target is a required field
ERROR error validating build options
└ err: output module path is required when probe is missing
ERROR error validating build options
└ err: output probe path is required when module is missing
ERROR error executing driverkit err: exiting for validation errors
ERRO error validating build options error="kernel release is a required field"
ERRO error validating build options error="target is a required field"
ERRO error validating build options error="output module path is required when probe is missing"
ERRO error validating build options error="output probe path is required when module is missing"
Error: exiting for validation errors
Usage:
driverkit docker [flags]
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for docker
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)

31
cmd/testdata/help-flag.txt vendored
View File

@ -1,10 +1,29 @@
{{ .Desc }}
A command line tool to build Falco kernel modules and eBPF probes.
{{ .Usage }}
Usage:
driverkit
driverkit [command]
{{ .Commands }}
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
{{ .Flags }}
-v, --version version for driverkit
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
-v, --version version for driverkit
{{ .Info }}
Use "driverkit [command] --help" for more information about a command.

30
cmd/testdata/help.txt vendored
View File

@ -1,10 +1,28 @@
{{ .Desc }}
A command line tool to build Falco kernel modules and eBPF probes.
{{ .Usage }}
Usage:
driverkit
driverkit [command]
{{ .Commands }}
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
{{ .Flags }}
-v, --version version for driverkit
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
{{ .Info }}
Use "driverkit [command] --help" for more information about a command.

33
cmd/testdata/invalid-proxyconfig.txt vendored
View File

@ -1,3 +1,30 @@
ERROR error validating config options
└ err: proxy url must start with http:// or https:// or socks5:// prefix
ERROR error executing driverkit err: exiting for validation errors
ERRO error validating config options error="proxy url must start with http:// or https:// or socks5:// prefix"
Error: exiting for validation errors
Usage:
driverkit
driverkit [command]
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
-v, --version version for driverkit
Use "driverkit [command] --help" for more information about a command.

30
cmd/testdata/non-existent-processor.txt vendored
View File

@ -1 +1,29 @@
ERROR error executing driverkit err: invalid argument "abc" for "driverkit"
Error: invalid argument "abc" for "driverkit"
Usage:
driverkit
driverkit [command]
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
Flags:
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
-v, --version version for driverkit
Use "driverkit [command] --help" for more information about a command.

8
cmd/testdata/templates/commands.txt vendored
View File

@ -1,8 +0,0 @@
Available Commands:
completion Generates completion scripts.
docker Build Falco kernel modules and eBPF probes against a docker daemon.
help Help about any command
images List builder images
kubernetes Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
kubernetes-in-cluster Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
local Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.

1
cmd/testdata/templates/desc.txt vendored
View File

@ -1 +0,0 @@
A command line tool to build Falco kernel modules and eBPF probes.

27
cmd/testdata/templates/flags.txt vendored
View File

@ -1,27 +0,0 @@
Flags:
--architecture string target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for {{ .Cmd }}
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of {{ .Targets }}
--timeout int timeout in seconds (default 120)

1
cmd/testdata/templates/info.txt vendored
View File

@ -1 +0,0 @@
Use "driverkit [command] --help" for more information about a command.

3
cmd/testdata/templates/usage.txt vendored
View File

@ -1,3 +0,0 @@
Usage:
driverkit
driverkit [command]

49
docgen/docgen.go
View File

@ -1,28 +1,16 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (
"bytes"
"flag"
"fmt"
"io/ioutil"
"os"
"path"
"strings"
"github.com/falcosecurity/driverkit/cmd"
logger "github.com/sirupsen/logrus"
"github.com/spf13/cobra/doc"
)
@ -59,22 +47,7 @@ func main() {
flag.Parse()
// Get root command
configOpts, err := cmd.NewConfigOptions()
if err != nil {
// configOpts will never be nil here
if configOpts != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
} else {
os.Exit(1)
}
}
rootOpts, err := cmd.NewRootOptions()
if err != nil {
configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
configOpts.Printer.Logger.Args("err", err.Error()))
}
driverkit := cmd.NewRootCmd(configOpts, rootOpts)
driverkit := cmd.NewRootCmd()
root := driverkit.Command()
num := len(root.Commands()) + 1
@ -97,20 +70,20 @@ func main() {
}
// Generate markdown docs
err = doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
err := doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
if err != nil {
configOpts.Printer.Logger.Fatal("markdown generation", configOpts.Printer.Logger.Args("err", err.Error()))
logger.WithError(err).Fatal("markdown generation")
}
if targetWebsite {
err = os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
err := os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
if err != nil {
configOpts.Printer.Logger.Fatal("renaming main docs page", configOpts.Printer.Logger.Args("err", err.Error()))
logger.WithError(err).Fatal("renaming main docs page")
}
}
if err = stripSensitive(); err != nil {
configOpts.Printer.Logger.Fatal("error replacing sensitive data", configOpts.Printer.Logger.Args("err", err.Error()))
if err := stripSensitive(); err != nil {
logger.WithError(err).Fatal("error replacing sensitive data")
}
}
@ -127,7 +100,7 @@ func stripSensitive() error {
for _, file := range files {
filePath := path.Join(outputDir, file.Name())
file, err := os.ReadFile(filePath)
file, err := ioutil.ReadFile(filePath)
if err != nil {
return err
}
@ -137,7 +110,7 @@ func stripSensitive() error {
target := []byte(os.Getenv(s))
file = bytes.ReplaceAll(file, target, append(envMark, []byte(s)...))
}
if err = os.WriteFile(filePath, file, 0666); err != nil {
if err = ioutil.WriteFile(filePath, file, 0666); err != nil {
return err
}
}

32
docker/builders/builder-amazonlinux2-x86_64_gcc10.0.0.Dockerfile
View File

@ -1,32 +0,0 @@
FROM amazonlinux:2.0.20240529.0
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
RUN yum -y install gcc10 \
clang \
llvm \
bash-completion \
bc \
ca-certificates \
curl \
gnupg2 \
libc6-dev \
elfutils-libelf-devel \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
wget \
binutils \
which \
make \
cmake3 \
tar \
zstd \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc10-cc /usr/bin/gcc-10.0.0
RUN ln -s /usr/bin/cmake3 /usr/bin/cmake

1
docker/builders/builder-any-aarch64_gcc10.0.0_gcc9.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile

1
docker/builders/builder-any-aarch64_gcc12.0.0_gcc11.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile

1
docker/builders/builder-any-aarch64_gcc13.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc13.0.0.Dockerfile

1
docker/builders/builder-any-aarch64_gcc14.0.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc14.0.0.Dockerfile

1
docker/builders/builder-any-aarch64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
View File

@ -1 +0,0 @@
builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile

48
docker/builders/builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile
View File

@ -1,48 +0,0 @@
FROM debian:bullseye
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
gcc-9 \
jq \
libc6-dev \
libelf-dev \
netcat \
xz-utils \
rpm2cpio \
cpio \
flex \
bison \
openssl \
libssl-dev \
libncurses-dev \
libudev-dev \
libpci-dev \
libiberty-dev \
lsb-release \
wget \
software-properties-common \
gpg \
zstd \
cmake \
git \
&& rm -rf /var/lib/apt/lists/*
# Properly create soft link
RUN ln -s /usr/bin/gcc-9 /usr/bin/gcc-9.0.0
RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc-10.0.0

48
docker/builders/builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile
View File

@ -1,48 +0,0 @@
FROM debian:bookworm
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
gcc-11 \
jq \
libc6-dev \
libelf-dev \
netcat-openbsd \
xz-utils \
rpm2cpio \
cpio \
flex \
bison \
openssl \
libssl-dev \
libncurses-dev \
libudev-dev \
libpci-dev \
libiberty-dev \
lsb-release \
wget \
software-properties-common \
gpg \
zstd \
cmake \
git \
&& rm -rf /var/lib/apt/lists/*
# Properly create soft links
RUN ln -s /usr/bin/gcc-11 /usr/bin/gcc-11.0.0
RUN ln -s /usr/bin/gcc-12 /usr/bin/gcc-12.0.0

40
docker/builders/builder-any-x86_64_gcc13.0.0.Dockerfile
View File

@ -1,40 +0,0 @@
FROM fedora:39
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN dnf install -y \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
jq \
glibc-devel \
elfutils-libelf-devel \
netcat \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
ncurses-devel \
systemd-devel \
pciutils-devel \
binutils-devel \
lsb-release \
wget \
gpg \
zstd \
cmake \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc /usr/bin/gcc-13.0.0

40
docker/builders/builder-any-x86_64_gcc14.0.0.Dockerfile
View File

@ -1,40 +0,0 @@
FROM fedora:41
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN dnf install -y \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
jq \
glibc-devel \
elfutils-libelf-devel \
netcat \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
ncurses-devel \
systemd-devel \
pciutils-devel \
binutils-devel \
lsb-release \
wget \
gpg \
zstd \
cmake \
git
# Properly create soft links
RUN ln -s /usr/bin/gcc /usr/bin/gcc-14.0.0

146
docker/builders/builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile
View File

@ -1,146 +0,0 @@
FROM debian:buster
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
ARG TARGETARCH
RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
# Use 20250630T203427Z debian apt snapshot as it still contains support for buster.
RUN cat <<EOF > /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster main
deb http://snapshot.debian.org/archive/debian-security/20250630T203427Z buster/updates main
deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster-updates main
EOF
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
bash-completion \
bc \
clang \
llvm \
ca-certificates \
curl \
dkms \
dwarves \
gnupg2 \
gcc \
jq \
libc6-dev \
libelf-dev \
netcat \
xz-utils \
rpm2cpio \
cpio \
flex \
bison \
openssl \
libssl-dev \
libncurses-dev \
libudev-dev \
libpci-dev \
libiberty-dev \
lsb-release \
wget \
software-properties-common \
gpg \
zstd \
gawk \
mawk \
git \
&& rm -rf /var/lib/apt/lists/*
RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get install -y --no-install-recommends libmpx2; fi
# gcc 4.9 is required on x86 to build some 3.10+ kernels
# note: on arm gcc 4.9 could not be found.
RUN echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial main' >> /etc/apt/sources.list && \
echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe' >> /etc/apt/sources.list
# repo is unsigned therefore the APT options
RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update && apt-get -o APT::Get::AllowUnauthenticated=true install -y --no-install-recommends gcc-4.9; fi
# gcc 6 is no longer included in debian stable, but we need it to
# build kernel modules on the default debian-based ami used by
# kops. So grab copies we've saved from debian snapshots with the
# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z
# or so.
RUN if [ "$TARGETARCH" = "amd64" ]; then curl -L -o libcilkrts5_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libcilkrts5_6.3.0-18_${TARGETARCH}.deb; fi; \
curl -L -o cpp-6_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-6_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o gcc-6-base_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-6-base_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o gcc-6_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-6_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o libasan3_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libasan3_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o libubsan0_6.3.0-18_${TARGETARCH}.deb https://download.falco.org/dependencies/libubsan0_6.3.0-18_${TARGETARCH}.deb \
&& curl -L -o libmpfr4_3.1.3-2_${TARGETARCH}.deb https://download.falco.org/dependencies/libmpfr4_3.1.3-2_${TARGETARCH}.deb \
&& curl -L -o libisl15_0.18-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl15_0.18-1_${TARGETARCH}.deb \
&& dpkg -i cpp-6_6.3.0-18_${TARGETARCH}.deb gcc-6-base_6.3.0-18_${TARGETARCH}.deb gcc-6_6.3.0-18_${TARGETARCH}.deb libasan3_6.3.0-18_${TARGETARCH}.deb; \
if [ "$TARGETARCH" = "amd64" ]; then dpkg -i libcilkrts5_6.3.0-18_${TARGETARCH}.deb; fi; \
dpkg -i libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb libubsan0_6.3.0-18_${TARGETARCH}.deb libmpfr4_3.1.3-2_${TARGETARCH}.deb libisl15_0.18-1_${TARGETARCH}.deb \
&& rm -f cpp-6_6.3.0-18_${TARGETARCH}.deb gcc-6-base_6.3.0-18_${TARGETARCH}.deb gcc-6_6.3.0-18_${TARGETARCH}.deb libasan3_6.3.0-18_${TARGETARCH}.deb libcilkrts5_6.3.0-18_${TARGETARCH}.deb libgcc-6-dev_6.3.0-18_${TARGETARCH}.deb libubsan0_6.3.0-18_${TARGETARCH}.deb libmpfr4_3.1.3-2_${TARGETARCH}.deb libisl15_0.18-1_${TARGETARCH}.deb
# gcc 5 is no longer included in debian stable, but we need it to
# build centos kernels, which are 3.x based and explicitly want a gcc
# version 3, 4, or 5 compiler. So grab copies we've saved from debian
# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z.
RUN if [ "$TARGETARCH" = "amd64" ]; then curl -L -o libmpx0_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/libmpx0_5.5.0-12_${TARGETARCH}.deb; fi; \
curl -L -o cpp-5_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-5_5.5.0-12_${TARGETARCH}.deb \
&& curl -L -o gcc-5-base_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-5-base_5.5.0-12_${TARGETARCH}.deb \
&& curl -L -o gcc-5_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-5_5.5.0-12_${TARGETARCH}.deb \
&& curl -L -o libasan2_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/libasan2_5.5.0-12_${TARGETARCH}.deb \
&& curl -L -o libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb \
&& curl -L -o libisl15_0.18-4_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl15_0.18-4_${TARGETARCH}.deb \
&& dpkg -i cpp-5_5.5.0-12_${TARGETARCH}.deb gcc-5-base_5.5.0-12_${TARGETARCH}.deb gcc-5_5.5.0-12_${TARGETARCH}.deb libasan2_5.5.0-12_${TARGETARCH}.deb; \
if [ "$TARGETARCH" = "amd64" ]; then dpkg -i libmpx0_5.5.0-12_${TARGETARCH}.deb; fi; \
dpkg -i libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb libisl15_0.18-4_${TARGETARCH}.deb \
&& rm -f cpp-5_5.5.0-12_${TARGETARCH}.deb gcc-5-base_5.5.0-12_${TARGETARCH}.deb gcc-5_5.5.0-12_${TARGETARCH}.deb libasan2_5.5.0-12_${TARGETARCH}.deb libgcc-5-dev_5.5.0-12_${TARGETARCH}.deb libisl15_0.18-4_${TARGETARCH}.deb libmpx0_5.5.0-12_${TARGETARCH}.deb
# gcc 4 is no longer included in debian stable, but we need it to
# build centos kernels, which are 2.x based and explicitly want a gcc
# version 4 compiler. So grab copies we've saved from debian
# snapshots with the prefix http://ftp.debian.org/debian/pool/main/g/gcc-4.8/.
RUN if [ "$TARGETARCH" = "amd64" ] ; then curl -L -o libasan0_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libasan0_4.8.4-1_${TARGETARCH}.deb && dpkg -i libasan0_4.8.4-1_${TARGETARCH}.deb; fi; \
curl -L -o cpp-4.8_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/cpp-4.8_4.8.4-1_${TARGETARCH}.deb \
&& curl -L -o gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb \
&& curl -L -o gcc-4.8_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/gcc-4.8_4.8.4-1_${TARGETARCH}.deb \
&& curl -L -o libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb https://download.falco.org/dependencies/libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb \
&& curl -L -o libisl10_0.12.2-2_${TARGETARCH}.deb https://download.falco.org/dependencies/libisl10_0.12.2-2_${TARGETARCH}.deb \
&& curl -L -o multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb https://download.falco.org/dependencies/multiarch-support_2.19-18%2Bdeb8u10_${TARGETARCH}.deb \
&& curl -L -o libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb https://download.falco.org/dependencies/libcloog-isl4_0.18.4-1%2Bb1_${TARGETARCH}.deb \
&& dpkg -i multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb \
&& dpkg -i libisl10_0.12.2-2_${TARGETARCH}.deb gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb; \
if [ "$TARGETARCH" = "amd64" ] ; then dpkg -i libasan0_4.8.4-1_${TARGETARCH}.deb; fi; \
dpkg -i libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb cpp-4.8_4.8.4-1_${TARGETARCH}.deb gcc-4.8_4.8.4-1_${TARGETARCH}.deb \
&& rm -f multiarch-support_2.19-18+deb8u10_${TARGETARCH}.deb libisl10_0.12.2-2_${TARGETARCH}.deb gcc-4.8-base_4.8.4-1_${TARGETARCH}.deb libasan0_4.8.4-1_${TARGETARCH}.deb libgcc-4.8-dev_4.8.4-1_${TARGETARCH}.deb libcloog-isl4_0.18.4-1+b1_${TARGETARCH}.deb cpp-4.8_4.8.4-1_${TARGETARCH}.deb gcc-4.8_4.8.4-1_${TARGETARCH}.deb
# debian:stable head contains binutils 2.31, which generates
# binaries that are incompatible with kernels < 4.16. So manually
# forcibly install binutils 2.30-22 instead.
RUN if [ "$TARGETARCH" = "amd64" ] ; then \
curl -L -o binutils-x86-64-linux-gnu_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-x86-64-linux-gnu_2.30-22_${TARGETARCH}.deb; \
else \
curl -L -o binutils-aarch64-linux-gnu_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-aarch64-linux-gnu_2.30-22_${TARGETARCH}.deb; \
fi
RUN curl -L -o binutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils_2.30-22_${TARGETARCH}.deb \
&& curl -L -o libbinutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/libbinutils_2.30-22_${TARGETARCH}.deb \
&& curl -L -o binutils-common_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-common_2.30-22_${TARGETARCH}.deb \
&& dpkg -i *binutils*.deb \
&& rm -f *binutils*.deb
# Install a recent version of cmake (debian buster has at most 3.13)
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
gzip -d /tmp/cmake.tar.gz; \
tar -xpf /tmp/cmake.tar --directory=/tmp; \
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
# Properly create soft link
RUN ln -s /usr/bin/gcc-4.8 /usr/bin/gcc-4.8.0
RUN if [ "$TARGETARCH" = "amd64" ] ; then ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.9.0; fi;
RUN ln -s /usr/bin/gcc-5 /usr/bin/gcc-5.0.0
RUN ln -s /usr/bin/gcc-6 /usr/bin/gcc-6.0.0
RUN ln -s /usr/bin/gcc-8 /usr/bin/gcc-8.0.0

50
docker/builders/builder-centos-x86_64_gcc4.8.5.Dockerfile
View File

@ -1,50 +0,0 @@
FROM centos:7
LABEL maintainer="cncf-falco-dev@lists.cncf.io"
# Fix broken mirrors - centos:7 eol
RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
RUN yum -y install centos-release-scl
# fix broken mirrors (again)
RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
RUN yum -y install gcc \
llvm-toolset-7.0 \
bash-completion \
bc \
ca-certificates \
curl \
gnupg2 \
libc6-dev \
elfutils-libelf-devel \
xz \
cpio \
flex \
bison \
openssl \
openssl-devel \
wget \
binutils \
which \
make \
git
# Install cmake3.x (on centos7 `cmake` package installs cmake2.x)
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
gzip -d /tmp/cmake.tar.gz; \
tar -xpf /tmp/cmake.tar --directory=/tmp; \
cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
# Properly create soft link
RUN ln -s /usr/bin/gcc /usr/bin/gcc-4.8.5
RUN source scl_source enable llvm-toolset-7.0
RUN echo "source scl_source enable llvm-toolset-7.0" >> /etc/bashrc
RUN source /etc/bashrc

6
docker/driverkit.Dockerfile
View File

@ -1,6 +0,0 @@
FROM docker.io/alpine:3.16
ARG TARGETARCH
COPY build-${TARGETARCH}/driverkit /bin/driverkit
CMD ["/bin/driverkit"]

196
docs/builder.md
View File

@ -1,196 +0,0 @@
# Builders
The [builder](../pkg/driverbuilder/builder) package contains all of the actual builders code, for each supported target.
Their bash-like build templates live under the [templates](../pkg/driverbuilder/builder/templates) subfolder.
# Support a new distro
You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
build drivers for a specific distro you care about.
If that distribution is not yet supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
Adding support for a new distro is a multiple-step work:
* first of all, a new builder on driverkit must be created
* secondly, [kernel-crawler](https://github.com/falcosecurity/kernel-crawler) must also be updated to support the new distro; see [below](#5-kernel-crawler) section
* third, [dbg-go](https://github.com/falcosecurity/dbg-go) must [bump driverkit](https://github.com/falcosecurity/dbg-go?tab=readme-ov-file#bumping-driverkit) and enable support to generate configs for the new distro: https://github.com/falcosecurity/dbg-go/blob/main/pkg/root/distro.go#L30.
* lastly, [test-infra](https://github.com/falcosecurity/test-infra) must be updated to add the new [prow config](https://github.com/falcosecurity/test-infra/tree/master/config/jobs/build-drivers) for new distro related jobs and `dbg-go` images must be bumped, see https://github.com/falcosecurity/test-infra/tree/master/images/build-drivers and https://github.com/falcosecurity/test-infra/tree/master/images/update-dbg.
Here, we will only focus about driverkit part.
## Creating a new Builder
To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.
Here's the [archlinux](../pkg/driverbuilder/builder/archlinux.go) one for reference.
Following this simple set of instructions should help you while you implement a new `builder.Builder`.
### 1. Builder file
Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
```bash
touch pkg/driverbuilder/builder/archlinux.go
```
### 2. Target name
Your builder will need a constant for the target it implements. Usually that constant
can just be the ID of the distribution you are implementing, as taken reading `/etc/os-release` file.
A builder can implement more than one target at time. For example, the minikube builder is just a vanilla one.
Once you have the constant, you will need to add it to the [byTarget](https://github.com/falcosecurity/driverkit/blob/master/pkg/driverbuilder/builder/target.go) map.
Open your file and you will need to add something like this:
```go
// TargetTypeArchLinux identifies the Arch Linux target.
const TargetTypeArchLinux Type = "arch"
type archLinux struct {
}
func init() {
byTarget[TargetTypeArchLinux] = &archLinux{}
}
```
Now, you can implement the `builder.Builder` interface for the `archlinux` struct
you just registered.
Here's a very minimalistic example:
```go
func (c *archlinux) Name() string {
return TargetTypeArchlinux.String()
}
func (c *archlinux) TemplateKernelUrlsScript() string {
return archlinuxKernelTemplate
}
func (c *archlinux) TemplateScript() string {
return archlinuxTemplate
}
func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
urls := []string{}
if kr.Architecture == kernelrelease.ArchitectureAmd64 {
urls = append(urls, fmt.Sprintf("https://archive.archlinux.org/packages/l/linux-headers/linux-headers-%s.%s-%d-%s.pkg.tar.xz",
kr.Fullversion,
kr.Extraversion,
cfg.KernelVersion,
kr.Architecture.ToNonDeb()))
} else {
urls = append(urls, fmt.Sprintf("https://alaa.ad24.cz/packages/l/linux-%s-headers/linux-%s-headers-%s-%d-%s.pkg.tar.xz",
kr.Architecture.ToNonDeb(),
kr.Architecture.ToNonDeb(),
kr.Fullversion,
cfg.KernelVersion,
kr.Architecture.ToNonDeb()))
}
return urls, nil
}
func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return archlinuxTemplateData{
KernelDownloadURL: urls[0],
}
}
```
Essentially, the various methods that you are implementing are needed to:
* fill the kernel download/extract script template, a `bash` script responsible to fetch and extract the kernel headers for the distro
* fill the build script template (see below), that is a `bash` script that will be executed by driverkit at build time
* return a list of possible kernel headers urls that will later be downloaded by the kernel download script, and then used for the driver build
Under `pkg/driverbuilder/builder/templates` folder, you can find all the template scripts for the supported builders.
Adding a new template there and using `go:embed` to include it in your builder, allows leaner code
without mixing up templates and builder logic.
For example:
```go
//go:embed templates/archlinux_kernel.sh
var archlinuxKernelTemplate string
//go:embed templates/archlinux.sh
var archlinuxTemplate string
```
Depending on how the distro works, the "kernel" template script will fetch the kernel headers for it at the specific kernel version specified
in the `Config` struct at `c.Build.KernelVersion`, and then extracting them.
Finally, the script will also `export` the `KERNELDIR` variable to be consumed by the actual build script.
Example kernel download template for archlinux:
```bash
set -xeuo pipefail
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
tar -xf kernel-devel.pkg.tar.xz
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/lib/modules/*/build/* /tmp/kernel
# exit value
export KERNELDIR=/tmp/kernel
```
Once you have those, based on what that kernel can do and based on what was configured
by the user, the build script will build the kernel module driver and/or the eBPF probe driver.
Example build template for archlinux:
```bash
set -xeuo pipefail
cd {{ .DriverBuildDir }}
mkdir -p build && cd build
{{ .CmakeCmd }}
{{ if .BuildModule }}
# Build the module
make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
strip -g {{ .ModuleFullPath }}
# Print results
modinfo {{ .ModuleFullPath }}
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
make bpf
ls -l driver/bpf/probe.o
{{ end }}
```
How does this work?
If the user specifies:
- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o`
The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
If you look at the various builder implemented, you will see that the task of creating a new builder
can be easy or difficult depending on how the distribution ships their artifacts.
Indeed, the hardest part is fetching the kernel headers urls for each distro.
### 3. Customize GCC version
A builder can enforce a GCC selection algorithm,
by implementing the `builder.GCCVersionRequestor` interface.
A sane default algorithm is provided, that selects a GCC version based on the kernel version.
The requested gcc version is then [used to find the correct builder image to be used](builder_images.md#selection-algorithm).
> **NOTE**: when implementing the `builder.GCCVersionRequestor`, returning an empty `semver.Version` means to fallback at default algorithm.
However, there is no mechanism to dynamically choose a clang version, because there should never be any need of touching it.
The build will use the one provided by the chosen builder image.
Any failure must be treated as a bug, and reported on [libs](https://github.com/falcosecurity/libs) repository.
### 5. kernel-crawler
When creating a new builder, it is recommended to check that [kernel-crawler](https://github.com/falcosecurity/kernel-crawler)
can also support collecting the new builders kernel versions and header package URLs. This will make sure that the latest drivers
for the new builder are automatically built by [test-infra](https://github.com/falcosecurity/test-infra). If required, add a feature request
for support for the new builder on the kernel-crawler repository.
> **NOTE**: be sure that the crawler you are going to add is interesting for the community as a whole.

68
docs/builder_images.md
View File

@ -1,68 +0,0 @@
# Builder Images
Driverkit supports multiple builder images.
A builder image is the docker image used to build the drivers.
## Adding a builder image
Adding a builder image is just a matter of adding a new dockerfile under the [docker/builders](../docker/builders) folder,
with a name matching the following regex: `builder-(?P<target>[a-z0-9]+)-(?P<arch>x86_64|aarch64)(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+).Dockerfile$`.
For example: `builder-centos-x86_64_gcc5.8.0_gcc6.0.0.Dockerfile`.
> **NOTE:** `any` is also a valid target, and means "apply as fallback for any target"
The image **MUST** symlink all of its provided GCC versions to their full semver name, like:
* `/usr/bin/gcc5` must be linked to `/usr/bin/gcc-5.0.0`
* `/usr/bin/gcc-4.8` must be linked to `/usr/bin/gcc-4.8.0`
This is needed because driverkit logic must be able to differentiate eg: between
an image that provides gcc4 and one that provides 4.8, in a reliable manner.
The makefile will be then automatically able to collect the new docker images and pushing it as part of the CI.
Note: the images will be pushed under the `falcosecurity/driverkit-builder` repository, each with a tag reflecting its name, eg:
* `falcosecurity/driverkit-builder:centos-x86_64_gcc5.8.0_gcc6.0.0-latest`
* `falcosecurity/driverkit-builder:any-x86_64_gcc12.0.0-454eff8fcc7d9abc615d312e9eccbd41abffb810`
As you can see, the last part of the image tag is the real versioned tag (ie: `-latest` or `-$commithash`).
## Selection algorithm
Once pushed, driverkit will be able to correctly load the image during startup, using [falcoctl](https://github.com/falcosecurity/falcoctl/) OCI utilities.
Then, it will map images whose target and architecture are correct for the current build, storing the provided GCCs list.
Moreover, it will also take care of only using images with correct tag (ie: `latest` or `commithash`), as requested by user or automatically set by Makefile.
The algorithm goes as follows:
* load any image for the build arch, tag and target
* load any image for the build arch, tag and "any" target
* if any of the target-specific image provides the targetGCC for the build, we are over
* if any of the "any" fallback image provides the targetGCC for the build, we are over
* else, find the image between target-specific and fallback ones, that provides nearest GCC.
In this latest step, there is no distinction between/different priority given to target specific or fallback images.
## Customize builder images repos
Moreover, users can also ship their own builder images in their own docker repositories, by using `--builderrepo` CLI option.
Instead of passing a docker repo, one can also pass the full path to a so-called builder images index yaml file.
It is mostly convenient in "static" scenarios, but it also gives the ability to freely define images name since all required infos are explicitly stated in the index file.
For an example of such a file, see [index.yaml](./index.yaml).
One can use this option multiple times; builder repos are a priority first list of docker repositories or builder images indexes (they can be mixed too!).
## Force use a builder image
Users can also force-specify the builder image to be used for the current build,
instead of relying on the internal algorithm, by using `--builderimage` CLI option.
> **NOTE**: builderimage MUST provide the selected gcc for the build
A special value for builder image is available:
* `auto:$tag`, that is used to tell driverkit to use the automatic algorithm, but forcing a certain image tag
## Force use a gcc version
Users can specify the target gcc version of the build, using `--gccversion` option.
As seen above, this needs to be a fully expanded gcc version, like `4.8.0`, or `8.0.0`.
When set, the image selection algorithm will pick the best builder image,
ie: the one that provides the nearest gcc version.
One can also play with both `--gccversion` and `--builderimage` options to enforce the
usage of a specific builder image that ships a specific gcc version.

45
docs/driverkit.md
View File

@ -2,6 +2,10 @@
A command line tool to build Falco kernel modules and eBPF probes.
### Synopsis
A command line tool to build Falco kernel modules and eBPF probes.
```
driverkit
```
@ -9,40 +13,23 @@ driverkit
### Options
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for driverkit
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
```
### SEE ALSO
* [driverkit completion](driverkit_completion.md) - Generates completion scripts.
* [driverkit docker](driverkit_docker.md) - Build Falco kernel modules and eBPF probes against a docker daemon.
* [driverkit images](driverkit_images.md) - List builder images
* [driverkit kubernetes](driverkit_kubernetes.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md) - Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
* [driverkit local](driverkit_local.md) - Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.

42
docs/driverkit_docker.md
View File

@ -2,6 +2,10 @@
Build Falco kernel modules and eBPF probes against a docker daemon.
### Synopsis
Build Falco kernel modules and eBPF probes against a docker daemon.
```
driverkit docker [flags]
```
@ -9,32 +13,18 @@ driverkit docker [flags]
### Options
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for docker
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
-h, --help help for docker
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-l, --loglevel string log level (default "info")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
```
### SEE ALSO

43
docs/driverkit_images.md
View File

@ -1,43 +0,0 @@
## driverkit images
List builder images
```
driverkit images [flags]
```
### Options
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for images
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```
### SEE ALSO
* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes.

46
docs/driverkit_kubernetes-in-cluster.md
View File

@ -1,46 +0,0 @@
## driverkit kubernetes-in-cluster
Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
```
driverkit kubernetes-in-cluster [flags]
```
### Options
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for kubernetes-in-cluster
--image-pull-secret string ImagePullSecret
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-n, --namespace string If present, the namespace scope for the pods and its config (default "default")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
--run-as-user int Pods runner user
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```
### SEE ALSO
* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes.

39
docs/driverkit_kubernetes.md
View File

@ -2,6 +2,10 @@
Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
### Synopsis
Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
```
driverkit kubernetes [flags]
```
@ -9,50 +13,31 @@ driverkit kubernetes [flags]
### Options
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--as string username to impersonate for the operation, user could be a regular user or a service account in a namespace
--as string username to impersonate for the operation
--as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups
--as-uid string uID to impersonate for the operation
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
--cache-dir string default cache directory (default "$HOME/.kube/cache")
--cache-dir string default HTTP cache directory (default "$HOME/.kube/http-cache")
--certificate-authority string path to a cert file for the certificate authority
--client-certificate string path to a client certificate file for TLS
--client-key string path to a client key file for TLS
--cluster string the name of the kubeconfig cluster to use
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--context string the name of the kubeconfig context to use
--disable-compression if true, opt-out of response compression for all requests to the server
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--driverversion string driver version as a git commit hash or as a git tag (default "dev")
--dryrun do not actually perform the action
--gccversion string enforce a specific gcc version for the build
-h, --help help for kubernetes
--image-pull-secret string ImagePullSecret
--insecure-skip-tls-verify if true, the server's certificate will not be checked for validity, this will make your HTTPS connections insecure
--kernelconfigdata string base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelurls strings list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
--kernelversion uint16 kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
--kubeconfig string path to the kubeconfig file to use for CLI requests
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-n, --namespace string If present, the namespace scope for the pods and its config (default "default")
-l, --loglevel string log level (default "info")
-n, --namespace string if present, the namespace scope for this CLI request
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--proxy string the proxy to use to download data
--registry-name string registry name to which authenticate
--registry-password string registry password
--registry-plain-http allows interacting with remote registry via plain http requests
--registry-user string registry username
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
--request-timeout string the length of time to wait before giving up on a single server request, non-zero values should contain a corresponding time unit (e.g, 1s, 2m, 3h), a value of zero means don't timeout requests (default "0")
--run-as-user int Pods runner user
-s, --server string the address and port of the Kubernetes API server
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
--tls-server-name string server name to use for server certificate validation, if it is not provided, the hostname used to contact the server is used
-t, --target string the system to target the build for
--timeout int timeout in seconds (default 60)
--token string bearer token for authentication to the API server
--user string the name of the kubeconfig user to use
```

36
docs/driverkit_local.md
View File

@ -1,36 +0,0 @@
## driverkit local
Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
```
driverkit local [flags]
```
### Options
```
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--dkms Enforce usage of DKMS to build the kernel module.
--download-headers Try to automatically download kernel headers.
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
--env stringToString Env variables to be enforced during the driver build. (default [])
-h, --help help for local
--kernelrelease string kernel release to build the module for, it can be found by executing 'uname -v'
--kernelversion string kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
-l, --loglevel string set level for logs (info, warn, debug, trace) (default "info")
--moduledevicename string kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
--moduledrivername string kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
--output-module string filepath where to save the resulting kernel module
--output-probe string filepath where to save the resulting eBPF probe
--repo-name string repository github name (default "libs")
--repo-org string repository github organization (default "falcosecurity")
--src-dir string Enforce usage of local source dir to build drivers.
-t, --target string the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
--timeout int timeout in seconds (default 120)
```
### SEE ALSO
* [driverkit](driverkit.md) - A command line tool to build Falco kernel modules and eBPF probes.

31
docs/index.yaml
View File

@ -1,31 +0,0 @@
images:
- name: docker.io/falcosecurity/driverkit-builder:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
target: any
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- 6.0.0
- 5.0.0
- 4.9.0
- 4.8.0
# Name is just the image name that will be used to download the image.
# Contrarily to normal repo lister there is no constraint on it,
# since all fields are already explicitly available
- name: docker.io/foo/bar:mytag
target: arch
arch: x86_64
tag: mytag
gcc_versions:
- 13.1.1
# Image name tag ("mytag" in this case)
# is not even required to match "tag" property below,
# since the latter is used to match against the desired builder image tag for the build,
# while the former is the real image tag that will be used.
- name: docker.io/foo/baz:mytag
target: arch
arch: x86_64
tag: latest
gcc_versions:
- 13.1.1

179
go.mod
View File

@ -1,162 +1,33 @@
module github.com/falcosecurity/driverkit
go 1.24.1
toolchain go1.24.2
go 1.13
require (
github.com/Masterminds/semver/v3 v3.0.3
github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
github.com/blang/semver/v4 v4.0.0
github.com/creasty/defaults v1.7.0
github.com/docker/docker v28.3.3+incompatible
github.com/falcosecurity/falcoctl v0.11.1
github.com/go-playground/locales v0.14.1
github.com/go-playground/universal-translator v0.18.1
github.com/go-playground/validator/v10 v10.24.0
github.com/creasty/defaults v1.3.0
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/go-playground/locales v0.13.0
github.com/go-playground/universal-translator v0.17.0
github.com/go-playground/validator/v10 v10.2.0
github.com/gorilla/mux v1.7.4 // indirect
github.com/mattn/go-sqlite3 v2.0.3+incompatible
github.com/mitchellh/go-homedir v1.1.0
github.com/olekukonko/tablewriter v0.0.5
github.com/opencontainers/image-spec v1.1.1
github.com/pterm/pterm v0.12.80
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/spf13/viper v1.20.0
gopkg.in/yaml.v3 v3.0.1
gotest.tools v2.2.0+incompatible
k8s.io/api v0.32.3
k8s.io/apimachinery v0.32.3
k8s.io/cli-runtime v0.30.0
k8s.io/client-go v0.32.3
k8s.io/kubectl v0.30.0
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
modernc.org/sqlite v1.29.9
oras.land/oras-go/v2 v2.5.0
)
require (
atomicgo.dev/cursor v0.2.0 // indirect
atomicgo.dev/keyboard v0.2.9 // indirect
atomicgo.dev/schedule v0.1.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
github.com/MakeNowJust/heredoc v1.0.0 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/chai2010/gettext-go v1.0.3 // indirect
github.com/containerd/console v1.0.4 // indirect
github.com/containerd/errdefs v1.0.0 // indirect
github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
github.com/creack/pty v1.1.21 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/evanphx/json-patch v5.9.0+incompatible // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/fatih/camelcase v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/fsnotify/fsnotify v1.8.0 // indirect
github.com/fvbommel/sortorder v1.1.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.8 // indirect
github.com/go-errors/errors v1.5.1 // indirect
github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gookit/color v1.5.4 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/klauspost/compress v1.18.0 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/lithammer/fuzzysearch v1.1.8 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/go-archive v0.1.0 // indirect
github.com/moby/patternmatcher v0.6.0 // indirect
github.com/moby/spdystream v0.5.0 // indirect
github.com/moby/sys/atomicwriter v0.1.0 // indirect
github.com/moby/sys/sequential v0.6.0 // indirect
github.com/moby/sys/user v0.4.0 // indirect
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/ncruces/go-strftime v0.1.9 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
github.com/rivo/uniseg v0.4.7 // indirect
github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/sagikazarmark/locafero v0.7.0 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.12.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/subosito/gotenv v1.6.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
go.opentelemetry.io/otel v1.34.0 // indirect
go.opentelemetry.io/otel/metric v1.34.0 // indirect
go.opentelemetry.io/otel/trace v1.34.0 // indirect
go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.36.0 // indirect
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/oauth2 v0.28.0 // indirect
golang.org/x/sync v0.12.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/time v0.11.0 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gotest.tools/v3 v3.5.2 // indirect
k8s.io/component-base v0.30.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b // indirect
modernc.org/libc v1.50.5 // indirect
modernc.org/mathutil v1.6.0 // indirect
modernc.org/memory v1.8.0 // indirect
modernc.org/strutil v1.2.0 // indirect
modernc.org/token v1.1.0 // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/kustomize/api v0.17.1 // indirect
sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/sirupsen/logrus v1.5.0
github.com/spf13/cobra v1.0.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.6.3
golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 // indirect
gotest.tools v2.2.0+incompatible
k8s.io/api v0.17.3
k8s.io/apimachinery v0.17.3
k8s.io/cli-runtime v0.17.3
k8s.io/client-go v0.17.3
k8s.io/kubectl v0.17.3
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
)

877
go.sum
View File

@ -1,482 +1,481 @@
atomicgo.dev/assert v0.0.2 h1:FiKeMiZSgRrZsPo9qn/7vmr7mCsh5SZyXY4YGYiYwrg=
atomicgo.dev/assert v0.0.2/go.mod h1:ut4NcI3QDdJtlmAxQULOmA13Gz6e2DWbSAS8RUOmNYQ=
atomicgo.dev/cursor v0.2.0 h1:H6XN5alUJ52FZZUkI7AlJbUc1aW38GWZalpYRPpoPOw=
atomicgo.dev/cursor v0.2.0/go.mod h1:Lr4ZJB3U7DfPPOkbH7/6TOtJ4vFGHlgj1nc+n900IpU=
atomicgo.dev/keyboard v0.2.9 h1:tOsIid3nlPLZ3lwgG8KZMp/SFmr7P0ssEN5JUsm78K8=
atomicgo.dev/keyboard v0.2.9/go.mod h1:BC4w9g00XkxH/f1HXhW2sXmJFOCWbKn9xrOunSFtExQ=
atomicgo.dev/schedule v0.1.0 h1:nTthAbhZS5YZmgYbb2+DH8uQIZcTlIrd4eYr3UQxEjs=
atomicgo.dev/schedule v0.1.0/go.mod h1:xeUa3oAkiuHYh8bKiQBRojqAMq3PXXbJujjb0hw8pEU=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
github.com/MarvinJWendt/testza v0.1.0/go.mod h1:7AxNvlfeHP7Z/hDQ5JtE3OKYT3XFUeLCDE2DQninSqs=
github.com/MarvinJWendt/testza v0.2.1/go.mod h1:God7bhG8n6uQxwdScay+gjm9/LnO4D3kkcZX4hv9Rp8=
github.com/MarvinJWendt/testza v0.2.8/go.mod h1:nwIcjmr0Zz+Rcwfh3/4UhBp7ePKVhuBExvZqnKYWlII=
github.com/MarvinJWendt/testza v0.2.10/go.mod h1:pd+VWsoGUiFtq+hRKSU1Bktnn+DMCSrDrXDpX2bG66k=
github.com/MarvinJWendt/testza v0.2.12/go.mod h1:JOIegYyV7rX+7VZ9r77L/eH6CfJHHzXjB69adAhzZkI=
github.com/MarvinJWendt/testza v0.3.0/go.mod h1:eFcL4I0idjtIx8P9C6KkAuLgATNKpX4/2oUqKc6bF2c=
github.com/MarvinJWendt/testza v0.4.2/go.mod h1:mSdhXiKH8sg/gQehJ63bINcCKp7RtYewEjXsvsVUPbE=
github.com/MarvinJWendt/testza v0.5.2 h1:53KDo64C1z/h/d/stCYCPY69bt/OSwjq5KpFNwi+zB4=
github.com/MarvinJWendt/testza v0.5.2/go.mod h1:xu53QFE5sCdjtMCKk8YMQ2MnymimEctc4n3EjyIYvEY=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU=
github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E=
github.com/Masterminds/semver/v3 v3.0.3 h1:znjIyLfpXEDQjOIEWh+ehwpTU14UzUPub3c3sm36u14=
github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
github.com/chai2010/gettext-go v1.0.3 h1:9liNh8t+u26xl5ddmWLmsOsdNLwkdRTg5AG+JnTiM80=
github.com/chai2010/gettext-go v1.0.3/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA=
github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro=
github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/cpuguy83/go-md2man/v2 v2.0.6 h1:XJtiaUW6dEEqVuZiMTn1ldk455QWwEIsMIJlo5vtkx0=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
github.com/creasty/defaults v1.7.0 h1:eNdqZvc5B509z18lD8yc212CAqJNvfT1Jq6L8WowdBA=
github.com/creasty/defaults v1.7.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 h1:7aWHqerlJ41y6FOsEUvknqgXnGmJyJSbjhAWq5pO4F8=
github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1qXHoty45bqomnu2LM+VVyAEdWN+vtSHGlQgyxbw=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
github.com/creasty/defaults v1.3.0 h1:uG+RAxYbJgOPCOdKEcec9ZJXeva7Y6mj/8egdzwmLtw=
github.com/creasty/defaults v1.3.0/go.mod h1:CIEEvs7oIVZm30R8VxtFJs+4k201gReYyuYHJxZc68I=
github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/docker v28.3.3+incompatible h1:Dypm25kh4rmk49v1eiVbsAtpAsYURjYkaKubwuBdxEI=
github.com/docker/docker v28.3.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=
github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4=
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc=
github.com/falcosecurity/falcoctl v0.11.1 h1:slBPwAPs5n5CO2Lro1w7ugemu8WuCOoKnfnL45IHhmQ=
github.com/falcosecurity/falcoctl v0.11.1/go.mod h1:sD9ghf9R/uFeY8X9fimecMwtvqLbrMn5+jcpwQfPeJQ=
github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE=
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0 h1:w3NnFcKR5241cfmQU5ZZAsf0xcpId6mWOupTvJlUX2U=
github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e h1:p1yVGRW3nmb85p1Sh1ZJSDm4A4iKLS5QNbvUHMgGu/M=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/evanphx/json-patch v4.2.0+incompatible h1:fUDGZCv/7iAN7u0puUVhvKCcsR6vRfwrJatElLBEf0I=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4=
github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=
github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
github.com/go-errors/errors v1.5.1 h1:ZwEMSLRCapFLflTpT7NKaAc7ukJ8ZPEjzlxt8rPN8bk=
github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.24.0 h1:KHQckvo8G6hlWnrPX4NJJ+aBfWNAE/HH+qdL2cBpCmg=
github.com/go-playground/validator/v10 v10.24.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-viper/mapstructure/v2 v2.3.0 h1:27XbWsHIqhbdR5TIC911OfYvgSaW93HM+dX7970Q7jk=
github.com/go-viper/mapstructure/v2 v2.3.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 h1:0VpGH+cDhbDtdcweoyCVsF3fhN8kejK6rFe/2FFX2nU=
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49/go.mod h1:BkkQ4L1KS1xMt2aWSPStnn55ChGC0DPOn2FQYj+f25M=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0=
github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg=
github.com/go-openapi/jsonpointer v0.19.3 h1:gihV7YNZK1iK6Tgwwsxo2rJbD1GTbdm72325Bq8FI3w=
github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc=
github.com/go-openapi/jsonreference v0.19.3 h1:5cxNfTy0UVC3X8JL5ymxzyoUZmo8iZb+jeTWn7tUa8o=
github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
github.com/go-openapi/spec v0.19.3 h1:0XRyw8kguri6Yw4SxhsQA/atC88yqrk0+G4YhI2wabc=
github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo=
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-openapi/swag v0.19.5 h1:lTz6Ys4CmqqCQmZPBlbQENR1/GucA2bzYTE12Pw4tFY=
github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
github.com/go-playground/validator/v10 v10.2.0 h1:KgJ0snyC2R9VXYN2rneOtQcw5aHQB1Vv0sFl1UcHBOY=
github.com/go-playground/validator/v10 v10.2.0/go.mod h1:uOYAAleCW8F/7oMFd6aG0GOhaH6EGOAJShg8Id5JGkI=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk=
github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450/go.mod h1:Bk6SMAONeMXrxql8uvOKuAZSu8aM5RUGv+1C6IJaEho=
github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995/go.mod h1:lJgMEyOkYFkPcDKwRXegd+iM6E7matEszMG5HhwytU8=
github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo=
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI=
github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg=
github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
github.com/gookit/color v1.5.0/go.mod h1:43aQb+Zerm/BWh2GnrgOQm7ffz7tvQXEKV6BFMl7wAo=
github.com/gookit/color v1.5.4 h1:FZmqs7XOyGgCAxmWyPslpiok1k05wmY3SJTytgvYFs0=
github.com/gookit/color v1.5.4/go.mod h1:pZJOeOS8DM43rXbp4AZo1n9zCU2qjpcRko0b6/QJi9w=
github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 h1:VNqngBF40hVlDloBruUehVYC3ArSgIyScOAyMRqBxRg=
github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1/go.mod h1:RBRO7fro65R6tjKzYgLAFo0t1QEXY1Dp+i/bvpRiqiQ=
github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k=
github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns=
github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
github.com/klauspost/cpuid/v2 v2.0.10/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
github.com/klauspost/cpuid/v2 v2.0.12/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuObKfj5c0PQa7c=
github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lithammer/fuzzysearch v1.1.8 h1:/HIuJnjHuXS8bKaiTMeeDlW2/AyIWk2brx1V8LFgLN4=
github.com/lithammer/fuzzysearch v1.1.8/go.mod h1:IdqeyBClc3FFqSzYq/MXESsS4S0FsZ5ajtkr5xPLts4=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
github.com/mailru/easyjson v0.7.0 h1:aizVhC/NAAcKWb+5QsU1iNOZb4Yws5UO2I+aIprQITM=
github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
github.com/moby/go-archive v0.1.0/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=
github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs=
github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU=
github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs=
github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs=
github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g=
github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=
github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4=
github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
github.com/onsi/ginkgo/v2 v2.23.3 h1:edHxnszytJ4lD9D5Jjc4tiDkPBZ3siDeJJkUZJJVkp0=
github.com/onsi/ginkgo/v2 v2.23.3/go.mod h1:zXTP6xIp3U8aVuXN8ENK9IXRaTjFnpVB9mGmaSRvxnM=
github.com/onsi/gomega v1.36.3 h1:hID7cr8t3Wp26+cYnfcjR6HpJ00fdogN6dqZ1t6IylU=
github.com/onsi/gomega v1.36.3/go.mod h1:8D9+Txp43QWKhM24yyOBEdpkzN8FvJyAwecBgsU4KU0=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/pterm/pterm v0.12.27/go.mod h1:PhQ89w4i95rhgE+xedAoqous6K9X+r6aSOI2eFF7DZI=
github.com/pterm/pterm v0.12.29/go.mod h1:WI3qxgvoQFFGKGjGnJR849gU0TsEOvKn5Q8LlY1U7lg=
github.com/pterm/pterm v0.12.30/go.mod h1:MOqLIyMOgmTDz9yorcYbcw+HsgoZo3BQfg2wtl3HEFE=
github.com/pterm/pterm v0.12.31/go.mod h1:32ZAWZVXD7ZfG0s8qqHXePte42kdz8ECtRyEejaWgXU=
github.com/pterm/pterm v0.12.33/go.mod h1:x+h2uL+n7CP/rel9+bImHD5lF3nM9vJj80k9ybiiTTE=
github.com/pterm/pterm v0.12.36/go.mod h1:NjiL09hFhT/vWjQHSj1athJpx6H8cjpHXNAK5bUw8T8=
github.com/pterm/pterm v0.12.40/go.mod h1:ffwPLwlbXxP+rxT0GsgDTzS3y3rmpAO1NMjUkGTYf8s=
github.com/pterm/pterm v0.12.80 h1:mM55B+GnKUnLMUSqhdINe4s6tOuVQIetQ3my8JGyAIg=
github.com/pterm/pterm v0.12.80/go.mod h1:c6DeF9bSnOSeFPZlfs4ZRAFcf5SCoTwvwQ5xaKGQlHo=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a h1:w3tdWGKbLGBPtR/8/oO74W6hmz0qE5q0z9aqSAewaaM=
github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a/go.mod h1:S8kfXMp+yh77OxPD4fdM6YUknrZpQxLhvxzS4gDHENY=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/sagikazarmark/locafero v0.7.0 h1:5MqpDsTGNDhY8sGp0Aowyf0qKsPrhewaLSsFaodPcyo=
github.com/sagikazarmark/locafero v0.7.0/go.mod h1:2za3Cg5rMaTMoG/2Ulr9AwtFaIppKXTRYnozin4aB5k=
github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8=
github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/spf13/afero v1.12.0 h1:UcOPyRBYczmFn6yvphxkn9ZEOY65cpwGKb5mL36mrqs=
github.com/spf13/afero v1.12.0/go.mod h1:ZTlWwG4/ahT8W7T0WQ5uYmjI9duaLQGy3Q2OAl4sk/4=
github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y=
github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.20.0 h1:zrxIyR3RQIOsarIrgL8+sAvALXul9jeEPa06Y0Ph6vY=
github.com/spf13/viper v1.20.0/go.mod h1:P9Mdzt1zoHIG8m2eZQinpiBjo6kCmZSKBClNNqjJvu4=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8=
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE=
github.com/spf13/viper v1.6.3 h1:pDDu1OyEDTKzpJwdq4TiuLyMsUgRa/BT5cn5O62NoHs=
github.com/spf13/viper v1.6.3/go.mod h1:jUMtyi0/lB5yZH/FjyGAoH7IMNrIhlBf6pXZmbMDvzw=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0=
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 h1:CV7UdSGJt/Ao6Gp4CXckLxVRRsRgDHoI8XjbL3PDl8s=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0/go.mod h1:FRmFuRJfag1IZ2dPkHnEoSFVgTVPUd2qf5Vi69hLb8I=
go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0 h1:wpMfgF8E1rkrT1Z6meFh1NDtownE9Ii3n3X2GJYjsaU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0/go.mod h1:wAy0T/dUbs468uOlkT31xjvqQgEVXv58BRFWEgn5v/0=
go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc h1:WMJEq47tB89BoJ5HUfoMZVtN+0u6f32LgIfQlu3mMF8=
go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0=
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=
golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI=
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg=
golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191210023423-ac6580df4449 h1:gSbV7h1NRL2G1xTg/owz62CST1oJBmxy4QpMMregXVQ=
golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb h1:ITgPrl429bc6+2ZraNSzMDk3I95nmQln2fuPstKwFDE=
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 h1:iK2jbkWL86DXjEx0qiHcRE9dE4/Ahua5k6V8OWFb//c=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ=
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7 h1:ZUjXAXmrAyrmmCPHgCA/vChHcpsX27MZ3yBonD/z1KE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.21.0 h1:G+97AoqBnmZIT91cLG/EkCoK9NSelj64P8bOHHNmGn0=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=
gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA=
k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48=
k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg=
k8s.io/client-go v0.32.3 h1:RKPVltzopkSgHS7aS98QdscAgtgah/+zmpAogooIqVU=
k8s.io/client-go v0.32.3/go.mod h1:3v0+3k4IcT9bXTc4V2rt+d2ZPPG700Xy6Oi0Gdl2PaY=
k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o=
k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk=
k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
modernc.org/cc/v4 v4.21.0 h1:D/gLKtcztomvWbsbvBKo3leKQv+86f+DdqEZBBXhnag=
modernc.org/cc/v4 v4.21.0/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
modernc.org/ccgo/v4 v4.17.3 h1:t2CQci84jnxKw3GGnHvjGKjiNZeZqyQx/023spkk4hU=
modernc.org/ccgo/v4 v4.17.3/go.mod h1:1FCbAtWYJoKuc+AviS+dH+vGNtYmFJqBeRWjmnDWsIg=
modernc.org/fileutil v1.3.0 h1:gQ5SIzK3H9kdfai/5x41oQiKValumqNTDXMvKo62HvE=
modernc.org/fileutil v1.3.0/go.mod h1:XatxS8fZi3pS8/hKG2GH/ArUogfxjpEKs3Ku3aK4JyQ=
modernc.org/gc/v2 v2.4.1 h1:9cNzOqPyMJBvrUipmynX0ZohMhcxPtMccYgGOJdOiBw=
modernc.org/gc/v2 v2.4.1/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU=
modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b h1:BnN1t+pb1cy61zbvSUV7SeI0PwosMhlAEi/vBY4qxp8=
modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4=
modernc.org/libc v1.50.5 h1:ZzeUd0dIc/sUtoPTCYIrgypkuzoGzNu6kbEWj2VuEmk=
modernc.org/libc v1.50.5/go.mod h1:rhzrUx5oePTSTIzBgM0mTftwWHK8tiT9aNFUt1mldl0=
modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4=
modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo=
modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E=
modernc.org/memory v1.8.0/go.mod h1:XPZ936zp5OMKGWPqbD3JShgd/ZoQ7899TUuQqxY+peU=
modernc.org/opt v0.1.3 h1:3XOZf2yznlhC+ibLltsDGzABUGVx8J6pnFMS3E4dcq4=
modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
modernc.org/sortutil v1.2.0 h1:jQiD3PfS2REGJNzNCMMaLSp/wdMNieTbKX920Cqdgqc=
modernc.org/sortutil v1.2.0/go.mod h1:TKU2s7kJMf1AE84OoiGppNHJwvB753OYfNl2WRb++Ss=
modernc.org/sqlite v1.29.9 h1:9RhNMklxJs+1596GNuAX+O/6040bvOwacTxuFcRuQow=
modernc.org/sqlite v1.29.9/go.mod h1:ItX2a1OVGgNsFh6Dv60JQvGfJfTPHPVpV6DF59akYOA=
modernc.org/strutil v1.2.0 h1:agBi9dp1I+eOnxXeiZawM8F4LawKv4NzGWSaLfyeNZA=
modernc.org/strutil v1.2.0/go.mod h1:/mdcBmfOibveCTBxUl5B5l6W+TTH1FXPLHZE6bTosX0=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
modernc.org/token v1.1.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM=
oras.land/oras-go/v2 v2.5.0 h1:o8Me9kLY74Vp5uw07QXPiitjsw7qNXi8Twd+19Zf02c=
oras.land/oras-go/v2 v2.5.0/go.mod h1:z4eisnLP530vwIOUOJeBIj0aGI0L1C3d53atvCBqZHg=
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4=
sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA=
sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c=
sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE=
sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0=
k8s.io/api v0.17.3/go.mod h1:YZ0OTkuw7ipbe305fMpIdf3GLXZKRigjtZaV5gzC2J0=
k8s.io/apimachinery v0.17.3 h1:f+uZV6rm4/tHE7xXgLyToprg6xWairaClGVkm2t8omg=
k8s.io/apimachinery v0.17.3/go.mod h1:gxLnyZcGNdZTCLnq3fgzyg2A5BVCHTNDFrw8AmuJ+0g=
k8s.io/cli-runtime v0.17.3 h1:0ZlDdJgJBKsu77trRUynNiWsRuAvAVPBNaQfnt/1qtc=
k8s.io/cli-runtime v0.17.3/go.mod h1:X7idckYphH4SZflgNpOOViSxetiMj6xI0viMAjM81TA=
k8s.io/client-go v0.17.3 h1:deUna1Ksx05XeESH6XGCyONNFfiQmDdqeqUvicvP6nU=
k8s.io/client-go v0.17.3/go.mod h1:cLXlTMtWHkuK4tD360KpWz2gG2KtdWEr/OT02i3emRQ=
k8s.io/code-generator v0.17.3/go.mod h1:l8BLVwASXQZTo2xamW5mQNFCe1XPiAesVq7Y1t7PiQQ=
k8s.io/component-base v0.17.3 h1:hQzTSshY14aLSR6WGIYvmw+w+u6V4d+iDR2iDGMrlUg=
k8s.io/component-base v0.17.3/go.mod h1:GeQf4BrgelWm64PXkIXiPh/XS0hnO42d9gx9BtbZRp8=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
k8s.io/kubectl v0.17.3 h1:9HHYj07kuFkM+sMJMOyQX29CKWq4lvKAG1UIPxNPMQ4=
k8s.io/kubectl v0.17.3/go.mod h1:NUn4IBY7f7yCMwSop2HCXlw/MVYP4HJBiUmOR3n9w28=
k8s.io/metrics v0.17.3/go.mod h1:HEJGy1fhHOjHggW9rMDBJBD3YuGroH3Y1pnIRw9FFaI=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw=
modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk=
modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k=
modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs=
modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0=
sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=

14
main.go
View File

@ -1,17 +1,3 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package main
import (

84
pkg/driverbuilder/builder/aliyunlinux.go
View File

@ -1,84 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/alinux_kernel.sh
var alinuxKernelTemplate string
//go:embed templates/alinux.sh
var alinuxTemplate string
// TargetTypeAlinux identifies the AliyunLinux 2 and 3 target.
const TargetTypeAlinux Type = "alinux"
func init() {
byTarget[TargetTypeAlinux] = &alinux{}
}
type alinuxTemplateData struct {
KernelDownloadURL string
}
type alinux struct {
}
func (c *alinux) Name() string {
return TargetTypeAlinux.String()
}
func (c *alinux) TemplateKernelUrlsScript() string {
return alinuxKernelTemplate
}
func (c *alinux) TemplateScript() string {
return alinuxTemplate
}
func (c *alinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAlinuxKernelURLS(kr), nil
}
func (c *alinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return alinuxTemplateData{
KernelDownloadURL: urls[0],
}
}
func fetchAlinuxKernelURLS(kr kernelrelease.KernelRelease) []string {
alinuxReleases := []string{
"2",
"2.1903",
"3",
}
urls := []string{}
for _, r := range alinuxReleases {
urls = append(urls, fmt.Sprintf(
"http://mirrors.aliyun.com/alinux/%s/os/%s/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
return urls
}

96
pkg/driverbuilder/builder/almalinux.go
View File

@ -1,96 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/almalinux_kernel.sh
var almaKernelTemplate string
//go:embed templates/almalinux.sh
var almaTemplate string
// TargetTypeAlma identifies the AlmaLinux target.
const TargetTypeAlma Type = "almalinux"
func init() {
byTarget[TargetTypeAlma] = &alma{}
}
type almaTemplateData struct {
KernelDownloadURL string
}
// alma is a driverkit target.
type alma struct {
}
func (c *alma) Name() string {
return TargetTypeAlma.String()
}
func (c *alma) TemplateKernelUrlsScript() string {
return almaKernelTemplate
}
func (c *alma) TemplateScript() string {
return almaTemplate
}
func (c *alma) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAlmaKernelURLS(kr), nil
}
func (c *alma) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return almaTemplateData{
KernelDownloadURL: urls[0],
}
}
func fetchAlmaKernelURLS(kr kernelrelease.KernelRelease) []string {
almaReleases := []string{
"8",
"8.6",
"9",
"9.0",
}
urls := []string{}
for _, r := range almaReleases {
if r >= "9" {
urls = append(urls, fmt.Sprintf(
"https://repo.almalinux.org/almalinux/%s/AppStream/%s/os/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
} else {
urls = append(urls, fmt.Sprintf(
"https://repo.almalinux.org/almalinux/%s/BaseOS/%s/os/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
}
return urls
}

474
pkg/driverbuilder/builder/amazonlinux.go
View File

@ -1,17 +1,3 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
@ -19,55 +5,28 @@ import (
"bytes"
"compress/bzip2"
"compress/gzip"
"database/sql"
_ "embed"
"fmt"
"github.com/blang/semver/v4"
"io"
"io/ioutil"
"log"
"net/http"
"os"
"strings"
"text/template"
_ "modernc.org/sqlite"
"database/sql"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
_ "github.com/mattn/go-sqlite3" // Why do you want me to justify? Leave me alone :)
logger "github.com/sirupsen/logrus"
)
//go:embed templates/amazonlinux_kernel.sh
var amazonlinuxKernelTemplate string
//go:embed templates/amazonlinux.sh
var amazonlinuxTemplate string
type amazonBuilder interface {
Builder
repos() []string
baseUrl() string
ext() string
type amazonlinux2 struct {
}
type amazonlinux struct {
}
type amazonlinux2 struct {
amazonlinux
}
type amazonlinux2022 struct {
amazonlinux
}
type amazonlinux2023 struct {
amazonlinux
}
// TargetTypeAmazonLinux2023 identifies the AmazonLinux2023 target.
const TargetTypeAmazonLinux2023 Type = "amazonlinux2023"
// TargetTypeAmazonLinux2022 identifies the AmazonLinux2022 target.
const TargetTypeAmazonLinux2022 Type = "amazonlinux2022"
// TargetTypeAmazonLinux2 identifies the AmazonLinux2 target.
const TargetTypeAmazonLinux2 Type = "amazonlinux2"
@ -75,38 +34,115 @@ const TargetTypeAmazonLinux2 Type = "amazonlinux2"
const TargetTypeAmazonLinux Type = "amazonlinux"
func init() {
byTarget[TargetTypeAmazonLinux2023] = &amazonlinux2023{}
byTarget[TargetTypeAmazonLinux2022] = &amazonlinux2022{}
byTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
byTarget[TargetTypeAmazonLinux] = &amazonlinux{}
BuilderByTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
BuilderByTarget[TargetTypeAmazonLinux] = &amazonlinux{}
}
const amazonlinuxTemplate = `
#!/bin/bash
set -xeuo pipefail
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
cp /driverkit/module-driver-config.h {{ .DriverBuildDir }}/driver_config.h
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLs }}
curl --silent -o kernel.rpm -SL {{ $url }}
rpm2cpio kernel.rpm | cpio --extract --make-directories
rm -rf kernel.rpm
{{ end }}
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
{{ if .BuildModule }}
# Build the kernel module
cd {{ .DriverBuildDir }}
make KERNELDIR=/tmp/kernel
# Print results
modinfo falco.ko
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
cd {{ .DriverBuildDir }}/bpf
make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}
`
type amazonlinuxTemplateData struct {
DriverBuildDir string
ModuleDownloadURL string
KernelDownloadURLs []string
BuildModule bool
BuildProbe bool
}
func (a *amazonlinux) Name() string {
return TargetTypeAmazonLinux.String()
// Script compiles the script to build the kernel module and/or the eBPF probe.
func (a amazonlinux2) Script(c Config) (string, error) {
return script(c, TargetTypeAmazonLinux2)
}
func (a *amazonlinux) TemplateKernelUrlsScript() string { return amazonlinuxKernelTemplate }
func (a *amazonlinux) TemplateScript() string {
return amazonlinuxTemplate
// Script compiles the script to build the kernel module and/or the eBPF probe.
func (a amazonlinux) Script(c Config) (string, error) {
return script(c, TargetTypeAmazonLinux)
}
func (a *amazonlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return amazonlinuxTemplateData{
KernelDownloadURLs: urls,
func script(c Config, targetType Type) (string, error) {
t := template.New(string(targetType))
parsed, err := t.Parse(amazonlinuxTemplate)
if err != nil {
return "", err
}
kv := kernelrelease.FromString(c.Build.KernelRelease)
// Check (and filter) existing kernels before continuing
packages, err := fetchAmazonLinuxPackagesURLs(kv, c.Build.Architecture, targetType)
if err != nil {
return "", err
}
if len(packages) != 2 {
return "", fmt.Errorf("target %s needs to find both kernel and kernel-devel packages", targetType)
}
urls, err := getResolvingURLs(packages)
if err != nil {
return "", err
}
td := amazonlinuxTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: moduleDownloadURL(c),
KernelDownloadURLs: urls,
BuildModule: len(c.Build.ModuleFilePath) > 0,
BuildProbe: len(c.Build.ProbeFilePath) > 0,
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
func (a *amazonlinux) repos() []string {
return []string{
var reposByTarget = map[Type][]string{
TargetTypeAmazonLinux2: []string{
"2.0",
"latest",
},
TargetTypeAmazonLinux: []string{
"latest/updates",
"latest/main",
"2017.03/updates",
@ -115,216 +151,126 @@ func (a *amazonlinux) repos() []string {
"2017.09/main",
"2018.03/updates",
"2018.03/main",
}
},
}
func (a *amazonlinux) baseUrl() string {
return "http://repo.us-east-1.amazonaws.com"
var baseByTarget = map[Type]string{
TargetTypeAmazonLinux: "http://repo.us-east-1.amazonaws.com/%s",
TargetTypeAmazonLinux2: "http://amazonlinux.us-east-1.amazonaws.com/2/core/%s/%s",
}
func (a *amazonlinux) ext() string {
return "bz2"
}
func (a *amazonlinux2022) Name() string {
return TargetTypeAmazonLinux2022.String()
}
func (a *amazonlinux2022) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux2022) repos() []string {
return []string{
"2022.0.20220202",
"2022.0.20220315",
}
}
func (a *amazonlinux2022) baseUrl() string {
return "https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors"
}
func (a *amazonlinux2022) ext() string {
return "gz"
}
func (a *amazonlinux2023) Name() string {
return TargetTypeAmazonLinux2023.String()
}
func (a *amazonlinux2023) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux2023) repos() []string {
return []string{
"latest",
}
}
func (a *amazonlinux2023) baseUrl() string {
return "https://cdn.amazonlinux.com/al2023/core/mirrors"
}
func (a *amazonlinux2023) ext() string {
return "gz"
}
func (a *amazonlinux2) Name() string {
return TargetTypeAmazonLinux2.String()
}
func (a *amazonlinux2) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchAmazonLinuxPackagesURLs(a, kr)
}
func (a *amazonlinux2) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
// 5.10 amazonlinux2 kernels need gcc 10
if kr.Major == 5 && kr.Minor == 10 {
return semver.Version{Major: 10}
}
return semver.Version{}
}
func (a *amazonlinux2) repos() []string {
return []string{
"core/2.0",
"core/latest",
"extras/kernel-5.4/latest",
"extras/kernel-5.10/latest",
"extras/kernel-5.15/latest",
}
}
func (a *amazonlinux2) baseUrl() string {
return "http://amazonlinux.us-east-1.amazonaws.com/2"
}
func (a *amazonlinux2) ext() string {
return "gz"
}
func buildMirror(a amazonBuilder, r string, kv kernelrelease.KernelRelease) (string, error) {
var baseURL string
switch a.(type) {
case *amazonlinux:
baseURL = fmt.Sprintf("%s/%s", a.baseUrl(), r)
case *amazonlinux2, *amazonlinux2022, *amazonlinux2023:
baseURL = fmt.Sprintf("%s/%s/%s", a.baseUrl(), r, kv.Architecture.ToNonDeb())
default:
return "", fmt.Errorf("unsupported target")
}
mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
return mirror, nil
}
type unzipFunc func(io.Reader) ([]byte, error)
func unzipFuncFromBuilder(a amazonBuilder) (unzipFunc, error) {
switch a.ext() {
case "gz":
return gunzip, nil
case "bz2":
return bunzip, nil
}
return nil, fmt.Errorf("unsupported extension: %s", a.ext())
}
func fetchAmazonLinuxPackagesURLs(a amazonBuilder, kv kernelrelease.KernelRelease) ([]string, error) {
func fetchAmazonLinuxPackagesURLs(kv kernelrelease.KernelRelease, arch string, targetType Type) ([]string, error) {
urls := []string{}
visited := make(map[string]struct{})
visited := map[string]bool{}
amazonlinux2baseURL := "http://amazonlinux.us-east-1.amazonaws.com"
for _, v := range a.repos() {
err := func() error {
mirror, err := buildMirror(a, v, kv)
if err != nil {
return err
}
for _, v := range reposByTarget[targetType] {
var baseURL string
switch targetType {
case TargetTypeAmazonLinux:
baseURL = fmt.Sprintf("http://repo.us-east-1.amazonaws.com/%s", v)
case TargetTypeAmazonLinux2:
baseURL = fmt.Sprintf("%s/2/core/%s/%s", amazonlinux2baseURL, v, arch)
default:
return nil, fmt.Errorf("unsupported target")
}
// Obtain the repo URL by getting mirror URL content
mirrorRes, err := http.Get(mirror)
if err != nil {
return err
}
defer mirrorRes.Body.Close()
var repo string
scanner := bufio.NewScanner(mirrorRes.Body)
if scanner.Scan() {
repo = scanner.Text()
}
if repo == "" {
return fmt.Errorf("repository not found")
}
repo = strings.ReplaceAll(strings.TrimSuffix(repo, "\n"), "$basearch", kv.Architecture.ToNonDeb())
repo = strings.TrimSuffix(repo, "/")
repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, a.ext())
if _, ok := visited[repoDatabaseURL]; ok {
return nil
}
// Download the repo database
repoRes, err := http.Get(repoDatabaseURL)
if err != nil {
return err
}
defer repoRes.Body.Close()
visited[repoDatabaseURL] = struct{}{}
unzip, err := unzipFuncFromBuilder(a)
if err != nil {
return err
}
dbBytes, err := unzip(repoRes.Body)
if err != nil {
return err
}
// Create the temporary database file
dbFile, err := os.CreateTemp(os.TempDir(), fmt.Sprintf("%s-*.sqlite", a.Name()))
if err != nil {
return err
}
defer os.Remove(dbFile.Name())
if _, err := dbFile.Write(dbBytes); err != nil {
return err
}
// Open the database
db, err := sql.Open("sqlite", dbFile.Name())
if err != nil {
return err
}
defer db.Close()
// Query the database
rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", kv.Architecture.ToNonDeb())), "-")
q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel-devel%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
stmt, err := db.Prepare(q)
if err != nil {
return err
}
defer stmt.Close()
rows, err := stmt.Query()
if err != nil {
return err
}
defer rows.Close()
for rows.Next() {
var href string
err = rows.Scan(&href)
if err != nil {
log.Fatal(err)
}
urls = append(urls, fmt.Sprintf("%s/%s", repo, href))
}
return dbFile.Close()
}()
mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
logger.WithField("url", mirror).WithField("version", v).Debug("looking for repo...")
// Obtain the repo URL by getting mirror URL content
mirrorRes, err := http.Get(mirror)
if err != nil {
return nil, err
}
defer mirrorRes.Body.Close()
var repo string
scanner := bufio.NewScanner(mirrorRes.Body)
if scanner.Scan() {
repo = scanner.Text()
}
if repo == "" {
return nil, fmt.Errorf("repository not found")
}
repo = strings.ReplaceAll(strings.TrimSuffix(string(repo), "\n"), "$basearch", arch)
ext := "gz"
if targetType == TargetTypeAmazonLinux {
ext = "bz2"
}
repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, ext)
if _, ok := visited[repoDatabaseURL]; ok {
continue
}
// Download the repo database
repoRes, err := http.Get(repoDatabaseURL)
logger.WithField("url", repoDatabaseURL).Debug("downloading...")
if err != nil {
return nil, err
}
defer repoRes.Body.Close()
visited[repoDatabaseURL] = true
// Decompress the database
var unzipFunc func(io.Reader) ([]byte, error)
if targetType == TargetTypeAmazonLinux {
unzipFunc = bunzip
} else {
unzipFunc = gunzip
}
dbBytes, err := unzipFunc(repoRes.Body)
if err != nil {
return nil, err
}
// Create the temporary database file
dbFile, err := ioutil.TempFile(os.TempDir(), fmt.Sprintf("%s-*.sqlite", targetType))
if err != nil {
return nil, err
}
defer os.Remove(dbFile.Name())
if _, err := dbFile.Write(dbBytes); err != nil {
return nil, err
}
// Open the database
db, err := sql.Open("sqlite3", dbFile.Name())
if err != nil {
return nil, err
}
defer db.Close()
logger.WithField("db", dbFile.Name()).Debug("connecting to database...")
// Query the database
rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", arch)), "-")
q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel%%' AND name NOT LIKE 'kernel-livepatch%%' AND name NOT LIKE '%%doc%%' AND name NOT LIKE '%%tools%%' AND name NOT LIKE '%%headers%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
stmt, err := db.Prepare(q)
if err != nil {
return nil, err
}
defer stmt.Close()
rows, err := stmt.Query()
if err != nil {
return nil, err
}
defer rows.Close()
for rows.Next() {
var href string
err = rows.Scan(&href)
if err != nil {
log.Fatal(err)
}
base := repo
if targetType == TargetTypeAmazonLinux2 {
base = amazonlinux2baseURL
}
href = strings.ReplaceAll(href, "../", "")
urls = append(urls, fmt.Sprintf("%s/%s", base, href))
}
if err := dbFile.Close(); err != nil {
return nil, err
}
// Found, do not continue
if len(urls) > 0 {
// todo > verify amazonlinux always needs 2 packages (kernel and kernel-devel) too
if len(urls) == 2 {
break
}
}

157
pkg/driverbuilder/builder/archlinux.go
View File

@ -1,157 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/archlinux_kernel.sh
var archlinuxKernelTemplate string
//go:embed templates/archlinux.sh
var archlinuxTemplate string
// TargetTypeArchlinux identifies the Archlinux target.
const TargetTypeArchlinux Type = "arch"
func init() {
byTarget[TargetTypeArchlinux] = &archlinux{}
}
// archlinux is a driverkit target.
type archlinux struct {
}
type archlinuxTemplateData struct {
KernelDownloadURL string
}
func (c *archlinux) Name() string {
return TargetTypeArchlinux.String()
}
func (c *archlinux) TemplateKernelUrlsScript() string { return archlinuxKernelTemplate }
func (c *archlinux) TemplateScript() string {
return archlinuxTemplate
}
func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
// uname -r returns "6.8.1-arch1-1" but headers URL is "6.8.1.arch1-1"
// Also, for 0-patch releases, like: "6.8.0-arch1-1", headers url is "6.8.arch1-1"
kr.FullExtraversion = strings.Replace(kr.FullExtraversion, "-arch", ".arch", 1)
if kr.Patch == 0 {
kr.Fullversion = strings.TrimSuffix(kr.Fullversion, ".0")
}
urls := []string{}
possibleCompressionSuffixes := []string{
"xz",
"zst",
}
// check the architecture, which limits the mirror options
if kr.Architecture.ToNonDeb() == "x86_64" {
if strings.Contains(kr.FullExtraversion, "arch") { // arch stable kernel
baseURL := "https://archive.archlinux.org/packages/l/linux-headers"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-headers-%s-%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
)
}
} else if strings.Contains(kr.FullExtraversion, "hardened") || strings.Contains(kr.FullExtraversion, ".a-1") { // arch hardened kernel ("a-1" is old naming standard)
baseURL := "https://archive.archlinux.org/packages/l/linux-hardened-headers"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-hardened-headers-%s-%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
)
}
} else if strings.Contains(kr.FullExtraversion, "zen") { // arch zen kernel
baseURL := "https://archive.archlinux.org/packages/l/linux-zen-headers"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-zen-headers-%s-%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
)
}
} else { // arch LTS kernel
baseURL := "https://archive.archlinux.org/packages/l/linux-lts-headers"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-lts-headers-%s-%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
)
}
}
} else if kr.Architecture.ToNonDeb() == "aarch64" {
baseURL := "https://alaa.ad24.cz/packages/l/linux-aarch64-headers/"
for _, compressionAlgo := range possibleCompressionSuffixes {
urls = append(
urls,
fmt.Sprintf(
"%s/linux-aarch64-headers-%s-%s-%s.pkg.tar.%s",
baseURL,
kr.String(),
kr.KernelVersion,
kr.Architecture.ToNonDeb(),
compressionAlgo,
),
)
}
}
return urls, nil
}
func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return archlinuxTemplateData{
KernelDownloadURL: urls[0],
}
}

43
pkg/driverbuilder/builder/bottlerocket.go
View File

@ -1,43 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
// TargetTypeBottlerocket identifies the Bottlerocket target.
const TargetTypeBottlerocket Type = "bottlerocket"
func init() {
byTarget[TargetTypeBottlerocket] = &bottlerocket{
vanilla{},
}
}
type bottlerocket struct {
vanilla
}
func (b *bottlerocket) Name() string {
return TargetTypeBottlerocket.String()
}
func (b *bottlerocket) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}
}

116
pkg/driverbuilder/builder/build.go
View File

@ -1,113 +1,13 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"context"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"oras.land/oras-go/v2/registry/remote/auth"
)
var defaultImageTag = "latest" // This is overwritten when using the Makefile to build
// Build contains the info about the on-going build.
type Build struct {
TargetType Type
KernelConfigData string
KernelRelease string
KernelVersion string
DriverVersion string
Architecture string
ModuleFilePath string
ProbeFilePath string
ModuleDriverName string
ModuleDeviceName string
BuilderImage string
BuilderRepos []string
ImagesListers []ImagesLister
KernelUrls []string
GCCVersion string
RepoOrg string
RepoName string
Images ImagesMap
RegistryName string
RegistryUser string
RegistryPassword string
RegistryPlainHTTP bool
*output.Printer
}
func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {
kv := kernelrelease.FromString(b.KernelRelease)
kv.Architecture = kernelrelease.Architecture(b.Architecture)
kv.KernelVersion = b.KernelVersion
return kv
}
func (b *Build) toGithubRepoArchive() string {
return fmt.Sprintf("https://github.com/%s/%s/archive", b.RepoOrg, b.RepoName)
}
func (b *Build) ToConfig() Config {
return Config{
DriverName: b.ModuleDriverName,
DeviceName: b.ModuleDeviceName,
DownloadBaseURL: b.toGithubRepoArchive(),
Build: b,
}
}
// hasCustomBuilderImage return true if a custom builder image has been set by the user.
func (b *Build) hasCustomBuilderImage() bool {
if len(b.BuilderImage) > 0 {
customNames := strings.Split(b.BuilderImage, ":")
return customNames[0] != "auto"
}
return false
}
// builderImageTag returns the tag(latest, master or hash) to be used for the builder image.
func (b *Build) builderImageTag() string {
if len(b.BuilderImage) > 0 {
customNames := strings.Split(b.BuilderImage, ":")
// Updated image tag if "auto:tag" is passed
if len(customNames) > 1 {
return customNames[1]
}
}
return defaultImageTag
}
func (b *Build) ClientForRegistry(registry string) *auth.Client {
client := auth.DefaultClient
client.SetUserAgent("driverkit")
client.Credential = func(ctx context.Context, reg string) (auth.Credential, error) {
if b.RegistryName == registry {
return auth.Credential{
Username: b.RegistryUser,
Password: b.RegistryPassword,
}, nil
}
return auth.EmptyCredential, nil
}
return client
TargetType Type
KernelConfigData string
KernelRelease string
KernelVersion uint16
DriverVersion string
Architecture string
ModuleFilePath string
ProbeFilePath string
}

405
pkg/driverbuilder/builder/builders.go
View File

@ -1,60 +1,27 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"bytes"
_ "embed"
"errors"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"net/http"
"net/url"
"path"
"strings"
"text/template"
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/sirupsen/logrus"
)
// DriverDirectory is the directory the processor uses to store the driver.
const (
DriverDirectory = "/tmp/driver"
cmakeCmdFmt = `cmake -Wno-dev \
-DUSE_BUNDLED_DEPS=On \
-DCREATE_TEST_TARGETS=Off \
-DBUILD_LIBSCAP_GVISOR=Off \
-DBUILD_LIBSCAP_MODERN_BPF=Off \
-DENABLE_DRIVERS_TESTS=Off \
-DDRIVER_NAME=%s \
-DPROBE_NAME=%s \
-DBUILD_BPF=On \
-DDRIVER_VERSION=%s \
-DPROBE_VERSION=%s \
-DGIT_COMMIT=%s \
-DDRIVER_DEVICE_NAME=%s \
-DPROBE_DEVICE_NAME=%s \
.. && \
sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h`
)
const DriverDirectory = "/tmp/driver"
//go:embed templates/libs_download.sh
var libsDownloadTemplate string
// ModuleFileName is the standard file name for the kernel module.
const ModuleFileName = "falco.ko"
var HeadersNotFoundErr = errors.New("kernel headers not found")
// ProbeFileName is the standard file name for the eBPF probe.
const ProbeFileName = "probe.o"
// FalcoModuleFullPath is the standard path for the kernel module.
var FalcoModuleFullPath = path.Join(DriverDirectory, ModuleFileName)
// FalcoProbeFullPath is the standard path for the eBPF probe.
var FalcoProbeFullPath = path.Join(DriverDirectory, "bpf", ProbeFileName)
// Config contains all the configurations needed to build the kernel module or the eBPF probe.
type Config struct {
@ -64,370 +31,38 @@ type Config struct {
*Build
}
func (c Config) ToDriverFullPath() string {
return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName))
}
func (c Config) ToProbeFullPath() string {
return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o")
}
type commonTemplateData struct {
DriverBuildDir string
ModuleDriverName string
ModuleFullPath string
BuildModule bool
BuildProbe bool
GCCVersion string
CmakeCmd string
}
// Builder represents a builder capable of generating a script for a driverkit target.
type Builder interface {
Name() string
TemplateKernelUrlsScript() string
TemplateScript() string
URLs(kr kernelrelease.KernelRelease) ([]string, error)
KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed
}
// MinimumURLsBuilder is an optional interface implemented by builders
// to specify minimum number of requested headers urls
type MinimumURLsBuilder interface {
MinimumURLs() int
}
// TemplateDataSpecifier is an optional interface implemented by builders
// to specify a custom template data instead of the default one.
type TemplateDataSpecifier interface {
TemplateData(c Config, kr kernelrelease.KernelRelease) interface{}
}
type libsDownloadTemplateData struct {
DriverBuildDir string
ModuleDownloadURL string
}
// LibsDownloadScript returns the script that downloads and configures libs repo at requested commit/tag
func LibsDownloadScript(c Config) (string, error) {
t := template.New("download-libs")
parsed, err := t.Parse(libsDownloadTemplate)
if err != nil {
return "", err
}
td := libsDownloadTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
// KernelDownloadScript returns the script that will download and extract kernel headers
func KernelDownloadScript(b Builder,
kernelurls []string,
kr kernelrelease.KernelRelease,
printer *output.Printer,
) (string, error) {
t := template.New("download-kernel")
parsed, err := t.Parse(b.TemplateKernelUrlsScript())
if err != nil {
return "", err
}
var urls []string
minimumURLs := 1
if bb, ok := b.(MinimumURLsBuilder); ok {
minimumURLs = bb.MinimumURLs()
}
if kernelurls == nil {
urls, err = b.URLs(kr)
if err != nil {
return "", err
}
// Only if returned urls array is not empty
// Otherwise, it is up to the builder to return an error
if len(urls) > 0 {
// Check (and filter) existing kernels before continuing
urls, err = GetResolvingURLs(urls)
}
} else {
urls, err = GetResolvingURLs(kernelurls)
}
if err != nil {
return "", err
}
if len(urls) < minimumURLs {
return "", fmt.Errorf("not enough headers packages found; expected %d, found %d", minimumURLs, len(urls))
}
printer.Logger.Debug("kernel headers found",
printer.Logger.Args("urls", urls))
td := b.KernelTemplateData(kr, urls)
if tdErr, ok := td.(error); ok {
return "", tdErr
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
// Script retrieves the actually drivers building script
func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) {
t := template.New(b.Name())
parsed, err := t.Parse(b.TemplateScript())
if err != nil {
return "", err
}
var td interface{}
if bb, ok := b.(TemplateDataSpecifier); ok {
td = bb.TemplateData(c, kr)
} else {
td = c.toTemplateData(b, kr)
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
type GCCVersionRequestor interface {
// GCCVersion returns the GCC version to be used.
// If the returned value is empty, the default algorithm will be enforced.
GCCVersion(kr kernelrelease.KernelRelease) semver.Version
}
func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
switch kr.Major {
case 6:
if kr.Minor >= 9 {
return semver.Version{Major: 14}
}
if kr.Minor >= 5 {
return semver.Version{Major: 13}
}
return semver.Version{Major: 12}
case 5:
if kr.Minor >= 15 {
return semver.Version{Major: 12}
}
return semver.Version{Major: 11}
case 4:
return semver.Version{Major: 8}
case 3:
if kr.Minor >= 18 {
return semver.Version{Major: 5}
}
return semver.Version{Major: 4, Minor: 9}
case 2:
return semver.Version{Major: 4, Minor: 8}
default:
return semver.Version{Major: 14}
}
}
func mustParseTolerant(gccStr string) semver.Version {
g, err := semver.ParseTolerant(gccStr)
if err != nil {
panic(err)
}
return g
}
// Algorithm.
// * always load images (note that it loads only images that provide gccversion, if set by user)
// * if user set a fixed gccversion, we are good to go
// * otherwise, try to fix the best-match gcc version provided by any of the loaded images;
// see below for algorithm explanation
func (b *Build) setGCCVersion(builder Builder, kr kernelrelease.KernelRelease) {
if !b.hasCustomBuilderImage() {
b.LoadImages()
}
if len(b.GCCVersion) > 0 {
// If set from user, go on
return
}
b.GCCVersion = "8" // default value
// if builder implements "GCCVersionRequestor" interface -> use it
// Else, fetch the best builder available from the kernelrelease version
// using the deadly simple defaultGCC() algorithm
// Always returns the nearest one
var targetGCC semver.Version
if bb, ok := builder.(GCCVersionRequestor); ok {
targetGCC = bb.GCCVersion(kr)
}
// If builder implements GCCVersionRequestor but returns an empty semver.Version
// it means that it does not want to manage this kernelrelease,
// and instead wants to fallback to default algorithm
if targetGCC.EQ(semver.Version{}) {
targetGCC = defaultGCC(kr)
}
if b.hasCustomBuilderImage() {
b.GCCVersion = targetGCC.String()
return
}
// Step 1:
// If we are able to either find a specific-target image,
// or "any" target image that provide desired gcc,
// we are over.
image, ok := b.Images.findImage(b.TargetType, targetGCC)
if ok {
b.GCCVersion = image.GCCVersion.String()
} else {
// Step 2:
// Build the list of "proposed" GCC versions,
// that is, the list of available gccs from images
// for each builder image
proposedGCCs := make([]semver.Version, 0)
for _, img := range b.Images {
proposedGCCs = append(proposedGCCs, img.GCCVersion)
b.Logger.Debug("proposed GCC",
b.Logger.Args("image", img.Name,
"targetGCC", targetGCC.String(),
"proposedGCC", img.GCCVersion.String()))
}
// Now, sort versions and fetch
// the nearest gcc, that is also < targetGCC
semver.Sort(proposedGCCs)
lastGCC := proposedGCCs[0]
for _, gcc := range proposedGCCs {
if gcc.GT(targetGCC) {
break
}
lastGCC = gcc
}
b.GCCVersion = lastGCC.String()
}
b.Logger.Debug("found GCC",
b.Logger.Args("targetGCC", targetGCC.String(), "version", b.GCCVersion))
}
type BuilderImageNetworkMode interface {
// sets the network mode of the builder image, allows individual builders to override
BuilderImageNetMode() string
}
func (b *Build) GetBuilderImage() string {
if b.hasCustomBuilderImage() {
// BuilderImage MUST have requested GCC installed inside
return b.BuilderImage
}
// NOTE: here below we are already sure that we are going
// to find an image, because setGCCVersion()
// has already set an existent gcc version
// (ie: one provided by an image) for us
image, _ := b.Images.findImage(b.TargetType, mustParseTolerant(b.GCCVersion))
return image.Name
Script(c Config) (string, error)
}
// Factory returns a builder for the given target.
func Factory(target Type) (Builder, error) {
// Workaround for "local" target (that is not exposed to users,
// nor registered in byTarget map)".
if target.String() == "local" {
return &LocalBuilder{}, nil
}
// Driverkit builder is named "ubuntu"; there is no ubuntu-foo
if strings.HasPrefix(target.String(), "ubuntu") {
target = Type("ubuntu")
}
b, ok := byTarget[target]
b, ok := BuilderByTarget[target]
if !ok {
return nil, fmt.Errorf("no builder found for target: %s", target)
}
return b, nil
}
// Targets returns the list of all the supported targets.
func Targets() []string {
res := []string{}
for k := range byTarget {
res = append(res, k.String())
}
return res
func moduleDownloadURL(c Config) string {
return fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion)
}
func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) commonTemplateData {
c.setGCCVersion(b, kr)
return commonTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDriverName: c.DriverName,
ModuleFullPath: c.ToDriverFullPath(),
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: c.GCCVersion,
CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
c.DriverName,
c.DriverName,
c.DriverVersion,
c.DriverVersion,
c.DriverVersion,
c.DeviceName,
c.DeviceName,
c.DriverVersion),
}
}
func resolveURLReference(u string) string {
uu, err := url.Parse(u)
if err != nil {
panic(err)
}
base, err := url.Parse(uu.Host)
if err != nil {
panic(err)
}
return base.ResolveReference(uu).String()
}
func GetResolvingURLs(urls []string) ([]string, error) {
var results []string
func getResolvingURLs(urls []string) ([]string, error) {
results := []string{}
for _, u := range urls {
// in case url has some relative paths
// (kernel-crawler does not resolve them for us,
// neither it is expected, because they are effectively valid urls),
// resolve the absolute one.
// HEAD would fail otherwise.
u = resolveURLReference(u)
res, err := http.Head(u)
if err != nil {
continue
}
if res.StatusCode == http.StatusOK {
results = append(results, u)
logrus.WithField("url", u).Debug("kernel header url found")
}
}
if len(results) == 0 {
return nil, HeadersNotFoundErr
return nil, fmt.Errorf("kernel not found")
}
return results, nil
}

107
pkg/driverbuilder/builder/builders_test.go
View File

@ -1,107 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"testing"
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
var gccTests = []struct {
config kernelrelease.KernelRelease
expectedGCC semver.Version
}{
{
config: kernelrelease.KernelRelease{
Fullversion: "4.15.0",
Version: semver.Version{
Major: 4,
Minor: 15,
Patch: 0,
},
Extraversion: "188",
FullExtraversion: "-188",
Architecture: kernelrelease.ArchitectureAmd64,
},
expectedGCC: semver.Version{
Major: 8,
},
},
{
config: kernelrelease.KernelRelease{
Fullversion: "5.15.0",
Version: semver.Version{
Major: 5,
Minor: 15,
Patch: 0,
},
Extraversion: "1004-intel-iotg",
FullExtraversion: "-1004-intel-iotg",
Architecture: kernelrelease.ArchitectureAmd64,
},
expectedGCC: semver.Version{
Major: 12,
},
},
{
config: kernelrelease.KernelRelease{
Fullversion: "3.13.0",
Version: semver.Version{
Major: 3,
Minor: 13,
Patch: 0,
},
Extraversion: "100",
FullExtraversion: "-100",
Architecture: kernelrelease.ArchitectureAmd64,
},
expectedGCC: semver.Version{
Major: 4,
Minor: 9,
},
},
{
config: kernelrelease.KernelRelease{
Fullversion: "5.18.0",
Version: semver.Version{
Major: 5,
Minor: 18,
Patch: 0,
},
Extraversion: "1001-kvm",
FullExtraversion: "-1001-kvm",
Architecture: kernelrelease.ArchitectureAmd64,
},
expectedGCC: semver.Version{
Major: 12,
},
},
}
func TestDefaultGCC(t *testing.T) {
for _, test := range gccTests {
// call function
selectedGCC := defaultGCC(test.config)
// compare errors
// there are no official errors, so comparing fmt.Errorf() doesn't really work
// compare error message text instead
if test.expectedGCC.NE(selectedGCC) {
t.Fatalf("SelectedGCC (%s) != expectedGCC (%s) with kernelrelease: '%v'", selectedGCC, test.expectedGCC, test.config)
}
}
}

193
pkg/driverbuilder/builder/centos.go
View File

@ -1,59 +1,58 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"bytes"
"fmt"
"text/template"
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/centos_kernel.sh
var centosKernelTemplate string
//go:embed templates/centos.sh
var centosTemplate string
// TargetTypeCentos identifies the Centos target.
const TargetTypeCentos Type = "centos"
func init() {
byTarget[TargetTypeCentos] = &centos{}
BuilderByTarget[TargetTypeCentos] = &centos{}
}
// centos is a driverkit target.
type centos struct {
}
type centosTemplateData struct {
KernelDownloadURL string
// Script compiles the script to build the kernel module and/or the eBPF probe.
func (c centos) Script(cfg Config) (string, error) {
t := template.New(string(TargetTypeCentos))
parsed, err := t.Parse(centosTemplate)
if err != nil {
return "", err
}
kr := kernelrelease.FromString(cfg.Build.KernelRelease)
// Check (and filter) existing kernels before continuing
urls, err := getResolvingURLs(fetchCentosKernelURLS(kr))
if err != nil {
return "", err
}
td := centosTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: moduleDownloadURL(cfg),
KernelDownloadURL: urls[0],
GCCVersion: centosGccVersionFromKernelRelease(kr),
BuildModule: len(cfg.Build.ModuleFilePath) > 0,
BuildProbe: len(cfg.Build.ProbeFilePath) > 0,
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
func (c *centos) Name() string {
return TargetTypeCentos.String()
}
func (c *centos) TemplateKernelUrlsScript() string { return centosKernelTemplate }
func (c *centos) TemplateScript() string {
return centosTemplate
}
func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
vaultReleases := []string{
"6.0/os",
"6.0/updates",
@ -93,25 +92,12 @@ func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
"7.6.1810/updates",
"7.7.1908/os",
"7.7.1908/updates",
"7.8.2003/os",
"7.8.2003/updates",
"7.9.2009/os",
"7.9.2009/updates",
"8.0.1905/os",
"8.0.1905/updates",
"8.1.1911/os",
"8.1.1911/updates",
}
centos8VaultReleases := []string{
"8.0.1905/BaseOS",
"8.1.1911/BaseOS",
"8.2.2004/BaseOS",
"8.3.2011/BaseOS",
"8.4.2105/BaseOS",
"8.5.2111/BaseOS",
}
edgeReleases := []string{
"6/os",
"6/updates",
@ -122,79 +108,96 @@ func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
streamReleases := []string{
"8/BaseOS",
"8-stream/BaseOS",
}
stream9Releases := []string{
"9-stream/AppStream",
"9-stream/BaseOS",
"8.0.1905/BaseOS",
"8.1.1911/BaseOS",
}
urls := []string{}
for _, r := range edgeReleases {
urls = append(urls, fmt.Sprintf(
"https://mirrors.edge.kernel.org/centos/%s/%s/Packages/kernel-devel-%s%s.rpm",
"https://mirrors.edge.kernel.org/centos/%s/x86_64/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
for _, r := range streamReleases {
urls = append(urls, fmt.Sprintf(
"https://mirrors.edge.kernel.org/centos/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
"https://mirrors.edge.kernel.org/centos/%s/x86_64/os/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
for _, r := range vaultReleases {
urls = append(urls, fmt.Sprintf(
"http://vault.centos.org/%s/%s/Packages/kernel-devel-%s%s.rpm",
"http://vault.centos.org/%s/x86_64/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
for _, r := range centos8VaultReleases {
urls = append(urls, fmt.Sprintf(
"http://vault.centos.org/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
for _, r := range stream9Releases {
urls = append(urls, fmt.Sprintf(
"http://mirror.stream.centos.org/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
return urls, nil
return urls
}
func (c *centos) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return centosTemplateData{
KernelDownloadURL: urls[0],
}
type centosTemplateData struct {
DriverBuildDir string
ModuleDownloadURL string
KernelDownloadURL string
GCCVersion string
BuildModule bool
BuildProbe bool
}
func (c *centos) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
// 4.18+ centos 8 kernels need gcc 9
if kr.Major == 4 && kr.Minor >= 18 {
return semver.Version{Major: 9}
const centosTemplate = `
#!/bin/bash
set -xeuo pipefail
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
cp /driverkit/module-driver-config.h {{ .DriverBuildDir }}/driver_config.h
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
rm -Rf /tmp/kernel
mkdir -p /tmp/kernel
mv usr/src/kernels/*/* /tmp/kernel
# Change current gcc
ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
{{ if .BuildModule }}
# Build the kernel module
cd {{ .DriverBuildDir }}
make KERNELDIR=/tmp/kernel
# Print results
modinfo falco.ko
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
cd {{ .DriverBuildDir }}/bpf
make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
ls -l probe.o
{{ end }}
`
func centosGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
switch kr.Version {
case "3":
return "5"
case "2":
return "4.8"
}
// 3.10.X kernels need 4.8.5 gcc version; see:
// https://github.com/falcosecurity/driverkit/issues/236
if kr.Major == 3 && kr.Minor == 10 {
return semver.Version{Major: 4, Minor: 8, Patch: 5}
}
return semver.Version{}
return "8"
}

225
pkg/driverbuilder/builder/debian.go
View File

@ -1,96 +1,69 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"bytes"
"fmt"
"io"
"io/ioutil"
"net/http"
"regexp"
"strings"
"text/template"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/debian_kernel.sh
var debianKernelTemplate string
//go:embed templates/debian.sh
var debianTemplate string
// TargetTypeDebian identifies the Debian target.
const TargetTypeDebian Type = "debian"
// We need:
// kernel devel
// kernel devel common
// kbuild package
const debianRequiredURLs = 3
func init() {
byTarget[TargetTypeDebian] = &debian{}
}
type debianTemplateData struct {
KernelDownloadURLS []string
KernelLocalVersion string
KernelHeadersPattern string
BuilderByTarget[TargetTypeDebian] = &debian{}
}
// debian is a driverkit target.
type debian struct {
}
func (v *debian) Name() string {
return TargetTypeDebian.String()
}
func (v *debian) TemplateKernelUrlsScript() string { return debianKernelTemplate }
func (v *debian) TemplateScript() string {
return debianTemplate
}
func (v *debian) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchDebianKernelURLs(kr)
}
func (v *debian) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
var KernelHeadersPattern string
if strings.HasSuffix(kr.Extraversion, "pve") {
KernelHeadersPattern = "linux-headers-*pve"
} else if strings.Contains(kr.FullExtraversion, "rpi") {
KernelHeadersPattern = "linux-headers-*-rpi-v*"
} else {
KernelHeadersPattern = "linux-headers-*" + kr.Architecture.String()
// Script compiles the script to build the kernel module and/or the eBPF probe.
func (v debian) Script(c Config) (string, error) {
t := template.New(string(TargetTypeDebian))
parsed, err := t.Parse(debianTemplate)
if err != nil {
return "", err
}
return debianTemplateData{
KernelDownloadURLS: urls,
KernelLocalVersion: kr.FullExtraversion,
KernelHeadersPattern: KernelHeadersPattern,
kr := kernelrelease.FromString(c.Build.KernelRelease)
kurls, err := fetchDebianKernelURLs(kr, c.Build.KernelVersion)
if err != nil {
return "", err
}
urls, err := getResolvingURLs(kurls)
if err != nil {
return "", err
}
if len(urls) < 2 {
return "", fmt.Errorf("specific kernel headers not found")
}
td := debianTemplateData{
DriverBuildDir: DriverDirectory,
ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.Build.DriverVersion),
KernelDownloadURLS: urls,
KernelLocalVersion: kr.FullExtraversion,
BuildModule: len(c.Build.ModuleFilePath) > 0,
BuildProbe: len(c.Build.ProbeFilePath) > 0,
}
buf := bytes.NewBuffer(nil)
err = parsed.Execute(buf, td)
if err != nil {
return "", err
}
return buf.String(), nil
}
func (v *debian) MinimumURLs() int {
return debianRequiredURLs
}
func fetchDebianKernelURLs(kr kernelrelease.KernelRelease) ([]string, error) {
func fetchDebianKernelURLs(kr kernelrelease.KernelRelease, kernelVersion uint16) ([]string, error) {
kbuildURL, err := debianKbuildURLFromRelease(kr)
if err != nil {
return nil, err
@ -105,6 +78,67 @@ func fetchDebianKernelURLs(kr kernelrelease.KernelRelease) ([]string, error) {
return urls, nil
}
type debianTemplateData struct {
DriverBuildDir string
ModuleDownloadURL string
KernelDownloadURLS []string
KernelLocalVersion string
BuildModule bool
BuildProbe bool
}
const debianTemplate = `
#!/bin/bash
set -xeuo pipefail
rm -Rf {{ .DriverBuildDir }}
mkdir {{ .DriverBuildDir }}
rm -Rf /tmp/module-download
mkdir -p /tmp/module-download
curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
cp /driverkit/module-driver-config.h {{ .DriverBuildDir }}/driver_config.h
# Fetch the kernel
mkdir /tmp/kernel-download
cd /tmp/kernel-download
{{ range $url := .KernelDownloadURLS }}
curl --silent -o kernel.deb -SL {{ $url }}
ar x kernel.deb
tar -xvf data.tar.xz
{{ end }}
ls -la /tmp/kernel-download
cd /tmp/kernel-download/
cp -r usr/* /usr
cp -r lib/* /lib
cd /usr/src
sourcedir=$(find . -type d -name "linux-headers-*amd64" | head -n 1 | xargs readlink -f)
ls -la $sourcedir
{{ if .BuildModule }}
# Build the module
cd {{ .DriverBuildDir }}
make CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
strip -g falco.ko
# Print results
modinfo falco.ko
{{ end }}
{{ if .BuildProbe }}
# Build the eBPF probe
cd {{ .DriverBuildDir }}/bpf
make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
ls -l probe.o
{{ end }}
`
func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, error) {
baseURLS := []string{
"http://security-cdn.debian.org/pool/main/l/linux/",
@ -120,33 +154,21 @@ func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, erro
}
}
return nil, HeadersNotFoundErr
return nil, fmt.Errorf("kernel headers not found")
}
func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRelease) ([]string, error) {
extraVersionPartial := strings.TrimSuffix(kr.FullExtraversion, "-"+kr.Architecture.String())
matchExtraGroup := kr.Architecture.String()
rmatch := `href="(linux-headers-%d\.%d\.%d%s-(%s)_.*(%s|all)\.deb)"`
// For urls like: http://security.debian.org/pool/updates/main/l/linux/linux-headers-5.10.0-12-amd64_5.10.103-1_amd64.deb
// when 5.10.103-1 is passed as kernel version
rmatchNew := `href="(linux-headers-[0-9]+\.[0-9]+\.[0-9]+-[0-9]+-(%s)_%d\.%d\.%d%s_(%s|all)\.deb)"`
rmatch := `href="(linux-headers-%s\.%s\.%s%s-(%s)_.*(amd64|all)\.deb)"`
// match for kernel versions like 4.19.0-6-amd64
extraVersionPartial := strings.TrimSuffix(kr.FullExtraversion, "-amd64")
matchExtraGroup := "amd64"
matchExtraGroupCommon := "common"
// match for kernel versions like 4.19.0-6-cloud-amd64
supportedExtraFlavors := []string{"cloud", "rt", "rpi"}
for _, supportedExtraFlavor := range supportedExtraFlavors {
if strings.Contains(kr.FullExtraversion, "-"+supportedExtraFlavor) {
extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-"+supportedExtraFlavor)
matchExtraGroup = supportedExtraFlavor + "-" + matchExtraGroup
// rpi and rt have a different common package, named `common-{rt,rpi}`
if supportedExtraFlavor == "rt" || supportedExtraFlavor == "rpi" {
matchExtraGroupCommon += "-" + supportedExtraFlavor
}
break
}
if strings.Contains(kr.FullExtraversion, "-cloud") {
extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-cloud")
matchExtraGroup = "cloud-amd64"
}
// download index
@ -155,40 +177,26 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
return nil, err
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
bodyStr := string(body)
// look for kernel headers
fullregex := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
extraVersionPartial, matchExtraGroup, kr.Architecture.String())
fullregex := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel, extraVersionPartial, matchExtraGroup)
pattern := regexp.MustCompile(fullregex)
matches := pattern.FindStringSubmatch(bodyStr)
if len(matches) < 1 {
fullregex = fmt.Sprintf(rmatchNew, matchExtraGroup, kr.Major, kr.Minor, kr.Patch,
extraVersionPartial, kr.Architecture.String())
pattern = regexp.MustCompile(fullregex)
matches = pattern.FindStringSubmatch(bodyStr)
if len(matches) < 1 {
return nil, fmt.Errorf("kernel headers not found")
}
return nil, fmt.Errorf("kernel headers not found")
}
// look for kernel headers common
fullregexCommon := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
extraVersionPartial, matchExtraGroupCommon, kr.Architecture.String())
fullregexCommon := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel, extraVersionPartial, matchExtraGroupCommon)
patternCommon := regexp.MustCompile(fullregexCommon)
matchesCommon := patternCommon.FindStringSubmatch(bodyStr)
if len(matchesCommon) < 1 {
fullregexCommon = fmt.Sprintf(rmatchNew, matchExtraGroupCommon, kr.Major, kr.Minor, kr.Patch,
extraVersionPartial, kr.Architecture.String())
patternCommon = regexp.MustCompile(fullregexCommon)
matchesCommon = patternCommon.FindStringSubmatch(bodyStr)
if len(matchesCommon) < 1 {
return nil, fmt.Errorf("kernel headers common not found")
}
return nil, fmt.Errorf("kernel headers common not found")
}
foundURLs := []string{fmt.Sprintf("%s%s", baseURL, matches[1])}
@ -198,11 +206,10 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
}
func debianKbuildURLFromRelease(kr kernelrelease.KernelRelease) (string, error) {
rmatch := `href="(linux-kbuild-%d\.%d.*%s\.deb)"`
kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Architecture.String()))
rmatch := `href="(linux-kbuild-%s\.%s.*amd64\.deb)"`
kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel))
baseURL := "http://mirrors.kernel.org/debian/pool/main/l/linux/"
if kr.Major == 3 {
if kr.Version == "3" {
baseURL = "http://mirrors.kernel.org/debian/pool/main/l/linux-tools/"
}

105
pkg/driverbuilder/builder/fedora.go
View File

@ -1,105 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/fedora_kernel.sh
var fedoraKernelTemplate string
//go:embed templates/fedora.sh
var fedoraTemplate string
// TargetTypeFedora identifies the Fedora target.
const TargetTypeFedora Type = "fedora"
func init() {
byTarget[TargetTypeFedora] = &fedora{}
}
// fedora is a driverkit target.
type fedora struct {
}
type fedoraTemplateData struct {
KernelDownloadURL string
}
func (c *fedora) Name() string {
return TargetTypeFedora.String()
}
func (c *fedora) TemplateKernelUrlsScript() string { return fedoraKernelTemplate }
func (c *fedora) TemplateScript() string {
return fedoraTemplate
}
func (c *fedora) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
// fedora FullExtraversion looks like "-200.fc36.x86_64"
// need to get the "fc36" out of the middle
fedoraVersion := strings.Split(kr.FullExtraversion, ".")[1]
// trim off the "fc" from fedoraVersion
version := strings.Trim(fedoraVersion, "fc")
// template the kernel info into all possible URL strings
urls := []string{
fmt.Sprintf( // updates
"https://mirrors.kernel.org/fedora/updates/%s/Everything/%s/Packages/k/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // releases
"https://mirrors.kernel.org/fedora/releases/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // development
"https://mirrors.kernel.org/fedora/development/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // updates-archive
"https://fedoraproject-updates-archive.fedoraproject.org/fedora/%s/%s/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
}
// return out all possible urls
return urls, nil
}
func (c *fedora) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return fedoraTemplateData{
KernelDownloadURL: urls[0],
}
}

172
pkg/driverbuilder/builder/flatcar.go
View File

@ -1,172 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"io/ioutil"
"net/http"
"strings"
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/flatcar_kernel.sh
var flatcarKernelTemplate string
//go:embed templates/flatcar.sh
var flatcarTemplate string
// TargetTypeFlatcar identifies the Flatcar target.
const TargetTypeFlatcar Type = "flatcar"
func init() {
byTarget[TargetTypeFlatcar] = &flatcar{}
}
type flatcarTemplateData struct {
KernelDownloadURL string
}
// flatcar is a driverkit target.
type flatcar struct {
info *flatcarReleaseInfo
}
func (f *flatcar) Name() string {
return TargetTypeFlatcar.String()
}
func (f *flatcar) TemplateKernelUrlsScript() string {
return flatcarKernelTemplate
}
func (f *flatcar) TemplateScript() string {
return flatcarTemplate
}
func (f *flatcar) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
if err := f.fillFlatcarInfos(kr); err != nil {
return nil, err
}
return fetchFlatcarKernelURLS(f.info.KernelVersion), nil
}
func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
// This happens when `kernelurls` option is passed,
// therefore URLs() method is not called.
if f.info == nil {
if err := f.fillFlatcarInfos(kr); err != nil {
return err
}
}
return flatcarTemplateData{
KernelDownloadURL: urls[0],
}
}
func (f *flatcar) GCCVersion(_ kernelrelease.KernelRelease) semver.Version {
return f.info.GCCVersion
}
func (f *flatcar) fillFlatcarInfos(kr kernelrelease.KernelRelease) error {
if kr.Extraversion != "" {
return fmt.Errorf("unexpected extraversion: %s", kr.Extraversion)
}
// convert string to int
if kr.Major < 1500 {
return fmt.Errorf("not a valid flatcar release version: %d", kr.Major)
}
var err error
f.info, err = fetchFlatcarMetadata(kr)
return err
}
func fetchFlatcarKernelURLS(kernelVersion string) []string {
kv := kernelrelease.FromString(kernelVersion)
return []string{fetchVanillaKernelURLFromKernelVersion(kv)}
}
func fetchFlatcarMetadata(kr kernelrelease.KernelRelease) (*flatcarReleaseInfo, error) {
flatcarInfo := flatcarReleaseInfo{}
flatcarVersion := kr.Fullversion
packageIndexUrl, err := GetResolvingURLs(fetchFlatcarPackageListURL(kr.Architecture, flatcarVersion))
if err != nil {
return nil, err
}
// first part of the URL is the channel
flatcarInfo.Channel = strings.Split(packageIndexUrl[0], ".")[0][len("https://"):]
resp, err := http.Get(packageIndexUrl[0])
if err != nil {
return nil, err
}
defer resp.Body.Close()
packageListBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
packageList := string(packageListBytes)
if len(packageListBytes) == 0 {
return nil, fmt.Errorf("missing package list for %s", flatcarVersion)
}
gccVersion := ""
kernelVersion := ""
// structure of a package line is: category/name-version(-revision)::repository
for _, pkg := range strings.Split(string(packageList), "\n") {
if strings.HasPrefix(pkg, "sys-devel/gcc") {
gccVersion = pkg[len("sys-devel/gcc-"):]
gccVersion = strings.Split(gccVersion, "::")[0]
gccVersion = strings.Split(gccVersion, "-")[0]
}
if strings.HasPrefix(pkg, "sys-kernel/coreos-kernel") {
kernelVersion = pkg[len("sys-kernel/coreos-kernel-"):]
kernelVersion = strings.Split(kernelVersion, "::")[0]
kernelVersion = strings.Split(kernelVersion, "-")[0]
}
}
flatcarInfo.GCCVersion, err = semver.ParseTolerant(gccVersion)
if err != nil {
return nil, err
}
flatcarInfo.KernelVersion = kernelVersion
return &flatcarInfo, nil
}
func fetchFlatcarPackageListURL(architecture kernelrelease.Architecture, flatcarVersion string) []string {
pattern := "https://%s.release.flatcar-linux.net/%s-usr/%s/flatcar_production_image_packages.txt"
channels := []string{
"stable",
"beta",
"alpha",
}
urls := []string{}
for _, channel := range channels {
urls = append(urls, fmt.Sprintf(pattern, channel, architecture.String(), flatcarVersion))
}
return urls
}
type flatcarReleaseInfo struct {
Channel string
GCCVersion semver.Version
KernelVersion string
}

263
pkg/driverbuilder/builder/image.go
View File

@ -1,263 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"context"
"fmt"
"github.com/falcosecurity/falcoctl/pkg/output"
"os"
"regexp"
"strings"
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/falcoctl/pkg/oci/repository"
"gopkg.in/yaml.v3"
)
type YAMLImage struct {
Target string `yaml:"target"`
GCCVersions []string `yaml:"gcc_versions"` // we expect images to internally link eg: gcc5 to gcc5.0.0
Name string `yaml:"name"`
Arch string `yaml:"arch"`
Tag string `yaml:"tag"`
}
type YAMLImagesList struct {
Images []YAMLImage `yaml:"images"`
}
type Image struct {
Target Type
GCCVersion semver.Version // we expect images to internally link eg: gcc5 to gcc5.0.0
Name string
}
type ImagesLister interface {
LoadImages(printer *output.Printer) []Image
}
type FileImagesLister struct {
FilePath string
Arch string
Tag string
Target string
}
type RepoImagesLister struct {
*repository.Repository
}
type ImageKey string
func (i *Image) toKey() ImageKey {
return ImageKey(i.Target.String() + "_" + i.GCCVersion.String())
}
type ImagesMap map[ImageKey]Image
var tagReg *regexp.Regexp
func (im ImagesMap) findImage(target Type, gccVers semver.Version) (Image, bool) {
targetImage := Image{
Target: target,
GCCVersion: gccVers,
}
// Try to find specific image for specific target first
if img, ok := im[targetImage.toKey()]; ok {
return img, true
}
// Fallback at "any" target that offers specific gcc
targetImage.Target = "any"
if img, ok := im[targetImage.toKey()]; ok {
return img, true
}
return Image{}, false
}
func NewFileImagesLister(filePath string, build *Build) (*FileImagesLister, error) {
return &FileImagesLister{
FilePath: filePath,
Arch: kernelrelease.Architecture(build.Architecture).ToNonDeb(),
Tag: build.builderImageTag(),
Target: build.TargetType.String(),
}, nil
}
func (f *FileImagesLister) LoadImages(printer *output.Printer) []Image {
var (
res []Image
imageList YAMLImagesList
)
// loop over lines in file to print them
fileData, err := os.ReadFile(f.FilePath)
if err != nil {
printer.Logger.Warn("error opening builder repo file",
printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
return res
}
err = yaml.Unmarshal(fileData, &imageList)
if err != nil {
printer.Logger.Warn("error unmarshalling builder repo file",
printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
return res
}
for _, image := range imageList.Images {
// Values checks
if image.Arch != f.Arch {
printer.Logger.Debug("skipping wrong-arch image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
continue
}
if image.Tag != f.Tag {
printer.Logger.Debug("skipping wrong-tag image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
continue
}
if image.Target != "any" && image.Target != f.Target {
printer.Logger.Debug("skipping wrong-target image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
continue
}
if image.Name == "" {
printer.Logger.Debug("skipping empty name image",
printer.Logger.Args("filepath", f.FilePath, "image", image))
continue
}
if len(image.GCCVersions) == 0 {
printer.Logger.Debug("expected at least 1 gcc version",
printer.Logger.Args("filepath", f.FilePath, "image", image))
continue
}
for _, gcc := range image.GCCVersions {
buildImage := Image{
Name: image.Name,
Target: Type(image.Target),
GCCVersion: mustParseTolerant(gcc),
}
res = append(res, buildImage)
}
}
return res
}
func NewRepoImagesLister(repo string, build *Build) (*RepoImagesLister, error) {
// Lazy inizialization
if tagReg == nil {
imageTag := build.builderImageTag()
// Create the proper regexes to load "any" and target-specific images for requested arch
arch := kernelrelease.Architecture(build.Architecture).ToNonDeb()
targetFmt := fmt.Sprintf("^(?P<target>%s|any)-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)-%s$", build.TargetType.String(), arch, imageTag)
tagReg = regexp.MustCompile(targetFmt)
}
// Get the registry URL from repository.
registry, err := getRegistryFromRef(repo)
if err != nil {
return nil, err
}
repoOCI, err := repository.NewRepository(repo,
repository.WithPlainHTTP(build.RegistryPlainHTTP),
repository.WithClient(build.ClientForRegistry(registry)))
if err != nil {
return nil, err
}
return &RepoImagesLister{repoOCI}, nil
}
func (repo *RepoImagesLister) LoadImages(printer *output.Printer) []Image {
tags, err := repo.Tags(context.Background())
if err != nil {
printer.Logger.Warn("skipping repo",
printer.Logger.Args("repo", repo.Reference, "err", err.Error()))
return nil
}
var res []Image
for _, t := range tags {
img := fmt.Sprintf("%s:%s", repo.Reference, t)
match := tagReg.FindStringSubmatch(t)
if len(match) == 0 {
continue
}
var (
target string
gccVers []string
)
for i, name := range tagReg.SubexpNames() {
if i > 0 && i <= len(match) {
switch name {
case "gccVers":
gccVers = strings.Split(match[i], "_gcc")
gccVers = gccVers[1:] // remove initial whitespace
case "target":
target = match[i]
}
}
}
// Note: we store "any" target images as "any",
// instead of adding them to the target,
// because we always prefer specific target images,
// and we cannot guarantee here that any subsequent docker repos
// does not provide a target-specific image that offers same gcc version
for _, gccVer := range gccVers {
// If user set a fixed gcc version, only load images that provide it.
buildImage := Image{
GCCVersion: mustParseTolerant(gccVer),
Name: img,
Target: Type(target),
}
res = append(res, buildImage)
}
}
return res
}
func (b *Build) LoadImages() {
for _, imagesLister := range b.ImagesListers {
for _, image := range imagesLister.LoadImages(b.Printer) {
// User forced a gcc version? Only load images matching the requested gcc version.
if b.GCCVersion != "" && b.GCCVersion != image.GCCVersion.String() {
continue
}
// Skip if key already exists: we have a descending prio list of docker repos!
if _, ok := b.Images[image.toKey()]; !ok {
b.Images[image.toKey()] = image
}
}
}
if len(b.Images) == 0 {
b.Printer.Logger.Fatal("Could not load any builder image. Leaving.")
}
}
// getRegistryFromRef extracts the registry from a ref string.
func getRegistryFromRef(ref string) (string, error) {
index := strings.Index(ref, "/")
if index <= 0 {
return "", fmt.Errorf("cannot extract registry name from ref %q", ref)
}
return ref[0:index], nil
}

311
pkg/driverbuilder/builder/image_test.go
View File

@ -1,311 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"github.com/falcosecurity/falcoctl/pkg/output"
"github.com/pterm/pterm"
"io"
"net/http"
"os"
"testing"
"github.com/blang/semver/v4"
"github.com/docker/docker/testutil/registry"
"gotest.tools/assert"
)
var imagesTests = []struct {
yamlData string
jsonData string
expected []Image
}{
// Test that multiple gcc versions are correctly mapped to multiple images
{
yamlData: `
images:
- name: foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
target: any
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- 6.0.0
- 5.0.0
- 4.9.0
- 4.8.0
`,
jsonData: `
{
"name": "foo/test",
"tags": [
"any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest"
]
}
`,
expected: []Image{
{
Target: "any",
GCCVersion: semver.MustParse("8.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
},
{
Target: "any",
GCCVersion: semver.MustParse("6.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
},
{
Target: "any",
GCCVersion: semver.MustParse("5.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
},
{
Target: "any",
GCCVersion: semver.MustParse("4.9.0"),
Name: "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
},
{
Target: "any",
GCCVersion: semver.MustParse("4.8.0"),
Name: "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
},
},
},
// Test that arm64 is correctly skipped on amd64 images listing
{
yamlData: `
images:
- name: foo/test:any-x86_64_gcc8.0.0-latest
target: any
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- name: foo/test:any-aarch64_gcc8.0.0-latest
target: any
arch: aarch64
tag: latest
gcc_versions:
- 8.0.0
`,
jsonData: `
{
"name": "foo/test",
"tags": [
"any-x86_64_gcc8.0.0-latest",
"any-aarch64_gcc8.0.0-latest"
]
}
`,
expected: []Image{
{
Target: "any",
GCCVersion: semver.MustParse("8.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0-latest",
},
},
},
// Test empty gcc versions image is skipped
{
yamlData: `
images:
- name: foo/test:any-x86_64_gcc8.0.0-latest
target: any
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- name: bar/test:any-x86_64-latest
target: any
arch: x86_64
tag: latest
`,
jsonData: `
{
"name": "foo/test",
"tags": [
"any-x86_64_gcc8.0.0-latest",
"any-x86_64-latest"
]
}
`,
expected: []Image{
{
Target: "any",
GCCVersion: semver.MustParse("8.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0-latest",
},
},
},
// Test wrong target image is skipped
{
yamlData: `
images:
- name: foo/test:centos-x86_64_gcc8.0.0-latest
target: centos
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- name: foo/test:wrongtarget-x86_64_gcc6.0.0-latest
target: wrongtarget
arch: x86_64
tag: latest
gcc_versions:
- 6.0.0
`,
jsonData: `
{
"name": "foo/test",
"tags": [
"centos-x86_64_gcc8.0.0-latest",
"wrongtarget-x86_64_gcc8.0.0-latest"
]
}
`,
expected: []Image{
{
Target: "centos",
GCCVersion: semver.MustParse("8.0.0"),
Name: "foo/test:centos-x86_64_gcc8.0.0-latest",
},
},
},
// Test empty name image is skipped
{
yamlData: `
images:
- name: foo/test:any-x86_64_gcc8.0.0-latest
target: any
arch: x86_64
tag: latest
gcc_versions:
- 8.0.0
- target: any
arch: x86_64
tag: latest
gcc_versions:
- 6.0.0
`,
jsonData: "",
expected: []Image{
{
Target: "any",
GCCVersion: semver.MustParse("8.0.0"),
Name: "foo/test:any-x86_64_gcc8.0.0-latest",
},
},
},
// Test empty list returned for yaml/json with no images
{
yamlData: `
images:
`,
jsonData: `
{
"name": "foo/test",
"tags": [
]
}
`,
expected: nil,
},
// Test empty list returned for malformed yaml/json answer
{
yamlData: `
images:
* name: foo/test
target: any
arch: x86_64
gcc_versions:
* 8.0.0
`,
jsonData: "malformedresponse",
expected: nil,
},
}
func TestFileImagesLister(t *testing.T) {
printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
// setup images file
f, err := os.CreateTemp(t.TempDir(), "imagetest")
if err != nil {
t.Fatal(err)
}
defer os.Remove(f.Name())
lister, err := NewFileImagesLister(f.Name(), &Build{
TargetType: Type("centos"),
Architecture: "amd64",
BuilderImage: "auto:latest",
})
assert.NilError(t, err)
for _, test := range imagesTests {
if test.yamlData == "" {
t.Log("Skipping unsuitable test for FileImagesLister")
continue
}
err = f.Truncate(0)
if err != nil {
t.Fatal(err)
}
_, err = f.Seek(0, io.SeekStart)
if err != nil {
t.Fatal(err)
}
_, err = f.WriteString(test.yamlData)
if err != nil {
t.Fatal(err)
}
assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
}
}
func TestRepoImagesLister(t *testing.T) {
printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
mock, err := registry.NewMock(t)
assert.NilError(t, err)
defer mock.Close()
lister, err := NewRepoImagesLister(mock.URL()+"/foo/test", &Build{
TargetType: Type("centos"),
Architecture: "amd64",
BuilderImage: "auto:latest",
RegistryPlainHTTP: true,
})
assert.NilError(t, err)
for _, test := range imagesTests {
if test.jsonData == "" {
t.Log("Skipping unsuitable test for RepoImagesLister")
continue
}
// Update expected names adding the mocked server URL as prefix
for idx, _ := range test.expected {
test.expected[idx].Name = mock.URL() + "/" + test.expected[idx].Name
}
mock.RegisterHandler("/v2/foo/test/tags/list", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(test.jsonData))
})
assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
}
}

106
pkg/driverbuilder/builder/local.go
View File

@ -1,106 +0,0 @@
package builder
import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"path/filepath"
)
// NOTE: since this is only used by local build,
// it is not exposed in `target` array,
// so no init() function to register it is present.
//go:embed templates/local.sh
var localTemplate string
type LocalBuilder struct {
GccPath string
UseDKMS bool
SrcDir string
}
func (l *LocalBuilder) Name() string {
return "local"
}
func (l *LocalBuilder) TemplateKernelUrlsScript() string {
panic("cannot be called on local builder")
}
func (l *LocalBuilder) TemplateScript() string {
return localTemplate
}
func (l *LocalBuilder) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
return nil, nil
}
func (l *LocalBuilder) MinimumURLs() int {
// We don't need any url
return 0
}
type localTemplateData struct {
commonTemplateData
UseDKMS bool
DownloadSrc bool
DriverVersion string
KernelRelease string
}
func (l *LocalBuilder) KernelTemplateData(_ kernelrelease.KernelRelease, _ []string) interface{} {
panic("cannot be called on local builder")
}
func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} {
return localTemplateData{
commonTemplateData: commonTemplateData{
DriverBuildDir: l.GetDriverBuildDir(),
ModuleDriverName: c.DriverName,
ModuleFullPath: l.GetModuleFullPath(c, kr),
BuildModule: len(c.ModuleFilePath) > 0,
BuildProbe: len(c.ProbeFilePath) > 0,
GCCVersion: l.GccPath,
CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
c.DriverName,
c.DriverName,
c.DriverVersion,
c.DriverVersion,
c.DriverVersion,
c.DeviceName,
c.DeviceName,
c.DriverVersion),
},
UseDKMS: l.UseDKMS,
DownloadSrc: len(l.SrcDir) == 0, // if no srcdir is provided, download src!
DriverVersion: c.DriverVersion,
KernelRelease: c.KernelRelease,
}
}
func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelRelease) string {
if l.UseDKMS {
// When using dkms, we will use a GLOB to match the pattern; ModuleFullPath won't be used in the templated script anyway.
return fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName)
}
if l.SrcDir != "" {
return filepath.Join(l.SrcDir, fmt.Sprintf("%s.ko", c.DriverName))
}
return c.ToDriverFullPath()
}
func (l *LocalBuilder) GetProbeFullPath(c Config) string {
if l.SrcDir != "" {
return filepath.Join(l.SrcDir, "bpf", "probe.o")
}
return c.ToProbeFullPath()
}
func (l *LocalBuilder) GetDriverBuildDir() string {
driverBuildDir := DriverDirectory
if l.SrcDir != "" {
driverBuildDir = l.SrcDir
}
return driverBuildDir
}

56
pkg/driverbuilder/builder/minikube.go
View File

@ -1,56 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"github.com/blang/semver/v4"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
// TargetTypeMinikube identifies the Minikube target.
const TargetTypeMinikube Type = "minikube"
func init() {
byTarget[TargetTypeMinikube] = &minikube{
vanilla{},
}
}
type minikube struct {
vanilla
}
func (m *minikube) Name() string {
return TargetTypeMinikube.String()
}
func (m *minikube) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}
}
func (m *minikube) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
// The supported versions of minikube use kernels > 4.19.
switch kr.Major {
case 5:
return semver.Version{Major: 10}
case 4:
return semver.Version{Major: 8}
default:
return semver.Version{Major: 12}
}
}

272
pkg/driverbuilder/builder/opensuse.go
View File

@ -1,272 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/opensuse_kernel.sh
var opensuseKernelTemplate string
//go:embed templates/opensuse.sh
var opensuseTemplate string
// TargetTypeOpenSUSE identifies the OpenSUSE target.
const TargetTypeOpenSUSE Type = "opensuse"
// We need:
// kernel-default-devel-*-{arch}
// kernel-devel-*-noarch
const opensuseMinimumURLs = 2
// base URLs to begin searches
var baseURLs []string = []string{
// general releases, leap releases
"https://mirrors.edge.kernel.org/opensuse/distribution",
"http://download.opensuse.org/distribution",
"https://download.opensuse.org/repositories/Kernel:",
// some releases are stored at the top level specifically
"http://download.opensuse.org",
}
// all known releases - will need to expand as more are added
var releases = []string{
// openSUSE leap
"43.2",
"15.0",
"15.1",
"15.2",
"15.3",
"15.4",
"15.5",
"15.6",
// other releases
"HEAD",
"stable",
"tumbleweed",
}
func init() {
byTarget[TargetTypeOpenSUSE] = &opensuse{}
}
// opensuse is a driverkit target.
type opensuse struct {
}
type opensuseTemplateData struct {
KernelDownloadURLs []string
}
func (o *opensuse) MinimumURLs() int {
return opensuseMinimumURLs
}
func (o *opensuse) Name() string {
return TargetTypeOpenSUSE.String()
}
func (o *opensuse) TemplateKernelUrlsScript() string {
return opensuseKernelTemplate
}
func (o *opensuse) TemplateScript() string {
return opensuseTemplate
}
func (o *opensuse) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
// SUSE requires 2 urls: a kernel-default-devel*{arch}.rpm and a kernel-devel*noarch.rpm
kernelDefaultDevelPattern := fmt.Sprintf("kernel-default-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion)
kernelDevelNoArchPattern := strings.ReplaceAll( // need to replace architecture string with "noarch"
fmt.Sprintf("kernel-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion),
kr.Architecture.ToNonDeb(),
"noarch",
)
// get all possible URLs
possibleURLs := buildURLs(kr, kernelDefaultDevelPattern, kernelDevelNoArchPattern)
// trim the list to only resolving URLs
urls, err := GetResolvingURLs(possibleURLs)
if err != nil {
return nil, err
}
// ensure there is at least one URL of each required package type
if validateURLs(urls, kernelDefaultDevelPattern, kernelDevelNoArchPattern) {
return urls, nil
} else {
return nil, fmt.Errorf(
"missing one of the required package types: [ kernel-default-devel, kernel-devel*noarch ]: %v",
urls,
)
}
}
// build all possible url combinations from base URLs and releases
func buildURLs(kr kernelrelease.KernelRelease, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) []string {
possibleURLs := []string{}
for _, release := range releases {
for _, baseURL := range baseURLs {
possibleURLs = append(
possibleURLs,
// leap urls
fmt.Sprintf(
"%s/leap/%s/repo/oss/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf( // noarch
"%s/leap/%s/repo/oss/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
// other urls
fmt.Sprintf(
"%s/%s/repo/oss/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf( // noarch
"%s/%s/repo/oss/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
// weird opensuse site urls
fmt.Sprintf(
"%s/openSUSE-%s/Submit/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s:/Submit/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s:/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf(
"%s/%s/Submit/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
fmt.Sprintf(
"%s/%s/standard/%s/%s",
baseURL,
release,
kr.Architecture.ToNonDeb(),
kernelDefaultDevelPattern,
),
// weird opensuse site urls - kernel-devel*noarch edition
fmt.Sprintf(
"%s/openSUSE-%s/Submit/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s:/Submit/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
fmt.Sprintf(
"%s/openSUSE-%s:/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
fmt.Sprintf(
"%s/%s/Submit/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
fmt.Sprintf(
"%s/%s/standard/noarch/%s",
baseURL,
release,
kernelDevelNoArchPattern,
),
)
}
}
return possibleURLs
}
// check to ensure there is at least one URL of each package type
func validateURLs(urls []string, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) bool {
// setup some flags
kernelDefaultDevelFlag := false
kernelDevelNoArchFlag := false
for _, url := range urls {
if strings.Contains(url, kernelDefaultDevelPattern) {
kernelDefaultDevelFlag = true
}
if strings.Contains(url, kernelDevelNoArchPattern) {
kernelDevelNoArchFlag = true
}
}
return kernelDefaultDevelFlag && kernelDevelNoArchFlag
}
func (o *opensuse) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return opensuseTemplateData{
KernelDownloadURLs: urls,
}
}

132
pkg/driverbuilder/builder/oracle.go
View File

@ -1,132 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"strings"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/oracle_kernel.sh
var oracleKernelTemplate string
//go:embed templates/oracle.sh
var oracleTemplate string
// TargetTypeoracle identifies the oracle target ("ol" is the ID from /etc/os-release that Oracle uses)
const TargetTypeoracle Type = "ol"
func init() {
byTarget[TargetTypeoracle] = &oracle{}
}
// oracle is a driverkit target.
type oracle struct {
}
type oracleTemplateData struct {
KernelDownloadURL string
}
func (c *oracle) Name() string {
return TargetTypeoracle.String()
}
func (c *oracle) TemplateKernelUrlsScript() string {
return oracleKernelTemplate
}
func (c *oracle) TemplateScript() string {
return oracleTemplate
}
func (c *oracle) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
// oracle FullExtraversion looks like "-2047.510.5.5.el7uek.x86_64"
// need to get the "el7uek" out of the middle
splitVersion := strings.Split(kr.FullExtraversion, ".")
oracleVersion := splitVersion[len(splitVersion)-2] // [ "-2047", "510", "5", "5", "el7uek","x86_64" ] want -2
// trim off the "el" and "uek" from oracleVersion
version := strings.Trim(strings.Trim(oracleVersion, "el"), "uek")
// sometimes Oracle 8 does "8_x" for version, only want the "8"
if strings.Contains(version, "_") {
version = strings.Split(version, "_")[0]
}
// list of possible UEK versions, which are used in the URL - ex: "UEKR3"
// may need to evolve over time if Oracle adds more
ueks := []string{"R3", "R4", "R5", "R6", "R7"}
// template the kernel info into all possible URL strings
urls := []string{
fmt.Sprintf( // latest (Oracle 7)
"http://yum.oracle.com/repo/OracleLinux/OL%s/latest/%s/getPackage/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // latest + baseos (Oracle 8 + 9)
"http://yum.oracle.com/repo/OracleLinux/OL%s/baseos/latest/%s/getPackage/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // appstream (Oracle 8 + 9)
"http://yum.oracle.com/repo/OracleLinux/OL%s/appstream/%s/getPackage/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
fmt.Sprintf( // MODRHCK (Oracle 7)
"http://yum.oracle.com/repo/OracleLinux/OL%s/MODRHCK/%s/getPackage/kernel-devel-%s%s.rpm",
version,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
}
// add in all the UEK versions
for _, uekVers := range ueks {
urls = append(
urls,
fmt.Sprintf( // UEK versions URL
"http://yum.oracle.com/repo/OracleLinux/OL%s/UEK%s/%s/getPackage/kernel-uek-devel-%s%s.rpm",
version,
uekVers,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
),
)
}
// return out all possible urls
return urls, nil
}
func (c *oracle) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return oracleTemplateData{
KernelDownloadURL: urls[0],
}
}

105
pkg/driverbuilder/builder/photon.go
View File

@ -1,105 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
// TargetTypePhoton identifies the Photon target.
const TargetTypePhoton Type = "photon"
//go:embed templates/photonos_kernel.sh
var photonKernelTemplate string
//go:embed templates/photonos.sh
var photonTemplate string
func init() {
byTarget[TargetTypePhoton] = &photon{}
}
// photon is a driverkit target.
type photon struct {
}
type photonTemplateData struct {
KernelDownloadURL string
}
func (p *photon) Name() string {
return TargetTypePhoton.String()
}
func (p *photon) TemplateKernelUrlsScript() string {
return photonKernelTemplate
}
func (p *photon) TemplateScript() string {
return photonTemplate
}
func (p *photon) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchPhotonKernelURLS(kr), nil
}
func (p *photon) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return photonTemplateData{
KernelDownloadURL: urls[0],
}
}
func fetchPhotonKernelURLS(kr kernelrelease.KernelRelease) []string {
photonReleases := []string{
"3.0",
"4.0",
"5.0",
}
var urls []string
for _, r := range photonReleases {
urls = append(urls, fmt.Sprintf(
"https://packages.vmware.com/photon/%s/photon_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
r,
r,
kr.Architecture.ToNonDeb(),
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
urls = append(urls, fmt.Sprintf(
"https://packages.vmware.com/photon/%s/photon_release_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
r,
r,
kr.Architecture.ToNonDeb(),
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
urls = append(urls, fmt.Sprintf(
"https://packages.vmware.com/photon/%s/photon_updates_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
r,
r,
kr.Architecture.ToNonDeb(),
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
return urls
}

69
pkg/driverbuilder/builder/redhat.go
View File

@ -1,69 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/redhat_kernel.sh
var redhatKernelTemplate string
//go:embed templates/redhat.sh
var redhatTemplate string
// TargetTypeRedhat identifies the redhat target.
const TargetTypeRedhat Type = "redhat"
// redhat is a driverkit target.
type redhat struct {
}
func init() {
byTarget[TargetTypeRedhat] = &redhat{}
}
type redhatTemplateData struct {
KernelPackage string
}
func (v *redhat) Name() string {
return TargetTypeRedhat.String()
}
func (v *redhat) TemplateKernelUrlsScript() string {
return redhatKernelTemplate
}
func (v *redhat) TemplateScript() string {
return redhatTemplate
}
func (v *redhat) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
return nil, nil
}
func (v *redhat) MinimumURLs() int {
// We don't need any url
return 0
}
func (v *redhat) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
return redhatTemplateData{
KernelPackage: kr.Fullversion + kr.FullExtraversion,
}
}

123
pkg/driverbuilder/builder/rocky.go
View File

@ -1,123 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/rocky_kernel.sh
var rockyKernelTemplate string
//go:embed templates/rocky.sh
var rockyTemplate string
// TargetTypeRocky identifies the Rocky target.
const TargetTypeRocky Type = "rocky"
func init() {
byTarget[TargetTypeRocky] = &rocky{}
}
type rockyTemplateData struct {
KernelDownloadURL string
}
// rocky is a driverkit target.
type rocky struct {
}
func (c *rocky) Name() string {
return TargetTypeRocky.String()
}
func (c *rocky) TemplateKernelUrlsScript() string {
return rockyKernelTemplate
}
func (c *rocky) TemplateScript() string {
return rockyTemplate
}
func (c *rocky) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
return fetchRockyKernelURLS(kr), nil
}
func (c *rocky) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
return rockyTemplateData{
KernelDownloadURL: urls[0],
}
}
func fetchRockyKernelURLS(kr kernelrelease.KernelRelease) []string {
rockyReleases := []string{
"8",
"8.7",
"9",
"9.1",
}
rockyVaultReleases := []string{
"8.3",
"8.4",
"8.5",
"8.6",
"9.1",
}
urls := []string{}
for _, r := range rockyReleases {
if r >= "9" {
urls = append(urls, fmt.Sprintf(
"https://download.rockylinux.org/pub/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
} else {
urls = append(urls, fmt.Sprintf(
"https://download.rockylinux.org/pub/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
}
for _, r := range rockyVaultReleases {
if r >= "9" {
urls = append(urls, fmt.Sprintf(
"https://download.rockylinux.org/vault/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
} else {
urls = append(urls, fmt.Sprintf(
"https://download.rockylinux.org/vault/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
r,
kr.Architecture.ToNonDeb(),
kr.Fullversion,
kr.FullExtraversion,
))
}
}
return urls
}

75
pkg/driverbuilder/builder/sles.go
View File

@ -1,75 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
_ "embed"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
//go:embed templates/sles_kernel.sh
var slesKernelTemplate string
//go:embed templates/sles.sh
var slesTemplate string
// TargetTypeSLES identifies the sles target.
const TargetTypeSLES Type = "sles"
// sles is a driverkit target.
type sles struct {
}
func init() {
byTarget[TargetTypeSLES] = &sles{}
}
type slesTemplateData struct {
KernelPackage string
}
func (v *sles) Name() string {
return TargetTypeSLES.String()
}
func (v *sles) TemplateKernelUrlsScript() string {
return slesKernelTemplate
}
func (v *sles) TemplateScript() string {
return slesTemplate
}
func (v *sles) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
return nil, nil
}
func (v *sles) MinimumURLs() int {
// We don't need any url
return 0
}
func (v *sles) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
return slesTemplateData{
KernelPackage: kr.Fullversion + kr.FullExtraversion,
}
}
// sles requires docker to run with `--net=host` for builder images to work
// for more info, see the suse container connect README: https://github.com/SUSE/container-suseconnect
func (v *sles) BuilderImageNetMode() string {
return "host"
}

43
pkg/driverbuilder/builder/talos.go
View File

@ -1,43 +0,0 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
import (
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
)
// TargetTypeTalos identifies the Talos target.
const TargetTypeTalos Type = "talos"
func init() {
byTarget[TargetTypeTalos] = &talos{
vanilla{},
}
}
type talos struct {
vanilla
}
func (b *talos) Name() string {
return TargetTypeTalos.String()
}
func (b *talos) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
return vanillaTemplateData{
KernelDownloadURL: urls[0],
KernelLocalVersion: kr.FullExtraversion,
}
}

30
pkg/driverbuilder/builder/target.go
View File

@ -1,21 +1,7 @@
// SPDX-License-Identifier: Apache-2.0
/*
Copyright (C) 2023 The Falco Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package builder
// byTarget maps targets to their builder.
var byTarget = map[Type]Builder{}
// BuilderByTarget maps targets to their builder.
var BuilderByTarget = Targets{}
// Type is a type representing targets.
type Type string
@ -23,3 +9,15 @@ type Type string
func (t Type) String() string {
return string(t)
}
// Targets is a type representing the list of the supported targets.
type Targets map[Type]Builder
// Targets returns the list of all the supported targets.
func (t Targets) Targets() []string {
res := []string{}
for k := range t {
res = append(res, k.String())
}
return res
}

Some files were not shown because too many files have changed in this diff Show More