chore(deps): bump docker/login-action in the actions group

Bumps the actions group with 1 update: [docker/login-action](https://github.com/docker/login-action).


Updates `docker/login-action` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](74a5d14239...184bdaa072)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 3.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.circleci/config.yml

@@ -1,136 +0,0 @@
-version: 2.1
-jobs:
-  "build-test":
-    docker:
-      - image: alpine:3.16
-    steps:
-      - checkout
-      - run:
-          name: Install deps
-          command: apk add gcc musl-dev make bash git go
-      - run:
-          name: Build
-          command: make build
-      - run:
-          name: Test
-          command: make test
-      - run:
-          name: Prepare Artifacts
-          command: |
-            mkdir -p /tmp/build-amd64
-            cp _output/bin/driverkit /tmp/build-amd64/
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - build-amd64/
-  "build-test-arm64":
-    machine:
-      enabled: true
-      image: ubuntu-2004:2022.04.1
-    resource_class: arm.medium
-    steps:
-      - checkout:
-          path: /tmp/source
-      - run:
-          name: Prepare project
-          command: |
-            docker run --rm -it -v /tmp/source:/source -w /source --name alpine_sh -d alpine:3.16 sh
-            docker exec alpine_sh apk add gcc musl-dev make bash git go
-            docker exec alpine_sh git config --global --add safe.directory /source
-      - run:
-          name: Build
-          command: docker exec alpine_sh make build
-      - run:
-          name: Test
-          command: docker exec alpine_sh make test
-      - run:
-          name: Prepare Artifacts
-          command: |
-            mkdir -p /tmp/build-arm64
-            cp /tmp/source/_output/bin/driverkit /tmp/build-arm64/     
-      - persist_to_workspace:
-          root: /tmp
-          paths:
-            - build-arm64/
-  "images":
-    docker:
-      - image: cimg/base:stable
-        user: root
-    steps:
-      - attach_workspace:
-          at: /
-      - checkout
-      - setup_remote_docker:
-          version: 20.10.12
-      - run:
-          name: Prepare env
-          command: |
-            docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
-            docker context create dk-env
-            docker buildx create dk-env --driver docker-container --use
-            echo ${DOCKERHUB_SECRET} | docker login -u ${DOCKERHUB_USER} --password-stdin
-            sudo apt update
-            sudo apt install make bash git
-      - run:
-          name: Copy binaries from workspace
-          command: |
-            cp -r /build-* .
-      - run:
-          name: Build and Push all docker images
-          command: |
-            GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/all
-      - run:
-          name: Push latest images
-          command: |
-            if [ -n "$CIRCLE_TAG" ]
-            then
-              GIT_BRANCH="$CIRCLE_BRANCH" GIT_TAG="$CIRCLE_TAG" make push/latest
-            else
-              echo "Skipping (no git tag)"
-            fi
-  "release":
-    docker:
-      - image: circleci/golang:1.17
-    steps:
-      - checkout
-      - run:
-          name: Install goreleaser
-          command: |
-            echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list
-            sudo apt update
-            sudo apt install goreleaser
-      - run:
-          name: Release
-          command: GIT_TAG="$CIRCLE_TAG" make release
-workflows:
-  version: 2.1
-  build:
-    jobs:
-      - "build-test":
-          filters:
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-      - "build-test-arm64":
-          filters:
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-      - "images":
-          context: falco
-          filters:
-            branches:
-              only:
-                - master
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-          requires:
-            - "build-test"
-            - "build-test-arm64"
-      - "release":
-          context: falco
-          filters:
-            branches:
-              ignore: /.*/
-            tags:
-              only: /v[0-9]+(\.[0-9]+)*(-.*)*/
-          requires:
-            - "images"

.github/PULL_REQUEST_TEMPLATE.md

@@ -66,5 +66,5 @@ For example, `action required: change the API interface of the rule engine`.
 -->
 
 ```release-note
-
+NONE
 ```

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 10
+    groups:
+      actions:
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/ci.yml

@@ -0,0 +1,77 @@
+name: CI Build
+on:
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+# Checks if any concurrent jobs under the same pull request or branch are being executed
+# NOTE: this will cancel every workflow that is being ran against a PR as group is just the github ref (without the workflow name)
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true  
+
+jobs:
+  build-test-dev:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  paths-filter:
+    runs-on: ubuntu-latest
+    outputs:
+      docker_needs_build: ${{ steps.filter.outputs.docker }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: filter
+        with:
+          filters: |
+            docker:
+              - 'docker/**'  
+
+  build-images-dev:
+    needs: [build-test-dev,paths-filter]
+    if: needs.paths-filter.outputs.docker_needs_build == 'true'
+    strategy:
+      matrix:
+        arch: [ amd64, arm64 ]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      push: false
+    secrets: inherit
+
+  gomodtidy:
+    name: Enforce go.mod tidiness
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: "${{ github.event.pull_request.head.sha }}"
+          repository: ${{github.event.pull_request.head.repo.full_name}}
+          persist-credentials: false
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Execute go mod tidy and check the outcome
+        working-directory: ./
+        run: |
+          go mod tidy
+          exit_code=$(git diff --exit-code)
+          exit ${exit_code}
+
+      - name: Print a comment in case of failure
+        run: |
+          echo "The go.mod and/or go.sum files appear not to be correctly tidied.
+
+          Please, rerun go mod tidy to fix the issues."
+          exit 1
+        if: |
+          failure() && github.event.pull_request.head.repo.full_name == github.repository    

.github/workflows/master.yml

@@ -0,0 +1,36 @@
+name: Master CI
+on:
+  push:
+    branches: [master]
+
+# Checks if any concurrent jobs is running for master CI and eventually cancel it
+concurrency:
+  group: ci-master
+  cancel-in-progress: true  
+
+jobs:
+  build-test-master:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  push-images-master:
+    needs: build-test-master
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      push: true
+    secrets: inherit
+
+  images-master:
+    needs: push-images-master
+    uses: ./.github/workflows/reusable_manifest_images.yml
+    secrets: inherit
+      
+    

.github/workflows/release.yml

@@ -0,0 +1,68 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
+
+jobs:
+  build-test-release:
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_test_driverkit.yml
+    with:
+      arch: ${{ matrix.arch }}
+
+  push-images-release:
+    needs: build-test-release
+    strategy:
+      matrix:
+        arch: [amd64, arm64]
+    uses: ./.github/workflows/reusable_build_push_images.yml
+    with:
+      arch: ${{ matrix.arch }}
+      tag: ${{ github.ref_name }}
+      is_latest: true
+      push: true
+    secrets: inherit  
+
+  images-release:
+    needs: push-images-release
+    uses: ./.github/workflows/reusable_manifest_images.yml
+    with:
+      tag: ${{ github.ref_name }}
+      is_latest: true
+    secrets: inherit
+
+  release:
+    needs: images-release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Fetch
+        run: git fetch --prune --force --tags
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+      
+      - name: Install GoReleaser
+        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        with:
+          install-only: true
+
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GIT_TAG: ${{ github.ref_name }}
+        run: make release  

.github/workflows/reusable_build_push_images.yml

@@ -0,0 +1,72 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+      branch:
+        description: name of the branch
+        required: false
+        type: string
+        default: 'master'
+      tag:
+        description: The tag to use (e.g. "master" or "0.35.0")
+        required: false
+        type: string
+        default: ''
+      is_latest:
+        description: Update the latest tag with the new image
+        required: false
+        type: boolean
+        default: false
+      push:
+        description: Whether to also push images
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  build-images:
+    runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        
+      - name: Create download folder
+        run: mkdir -p build-${{ inputs.arch }}
+        
+      - name: Download Driverkit
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: build-${{ inputs.arch }}
+          
+      - name: Enforce executable bit
+        run: chmod +x build-${{ inputs.arch }}/driverkit
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+          
+      - name: Login to Docker Hub
+        if: inputs.push
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push docker images
+        if: inputs.push
+        run: make push/all
+
+      - name: Build docker images
+        if: inputs.push == false
+        run: make image/all
+
+      - name: Push latest images if needed
+        if: inputs.push && inputs.is_latest
+        run: make push/latest

.github/workflows/reusable_build_test_driverkit.yml

@@ -0,0 +1,47 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      arch:
+        description: amd64 or arm64
+        required: true
+        type: string
+
+jobs:
+  build-test:
+    # See https://github.com/actions/runner/issues/409#issuecomment-1158849936
+    runs-on: ${{ (inputs.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Setup Go
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Build
+        run: make build
+        
+      - name: Test
+        run: make test
+        
+      - name: Set integration tests DRIVERVERSIONS env
+        if: inputs.arch == 'amd64'
+        run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver 17f5df52a7d9ed6bb12d3b1768460def8439936d" >> $GITHUB_ENV
+        
+      - name: Set integration tests DRIVERVERSIONS env
+        if: inputs.arch == 'arm64'
+        run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver" >> $GITHUB_ENV
+      
+      - name: Integration tests
+        run: make integration_test
+        
+      - name: Upload driverkit
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: driverkit-${{ inputs.arch }}
+          path: |
+            ${{ github.workspace }}/_output/bin/driverkit

.github/workflows/reusable_manifest_images.yml

@@ -0,0 +1,45 @@
+# This is a reusable workflow used by master and release CI
+on:
+  workflow_call:
+    inputs:
+      branch:
+        description: name of the branch
+        required: false
+        type: string
+        default: 'master'
+      tag:
+        description: The tag to use (e.g. "master" or "0.35.0")
+        required: false
+        type: string
+        default: ''
+      is_latest:
+        description: Update the latest tag with the new image
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  push-manifest:
+    runs-on: ubuntu-latest
+    env:
+      GIT_BRANCH: ${{ inputs.branch }}
+      GIT_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+          
+      - name: Login to Docker Hub
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_SECRET }}
+          
+      - name: Build and Push manifest to registry
+        run: make manifest/all
+      
+      - name: Push latest manifest if needed
+        if: inputs.is_latest
+        run: make manifest/latest

.gitignore

@@ -1,5 +1,7 @@
 _output/
 dist/
 vendor/
-
+.idea/
 driverkit
+
+coverage.out

.goreleaser.yml

@@ -1,6 +1,10 @@
+version: 2
+
 project_name: driverkit
 builds:
   - id: "driverkit"
+    env:
+    - GOEXPERIMENT=loopvar
     goos:
     - linux
     goarch:
@@ -9,8 +13,6 @@ builds:
     main: .
     flags:
       - -v 
-      - -buildmode=pie
-      - "-tags={{ .Env.GOTAGS }}"
     ldflags: 
       - "{{.Env.LDFLAGS}}"
     binary: driverkit

Example_configs.md

@@ -0,0 +1,385 @@
+# Example Configs
+
+## aliyun linux 2 (Alibaba Cloud Linux 2)
+
+```yaml
+kernelrelease: 4.19.91-26.al7.x86_64
+target: alinux
+output:
+    module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
+    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
+driverversion: master
+```
+
+## aliyun linux 3 (Alibaba Cloud Linux 3)
+
+```yaml
+kernelrelease: 5.10.84-10.4.al8.x86_64
+target: alinux
+output:
+    module: /tmp/falco_alinux_4.19.91-26.al7.x86_64.ko
+    probe: /tmp/falco_alinux_4.19.91-26.al7.x86_64.o
+driverversion: master
+```
+
+## alma linux
+
+```yaml
+kernelrelease: 5.14.0-162.12.1.el9_1.x86_64
+target: almalinux
+output:
+    module: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.ko
+    probe: /tmp/falco_almalinux_5.14.0-162.12.1.el9_1.x86_64.o
+driverversion: master
+```
+
+## amazonlinux
+
+```yaml
+kernelrelease: 4.14.26-46.32.amzn1.x86_64
+target: amazonlinux
+output:
+    module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
+driverversion: master
+```
+
+## amazonlinux 2
+
+```yaml
+kernelrelease: 4.14.171-136.231.amzn2.x86_64
+target: amazonlinux2
+output:
+    module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
+    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
+driverversion: master
+```
+
+## amazonlinux 2022
+
+```yaml
+kernelrelease: 5.10.96-90.460.amzn2022.x86_64
+target: amazonlinux2022
+output:
+    module: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.ko
+    probe: /tmp/falco_amazonlinux2022_5.10.96-90.460.amzn2022.x86_64.o
+driverversion: master
+```
+
+## archlinux
+
+Example configuration file to build both the Kernel module and eBPF probe for Archlinux.
+Note: archlinux target uses the [Arch Linux Archive](https://wiki.archlinux.org/title/Arch_Linux_Archive) to fetch
+all ever supported kernel releases.
+For arm64, it uses an user-provided mirror, as no official mirror is available: http://tardis.tiny-vps.com/aarm/.
+The mirror has been up and updated since 2015.
+
+```yaml
+kernelversion: 1
+kernelrelease: 6.0.6.arch1-1
+target: arch
+output:
+  module: /tmp/falco-arch.ko
+  probe: /tmp/falco-arch.o
+driverversion: master
+builderimage: ${ARCH_BUILD_IMAGE_HERE}
+```
+
+## centos 6
+
+```yaml
+kernelrelease: 2.6.32-754.14.2.el6.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos6.ko
+driverversion: master
+```
+
+## centos 7
+
+```yaml
+kernelrelease: 3.10.0-957.12.2.el7.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos7.ko
+driverversion: master
+```
+
+## centos 8
+
+```yaml
+kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
+kernelversion: 1
+target: centos
+output:
+  module: /tmp/falco-centos8.ko
+driverversion: master
+```
+
+## debian
+
+Example configuration file to build both the Kernel module and eBPF probe for Debian.
+
+```yaml
+kernelrelease: 4.19.0-6-amd64
+kernelversion: 1
+output:
+  module: /tmp/falco-debian.ko
+  probe: /tmp/falco-debian.o
+target: debian
+driverversion: master
+```
+
+## fedora
+
+```yaml
+kernelrelease: 5.19.16-200.fc36.x86_64
+kernelversion: 1
+target: fedora
+output:
+  module: /tmp/falco-fedora.ko
+driverversion: master
+```
+
+## flatcar
+
+Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
+The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version;
+moreover, kernelconfigdata must be provided.
+
+```yaml
+kernelrelease: 3185.0.0
+target: flatcar
+output:
+  module: /tmp/falco-flatcar-3185.0.0.ko
+  probe: /tmp/falco-flatcar-3185.0.0.o
+driverversion: master
+kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
+```
+
+## minikube
+Example configuration file to build both the Kernel module and eBPF probe for Minikube.
+```yaml
+kernelversion: 1_1.26.0
+kernelrelease: 5.10.57
+target: minikube
+architecture: amd64
+output:
+  module: /tmp/falco_minikube_5.10.57_1_1.26.0.ko
+  probe: /tmp/falco_minikube_5.10.57_1_1.26.0.o
+kernelconfigdata: Q09ORklHX0ZBTk9USUZZPXkKQ09ORklHX0t...
+```
+
+## oracle linux 8
+
+```yaml
+kernelrelease: 5.4.17-2011.3.2.1.el8uek.x86_64
+kernelversion: 1
+target: ol
+output:
+  module: /tmp/falco-ol8.ko
+driverversion: master
+```
+
+## redhat 7
+
+```yaml
+kernelrelease: 3.10.0-1160.66.1.el7.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat7.ko
+driverversion: master
+builderimage: registry.redhat.io/rhel7:rhel7_driverkit
+```
+The image used for this build was created with the following command:
+
+```bash
+docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t registry.redhat.io/rhel7:rhel7_driverkit -f Dockerfile.rhel7 .
+````
+| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
+|--------------------------------------------------------------------------------------------|
+
+and Dockerfile.rhel7:
+```bash
+FROM registry.redhat.io/rhel7
+
+ARG rh_username
+ARG rh_password
+
+RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
+
+RUN yum install gcc elfutils-libelf-devel make -y
+```
+| :warning: **Base image requires Redhat subscription to pull**:```docker login registry.redhat.io``` |
+|-----------------------------------------------------------------------------------------------------|
+
+## redhat 8
+
+```yaml
+kernelrelease: 4.18.0-372.9.1.el8.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat8.ko
+  probe: /tmp/falco-redhat8.o
+driverversion: master
+builderimage: redhat/ubi8:rhel8_driverkit
+```
+
+The image used for this build was created with the following command:
+
+```bash
+docker build --build-arg rh_username=<username> --build-arg rh_password=<password> -t redhat/ubi8:rhel8_driverkit -f Dockerfile.rhel8 .
+````
+| :warning: **Passing user credentials via command line**: Consider using `--secret` option! |
+|--------------------------------------------------------------------------------------------|
+
+and Dockerfile.rhel8:
+```bash
+FROM redhat/ubi8
+
+ARG rh_username
+ARG rh_password
+
+RUN subscription-manager register --username $rh_username --password $rh_password --auto-attach
+
+RUN yum install gcc curl elfutils-libelf-devel kmod make \
+                llvm-toolset-0:12.0.1-1.module+el8.5.0+11871+08d0eab5.x86_64 cpio -y
+```
+
+## redhat 9
+
+```yaml
+kernelrelease: 5.14.0-70.13.1.el9_0.x86_64
+target: redhat
+output:
+  module: /tmp/falco-redhat9.ko
+  probe: /tmp/falco-redhat9.o
+driverversion: master
+builderimage: docker.io/redhat/ubi9:rhel9_driverkit
+```
+The image used for this build was created with the following command:
+
+```bash
+docker build -t docker.io/redhat/ubi9:rhel9_driverkit -f Dockerfile.rhel9 .
+````
+
+and Dockerfile.rhel9:
+```bash
+FROM docker.io/redhat/ubi9
+
+RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
+RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
+```
+The `ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11` command creates a symbolic link which makes sure driverkit finds the correct compiler binary.
+
+| :exclamation: **subscription-manager does not work on RHEL9 containers**: Host must have a valid RHEL subscription. However, if you want to build the Docker image on a host that is not RHEL9, the container will not have access to the required repositories. In that case, the subscription manager can be enabled with some additional adjustments. |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+
+Dockerfile.rhel9.containerSkip:
+```bash
+FROM docker.io/redhat/ubi9
+
+ENV SMDEV_CONTAINER_OFF 1
+
+ARG REDHAT_USERNAME
+ARG REDHAT_PASSWORD
+
+RUN subscription-manager register --username $REDHAT_USERNAME --password $REDHAT_PASSWORD --auto-attach
+
+RUN yum install gcc elfutils-libelf-devel kmod make cpio llvm-toolset -y
+RUN ln -s /usr/bin/$(uname -p)-redhat-linux-gcc-11 /usr/bin/gcc-11
+```
+
+Setting `SMDEV_CONTAINER_OFF 1` makes sure the container detection is skipped and therefore enables the subscription manager again.
+
+## rocky linux
+
+```yaml
+kernelrelease: 5.14.0-162.18.1.el9_1.x86_64
+target: rocky
+output:
+    module: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.ko
+    probe: /tmp/falco_almalinux_5.14.0-162.18.1.el9_1.x86_64.o
+driverversion: master
+```
+
+## ubuntu
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu (works with any flavor!).
+
+```yaml
+kernelrelease: 5.0.0-1021-aws-5.0
+kernelversion: 24~18.04.1
+target: ubuntu
+output:
+  module: /tmp/falco-ubuntu-generic.ko
+  probe: /tmp/falco-ubuntu-generic.o
+driverversion: master
+```
+
+## ubuntu-aws
+
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
+
+```yaml
+kernelrelease: 4.15.0-1057-aws
+kernelversion: 59
+target: ubuntu-aws
+output:
+  module: /tmp/falco-ubuntu-aws.ko
+  probe: /tmp/falco-ubuntu-aws.o
+driverversion: master
+```
+
+> **NOTE:** ubuntu-aws exists to retain backward compatibility only,
+> and should not be used in new configs.
+
+## ubuntu-generic
+Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
+
+```yaml
+kernelrelease: 4.15.0-72-generic
+kernelversion: 81
+target: ubuntu-generic
+output:
+  module: /tmp/falco-ubuntu-generic.ko
+  probe: /tmp/falco-ubuntu-generic.o
+driverversion: master
+```
+
+> **NOTE:** ubuntu-generic exists to retain backward compatibility only,
+> and should not be used in new configs.
+
+## vanilla
+
+In case of vanilla, you also need to pass the kernel config data in base64 format.
+
+In most systems you can get `kernelconfigdata`  by reading `/proc/config.gz`.
+
+```yaml
+kernelrelease: 5.5.2
+kernelversion: 1
+target: vanilla
+output:
+  module: /tmp/falco-vanilla.ko
+  probe: /tmp/falco-vanilla.o
+driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
+```
+
+Now you can add the `kernelconfigdata` to the configuration file, to do so:
+
+```bash
+zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
+```
+
+The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
+
+### Note
+
+Usually, building for a `vanilla` target requires more time.
+
+So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
+
+```bash
+driverkit docker -c /tmp/vanilla.yaml --timeout=300
+```

Makefile

@@ -16,31 +16,25 @@ ifeq ($(COMMITS_FROM_GIT_TAG),0)
 	endif
 endif
 
-IMAGE_NAME_BUILDER ?= docker.io/falcosecurity/driverkit-builder
+DRIVERVERSIONS ?= master
 
-IMAGE_NAME_BUILDER_REF := $(IMAGE_NAME_BUILDER):$(GIT_REF)
-IMAGE_NAME_BUILDER_COMMIT := $(IMAGE_NAME_BUILDER):$(GIT_COMMIT)
-IMAGE_NAME_BUILDER_LATEST := $(IMAGE_NAME_BUILDER):latest
+DOCKER_ORG ?= falcosecurity
 
-IMAGE_NAME_DRIVERKIT ?= docker.io/falcosecurity/driverkit
+ARCH := $(shell uname -m)
 
-IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)
-IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)
-IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest
+BUILDERS := $(patsubst docker/builders/builder-%.Dockerfile,%,$(wildcard docker/builders/builder*$(ARCH)*.Dockerfile))
 
-LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder.BuilderBaseImage=${IMAGE_NAME_BUILDER_COMMIT}
+IMAGE_NAME_BUILDER_BASE ?= docker.io/$(DOCKER_ORG)/driverkit-builder
 
-OS_NAME := $(shell uname -s | tr A-Z a-z)
-SQLITE_TAGS :=
-ifeq ($(OS_NAME),darwin)
-	SQLITE_TAGS +=sqlite_omit_load_extension libsqlite3 darwin
-else ifeq ($(OS_NAME),linux)
-	SQLITE_TAGS +=sqlite_omit_load_extension linux
-endif
+IMAGE_NAME_DRIVERKIT ?= docker.io/$(DOCKER_ORG)/driverkit
 
-GOTAGS := ${SQLITE_TAGS}
+IMAGE_NAME_DRIVERKIT_REF := $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_$(ARCH)
+IMAGE_NAME_DRIVERKIT_COMMIT := $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_$(ARCH)
+IMAGE_NAME_DRIVERKIT_LATEST := $(IMAGE_NAME_DRIVERKIT):latest_$(ARCH)
 
-ARCHS := "arm64,amd64"
+LDFLAGS := -X github.com/falcosecurity/driverkit/pkg/version.buildTime=$(shell date +%s) -X github.com/falcosecurity/driverkit/pkg/version.gitCommit=${GIT_COMMIT} -X github.com/falcosecurity/driverkit/pkg/version.gitTag=$(if ${GIT_TAG},${GIT_TAG},v0.0.0) -X github.com/falcosecurity/driverkit/pkg/version.commitsFromGitTag=${COMMITS_FROM_GIT_TAG} -X github.com/falcosecurity/driverkit/pkg/driverbuilder/builder.defaultImageTag=$(GIT_COMMIT)
+TARGET_TEST_ARCH ?= $(ARCH)
+test_configs := $(wildcard test/$(TARGET_TEST_ARCH)/configs/*.yaml)
 
 driverkit ?= _output/bin/driverkit
 driverkit_docgen ?= _output/bin/docgen
@@ -49,11 +43,11 @@ driverkit_docgen ?= _output/bin/docgen
 build: clean ${driverkit}
 
 ${driverkit}:
-	CGO_ENABLED=0 go build -v -buildmode=pie -ldflags '${LDFLAGS}' -tags '${GOTAGS}' -o $@ .
+	CGO_ENABLED=0 GOEXPERIMENT=loopvar go build -v -ldflags '${LDFLAGS}' -o $@ .
 
 .PHONY: release
 release: clean
-	CGO_ENABLED=0 LDFLAGS="${LDFLAGS}" GOTAGS="${GOTAGS}" $(GORELEASER) release
+	CGO_ENABLED=0 LDFLAGS="${LDFLAGS}" $(GORELEASER) release
 
 .PHONY: clean
 clean:
@@ -64,31 +58,58 @@ image/all: image/builder image/driverkit
 
 .PHONY: image/builder
 image/builder:
-	$(DOCKER) buildx build --platform $(ARCHS) -o type=image,push="false" -f build/builder.Dockerfile .
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build -o type=image,push="false" -f docker/builders/builder-$b.Dockerfile . ; \
+    )
 
 .PHONY: image/driverkit
 image/driverkit:
-	$(DOCKER) buildx build --platform $(ARCHS) -o type=image,push="false" -f build/driverkit.Dockerfile .
+	$(DOCKER) buildx build -o type=image,push="false" -f docker/driverkit.Dockerfile .
 
 push/all: push/builder push/driverkit
 
 .PHONY: push/builder
 push/builder:
-	$(DOCKER) buildx build --push --platform $(ARCHS) -t "$(IMAGE_NAME_BUILDER_REF)" -t "$(IMAGE_NAME_BUILDER_COMMIT)" -f build/builder.Dockerfile .
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_REF)" -t "$(IMAGE_NAME_BUILDER_BASE):$b-$(GIT_COMMIT)" -f docker/builders/builder-$b.Dockerfile . ; \
+	)
 
 .PHONY: push/driverkit
 push/driverkit:
-	$(DOCKER) buildx build --push --platform $(ARCHS) -t "$(IMAGE_NAME_DRIVERKIT_REF)" -t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" -f build/driverkit.Dockerfile .
+	$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_REF)" -t "$(IMAGE_NAME_DRIVERKIT_COMMIT)" -f docker/driverkit.Dockerfile .
 
 .PHONY: push/latest
 push/latest:
-	$(DOCKER) buildx build --push --platform $(ARCHS) -t "$(IMAGE_NAME_BUILDER_LATEST)" -f build/builder.Dockerfile .
-	$(DOCKER) buildx build --push --platform $(ARCHS) -t "$(IMAGE_NAME_DRIVERKIT_LATEST)" -f build/driverkit.Dockerfile .
+	$(foreach b,$(BUILDERS),\
+		$(DOCKER) buildx build --push -t "$(IMAGE_NAME_BUILDER_BASE):$b-latest" -f docker/builders/builder-$b.Dockerfile . ; \
+	)
+	$(DOCKER) buildx build --push -t "$(IMAGE_NAME_DRIVERKIT_LATEST)" -f docker/driverkit.Dockerfile .
+
+manifest/all: manifest/driverkit
+
+.PHONY: manifest/driverkit
+manifest/driverkit:
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_REF) $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_REF)_aarch64
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT) $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_x86_64 $(IMAGE_NAME_DRIVERKIT):$(GIT_COMMIT)_aarch64
+
+.PHONY: manifest/latest
+manifest/latest:
+	$(DOCKER) buildx imagetools create -t $(IMAGE_NAME_DRIVERKIT):latest $(IMAGE_NAME_DRIVERKIT):latest_x86_64 $(IMAGE_NAME_DRIVERKIT):latest_aarch64
 
 .PHONY: test
 test:
-	go test -v -race ./...
-	go test -v -buildmode=pie ./cmd
+	go clean -testcache
+	GOEXPERIMENT=loopvar go test -v -cover -race ./...
+	GOEXPERIMENT=loopvar go test -v -cover ./cmd
+
+.PHONY: integration_test
+integration_test: $(test_configs)
+
+.PHONY: $(test_configs)
+$(test_configs): ${driverkit}
+	$(foreach d,$(DRIVERVERSIONS),\
+		${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 --driverversion $d; \
+	)
 
 .PHONY: ${driverkit_docgen}
 ${driverkit_docgen}: ${PWD}/docgen
@@ -96,6 +117,6 @@ ${driverkit_docgen}: ${PWD}/docgen
 
 .PHONY: docs
 docs: ${driverkit_docgen}
-	$(RM) -R docs/*
+	$(RM) -R docs/driverkit*
 	@mkdir -p docs
 	${driverkit_docgen}

OWNERS

@@ -1,8 +1,10 @@
 approvers:
-  - fntlnz
   - leodido
   - dwindsor
-reviewers:
+  - fededp
+  - EXONER4TED
+  - lowaiz
+  - LucaGuerra
+
+emeritus_approvers:
   - fntlnz
-  - leodido
-  - dwindsor

README.md

@@ -1,11 +1,15 @@
 # driverkit
 
-Status: **Under development**
+[![Falco Ecosystem Repository](https://github.com/falcosecurity/evolution/blob/main/repos/badges/falco-ecosystem-blue.svg)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#ecosystem-scope) [![Incubating](https://img.shields.io/badge/status-incubating-orange?style=for-the-badge)](https://github.com/falcosecurity/evolution/blob/main/REPOSITORIES.md#incubating)
 
-A command line tool that can be used to build the Falco kernel module and eBPF probe.
+[![Latest](https://img.shields.io/github/v/release/falcosecurity/driverkit?style=for-the-badge)](https://github.com/falcosecurity/driverkit/releases/latest)
+![Architectures](https://img.shields.io/badge/ARCHS-x86__64%7Caarch64-blueviolet?style=for-the-badge)
+[![Go Report Card](https://goreportcard.com/badge/github.com/falcosecurity/driverkit?style=for-the-badge)](https://goreportcard.com/report/github.com/falcosecurity/driverkit)
+[![Docker pulls](https://img.shields.io/docker/pulls/falcosecurity/driverkit?style=for-the-badge)](https://hub.docker.com/r/falcosecurity/driverkit)
 
+A command line tool that can be used to build the [Falco](https://github.com/falcosecurity/falco) kernel module and eBPF probe.
 
-## Usage
+## Glossary
 
 When you meet `kernelversion` that refers to the version you get executing `uname -v`:
 
@@ -23,6 +27,42 @@ uname -r
 4.15.0-1057-aws
 ```
 
+## Help
+
+By checking driverkit help, you can quickly discover info about:
+* Supported options
+* Supported commands
+* Supported architectures
+* Supported targets
+* Default options
+
+```
+driverkit help
+```
+
+## Architecture
+
+The target architecture is taken from runtime environment, but it can be overridden through `architecture` config.  
+Driverkit also supports cross building for arm64 using qemu from an x86_64 host.
+
+> **NOTE:** we could not automatically fetch correct architecture given a kernelrelease,
+> because some kernel names do not have any architecture suffix, namely Ubuntu ones.
+
+## Headers
+
+Driverkit has an internal logic to retrieve headers urls given a target and desired kernelrelease/kernelversion.  
+Unfortunately, the logic is quite hard to implement correctly for every supported target.   
+As of today, the preferred method is to instead use the `kernelurls` configuration param,  
+that allows to specify a list of headers.
+
+> **NOTE:** the internal headers fetching logic should be considered a fallback that will be, sooner or later, deprecated.  
+
+A solution to crawl all supported kernels by multiple distro was recently developed,  
+and it provides a json output with aforementioned `kernelheaders`: https://github.com/falcosecurity/kernel-crawler.  
+Json for supported architectures can be found at https://falcosecurity.github.io/kernel-crawler/.
+
+## How to use
+
 ### Against a Kubernetes cluster
 
 ```bash
@@ -35,7 +75,6 @@ driverkit kubernetes --output-module /tmp/falco.ko --kernelversion=81 --kernelre
 driverkit docker --output-module /tmp/falco.ko --kernelversion=81 --kernelrelease=4.15.0-72-generic --driverversion=master --target=ubuntu-generic
 ```
 
-
 ### Build using a configuration file
 
 Create a file named `ubuntu-aws.yaml` containing the following content:
@@ -61,278 +100,21 @@ driverkit docker -c ubuntu-aws.yaml
 It is possible to customize the kernel module name that is produced by Driverkit with the `moduledevicename` and `moduledrivername` options.
 In this context, the _device name_ is the prefix used for the devices in `/dev/`, while the _driver name_ is the kernel module name as reported by `modinfo` or `lsmod` once the module is loaded.
 
-## Supported architectures
+## Examples
 
-At the moment, driverkit supports:
-* amd64 (x86_64)
-* arm64 (aarch64)
+For a comprehensive list of examples, heads to [example configs](Example_configs.md)!
 
-The architecture is taken from runtime environment, but it can be overridden through `architecture` config.  
-Driverkit also supports cross building for arm64 using qemu from an x86_64 host.  
+## Support a new target
 
-Note: we could not automatically fetch correct architecture because some kernel names do not have the `-$arch`, namely Ubuntu ones.
+To add support for a new target, a new builder must be added.  
+For more info, you can find specific docs in [docs/builder.md](docs/builder.md) file.
 
-## Supported targets
+## Support a new builder image
 
-### ubuntu-generic
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu generic.
-
-```yaml
-kernelrelease: 4.15.0-72-generic
-kernelversion: 81
-target: ubuntu-generic
-output:
-  module: /tmp/falco-ubuntu-generic.ko
-  probe: /tmp/falco-ubuntu-generic.o
-driverversion: master
-```
-
-### ubuntu-aws
-
-Example configuration file to build both the Kernel module and eBPF probe for Ubuntu AWS.
-
-```yaml
-kernelrelease: 4.15.0-1057-aws
-kernelversion: 59
-target: ubuntu-aws
-output:
-  module: /tmp/falco-ubuntu-aws.ko
-  probe: /tmp/falco-ubuntu-aws.o
-driverversion: master
-```
-
-### centos 6
-
-```yaml
-kernelrelease: 2.6.32-754.14.2.el6.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos6.ko
-driverversion: master
-```
-
-### centos 7
-
-```yaml
-kernelrelease: 3.10.0-957.12.2.el7.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos7.ko
-driverversion: master
-```
-
-### centos 8
-
-```yaml
-kernelrelease: 4.18.0-147.5.1.el8_1.x86_64
-kernelversion: 1
-target: centos
-output:
-  module: /tmp/falco-centos8.ko
-driverversion: master
-```
-
-### amazonlinux
-
-```yaml
-kernelrelease: 4.14.26-46.32.amzn1.x86_64
-target: amazonlinux
-output:
-    module: /tmp/falco_amazonlinux_4.14.26-46.32.amzn1.x86_64.ko
-driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
-```
-
-### amazonlinux 2
-
-```yaml
-kernelrelease: 4.14.171-136.231.amzn2.x86_64
-target: amazonlinux2
-output:
-    module: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.ko
-    probe: /tmp/falco_amazonlinux2_4.14.171-136.231.amzn2.x86_64.o
-driverversion: be1ea2d9482d0e6e2cb14a0fd7e08cbecf517f94
-```
-
-### debian
-
-Example configuration file to build both the Kernel module and eBPF probe for Debian.
-
-```yaml
-kernelrelease: 4.19.0-6-amd64
-kernelversion: 1
-output:
-  module: /tmp/falco-debian.ko
-  probe: /tmp/falco-debian.o
-target: debian
-driverversion: master
-```
-
-### flatcar
-
-Example configuration file to build both the Kernel module and eBPF probe for Flatcar.
-The Flatcar release version needs to be provided in the `kernelrelease` field instead of the kernel version.
-
-```yaml
-kernelrelease: 3185.0.0
-target: flatcar
-output:
-  module: /tmp/falco-flatcar-3185.0.0.ko
-  probe: /tmp/falco-flatcar-3185.0.0.o
-driverversion: master
-```
-
-### vanilla
-
-In case of vanilla, you also need to pass the kernel config data in base64 format.
-
-In most systems you can get `kernelconfigdata`  by reading `/proc/config.gz`.
-
-```yaml
-kernelrelease: 5.5.2
-kernelversion: 1
-target: vanilla
-output:
-  module: /tmp/falco-vanilla.ko
-  probe: /tmp/falco-vanilla.o
-driverversion: 0de226085cc4603c45ebb6883ca4cacae0bd25b2
-```
-
-Now you can add the `kernelconfigdata` to the configuration file, to do so:
-
-```bash
-zcat /proc/config.gz| base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> /tmp/vanilla.yaml
-```
-
-The command above assumes that you saved the configuration file at `/tmp/vanilla.yaml`
-
-#### Note
-
-Usually, building for a `vanilla` target requires more time.
-
-So, we suggest to increase the `driverkit` timeout (defaults to `60` seconds):
-
-```bash
-driverkit docker -c /tmp/vanilla.yaml --timeout=300
-```
-
-## Goals
-
-- [x] Have a package that can build the Falco kernel module in k8s
-- [x] Have a package that can build the Falco kernel module in docker
-- [x] Have a package that can build the Falco eBPF probe in k8s
-- [x] Have a package that can build the Falco eBPF probe in docker
-- [x] Support the top distributions in our [Survey](http://bit.ly/driverkit-survey-vote) and the Vanilla Kernel
-  - [x] Ubuntu (`ubuntu-aws`, `ubuntu-generic`)
-  - [x] CentOS 8
-  - [x] CentOS 7
-  - [x] CentOS 6
-  - [x] AmazonLinux (`amazonlinux`, `amazonlinux2`)
-  - [x] Debian
-  - [x] Vanilla kernel (`vanilla`)
+To add support for a new builder image, follow the doc at [docs/builder_images.md](docs/builder_images.md) file.
 
 ## Survey
 
 We are conducting a [survey](http://bit.ly/driverkit-survey-vote) to know what is the most interesting set of Operating Systems we must support first in driverkit.
 
 You can find the results of the survey [here](http://bit.ly/driverkit-survey-results)
-
-## Creating a new Builder
-
-You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
-build drivers for a specific distro you care about.
-
-If that distribution is not supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
-
-To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.
-
-You can find the specific distribution files into the [pkg/driverbuilder/builder](/pkg/driverbuilder/builder) folder.
-
-Here's the [Ubuntu](/pkg/driverbuilder/builder/ubuntu.go) one for reference.
-
-Following this simple set of instructions should help you while you implement a new `builder.Builder`.
-
-
-### 1. Builder file
-Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
-
-```bash
-touch pkg/driverbuilder/builder/archlinux.go
-```
-
-### 2. Target name
-
-Your builder will need a constant for the target it implements. Usually that constant
-can just be the name of the distribution you are implementing. A builder can implement 
-more than one target at time. For example, the Ubuntu builder implements both `ubuntu-generic` and `ubuntu-aws`
-to reflect the organization that the distro itself has.
-
-Once you have the constant, you will need to add it to the `BuilderByTarget` map.
-
-
-Open your file and you will need to have something like this:
-
-```go
-// TargetTypeArchLinux identifies the Arch Linux target.
-const TargetTypeArchLinux Type = "archlinux"
-
-type archLinux struct {
-}
-
-func init() {
-	BuilderByTarget[TargetTypeArchLinux] = &archLinux{}
-}
-```
-
-Now, you can implement the `builder.Builder` interface for the `archlinux` struct
-you just registered.
-
-Here's a very minimalistic example.
-
-
-```go
-func (v archLinux) Script(c Config) (string, error) {
-  return "echo 'hello world'", nil
-}
-```
-
-Essentially, the `Script` function that you are implementing will need to return a string containing
-a `bash` script that will be executed by driverkit at build time.
-
-Depending on how the distro works, the script will need to fetch the kernel headers for it at the specific kernel version specified
-in the `Config` struct at `c.Build.KernelVersion`.
-Once you have those, based on what that kernel can do and based on what was configured
-by the user you will need to build the kernel module driver and/or the eBPF probe driver.
-
-How does this work?
-
-If the user specifies:
-
-- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
-- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o`
-
-The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
-
-If you look at the various builder implemented, you will see that the task of creating a new builder
-can be easy or difficult depending on how the distribution ships their artifacts.
-
-### 3. Customize GCC version
-
-Driverkit builder image supports 4 gcc versions:
-* GCC-8
-* GCC-6.3.0
-* GCC-5.5.0
-* GCC-4.8.4
-
-You can dynamically choose the one you prefer, likely switching on the kernel version.  
-For an example, you can check out Ubuntu builder, namely: `ubuntuGCCVersionFromKernelRelease`.  
-
-### 4. Customize llvm version
-
-Driverkit builder image supports 2 llvm versions:
-* llvm-7
-* llvm-12
-
-You can dynamically choose the one you prefer, likely switching on the kernel version.  
-For an example, you can check out Debian builder, namely: `debianLLVMVersionFromKernelRelease`.  

RELEASE.md

@@ -1,6 +1,6 @@
 # Release Process
 
-Our release process is based upon [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/driverkit) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
+Our release process is fully automated using [Github actions](.github/workflows/release.yml) and [goreleaser](https://github.com/goreleaser/goreleaser) tool for artifacts.
 
 When we release we do the following process:
 

cmd/cli_test.go

@@ -1,17 +1,34 @@
 //go:build !race
 // +build !race
 
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
 	"bytes"
-	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"runtime"
+	"sort"
 	"strings"
 	"testing"
+	"text/template"
+
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 
 	"github.com/acarl005/stripansi"
 	"gotest.tools/assert"
@@ -20,7 +37,6 @@ import (
 type expect struct {
 	err string
 	out string
-	fmtRuntimeArch bool
 }
 
 type testCase struct {
@@ -35,14 +51,12 @@ var tests = []testCase{
 		args: []string{"help"},
 		expect: expect{
 			out: "testdata/help.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
 		args: []string{"-h"},
 		expect: expect{
 			out: "testdata/help-flag.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -50,7 +64,6 @@ var tests = []testCase{
 		args:  []string{},
 		expect: expect{
 			out: "testdata/autohelp.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -59,7 +72,6 @@ var tests = []testCase{
 		expect: expect{
 			out: "testdata/non-existent-processor.txt",
 			err: `invalid argument "abc" for "driverkit"`,
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -71,7 +83,6 @@ var tests = []testCase{
 		expect: expect{
 			out: "testdata/invalid-proxyconfig.txt",
 			err: "exiting for validation errors",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -101,7 +112,6 @@ var tests = []testCase{
 		expect: expect{
 			err: "exiting for validation errors",
 			out: "testdata/dockernoopts.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -120,12 +130,13 @@ var tests = []testCase{
 			"ubuntu-aws",
 			"--output-module",
 			"/tmp/falco-ubuntu-aws.ko",
+			"--output-probe",
+			"/tmp/falco-ubuntu-aws.o",
 			"--loglevel",
 			"debug",
 		},
 		expect: expect{
 			out: "testdata/docker-with-flags-debug.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -133,6 +144,7 @@ var tests = []testCase{
 		env: map[string]string{
 			"DRIVERKIT_KERNELVERSION": "59",
 			"DRIVERKIT_OUTPUT_MODULE": "/tmp/falco-ubuntu-aws.ko",
+			"DRIVERKIT_OUTPUT_PROBE":  "/tmp/falco-ubuntu-aws.o",
 		},
 		args: []string{
 			"docker",
@@ -149,7 +161,6 @@ var tests = []testCase{
 		},
 		expect: expect{
 			out: "testdata/docker-with-flags-debug.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -163,7 +174,6 @@ var tests = []testCase{
 		},
 		expect: expect{
 			out: "testdata/docker-from-config-debug.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -177,7 +187,6 @@ var tests = []testCase{
 		},
 		expect: expect{
 			out: "testdata/docker-override-urls-from-config-debug.txt",
-            fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -195,7 +204,6 @@ var tests = []testCase{
 		},
 		expect: expect{
 			out: "testdata/docker-override-from-config-debug.txt",
-			fmtRuntimeArch: true,
 		},
 	},
 	{
@@ -211,7 +219,7 @@ var tests = []testCase{
 			"--kernelurls",
 			"http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb",
 			"--target",
-	        "ubuntu-aws",
+			"ubuntu-azure",
 			"--output-module",
 			"/tmp/falco-ubuntu-azure.ko",
 			"--loglevel",
@@ -219,7 +227,24 @@ var tests = []testCase{
 		},
 		expect: expect{
 			out: "testdata/docker-related-target-debug.txt",
-            fmtRuntimeArch: true,
+		},
+	},
+	{
+		descr: "docker/build-target-check-validation-redhat",
+		args: []string{
+			"docker",
+			"--kernelrelease",
+			"4.18.0-348.el8.x86_64",
+			"--target",
+			"redhat",
+			"--output-module",
+			"/tmp/falco-redhat.ko",
+			"--loglevel",
+			"debug",
+		},
+		expect: expect{
+			out: "testdata/docker-target-redhat-validation-error-debug.txt",
+			err: "exiting for validation errors",
 		},
 	},
 	{
@@ -291,9 +316,14 @@ var tests = []testCase{
 
 func run(t *testing.T, test testCase) {
 	// Setup
-	c := NewRootCmd()
-	b := bytes.NewBufferString("")
-	c.SetOutput(b)
+	configOpts, err := NewConfigOptions()
+	assert.NilError(t, err)
+	rootOpts, err := NewRootOptions()
+	assert.NilError(t, err)
+	var buf bytes.Buffer
+	configOpts.setOutput(&buf, true)
+	c := NewRootCmd(configOpts, rootOpts)
+	c.SetOutput(&buf)
 	if len(test.args) == 0 || (test.args[0] != "__complete" && test.args[0] != "__completeNoDesc" && test.args[0] != "help" && test.args[0] != "completion") {
 		test.args = append(test.args, "--dryrun")
 	}
@@ -304,19 +334,18 @@ func run(t *testing.T, test testCase) {
 		}
 	}
 	// Test
-	err := c.Execute()
+	err = c.Execute()
 	if err != nil {
 		if test.expect.err == "" {
 			t.Fatalf("error executing CLI: %v", err)
 		} else {
 			assert.Error(t, err, test.expect.err)
 		}
+		// Exactly same behavior as rootCmd.Start(), but here we use ERROR instead of FATAL to avoid leaving
+		configOpts.Printer.Logger.Error("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
 	}
-	out, err := ioutil.ReadAll(b)
-	if err != nil {
-		t.Fatalf("error reading CLI output: %v", err)
-	}
-	res := stripansi.Strip(string(out))
+	out := buf.String()
+	res := stripansi.Strip(out)
 	assert.Equal(t, test.expect.out, res)
 	// Teardown
 	for k := range test.env {
@@ -326,6 +355,81 @@ func run(t *testing.T, test testCase) {
 	}
 }
 
+// Simple explanation:
+// basically we leverage text.template to execute templates for test data.
+// testTemplateData is the actual template structure used to fill the test requested output.
+// It internally stores all the help text, split in section { Desc, Usage, Commands, Flags, Info }
+// plus the flagsTemplateData (that is the template data used to fill Flags fields basically).
+type testTemplateData struct {
+	Desc     string
+	Usage    string
+	Commands string
+	Flags    string
+	Info     string
+	flagsTemplateData
+}
+
+func readTemplateFile(t *testing.T, s string) string {
+	out, err := os.ReadFile("testdata/templates/" + s)
+	assert.NilError(t, err)
+	return string(out)
+}
+
+func initTestTemplateData(t *testing.T, args []string) testTemplateData {
+	td := initFlagsTemplateData(args)
+	return testTemplateData{
+		Usage:             readTemplateFile(t, "usage.txt"),
+		Commands:          readTemplateFile(t, "commands.txt"),
+		Flags:             runTemplate(t, readTemplateFile(t, "flags.txt"), td),
+		Desc:              readTemplateFile(t, "desc.txt"),
+		Info:              readTemplateFile(t, "info.txt"),
+		flagsTemplateData: td,
+	}
+}
+
+type flagsTemplateData struct {
+	Targets             string
+	CurrentArch         string
+	Architectures       string
+	TargetsVerticalList string
+
+	// It is the subcmd being called, ie: driverkit (root) or docker,kubernetes.
+	// It is automatically fetched by args passed to each test case
+	Cmd string
+}
+
+func initFlagsTemplateData(args []string) flagsTemplateData {
+	targets := builder.Targets()
+	sort.Strings(targets)
+
+	cmd := "driverkit"
+	if len(args) > 0 {
+		if args[0] == "docker" {
+			cmd = "docker"
+		} else if args[0] == "kubernetes" {
+			cmd = "kubernetes"
+		}
+	}
+
+	return flagsTemplateData{
+		Targets:             "[" + strings.Join(targets, ",") + "]",
+		CurrentArch:         runtime.GOARCH,
+		Architectures:       kernelrelease.SupportedArchs.String(),
+		TargetsVerticalList: strings.Join(targets, "\n"),
+		Cmd:                 cmd,
+	}
+}
+
+func runTemplate(t *testing.T, f string, td interface{}) string {
+	tplate := template.New("test")
+	parsed, err := tplate.Parse(f)
+	assert.NilError(t, err)
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	assert.NilError(t, err)
+	return buf.String()
+}
+
 func TestCLI(t *testing.T) {
 	for _, test := range tests {
 		descr := test.descr
@@ -336,15 +440,12 @@ func TestCLI(t *testing.T) {
 			test.descr = strings.TrimSuffix(filepath.Base(test.expect.out), ".txt")
 		}
 		if test.expect.out != "" {
-			out, err := ioutil.ReadFile(test.expect.out)
+			out, err := os.ReadFile(test.expect.out)
 			if err != nil {
 				t.Fatalf("output fixture not found: %v", err)
 			}
-			if !test.expect.fmtRuntimeArch {
-				test.expect.out = string(out)
-			} else {
-				test.expect.out = fmt.Sprintf(string(out), runtime.GOARCH)
-			}
+			td := initTestTemplateData(t, test.args)
+			test.expect.out = runTemplate(t, string(out), td)
 		}
 
 		t.Run(test.descr, func(t *testing.T) {

cmd/completion.go

@@ -1,8 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
 	"bytes"
 	"fmt"
+	"github.com/spf13/pflag"
 	"os"
 	"strings"
 	"text/template"
@@ -32,12 +47,12 @@ func validateArgs() cobra.PositionalArgs {
 		if len(args) == 0 {
 			return nil
 		}
-		return cobra.ExactValidArgs(1)(c, args)
+		return cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs)(c, args)
 	}
 }
 
 // NewCompletionCmd ...
-func NewCompletionCmd() *cobra.Command {
+func NewCompletionCmd(_ *ConfigOptions, _ *RootOptions, _ *pflag.FlagSet) *cobra.Command {
 	var long bytes.Buffer
 	tmpl := template.Must(template.New("long").Parse(longUsageTemplate))
 	tmpl.Execute(&long, map[string]interface{}{
@@ -51,25 +66,23 @@ func NewCompletionCmd() *cobra.Command {
 		Args:              validateArgs(),
 		ValidArgs:         cmdArgs,
 		DisableAutoGenTag: true,
-		Run: func(c *cobra.Command, args []string) {
+		RunE: func(c *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				c.Help()
-				return
+				return c.Help()
 			}
 
 			arg := args[0]
 			switch arg {
 			case "bash":
-				c.Root().GenBashCompletion(os.Stdout)
-				break
+				return c.Root().GenBashCompletion(os.Stdout)
 			case "zsh":
-				c.Root().GenZshCompletion(os.Stdout)
-				break
+				return c.Root().GenZshCompletion(os.Stdout)
 			case "fish":
-				c.Root().GenFishCompletion(os.Stdout, true)
+				return c.Root().GenFishCompletion(os.Stdout, true)
 			case "help":
-				c.Help()
+				return c.Help()
 			}
+			return nil
 		},
 	}
 

cmd/config_options.go

@@ -1,49 +1,155 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
-	"fmt"
+	"errors"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/mitchellh/go-homedir"
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"io"
+	"os"
+	"strings"
 
 	"github.com/creasty/defaults"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
-	logger "github.com/sirupsen/logrus"
+	"github.com/pterm/pterm"
 )
 
-var validProcessors = []string{"docker", "kubernetes"}
-var aliasProcessors = []string{"docker", "k8s"}
-var configOptions *ConfigOptions
+var validProcessors = []string{"docker", "kubernetes", "kubernetes-in-cluster", "local"}
+var aliasProcessors = []string{"docker", "k8s", "k8s-ic"}
 
 // ConfigOptions represent the persistent configuration flags of driverkit.
 type ConfigOptions struct {
-	ConfigFile string
-	LogLevel   string `validate:"logrus" name:"log level" default:"info"`
+	configFile string
 	Timeout    int    `validate:"number,min=30" default:"120" name:"timeout"`
 	ProxyURL   string `validate:"omitempty,proxy" name:"proxy url"`
-	DryRun     bool
+	dryRun     bool
 
-	configErrors bool
+	// Printer used by all commands to output messages.
+	Printer *output.Printer
+	// writer is used to write the output of the printer.
+	writer         io.Writer
+	logLevel       *output.LogLevel
+	disableStyling bool
+}
+
+func (co *ConfigOptions) initPrinter() {
+	// DisableStyling is only enforced by tests.
+	if co.disableStyling {
+		pterm.DisableStyling()
+	}
+	co.Printer = output.NewPrinter(co.logLevel.ToPtermLogLevel(), pterm.LogFormatterColorful, co.writer)
+	if co.disableStyling {
+		// Disable time print for tests
+		co.Printer.Logger = co.Printer.Logger.WithTime(false)
+	}
+
+}
+
+// Called by tests to disable styling and set bytes buffer as output
+func (co *ConfigOptions) setOutput(writer io.Writer, disableStyling bool) {
+	co.writer = writer
+	co.disableStyling = disableStyling
+	co.initPrinter()
 }
 
 // NewConfigOptions creates an instance of ConfigOptions.
-func NewConfigOptions() *ConfigOptions {
-	o := &ConfigOptions{}
-	if err := defaults.Set(o); err != nil {
-		logger.WithError(err).WithField("options", "ConfigOptions").Fatal("error setting driverkit options defaults")
+func NewConfigOptions() (*ConfigOptions, error) {
+	o := &ConfigOptions{
+		writer:         os.Stdout,
+		logLevel:       output.NewLogLevel(),
+		disableStyling: false,
 	}
-	return o
+	o.initPrinter()
+	if err := defaults.Set(o); err != nil {
+		// Return ConfigOptions anyway because we need the logger
+		return o, err
+	}
+	return o, nil
 }
 
 // Validate validates the ConfigOptions fields.
-func (co *ConfigOptions) Validate() []error {
+func (co *ConfigOptions) validate() []error {
 	if err := validate.V.Struct(co); err != nil {
-		errors := err.(validator.ValidationErrors)
-		errArr := []error{}
-		for _, e := range errors {
+		var errs validator.ValidationErrors
+		errors.As(err, &errs)
+		var errArr []error
+		for _, e := range errs {
 			// Translate each error one at a time
-			errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
+			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
-		co.configErrors = true
 		return errArr
 	}
 	return nil
 }
+
+// AddFlags registers the common flags.
+func (co *ConfigOptions) AddFlags(flags *pflag.FlagSet) {
+	flags.StringVarP(&co.configFile, "config", "c", co.configFile, "config file path (default $HOME/.driverkit.yaml if exists)")
+	flags.VarP(co.logLevel, "loglevel", "l", "set level for logs "+co.logLevel.Allowed())
+	flags.IntVar(&co.Timeout, "timeout", co.Timeout, "timeout in seconds")
+	flags.StringVar(&co.ProxyURL, "proxy", co.ProxyURL, "the proxy to use to download data")
+	flags.BoolVar(&co.dryRun, "dryrun", co.dryRun, "do not actually perform the action")
+}
+
+// Init reads in config file and ENV variables if set.
+func (co *ConfigOptions) Init() bool {
+	configErr := false
+	if errs := co.validate(); errs != nil {
+		for _, err := range errs {
+			co.Printer.Logger.Error("error validating config options",
+				co.Printer.Logger.Args("err", err.Error()))
+		}
+		configErr = true
+	}
+	if co.configFile != "" {
+		viper.SetConfigFile(co.configFile)
+	} else {
+		// Find home directory.
+		home, err := homedir.Dir()
+		if err != nil {
+			co.Printer.Logger.Error("error getting the home directory",
+				co.Printer.Logger.Args("err", err.Error()))
+			// not setting configErr = true because we fallback to `$HOME/.driverkit.yaml` and try with it
+		}
+
+		viper.AddConfigPath(home)
+		viper.SetConfigName(".driverkit")
+	}
+
+	viper.AutomaticEnv()
+	viper.SetEnvPrefix("driverkit")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+
+	// If a config file is found, read it in.
+	err := viper.ReadInConfig()
+	// Init printer with either read or existent one,
+	// so that we can further log considering log level set.
+	co.initPrinter()
+	if err == nil {
+		co.Printer.Logger.Info("using config file",
+			co.Printer.Logger.Args("file", viper.ConfigFileUsed()))
+	} else {
+		var configFileNotFoundError viper.ConfigFileNotFoundError
+		if errors.As(err, &configFileNotFoundError) {
+			// Config file not found, ignore ...
+			co.Printer.Logger.Debug("running without a configuration file")
+		}
+	}
+	return configErr
+}

cmd/docker.go

@@ -1,25 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
+	"bytes"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
-	logger "github.com/sirupsen/logrus"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 )
 
 // NewDockerCmd creates the `driverkit docker` command.
-func NewDockerCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+func NewDockerCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	dockerCmd := &cobra.Command{
 		Use:   "docker",
 		Short: "Build Falco kernel modules and eBPF probes against a docker daemon.",
-		Run: func(c *cobra.Command, args []string) {
-			logger.WithField("processor", c.Name()).Info("driver building, it will take a few seconds")
-			if !configOptions.DryRun {
-				if err := driverbuilder.NewDockerBuildProcessor(viper.GetInt("timeout"), viper.GetString("proxy")).Start(rootOpts.toBuild()); err != nil {
-					logger.WithError(err).Fatal("exiting")
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting build",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			if !configOpts.dryRun {
+				if !rootOpts.Output.HasOutputs() {
+					configOpts.Printer.Logger.Info("no output specified")
+					return nil
 				}
+				// Since we use a spinner, cache log data to a bytesbuffer;
+				// we will later print it once we stop the spinner.
+				var b *builder.Build
+				if configOpts.disableStyling {
+					b = rootOpts.ToBuild(configOpts.Printer)
+				} else {
+					var buf bytes.Buffer
+					b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+					configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+					defer func() {
+						configOpts.Printer.DefaultText.Print(buf.String())
+					}()
 				}
+				return driverbuilder.NewDockerBuildProcessor(configOpts.Timeout, configOpts.ProxyURL).Start(b)
+			}
+			return nil
 		},
 	}
 	// Add root flags

cmd/images.go

@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"os"
+
+	"github.com/olekukonko/tablewriter"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+// NewImagesCmd creates the `driverkit images` command.
+func NewImagesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	imagesCmd := &cobra.Command{
+		Use:   "images",
+		Short: "List builder images",
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting loading images",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var (
+				buf bytes.Buffer
+				b   *builder.Build
+			)
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("listing images, it will take a few seconds")
+			}
+			b.LoadImages()
+			if !configOpts.disableStyling {
+				_ = configOpts.Printer.Spinner.Stop()
+				configOpts.Printer.DefaultText.Print(buf.String())
+			}
+
+			table := tablewriter.NewWriter(os.Stdout)
+			table.SetHeader([]string{"Image", "Target", "Arch", "GCC"})
+			table.SetBorders(tablewriter.Border{Left: true, Top: false, Right: true, Bottom: false})
+			table.SetCenterSeparator("|")
+
+			for _, img := range b.Images {
+				data := make([]string, 4)
+				data[0] = img.Name
+				data[1] = img.Target.String()
+				data[2] = b.Architecture
+				data[3] = img.GCCVersion.String()
+				table.Append(data)
+			}
+			table.Render() // Send output
+			return nil
+		},
+	}
+	// Add root flags
+	imagesCmd.PersistentFlags().AddFlagSet(rootFlags)
+
+	return imagesCmd
+}

cmd/kubernetes.go

@@ -1,20 +1,34 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
 	"regexp"
 	"strings"
 
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
 	"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
-	"github.com/spf13/viper"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 )
 
 // NewKubernetesCmd creates the `driverkit kubernetes` command.
-func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+func NewKubernetesCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
 	kubernetesCmd := &cobra.Command{
 		Use:     "kubernetes",
 		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster.",
@@ -34,35 +48,48 @@ func NewKubernetesCmd(rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Co
 		f.Usage = upperAfterPointRegexp.ReplaceAllString(f.Usage, ", ${1}")
 		f.Usage = upperAfterCommaRegexp.ReplaceAllStringFunc(f.Usage, strings.ToLower)
 	})
+	// Add Kubernetes pods options flags
+	flags := kubernetesCmd.Flags()
+	addKubernetesFlags(flags)
+	kubernetesCmd.PersistentFlags().AddFlagSet(flags)
 	// Add root flags
 	kubernetesCmd.PersistentFlags().AddFlagSet(rootFlags)
 
 	kubefactory := factory.NewFactory(configFlags)
 
-	kubernetesCmd.Run = func(cmd *cobra.Command, args []string) {
-		logger.WithField("processor", cmd.Name()).Info("driver building, it will take a few seconds")
-		if !configOptions.DryRun {
-			if err := kubernetesRun(cmd, args, kubefactory, rootOpts); err != nil {
-				logger.WithError(err).Fatal("exiting")
+	kubernetesCmd.RunE = func(c *cobra.Command, args []string) error {
+		configOpts.Printer.Logger.Info("starting build",
+			configOpts.Printer.Logger.Args("processor", c.Name()))
+		if !configOpts.dryRun {
+			if !rootOpts.Output.HasOutputs() {
+				configOpts.Printer.Logger.Info("no output specified")
+				return nil
 			}
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var b *builder.Build
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				var buf bytes.Buffer
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+				defer func() {
+					configOpts.Printer.DefaultText.Print(buf.String())
+				}()
 			}
+			return kubernetesRun(kubefactory, b, configOpts)
+		}
+		return nil
 	}
 
 	return kubernetesCmd
 }
 
-func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factory, rootOpts *RootOptions) error {
-	f := cmd.Flags()
-	b := rootOpts.toBuild()
-
-	namespaceStr, err := f.GetString("namespace")
-	if err != nil {
-		return err
-	}
-	if len(namespaceStr) == 0 {
-		namespaceStr = "default"
-	}
-
+func kubernetesRun(kubefactory factory.Factory,
+	b *builder.Build,
+	configOpts *ConfigOptions,
+) error {
 	kc, err := kubefactory.KubernetesClientSet()
 	if err != nil {
 		return err
@@ -75,7 +102,12 @@ func kubernetesRun(cmd *cobra.Command, args []string, kubefactory factory.Factor
 		return err
 	}
 
-	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(), clientConfig, namespaceStr, viper.GetInt("timeout"), viper.GetString("proxy"))
-
+	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
+		clientConfig,
+		kubernetesOptions.RunAsUser,
+		kubernetesOptions.Namespace,
+		kubernetesOptions.ImagePullSecret,
+		configOpts.Timeout,
+		configOpts.ProxyURL)
 	return buildProcessor.Start(b)
 }

cmd/kubernetes_in_cluster.go

@@ -0,0 +1,94 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kubernetes/factory"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+)
+
+// NewKubernetesInClusterCmd creates the `driverkit kubernetes` command.
+func NewKubernetesInClusterCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	kubernetesInClusterCmd := &cobra.Command{
+		Use:     "kubernetes-in-cluster",
+		Short:   "Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.",
+		Aliases: []string{"k8s-ic"},
+	}
+
+	// Add Kubernetes pods options flags
+	flags := kubernetesInClusterCmd.Flags()
+	addKubernetesFlags(flags)
+	kubernetesInClusterCmd.PersistentFlags().AddFlagSet(flags)
+	// Add root flags
+	kubernetesInClusterCmd.PersistentFlags().AddFlagSet(rootFlags)
+
+	kubernetesInClusterCmd.RunE = func(c *cobra.Command, args []string) error {
+		configOpts.Printer.Logger.Info("starting build",
+			configOpts.Printer.Logger.Args("processor", c.Name()))
+		if !configOpts.dryRun {
+			if !rootOpts.Output.HasOutputs() {
+				configOpts.Printer.Logger.Info("no output specified")
+				return nil
+			}
+			// Since we use a spinner, cache log data to a bytesbuffer;
+			// we will later print it once we stop the spinner.
+			var b *builder.Build
+			if configOpts.disableStyling {
+				b = rootOpts.ToBuild(configOpts.Printer)
+			} else {
+				var buf bytes.Buffer
+				b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+				configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+				defer func() {
+					configOpts.Printer.DefaultText.Print(buf.String())
+				}()
+			}
+			return kubernetesInClusterRun(b, configOpts)
+		}
+		return nil
+	}
+
+	return kubernetesInClusterCmd
+}
+
+func kubernetesInClusterRun(b *builder.Build, configOpts *ConfigOptions) error {
+	kubeConfig, err := rest.InClusterConfig()
+	if err != nil {
+		return err
+	}
+	if err = factory.SetKubernetesDefaults(kubeConfig); err != nil {
+		return err
+	}
+
+	kc, err := kubernetes.NewForConfig(kubeConfig)
+	if err != nil {
+		return err
+	}
+
+	buildProcessor := driverbuilder.NewKubernetesBuildProcessor(kc.CoreV1(),
+		kubeConfig,
+		kubernetesOptions.RunAsUser,
+		kubernetesOptions.Namespace,
+		kubernetesOptions.ImagePullSecret,
+		configOpts.Timeout,
+		configOpts.ProxyURL)
+	return buildProcessor.Start(b)
+}

cmd/kubernetes_options.go

@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cmd
+
+import flag "github.com/spf13/pflag"
+
+var kubernetesOptions = &KubeOptions{}
+
+type KubeOptions struct {
+	RunAsUser       int64  `json:"runAsUser,omitempty" protobuf:"varint,2,opt,name=runAsUser" default:"0"`
+	Namespace       string `validate:"required" name:"namespace" default:"default"`
+	ImagePullSecret string `validate:"omitempty" name:"image-pull-secret" default:""`
+}
+
+func addKubernetesFlags(flags *flag.FlagSet) {
+	flags.StringVarP(&kubernetesOptions.Namespace, "namespace", "n", "default", "If present, the namespace scope for the pods and its config ")
+	flags.Int64Var(&kubernetesOptions.RunAsUser, "run-as-user", 0, "Pods runner user")
+	flags.StringVar(&kubernetesOptions.ImagePullSecret, "image-pull-secret", "", "ImagePullSecret")
+}

cmd/local.go

@@ -0,0 +1,81 @@
+package cmd
+
+import (
+	"bytes"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
+	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/spf13/cobra"
+	"github.com/spf13/pflag"
+)
+
+type localCmdOptions struct {
+	useDKMS         bool
+	downloadHeaders bool
+	srcDir          string
+	envMap          map[string]string
+}
+
+// NewLocalCmd creates the `driverkit local` command.
+func NewLocalCmd(configOpts *ConfigOptions, rootOpts *RootOptions, rootFlags *pflag.FlagSet) *cobra.Command {
+	opts := localCmdOptions{}
+	localCmd := &cobra.Command{
+		Use:   "local",
+		Short: "Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.",
+		RunE: func(c *cobra.Command, args []string) error {
+			configOpts.Printer.Logger.Info("starting build",
+				configOpts.Printer.Logger.Args("processor", c.Name()))
+			if !configOpts.dryRun {
+				if !rootOpts.Output.HasOutputs() {
+					configOpts.Printer.Logger.Info("no output specified")
+					return nil
+				}
+				// Since we use a spinner, cache log data to a bytesbuffer;
+				// we will later print it once we stop the spinner.
+				var b *builder.Build
+				if configOpts.disableStyling {
+					b = rootOpts.ToBuild(configOpts.Printer)
+				} else {
+					var buf bytes.Buffer
+					b = rootOpts.ToBuild(configOpts.Printer.WithWriter(&buf))
+					configOpts.Printer.Spinner, _ = configOpts.Printer.Spinner.Start("driver building, it will take a few seconds")
+					defer func() {
+						configOpts.Printer.DefaultText.Print(buf.String())
+					}()
+				}
+				return driverbuilder.NewLocalBuildProcessor(opts.useDKMS,
+					opts.downloadHeaders,
+					false,
+					opts.srcDir,
+					opts.envMap,
+					configOpts.Timeout).Start(b)
+			}
+			return nil
+		},
+	}
+	// Add root flags, but not the ones unneeded
+	unusedFlagsSet := map[string]struct{}{
+		"architecture":        {},
+		"kernelurls":          {},
+		"builderrepo":         {},
+		"builderimage":        {},
+		"gccversion":          {},
+		"kernelconfigdata":    {},
+		"proxy":               {},
+		"registry-name":       {},
+		"registry-password":   {},
+		"registry-plain-http": {},
+		"registry-user":       {},
+	}
+	flagSet := pflag.NewFlagSet("local", pflag.ExitOnError)
+	rootFlags.VisitAll(func(flag *pflag.Flag) {
+		if _, ok := unusedFlagsSet[flag.Name]; !ok {
+			flagSet.AddFlag(flag)
+		}
+	})
+	flagSet.BoolVar(&opts.useDKMS, "dkms", false, "Enforce usage of DKMS to build the kernel module.")
+	flagSet.BoolVar(&opts.downloadHeaders, "download-headers", false, "Try to automatically download kernel headers.")
+	flagSet.StringVar(&opts.srcDir, "src-dir", "", "Enforce usage of local source dir to build drivers.")
+	flagSet.StringToStringVar(&opts.envMap, "env", make(map[string]string), "Env variables to be enforced during the driver build.")
+	localCmd.PersistentFlags().AddFlagSet(flagSet)
+	return localCmd
+}

cmd/root.go

@@ -1,28 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
-	"runtime"
 	"sort"
 	"strings"
 
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/pkg/version"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
-	homedir "github.com/mitchellh/go-homedir"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
 )
 
-func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
+func persistentValidateFunc(rootCommand *RootCmd, configOpts *ConfigOptions, rootOpts *RootOptions) func(c *cobra.Command, args []string) error {
 	return func(c *cobra.Command, args []string) error {
+		var validationError = errors.New("exiting for validation errors")
+		configErr := configOpts.Init()
 		// Early exit if detect some error into config flags
-		if configOptions.configErrors {
-			return fmt.Errorf("exiting for validation errors")
+		if configErr {
+			return validationError
 		}
 		// Merge environment variables or config file values into the RootOptions instance
 		skip := map[string]bool{ // do not merge these
@@ -43,13 +58,13 @@ func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c
 					// rather than replace, it appends. Since viper will already have the cli options set
 					// if supplied, we only need this step if rootCommand doesn't already have them e.g.
 					// not set on CLI so read from config.
-                    if cli_urls, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cli_urls) != 0 {
+					if cliURLs, err := rootCommand.c.Flags().GetStringSlice(name); err == nil && len(cliURLs) != 0 {
 						return
 					}
 					value := viper.GetStringSlice(name)
 					if len(value) != 0 {
 						strValue := strings.Join(value, ",")
-                        rootCommand.c.Flags().Set(name, strValue)
+						_ = rootCommand.c.Flags().Set(name, strValue)
 					}
 				} else {
 					value := viper.GetString(name)
@@ -61,7 +76,7 @@ func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c
 					}
 					// set the value, if any, otherwise let the default
 					if value != "" {
-                        rootCommand.c.Flags().Set(name, value)
+						_ = rootCommand.c.Flags().Set(name, value)
 					}
 				}
 			}
@@ -74,11 +89,12 @@ func persistentValidateFunc(rootCommand *RootCmd, rootOpts *RootOptions) func(c
 		if c.Root() != c && c.Name() != "help" && c.Name() != "__complete" && c.Name() != "__completeNoDesc" && c.Name() != "completion" {
 			if errs := rootOpts.Validate(); errs != nil {
 				for _, err := range errs {
-					logger.WithError(err).Error("error validating build options")
+					configOpts.Printer.Logger.Error("error validating build options",
+						configOpts.Printer.Logger.Args("err", err.Error()))
 				}
-				return fmt.Errorf("exiting for validation errors")
+				return validationError
 			}
-			rootOpts.Log()
+			rootOpts.Log(configOpts.Printer)
 		}
 		return nil
 	}
@@ -90,9 +106,7 @@ type RootCmd struct {
 }
 
 // NewRootCmd instantiates the root command.
-func NewRootCmd() *RootCmd {
-	configOptions = NewConfigOptions()
-	rootOpts := NewRootOptions()
+func NewRootCmd(configOpts *ConfigOptions, rootOpts *RootOptions) *RootCmd {
 	rootCmd := &cobra.Command{
 		Use:                   "driverkit",
 		Short:                 "A command line tool to build Falco kernel modules and eBPF probes.",
@@ -101,56 +115,51 @@ func NewRootCmd() *RootCmd {
 		Args:                  cobra.OnlyValidArgs,
 		DisableFlagsInUseLine: true,
 		DisableAutoGenTag:     true,
+		SilenceErrors:         true,
+		SilenceUsage:          true,
 		Version:               version.String(),
-		Run: func(c *cobra.Command, args []string) {
+		RunE: func(c *cobra.Command, args []string) error {
 			if len(args) == 0 {
-				logger.WithField("processors", validProcessors).Info("specify a valid processor")
+				configOpts.Printer.Logger.Info("specify a valid processor", configOpts.Printer.Logger.Args("processors", validProcessors))
 			}
 			// Fallback to help
-			c.Help()
+			return c.Help()
 		},
 	}
 	ret := &RootCmd{
 		c: rootCmd,
 	}
 
-	rootCmd.PersistentPreRunE = persistentValidateFunc(ret, rootOpts)
+	rootCmd.PersistentPreRunE = persistentValidateFunc(ret, configOpts, rootOpts)
 
 	flags := rootCmd.Flags()
 
-	flags.StringVarP(&configOptions.ConfigFile, "config", "c", configOptions.ConfigFile, "config file path (default $HOME/.driverkit.yaml if exists)")
-	flags.StringVarP(&configOptions.LogLevel, "loglevel", "l", configOptions.LogLevel, "log level")
-	flags.IntVar(&configOptions.Timeout, "timeout", configOptions.Timeout, "timeout in seconds")
-	flags.BoolVar(&configOptions.DryRun, "dryrun", configOptions.DryRun, "do not actually perform the action")
-	flags.StringVar(&configOptions.ProxyURL, "proxy", configOptions.ProxyURL, "the proxy to use to download data")
+	targets := builder.Targets()
+	sort.Strings(targets)
 
-	flags.StringVar(&rootOpts.Output.Module, "output-module", rootOpts.Output.Module, "filepath where to save the resulting kernel module")
-	flags.StringVar(&rootOpts.Output.Probe, "output-probe", rootOpts.Output.Probe, "filepath where to save the resulting eBPF probe")
-	flags.StringVar(&rootOpts.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver")
-	flags.StringVar(&rootOpts.DriverVersion, "driverversion", rootOpts.DriverVersion, "driver version as a git commit hash or as a git tag")
-	flags.Uint16Var(&rootOpts.KernelVersion, "kernelversion", rootOpts.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
-	flags.StringVar(&rootOpts.KernelRelease, "kernelrelease", rootOpts.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
-	flags.StringVarP(&rootOpts.Target, "target", "t", rootOpts.Target, "the system to target the build for")
-	flags.StringVar(&rootOpts.KernelConfigData, "kernelconfigdata", rootOpts.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
-	flags.StringVar(&rootOpts.ModuleDeviceName, "moduledevicename", rootOpts.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
-	flags.StringVar(&rootOpts.ModuleDriverName, "moduledrivername", rootOpts.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
-	flags.StringVar(&rootOpts.BuilderImage, "builderimage", rootOpts.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used.")
-	flags.StringSliceVar(&rootOpts.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
+	configOpts.AddFlags(flags)
+	rootOpts.AddFlags(flags, targets)
 
-	viper.BindPFlags(flags)
+	if err := viper.BindPFlags(flags); err != nil {
+		panic(err)
+	}
 
 	// Flag annotations and custom completions
-	rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
-	rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
-		targets := builder.BuilderByTarget.Targets()
-		sort.Strings(targets)
+	_ = rootCmd.MarkFlagFilename("config", viper.SupportedExts...)
+	_ = rootCmd.RegisterFlagCompletionFunc("target", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
 		return targets, cobra.ShellCompDirectiveDefault
 	})
+	_ = rootCmd.RegisterFlagCompletionFunc("architecture", func(c *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+		return kernelrelease.SupportedArchs.Strings(), cobra.ShellCompDirectiveDefault
+	})
 
 	// Subcommands
-	rootCmd.AddCommand(NewKubernetesCmd(rootOpts, flags))
-	rootCmd.AddCommand(NewDockerCmd(rootOpts, flags))
-	rootCmd.AddCommand(NewCompletionCmd())
+	rootCmd.AddCommand(NewKubernetesCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewKubernetesInClusterCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewDockerCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewLocalCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewImagesCmd(configOpts, rootOpts, flags))
+	rootCmd.AddCommand(NewCompletionCmd(configOpts, rootOpts, flags))
 
 	ret.StripSensitive()
 
@@ -179,16 +188,15 @@ func (r *RootCmd) Command() *cobra.Command {
 	return r.c
 }
 
+// SetArgs proxies the arguments to the underlying cobra.Command.
+func (r *RootCmd) SetArgs(args []string) {
+	r.c.SetArgs(args)
+}
+
 // SetOutput sets the main command output writer.
 func (r *RootCmd) SetOutput(w io.Writer) {
 	r.c.SetOut(w)
 	r.c.SetErr(w)
-	logger.SetOutput(w)
-}
-
-// SetArgs proxies the arguments to the underlying cobra.Command.
-func (r *RootCmd) SetArgs(args []string) {
-	r.c.SetArgs(args)
 }
 
 // Execute proxies the cobra.Command execution.
@@ -198,59 +206,30 @@ func (r *RootCmd) Execute() error {
 
 // Start creates the root command and runs it.
 func Start() {
-	root := NewRootCmd()
-	if err := root.Execute(); err != nil {
-		logger.WithError(err).Fatal("error executing driverkit")
-	}
-}
-
-func init() {
-	logger.SetFormatter(&logger.TextFormatter{
-		ForceColors:            true,
-		DisableLevelTruncation: false,
-		DisableTimestamp:       true,
-	})
-
-	cobra.OnInitialize(initConfig)
-}
-
-// initConfig reads in config file and ENV variables if set.
-func initConfig() {
-	if errs := configOptions.Validate(); errs != nil {
-		for _, err := range errs {
-			logger.WithError(err).Error("error validating config options")
-		}
-		// configOptions.configErrors should be true here
-	}
-	if configOptions.ConfigFile != "" {
-		viper.SetConfigFile(configOptions.ConfigFile)
-	} else {
-		// Find home directory.
-		home, err := homedir.Dir()
+	configOpts, err := NewConfigOptions()
 	if err != nil {
-			logger.WithError(err).Debug("error getting the home directory")
-			// not setting configOptions.configErrors = true because we fallback to `$HOME/.driverkit.yaml` and try with it
-		}
-
-		viper.AddConfigPath(home)
-		viper.SetConfigName(".driverkit")
-	}
-
-	viper.AutomaticEnv()
-	viper.SetEnvPrefix("driverkit")
-	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
-
-	// If a config file is found, read it in.
-	if err := viper.ReadInConfig(); err == nil {
-		logger.WithField("file", viper.ConfigFileUsed()).Info("using config file")
+		// configOpts will never be nil here
+		if configOpts != nil {
+			configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
+				configOpts.Printer.Logger.Args("err", err.Error()))
 		} else {
-		if _, ok := err.(viper.ConfigFileNotFoundError); ok {
-			// Config file not found, ignore ...
-			logger.Debug("running without a configuration file")
-		} else {
-			// Config file was found but another error was produced
-			logger.WithField("file", viper.ConfigFileUsed()).WithError(err).Debug("error running with config file")
-			configOptions.configErrors = true
+			os.Exit(1)
 		}
 	}
+	rootOpts, err := NewRootOptions()
+	if err != nil {
+		configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
+			configOpts.Printer.Logger.Args("err", err.Error()))
+	}
+
+	// Cleanup spinner upon leaving if any
+	defer func() {
+		if configOpts.Printer.Spinner != nil {
+			_ = configOpts.Printer.Spinner.Stop()
+		}
+	}()
+	root := NewRootCmd(configOpts, rootOpts)
+	if err = root.Execute(); err != nil {
+		configOpts.Printer.Logger.Fatal("error executing driverkit", configOpts.Printer.Logger.Args("err", err.Error()))
+	}
 }

cmd/root_options.go

@@ -1,13 +1,32 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package cmd
 
 import (
-	"fmt"
+	"errors"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/spf13/pflag"
+	"os"
+	"runtime"
+	"strings"
+
 	"github.com/creasty/defaults"
-	"github.com/falcosecurity/driverkit/pkg/driverbuilder"
 	"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 	"github.com/falcosecurity/driverkit/validate"
 	"github.com/go-playground/validator/v10"
-	logger "github.com/sirupsen/logrus"
 )
 
 // OutputOptions wraps the two drivers that driverkit builds.
@@ -16,93 +35,129 @@ type OutputOptions struct {
 	Probe  string `validate:"required_without=Module,filepath,omitempty,endswith=.o" name:"output probe path"`
 }
 
+func (oo *OutputOptions) HasOutputs() bool {
+	return oo.Module != "" || oo.Probe != ""
+}
+
+type RepoOptions struct {
+	Org  string `default:"falcosecurity" name:"organization name"`
+	Name string `default:"libs" name:"repo name"`
+}
+
+type Registry struct {
+	Name      string `validate:"required_with=Username Password" name:"registry name"`
+	Username  string `validate:"required_with=Registry Password" name:"registry username"`
+	Password  string `validate:"required_with=Username Registry" name:"registry password"`
+	PlainHTTP bool   `default:"false" name:"registry plain http"`
+}
+
 // RootOptions ...
 type RootOptions struct {
-	Architecture     string   `validate:"required,oneof=amd64 arm64" name:"architecture"`
+	Architecture     string   `validate:"required,architecture" name:"architecture"`
 	DriverVersion    string   `default:"master" validate:"eq=master|sha1|semver" name:"driver version"`
-	KernelVersion    uint16   `default:"1" validate:"omitempty,number" name:"kernel version"`
+	KernelVersion    string   `default:"1" validate:"omitempty" name:"kernel version"`
 	ModuleDriverName string   `default:"falco" validate:"max=60" name:"kernel module driver name"`
 	ModuleDeviceName string   `default:"falco" validate:"excludes=/,max=255" name:"kernel module device name"`
 	KernelRelease    string   `validate:"required,ascii" name:"kernel release"`
 	Target           string   `validate:"required,target" name:"target"`
 	KernelConfigData string   `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
-	BuilderImage     string   `validate:"imagename" name:"builder image"`
+	BuilderImage     string   `validate:"omitempty,imagename" name:"builder image"`
+	BuilderRepos     []string `default:"[\"docker.io/falcosecurity/driverkit-builder\"]" validate:"omitempty" name:"docker repositories to look for builder images or absolute path pointing to a yaml file containing builder images index"`
+	GCCVersion       string   `validate:"omitempty,semvertolerant" name:"gcc version"`
 	KernelUrls       []string `name:"kernel header urls"`
+	Repo             RepoOptions
 	Output           OutputOptions
+	Registry         Registry
 }
 
 func init() {
 	validate.V.RegisterStructValidation(RootOptionsLevelValidation, RootOptions{})
 }
 
-func (ro *RootOptions) SetDefaults() {
-	if defaults.CanUpdate(ro.BuilderImage) {
-		ro.BuilderImage = driverbuilder.BuilderBaseImage
-	}
-}
-
 // NewRootOptions ...
-func NewRootOptions() *RootOptions {
+func NewRootOptions() (*RootOptions, error) {
 	rootOpts := &RootOptions{}
 	if err := defaults.Set(rootOpts); err != nil {
-		logger.WithError(err).WithField("options", "RootOptions").Fatal("error setting driverkit options defaults")
+		return nil, err
 	}
-	return rootOpts
+	return rootOpts, nil
 }
 
 // Validate validates the RootOptions fields.
 func (ro *RootOptions) Validate() []error {
 	if err := validate.V.Struct(ro); err != nil {
-		errors := err.(validator.ValidationErrors)
+		var errs validator.ValidationErrors
+		errors.As(err, &errs)
 		errArr := []error{}
-		for _, e := range errors {
+		for _, e := range errs {
 			// Translate each error one at a time
-			errArr = append(errArr, fmt.Errorf(e.Translate(validate.T)))
+			errArr = append(errArr, errors.New(e.Translate(validate.T)))
 		}
 		return errArr
 	}
+
+	// check that the kernel versions supports at least one of probe and module
+	kr := kernelrelease.FromString(ro.KernelRelease)
+	kr.Architecture = kernelrelease.Architecture(ro.Architecture)
+	if !kr.SupportsModule() && !kr.SupportsProbe() {
+		return []error{errors.New("both module and probe are not supported by given options")}
+	}
+
 	return nil
 }
 
+func (ro *RootOptions) AddFlags(flags *pflag.FlagSet, targets []string) {
+	flags.StringVar(&ro.Output.Module, "output-module", ro.Output.Module, "filepath where to save the resulting kernel module")
+	flags.StringVar(&ro.Output.Probe, "output-probe", ro.Output.Probe, "filepath where to save the resulting eBPF probe")
+	flags.StringVar(&ro.Architecture, "architecture", runtime.GOARCH, "target architecture for the built driver, one of "+kernelrelease.SupportedArchs.String())
+	flags.StringVar(&ro.DriverVersion, "driverversion", ro.DriverVersion, "driver version as a git commit hash or as a git tag")
+	flags.StringVar(&ro.KernelVersion, "kernelversion", ro.KernelVersion, "kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v'")
+	flags.StringVar(&ro.KernelRelease, "kernelrelease", ro.KernelRelease, "kernel release to build the module for, it can be found by executing 'uname -v'")
+	flags.StringVarP(&ro.Target, "target", "t", ro.Target, "the system to target the build for, one of ["+strings.Join(targets, ",")+"]")
+	flags.StringVar(&ro.KernelConfigData, "kernelconfigdata", ro.KernelConfigData, "base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc")
+	flags.StringVar(&ro.ModuleDeviceName, "moduledevicename", ro.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
+	flags.StringVar(&ro.ModuleDriverName, "moduledrivername", ro.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
+	flags.StringVar(&ro.BuilderImage, "builderimage", ro.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
+	flags.StringSliceVar(&ro.BuilderRepos, "builderrepo", ro.BuilderRepos, "list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'.")
+	flags.StringVar(&ro.GCCVersion, "gccversion", ro.GCCVersion, "enforce a specific gcc version for the build")
+
+	flags.StringSliceVar(&ro.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
+
+	flags.StringVar(&ro.Repo.Org, "repo-org", ro.Repo.Org, "repository github organization")
+	flags.StringVar(&ro.Repo.Name, "repo-name", ro.Repo.Name, "repository github name")
+
+	flags.StringVar(&ro.Registry.Name, "registry-name", ro.Registry.Name, "registry name to which authenticate")
+	flags.StringVar(&ro.Registry.Username, "registry-user", ro.Registry.Username, "registry username")
+	flags.StringVar(&ro.Registry.Password, "registry-password", ro.Registry.Password, "registry password")
+	flags.BoolVar(&ro.Registry.PlainHTTP, "registry-plain-http", ro.Registry.PlainHTTP, "allows interacting with remote registry via plain http requests")
+}
+
 // Log emits a log line containing the receiving RootOptions for debugging purposes.
 //
 // Call it only after validation.
-func (ro *RootOptions) Log() {
-	fields := logger.Fields{}
-	if ro.Output.Module != "" {
-		fields["output-module"] = ro.Output.Module
-	}
-	if ro.Output.Probe != "" {
-		fields["output-probe"] = ro.Output.Probe
-
-	}
-	if ro.DriverVersion != "" {
-		fields["driverversion"] = ro.DriverVersion
-	}
-	if ro.KernelRelease != "" {
-		fields["kernelrelease"] = ro.KernelRelease
-	}
-	if ro.KernelVersion > 0 {
-		fields["kernelversion"] = ro.KernelVersion
-	}
-	if ro.Target != "" {
-		fields["target"] = ro.Target
-	}
-	fields["arch"] = ro.Architecture
-	if len(ro.KernelUrls) > 0 {
-        fields["kernelurls"] = ro.KernelUrls
+func (ro *RootOptions) Log(printer *output.Printer) {
+	printer.Logger.Debug("running with options",
+		printer.Logger.Args(
+			"output-module", ro.Output.Module,
+			"output-probe", ro.Output.Probe,
+			"driverversion", ro.DriverVersion,
+			"kernelrelease", ro.KernelRelease,
+			"kernelversion", ro.KernelVersion,
+			"target", ro.Target,
+			"arch", ro.Architecture,
+			"kernelurls", ro.KernelUrls,
+			"repo-org", ro.Repo.Org,
+			"repo-name", ro.Repo.Name,
+		))
 }
 
-	logger.WithFields(fields).Debug("running with options")
-}
-
-func (ro *RootOptions) toBuild() *builder.Build {
+func (ro *RootOptions) ToBuild(printer *output.Printer) *builder.Build {
 	kernelConfigData := ro.KernelConfigData
 	if len(kernelConfigData) == 0 {
 		kernelConfigData = "bm8tZGF0YQ==" // no-data
 	}
 
-	return &builder.Build{
+	build := &builder.Build{
 		TargetType:        builder.Type(ro.Target),
 		DriverVersion:     ro.DriverVersion,
 		KernelVersion:     ro.KernelVersion,
@@ -113,9 +168,53 @@ func (ro *RootOptions) toBuild() *builder.Build {
 		ProbeFilePath:     ro.Output.Probe,
 		ModuleDriverName:  ro.ModuleDriverName,
 		ModuleDeviceName:  ro.ModuleDeviceName,
-		CustomBuilderImage: ro.BuilderImage,
+		GCCVersion:        ro.GCCVersion,
+		BuilderImage:      ro.BuilderImage,
+		BuilderRepos:      ro.BuilderRepos,
 		KernelUrls:        ro.KernelUrls,
+		RepoOrg:           ro.Repo.Org,
+		RepoName:          ro.Repo.Name,
+		Images:            make(builder.ImagesMap),
+		RegistryName:      ro.Registry.Name,
+		RegistryUser:      ro.Registry.Username,
+		RegistryPassword:  ro.Registry.Password,
+		RegistryPlainHTTP: ro.Registry.PlainHTTP,
+		Printer:           printer,
 	}
+
+	// loop over BuilderRepos to build the list ImagesListers based on the value of the builderRepo:
+	// if it's a local path use FileImagesLister, otherwise use RepoImagesLister
+	var (
+		imageLister builder.ImagesLister
+		err         error
+	)
+	for _, builderRepo := range build.BuilderRepos {
+		if _, err = os.Stat(builderRepo); err == nil {
+			imageLister, err = builder.NewFileImagesLister(builderRepo, build)
+		} else {
+			imageLister, err = builder.NewRepoImagesLister(builderRepo, build)
+		}
+		if err != nil {
+			printer.Logger.Warn("skipping repo",
+				printer.Logger.Args("repo", builderRepo, "err", err.Error()))
+		} else {
+			build.ImagesListers = append(build.ImagesListers, imageLister)
+		}
+	}
+
+	// attempt the build in case it comes from an invalid config
+	kr := build.KernelReleaseFromBuildConfig()
+	if len(build.ModuleFilePath) > 0 && !kr.SupportsModule() {
+		build.ModuleFilePath = ""
+		printer.Logger.Warn("skipping build attempt of module for unsupported kernel release",
+			printer.Logger.Args("kernelrelease", kr.String()))
+	}
+	if len(build.ProbeFilePath) > 0 && !kr.SupportsProbe() {
+		build.ProbeFilePath = ""
+		printer.Logger.Warn("skipping build attempt of probe for unsupported kernel release",
+			printer.Logger.Args("kernelrelease", kr.String()))
+	}
+	return build
 }
 
 // RootOptionsLevelValidation validates KernelConfigData and Target at the same time.
@@ -124,11 +223,20 @@ func (ro *RootOptions) toBuild() *builder.Build {
 func RootOptionsLevelValidation(level validator.StructLevel) {
 	opts := level.Current().Interface().(RootOptions)
 
-	if len(opts.KernelConfigData) == 0 && opts.Target == builder.TargetTypeVanilla.String() {
+	if opts.Target == builder.TargetTypeVanilla.String() ||
+		opts.Target == builder.TargetTypeMinikube.String() ||
+		opts.Target == builder.TargetTypeFlatcar.String() {
+		if len(opts.KernelConfigData) == 0 {
 			level.ReportError(opts.KernelConfigData, "kernelConfigData", "KernelConfigData", "required_kernelconfigdata_with_target_vanilla", "")
 		}
+	}
 
-	if opts.KernelVersion == 0 && (opts.Target == builder.TargetTypeUbuntuAWS.String() || opts.Target == builder.TargetTypeUbuntuGeneric.String()) {
+	if opts.KernelVersion == "" && (opts.Target == builder.TargetTypeUbuntu.String()) {
 		level.ReportError(opts.KernelVersion, "kernelVersion", "KernelVersion", "required_kernelversion_with_target_ubuntu", "")
 	}
+
+	// Target redhat requires a valid build image (has to be registered in order to download packages)
+	if opts.Target == builder.TargetTypeRedhat.String() && opts.BuilderImage == "" {
+		level.ReportError(opts.BuilderImage, "builderimage", "builderimage", "required_builderimage_with_target_redhat", "")
+	}
 }

cmd/testdata/autohelp.txt

@@ -1,35 +1,12 @@
-INFO specify a valid processor                     processors="[docker kubernetes]"
-A command line tool to build Falco kernel modules and eBPF probes.
+INFO  specify a valid processor
+    └ processors: [docker kubernetes kubernetes-in-cluster local]
+{{ .Desc }}
 
-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}
 
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}
 
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
+{{ .Flags }}
   -v, --version                    version for driverkit
 
-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}

cmd/testdata/completion-targets.txt

@@ -1,11 +1,3 @@
-amazonlinux
-amazonlinux2
-centos
-debian
-flatcar
-rocky
-ubuntu-aws
-ubuntu-generic
-vanilla
+{{ .TargetsVerticalList }}
 :0
 Completion ended with directive: ShellCompDirectiveDefault

cmd/testdata/configs/1.yaml

@@ -3,4 +3,5 @@ kernelversion: 59
 target: ubuntu-aws
 output:
     module: /tmp/falco-ubuntu-aws.ko
+    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master

cmd/testdata/configs/2.yaml

@@ -7,4 +7,5 @@ kernelurls: [
 target: ubuntu-aws
 output:
     module: /tmp/falco-ubuntu-aws.ko
+    probe: /tmp/falco-ubuntu-aws.o
 driverversion: master

cmd/testdata/docker-from-config-debug.txt

@@ -1,3 +1,13 @@
-INFO using config file                             file=testdata/configs/1.yaml
-DEBU running with options                          arch=%s driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+INFO  using config file file: testdata/configs/1.yaml
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: []
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker

cmd/testdata/docker-override-from-config-debug.txt

@@ -1,3 +1,13 @@
-INFO using config file                             file=testdata/configs/1.yaml
-DEBU running with options                          arch=%s driverversion=master kernelrelease=4.15.0-1057-aws kernelversion=229 output-module=/tmp/override.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+INFO  using config file file: testdata/configs/1.yaml
+DEBUG running with options
+    ├ output-module: /tmp/override.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 229
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: []
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker

cmd/testdata/docker-override-urls-from-config-debug.txt

@@ -1,3 +1,13 @@
-INFO using config file                             file=testdata/configs/2.yaml
-DEBU running with options                          arch=%s driverversion=master kernelrelease=4.15.0-1057-aws kernelurls="[https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]" kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+INFO  using config file file: testdata/configs/2.yaml
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker

cmd/testdata/docker-related-target-debug.txt

@@ -1,3 +1,13 @@
-DEBU running without a configuration file         
-DEBU running with options                          arch=%s driverversion=master kernelrelease=4.15.0-1057-azure kernelurls="[http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]" kernelversion=62 output-module=/tmp/falco-ubuntu-azure.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+DEBUG running without a configuration file 
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-azure.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-azure
+    ├ kernelversion: 62
+    ├ target: ubuntu-azure
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-azure-headers-4.15.0-1057_4.15.0-1057.62_all.deb http://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-azure/linux-headers-4.15.0-1057-azure_4.15.0-1057.62_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker

cmd/testdata/docker-target-redhat-validation-error-debug.txt

@@ -0,0 +1,4 @@
+DEBUG running without a configuration file 
+ERROR error validating build options
+    └ err: builder image is a required field when target is redhat
+ERROR error executing driverkit err: exiting for validation errors

cmd/testdata/docker-with-flags-debug.txt

@@ -1,3 +1,13 @@
-DEBU running without a configuration file         
-DEBU running with options                          arch=%s driverversion=master kernelrelease=4.15.0-1057-aws kernelurls="[https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]" kernelversion=59 output-module=/tmp/falco-ubuntu-aws.ko target=ubuntu-aws
-INFO driver building, it will take a few seconds   processor=docker
+DEBUG running without a configuration file 
+DEBUG running with options
+    ├ output-module: /tmp/falco-ubuntu-aws.ko
+    ├ output-probe: /tmp/falco-ubuntu-aws.o
+    ├ driverversion: master
+    ├ kernelrelease: 4.15.0-1057-aws
+    ├ kernelversion: 59
+    ├ target: ubuntu-aws
+    ├ arch: {{ .CurrentArch }}
+    ├ kernelurls: [https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-aws-headers-4.15.0-1057_4.15.0-1057.59_all.deb https://mirrors.edge.kernel.org/ubuntu/pool/main/l/linux-aws/linux-headers-4.15.0-1057-aws_4.15.0-1057.59_amd64.deb]
+    ├ repo-org: falcosecurity
+    └ repo-name: libs
+INFO  starting build processor: docker

cmd/testdata/docker-with-flags.txt

@@ -1 +1 @@
-INFO driver building, it will take a few seconds   processor=docker
+INFO  starting build processor: docker

cmd/testdata/dockernoopts.txt

@@ -1,28 +1,7 @@
-ERRO error validating build options                error="kernel release is a required field"
-ERRO error validating build options                error="target is a required field"
-ERRO error validating build options                error="output module path is required when probe is missing"
-ERRO error validating build options                error="output probe path is required when module is missing"
-Error: exiting for validation errors
-Usage:
-  driverkit docker [flags]
-
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for docker
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
-
+ERROR error validating build options err: kernel release is a required field
+ERROR error validating build options err: target is a required field
+ERROR error validating build options
+    └ err: output module path is required when probe is missing
+ERROR error validating build options
+    └ err: output probe path is required when module is missing
+ERROR error executing driverkit err: exiting for validation errors

cmd/testdata/help-flag.txt

@@ -1,34 +1,10 @@
-A command line tool to build Falco kernel modules and eBPF probes.
+{{ .Desc }}
 
-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}
 
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}
 
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
+{{ .Flags }}
   -v, --version                    version for driverkit
 
-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}

cmd/testdata/help.txt

@@ -1,33 +1,10 @@
-A command line tool to build Falco kernel modules and eBPF probes.
+{{ .Desc }}
 
-Usage:
-  driverkit
-  driverkit [command]
+{{ .Usage }}
 
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+{{ .Commands }}
 
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
+{{ .Flags }}
+  -v, --version                    version for driverkit
 
-Use "driverkit [command] --help" for more information about a command.
+{{ .Info }}

cmd/testdata/invalid-proxyconfig.txt

@@ -1,35 +1,3 @@
-ERRO error validating config options               error="proxy url must start with http:// or https:// or socks5:// prefix"
-Error: exiting for validation errors
-Usage:
-  driverkit
-  driverkit [command]
-
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
-  -v, --version                   version for driverkit
-
-Use "driverkit [command] --help" for more information about a command.
-
+ERROR error validating config options
+    └ err: proxy url must start with http:// or https:// or socks5:// prefix
+ERROR error executing driverkit err: exiting for validation errors

cmd/testdata/non-existent-processor.txt

@@ -1,34 +1 @@
-Error: invalid argument "abc" for "driverkit"
-Usage:
-  driverkit
-  driverkit [command]
-
-Available Commands:
-  completion  Generates completion scripts.
-  docker      Build Falco kernel modules and eBPF probes against a docker daemon.
-  help        Help about any command
-  kubernetes  Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
-Flags:
-      --architecture string       target architecture for the built driver (default "%s")
-      --builderimage string       docker image to be used to build the kernel module and eBPF probe. If not provided, the default image will be used. (default "falcosecurity/driverkit-builder:latest")
-  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
-      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
-      --dryrun                    do not actually perform the action
-  -h, --help                      help for driverkit
-      --kernelconfigdata string   base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
-      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls strings        list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
-      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
-      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-      --output-module string      filepath where to save the resulting kernel module
-      --output-probe string       filepath where to save the resulting eBPF probe
-      --proxy string              the proxy to use to download data
-  -t, --target string             the system to target the build for
-      --timeout int               timeout in seconds (default 120)
-  -v, --version                   version for driverkit
-
-Use "driverkit [command] --help" for more information about a command.
-
+ERROR error executing driverkit err: invalid argument "abc" for "driverkit"

cmd/testdata/templates/commands.txt

@@ -0,0 +1,8 @@
+Available Commands:
+  completion            Generates completion scripts.
+  docker                Build Falco kernel modules and eBPF probes against a docker daemon.
+  help                  Help about any command
+  images                List builder images
+  kubernetes            Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+  kubernetes-in-cluster Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+  local                 Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.

cmd/testdata/templates/desc.txt

@@ -0,0 +1 @@
+A command line tool to build Falco kernel modules and eBPF probes.

cmd/testdata/templates/flags.txt

@@ -0,0 +1,27 @@
+Flags:
+      --architecture string        target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for {{ .Cmd }}
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of {{ .Targets }}
+      --timeout int                timeout in seconds (default 120)

cmd/testdata/templates/info.txt

@@ -0,0 +1 @@
+Use "driverkit [command] --help" for more information about a command.

cmd/testdata/templates/usage.txt

@@ -0,0 +1,3 @@
+Usage:
+  driverkit
+  driverkit [command]

docgen/docgen.go

@@ -1,16 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main
 
 import (
 	"bytes"
 	"flag"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path"
 	"strings"
 
 	"github.com/falcosecurity/driverkit/cmd"
-	logger "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra/doc"
 )
 
@@ -47,7 +59,22 @@ func main() {
 	flag.Parse()
 
 	// Get root command
-	driverkit := cmd.NewRootCmd()
+	configOpts, err := cmd.NewConfigOptions()
+	if err != nil {
+		// configOpts will never be nil here
+		if configOpts != nil {
+			configOpts.Printer.Logger.Fatal("error setting driverkit config options defaults",
+				configOpts.Printer.Logger.Args("err", err.Error()))
+		} else {
+			os.Exit(1)
+		}
+	}
+	rootOpts, err := cmd.NewRootOptions()
+	if err != nil {
+		configOpts.Printer.Logger.Fatal("error setting driverkit root options defaults",
+			configOpts.Printer.Logger.Args("err", err.Error()))
+	}
+	driverkit := cmd.NewRootCmd(configOpts, rootOpts)
 	root := driverkit.Command()
 	num := len(root.Commands()) + 1
 
@@ -70,20 +97,20 @@ func main() {
 	}
 
 	// Generate markdown docs
-	err := doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
+	err = doc.GenMarkdownTreeCustom(root, outputDir, prepender(num), linker)
 	if err != nil {
-		logger.WithError(err).Fatal("markdown generation")
+		configOpts.Printer.Logger.Fatal("markdown generation", configOpts.Printer.Logger.Args("err", err.Error()))
 	}
 
 	if targetWebsite {
-		err := os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
+		err = os.Rename(path.Join(outputDir, "driverkit.md"), path.Join(outputDir, "_index.md"))
 		if err != nil {
-			logger.WithError(err).Fatal("renaming main docs page")
+			configOpts.Printer.Logger.Fatal("renaming main docs page", configOpts.Printer.Logger.Args("err", err.Error()))
 		}
 	}
 
-	if err := stripSensitive(); err != nil {
-		logger.WithError(err).Fatal("error replacing sensitive data")
+	if err = stripSensitive(); err != nil {
+		configOpts.Printer.Logger.Fatal("error replacing sensitive data", configOpts.Printer.Logger.Args("err", err.Error()))
 	}
 }
 
@@ -100,7 +127,7 @@ func stripSensitive() error {
 
 	for _, file := range files {
 		filePath := path.Join(outputDir, file.Name())
-		file, err := ioutil.ReadFile(filePath)
+		file, err := os.ReadFile(filePath)
 		if err != nil {
 			return err
 		}
@@ -110,7 +137,7 @@ func stripSensitive() error {
 			target := []byte(os.Getenv(s))
 			file = bytes.ReplaceAll(file, target, append(envMark, []byte(s)...))
 		}
-		if err = ioutil.WriteFile(filePath, file, 0666); err != nil {
+		if err = os.WriteFile(filePath, file, 0666); err != nil {
 			return err
 		}
 	}

docker/builders/builder-amazonlinux2-x86_64_gcc10.0.0.Dockerfile

@@ -0,0 +1,32 @@
+FROM amazonlinux:2.0.20240529.0
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+RUN yum -y install gcc10 \
+    clang \
+    llvm \
+    bash-completion \
+    bc \
+    ca-certificates \
+    curl \
+    gnupg2 \
+    libc6-dev \
+    elfutils-libelf-devel \
+    xz \
+    cpio \
+    flex \
+    bison \
+    openssl \
+    openssl-devel \
+    wget \
+    binutils \
+    which \
+    make \
+    cmake3 \
+    tar \
+    zstd \
+    git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc10-cc /usr/bin/gcc-10.0.0
+RUN ln -s /usr/bin/cmake3 /usr/bin/cmake

docker/builders/builder-any-aarch64_gcc10.0.0_gcc9.0.0.Dockerfile

@@ -0,0 +1 @@
+builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile

docker/builders/builder-any-aarch64_gcc12.0.0_gcc11.0.0.Dockerfile

@@ -0,0 +1 @@
+builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile

docker/builders/builder-any-aarch64_gcc13.0.0.Dockerfile

@@ -0,0 +1 @@
+builder-any-x86_64_gcc13.0.0.Dockerfile

docker/builders/builder-any-aarch64_gcc14.0.0.Dockerfile

@@ -0,0 +1 @@
+builder-any-x86_64_gcc14.0.0.Dockerfile

docker/builders/builder-any-aarch64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile

@@ -0,0 +1 @@
+builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile

docker/builders/builder-any-x86_64_gcc10.0.0_gcc9.0.0.Dockerfile

@@ -0,0 +1,48 @@
+FROM debian:bullseye
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	bash-completion \
+	bc \
+	clang \
+    llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+    gcc-9 \
+	jq \
+	libc6-dev \
+	libelf-dev \
+	netcat \
+	xz-utils \
+	rpm2cpio \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	libssl-dev \
+	libncurses-dev \
+	libudev-dev \
+	libpci-dev \
+	libiberty-dev \
+	lsb-release \
+	wget \
+	software-properties-common \
+	gpg \
+	zstd \
+	cmake \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc-9 /usr/bin/gcc-9.0.0
+RUN ln -s /usr/bin/gcc-10 /usr/bin/gcc-10.0.0

docker/builders/builder-any-x86_64_gcc12.0.0_gcc11.0.0.Dockerfile

@@ -0,0 +1,48 @@
+FROM debian:bookworm
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
+
+RUN apt-get update \
+	&& apt-get install -y --no-install-recommends \
+	bash-completion \
+	bc \
+	clang \
+    llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+    gcc-11 \
+	jq \
+	libc6-dev \
+	libelf-dev \
+	netcat-openbsd \
+	xz-utils \
+	rpm2cpio \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	libssl-dev \
+	libncurses-dev \
+	libudev-dev \
+	libpci-dev \
+	libiberty-dev \
+	lsb-release \
+	wget \
+	software-properties-common \
+	gpg \
+	zstd \
+	cmake \
+	git \
+	&& rm -rf /var/lib/apt/lists/*
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc-11 /usr/bin/gcc-11.0.0
+RUN ln -s /usr/bin/gcc-12 /usr/bin/gcc-12.0.0

docker/builders/builder-any-x86_64_gcc13.0.0.Dockerfile

@@ -0,0 +1,40 @@
+FROM fedora:39
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN dnf install -y \
+	bash-completion \
+	bc \
+	clang \
+	llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+	jq \
+	glibc-devel \
+	elfutils-libelf-devel \
+	netcat \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	ncurses-devel \
+	systemd-devel \
+	pciutils-devel \
+	binutils-devel \
+	lsb-release \
+	wget \
+	gpg \
+	zstd \
+	cmake \
+	git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-13.0.0

docker/builders/builder-any-x86_64_gcc14.0.0.Dockerfile

@@ -0,0 +1,40 @@
+FROM fedora:41
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+ARG TARGETARCH
+
+RUN dnf install -y \
+	bash-completion \
+	bc \
+	clang \
+	llvm \
+	ca-certificates \
+	curl \
+	dkms \
+	dwarves \
+	gnupg2 \
+	gcc \
+	jq \
+	glibc-devel \
+	elfutils-libelf-devel \
+	netcat \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	ncurses-devel \
+	systemd-devel \
+	pciutils-devel \
+	binutils-devel \
+	lsb-release \
+	wget \
+	gpg \
+	zstd \
+	cmake \
+	git
+
+# Properly create soft links
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-14.0.0

docker/builders/builder-any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0.Dockerfile

@@ -5,23 +5,29 @@ LABEL maintainer="cncf-falco-dev@lists.cncf.io"
 ARG TARGETARCH
 
 RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
-RUN echo 'deb http://deb.debian.org/debian buster-backports main' >>/etc/apt/sources.list
+
+# Use 20250630T203427Z debian apt snapshot as it still contains support for buster.
+RUN cat <<EOF > /etc/apt/sources.list
+deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster main
+deb http://snapshot.debian.org/archive/debian-security/20250630T203427Z buster/updates main
+deb http://snapshot.debian.org/archive/debian/20250630T203427Z buster-updates main
+EOF
 
 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends \
 	bash-completion \
 	bc \
-	clang-7 \
+	clang \
+    	llvm \
 	ca-certificates \
 	curl \
 	dkms \
-	dwarves/buster-backports \
+	dwarves \
 	gnupg2 \
 	gcc \
 	jq \
 	libc6-dev \
 	libelf-dev \
-	llvm-7 \
 	netcat \
 	xz-utils \
 	rpm2cpio \
@@ -39,15 +45,19 @@ RUN apt-get update \
 	software-properties-common \
 	gpg \
 	zstd \
+	gawk \
+	mawk \
+	git \
 	&& rm -rf /var/lib/apt/lists/*
 
 RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get install -y --no-install-recommends libmpx2; fi
 
-# Install clang 12
-RUN cd /tmp \
-	&& wget https://apt.llvm.org/llvm.sh \
-	&& chmod +x llvm.sh \
-	&& ./llvm.sh 12
+# gcc 4.9 is required on x86 to build some 3.10+ kernels
+# note: on arm gcc 4.9 could not be found.
+RUN echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial main' >> /etc/apt/sources.list     && \
+	echo 'deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe' >> /etc/apt/sources.list
+# repo is unsigned therefore the APT options
+RUN if [ "$TARGETARCH" = "amd64" ] ; then apt-get -o Acquire::AllowInsecureRepositories=true -o Acquire::AllowDowngradeToInsecureRepositories=true update && apt-get -o APT::Get::AllowUnauthenticated=true install -y --no-install-recommends gcc-4.9; fi
 
 # gcc 6 is no longer included in debian stable, but we need it to
 # build kernel modules on the default debian-based ami used by
@@ -120,3 +130,17 @@ RUN curl -L -o binutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dep
 	&& curl -L -o binutils-common_2.30-22_${TARGETARCH}.deb https://download.falco.org/dependencies/binutils-common_2.30-22_${TARGETARCH}.deb \
 	&& dpkg -i *binutils*.deb \
 	&& rm -f *binutils*.deb
+
+# Install a recent version of cmake (debian buster has at most 3.13)
+RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
+    gzip -d /tmp/cmake.tar.gz; \
+    tar -xpf /tmp/cmake.tar --directory=/tmp; \
+    cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
+    rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc-4.8 /usr/bin/gcc-4.8.0
+RUN if [ "$TARGETARCH" = "amd64" ] ; then ln -s /usr/bin/gcc-4.9 /usr/bin/gcc-4.9.0; fi;
+RUN ln -s /usr/bin/gcc-5 /usr/bin/gcc-5.0.0
+RUN ln -s /usr/bin/gcc-6 /usr/bin/gcc-6.0.0
+RUN ln -s /usr/bin/gcc-8 /usr/bin/gcc-8.0.0

docker/builders/builder-centos-x86_64_gcc4.8.5.Dockerfile

@@ -0,0 +1,50 @@
+FROM centos:7
+
+LABEL maintainer="cncf-falco-dev@lists.cncf.io"
+
+# Fix broken mirrors - centos:7 eol
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+RUN yum -y install centos-release-scl
+
+# fix broken mirrors (again)
+RUN sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo; \
+    sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo
+
+RUN yum -y install gcc \
+    llvm-toolset-7.0 \
+	bash-completion \
+	bc \
+	ca-certificates \
+	curl \
+	gnupg2 \
+	libc6-dev \
+	elfutils-libelf-devel \
+	xz \
+	cpio \
+	flex \
+	bison \
+	openssl \
+	openssl-devel \
+	wget \
+	binutils \
+	which \
+	make \
+	git
+
+# Install cmake3.x (on centos7 `cmake` package installs cmake2.x)
+RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \
+    gzip -d /tmp/cmake.tar.gz; \
+    tar -xpf /tmp/cmake.tar --directory=/tmp; \
+    cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \
+    rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/
+
+# Properly create soft link
+RUN ln -s /usr/bin/gcc /usr/bin/gcc-4.8.5
+
+RUN source scl_source enable llvm-toolset-7.0
+RUN echo "source scl_source enable llvm-toolset-7.0" >> /etc/bashrc
+RUN source /etc/bashrc

docs/builder.md

@@ -0,0 +1,196 @@
+# Builders
+
+The [builder](../pkg/driverbuilder/builder) package contains all of the actual builders code, for each supported target.  
+Their bash-like build templates live under the [templates](../pkg/driverbuilder/builder/templates) subfolder.
+
+# Support a new distro
+
+You probably came here because you want to tell the [Falco Drivers Build Grid](https://github.com/falcosecurity/test-infra/tree/master/driverkit) to
+build drivers for a specific distro you care about.
+
+If that distribution is not yet supported by driverkit, the Falco Drivers Build Grid will not be able to just build it as it does for other distros.
+
+Adding support for a new distro is a multiple-step work:
+* first of all, a new builder on driverkit must be created
+* secondly, [kernel-crawler](https://github.com/falcosecurity/kernel-crawler) must also be updated to support the new distro; see [below](#5-kernel-crawler) section
+* third, [dbg-go](https://github.com/falcosecurity/dbg-go) must [bump driverkit](https://github.com/falcosecurity/dbg-go?tab=readme-ov-file#bumping-driverkit) and enable support to generate configs for the new distro: https://github.com/falcosecurity/dbg-go/blob/main/pkg/root/distro.go#L30.
+* lastly, [test-infra](https://github.com/falcosecurity/test-infra) must be updated to add the new [prow config](https://github.com/falcosecurity/test-infra/tree/master/config/jobs/build-drivers) for new distro related jobs and `dbg-go` images must be bumped, see https://github.com/falcosecurity/test-infra/tree/master/images/build-drivers and https://github.com/falcosecurity/test-infra/tree/master/images/update-dbg.
+
+Here, we will only focus about driverkit part.
+
+## Creating a new Builder
+
+To add a new supported distribution, you need to create a specific file implementing the `builder.Builder` interface.  
+Here's the [archlinux](../pkg/driverbuilder/builder/archlinux.go) one for reference.  
+Following this simple set of instructions should help you while you implement a new `builder.Builder`.
+
+### 1. Builder file
+
+Create a file, named with the name of the distro you want to add in the `pkg/driverbuilder/builder` folder.
+
+```bash
+touch pkg/driverbuilder/builder/archlinux.go
+```
+
+### 2. Target name
+
+Your builder will need a constant for the target it implements. Usually that constant
+can just be the ID of the distribution you are implementing, as taken reading `/etc/os-release` file.  
+A builder can implement more than one target at time. For example, the minikube builder is just a vanilla one.
+
+Once you have the constant, you will need to add it to the [byTarget](https://github.com/falcosecurity/driverkit/blob/master/pkg/driverbuilder/builder/target.go) map. 
+Open your file and you will need to add something like this:
+
+```go
+// TargetTypeArchLinux identifies the Arch Linux target.
+const TargetTypeArchLinux Type = "arch"
+
+type archLinux struct {
+}
+
+func init() {
+	byTarget[TargetTypeArchLinux] = &archLinux{}
+}
+```
+
+Now, you can implement the `builder.Builder` interface for the `archlinux` struct
+you just registered.
+
+Here's a very minimalistic example:
+
+```go
+func (c *archlinux) Name() string {
+    return TargetTypeArchlinux.String()
+}
+
+func (c *archlinux) TemplateKernelUrlsScript() string { 
+	return archlinuxKernelTemplate 
+}
+
+func (c *archlinux) TemplateScript() string {
+    return archlinuxTemplate
+}
+
+func (c archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+    urls := []string{}
+    if kr.Architecture == kernelrelease.ArchitectureAmd64 {
+        urls = append(urls, fmt.Sprintf("https://archive.archlinux.org/packages/l/linux-headers/linux-headers-%s.%s-%d-%s.pkg.tar.xz",
+            kr.Fullversion,
+            kr.Extraversion,
+            cfg.KernelVersion,
+            kr.Architecture.ToNonDeb()))
+    } else {
+        urls = append(urls, fmt.Sprintf("https://alaa.ad24.cz/packages/l/linux-%s-headers/linux-%s-headers-%s-%d-%s.pkg.tar.xz",
+            kr.Architecture.ToNonDeb(),
+            kr.Architecture.ToNonDeb(),
+            kr.Fullversion,
+            cfg.KernelVersion,
+            kr.Architecture.ToNonDeb()))
+    }
+    return urls, nil
+}
+
+func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+    return archlinuxTemplateData{
+        KernelDownloadURL: urls[0],
+    }
+}
+```
+
+Essentially, the various methods that you are implementing are needed to:
+* fill the kernel download/extract script template, a `bash` script responsible to fetch and extract the kernel headers for the distro
+* fill the build script template (see below), that is a `bash` script that will be executed by driverkit at build time
+* return a list of possible kernel headers urls that will later be downloaded by the kernel download script, and then used for the driver build
+
+Under `pkg/driverbuilder/builder/templates` folder, you can find all the template scripts for the supported builders.  
+Adding a new template there and using `go:embed` to include it in your builder, allows leaner code
+without mixing up templates and builder logic.  
+For example:
+
+```go
+//go:embed templates/archlinux_kernel.sh
+var archlinuxKernelTemplate string
+
+//go:embed templates/archlinux.sh
+var archlinuxTemplate string
+```
+
+Depending on how the distro works, the "kernel" template script will fetch the kernel headers for it at the specific kernel version specified
+in the `Config` struct at `c.Build.KernelVersion`, and then extracting them.  
+Finally, the script will also `export` the `KERNELDIR` variable to be consumed by the actual build script.  
+Example kernel download template for archlinux:
+```bash
+set -xeuo pipefail
+
+# Fetch the kernel
+mkdir /tmp/kernel-download
+cd /tmp/kernel-download
+curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }}
+tar -xf kernel-devel.pkg.tar.xz
+rm -Rf /tmp/kernel
+mkdir -p /tmp/kernel
+mv usr/lib/modules/*/build/* /tmp/kernel
+
+# exit value
+export KERNELDIR=/tmp/kernel
+```
+
+Once you have those, based on what that kernel can do and based on what was configured
+by the user, the build script will build the kernel module driver and/or the eBPF probe driver.
+Example build template for archlinux:
+```bash
+set -xeuo pipefail
+
+cd {{ .DriverBuildDir }}
+mkdir -p build && cd build
+{{ .CmakeCmd }}
+
+{{ if .BuildModule }}
+# Build the module
+make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
+strip -g {{ .ModuleFullPath }}
+# Print results
+modinfo {{ .ModuleFullPath }}
+{{ end }}
+
+{{ if .BuildProbe }}
+# Build the eBPF probe
+make bpf
+ls -l driver/bpf/probe.o
+{{ end }}
+```
+
+How does this work?
+
+If the user specifies:
+
+- `c.Build.ModuleFilePath` you will need to build the kernel module and save it in /tmp/driver/falco.ko`
+- `c.Build.ProbeFilePath` you will need to build the eBPF probe and save it in /tmp/driver/probe.o`
+
+The `/tmp/driver` MUST be interpolated from the `DriverDirectory` constant from [`builders.go`](/pkg/driverbuilder/builder/builders.go).
+
+If you look at the various builder implemented, you will see that the task of creating a new builder
+can be easy or difficult depending on how the distribution ships their artifacts.  
+Indeed, the hardest part is fetching the kernel headers urls for each distro.
+
+### 3. Customize GCC version
+
+A builder can enforce a GCC selection algorithm,  
+by implementing the `builder.GCCVersionRequestor` interface.  
+A sane default algorithm is provided, that selects a GCC version based on the kernel version.   
+The requested gcc version is then [used to find the correct builder image to be used](builder_images.md#selection-algorithm).  
+
+> **NOTE**: when implementing the `builder.GCCVersionRequestor`, returning an empty `semver.Version` means to fallback at default algorithm.
+
+However, there is no mechanism to dynamically choose a clang version, because there should never be any need of touching it.   
+The build will use the one provided by the chosen builder image.  
+Any failure must be treated as a bug, and reported on [libs](https://github.com/falcosecurity/libs) repository.
+
+### 5. kernel-crawler
+
+When creating a new builder, it is recommended to check that [kernel-crawler](https://github.com/falcosecurity/kernel-crawler)
+can also support collecting the new builders kernel versions and header package URLs. This will make sure that the latest drivers
+for the new builder are automatically built by [test-infra](https://github.com/falcosecurity/test-infra). If required, add a feature request
+for support for the new builder on the kernel-crawler repository.  
+
+> **NOTE**: be sure that the crawler you are going to add is interesting for the community as a whole.

docs/builder_images.md

@@ -0,0 +1,68 @@
+# Builder Images
+
+Driverkit supports multiple builder images.  
+A builder image is the docker image used to build the drivers.
+
+## Adding a builder image
+
+Adding a builder image is just a matter of adding a new dockerfile under the [docker/builders](../docker/builders) folder,  
+with a name matching the following regex: `builder-(?P<target>[a-z0-9]+)-(?P<arch>x86_64|aarch64)(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+).Dockerfile$`.    
+For example: `builder-centos-x86_64_gcc5.8.0_gcc6.0.0.Dockerfile`.
+
+> **NOTE:** `any` is also a valid target, and means "apply as fallback for any target"
+
+The image **MUST** symlink all of its provided GCC versions to their full semver name, like:
+* `/usr/bin/gcc5` must be linked to `/usr/bin/gcc-5.0.0`
+* `/usr/bin/gcc-4.8` must be linked to `/usr/bin/gcc-4.8.0`
+
+This is needed because driverkit logic must be able to differentiate eg: between  
+an image that provides gcc4 and one that provides 4.8, in a reliable manner.
+
+The makefile will be then automatically able to collect the new docker images and pushing it as part of the CI.  
+Note: the images will be pushed under the `falcosecurity/driverkit-builder` repository, each with a tag reflecting its name, eg:  
+* `falcosecurity/driverkit-builder:centos-x86_64_gcc5.8.0_gcc6.0.0-latest`
+* `falcosecurity/driverkit-builder:any-x86_64_gcc12.0.0-454eff8fcc7d9abc615d312e9eccbd41abffb810`
+
+As you can see, the last part of the image tag is the real versioned tag (ie: `-latest` or `-$commithash`).
+
+## Selection algorithm
+
+Once pushed, driverkit will be able to correctly load the image during startup, using [falcoctl](https://github.com/falcosecurity/falcoctl/) OCI utilities.  
+Then, it will map images whose target and architecture are correct for the current build, storing the provided GCCs list.  
+Moreover, it will also take care of only using images with correct tag (ie: `latest` or `commithash`), as requested by user or automatically set by Makefile.
+The algorithm goes as follows:
+* load any image for the build arch, tag and target
+* load any image for the build arch, tag and "any" target
+* if any of the target-specific image provides the targetGCC for the build, we are over
+* if any of the "any" fallback image provides the targetGCC for the build, we are over
+* else, find the image between target-specific and fallback ones, that provides nearest GCC.  
+In this latest step, there is no distinction between/different priority given to target specific or fallback images.
+
+## Customize builder images repos
+
+Moreover, users can also ship their own builder images in their own docker repositories, by using `--builderrepo` CLI option.  
+
+Instead of passing a docker repo, one can also pass the full path to a so-called builder images index yaml file.  
+It is mostly convenient in "static" scenarios, but it also gives the ability to freely define images name since all required infos are explicitly stated in the index file.  
+For an example of such a file, see [index.yaml](./index.yaml).
+
+One can use this option multiple times; builder repos are a priority first list of docker repositories or builder images indexes (they can be mixed too!).
+
+## Force use a builder image
+
+Users can also force-specify the builder image to be used for the current build,  
+instead of relying on the internal algorithm, by using `--builderimage` CLI option.  
+
+> **NOTE**: builderimage MUST provide the selected gcc for the build
+
+A special value for builder image is available:
+* `auto:$tag`, that is used to tell driverkit to use the automatic algorithm, but forcing a certain image tag
+
+## Force use a gcc version
+
+Users can specify the target gcc version of the build, using `--gccversion` option.  
+As seen above, this needs to be a fully expanded gcc version, like `4.8.0`, or `8.0.0`.  
+When set, the image selection algorithm will pick the best builder image, 
+ie: the one that provides the nearest gcc version.  
+One can also play with both `--gccversion` and `--builderimage` options to enforce the  
+usage of a specific builder image that ships a specific gcc version.

docs/driverkit.md

@@ -2,10 +2,6 @@
 
 A command line tool to build Falco kernel modules and eBPF probes.
 
-### Synopsis
-
-A command line tool to build Falco kernel modules and eBPF probes.
-
 ```
 driverkit
 ```
@@ -13,22 +9,31 @@ driverkit
 ### Options
 
 ```
-      --architecture string       target architecture for the built driver (default "$runtime.GOARCH")
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
   -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string       driver version as a git commit hash or as a git tag (default "master")
       --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
   -h, --help                       help for driverkit
       --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
       --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls []string       list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
       --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
       --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
       --output-module string       filepath where to save the resulting kernel module
       --output-probe string        filepath where to save the resulting eBPF probe
       --proxy string               the proxy to use to download data
-  -t, --target string             the system to target the build for
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
       --timeout int                timeout in seconds (default 120)
 ```
 
@@ -36,5 +41,8 @@ driverkit
 
 * [driverkit completion](driverkit_completion.md)	 - Generates completion scripts.
 * [driverkit docker](driverkit_docker.md)	 - Build Falco kernel modules and eBPF probes against a docker daemon.
+* [driverkit images](driverkit_images.md)	 - List builder images
 * [driverkit kubernetes](driverkit_kubernetes.md)	 - Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
+* [driverkit kubernetes-in-cluster](driverkit_kubernetes-in-cluster.md)	 - Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+* [driverkit local](driverkit_local.md)	 - Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
 

docs/driverkit_docker.md

@@ -2,10 +2,6 @@
 
 Build Falco kernel modules and eBPF probes against a docker daemon.
 
-### Synopsis
-
-Build Falco kernel modules and eBPF probes against a docker daemon.
-
 ```
 driverkit docker [flags]
 ```
@@ -13,22 +9,31 @@ driverkit docker [flags]
 ### Options
 
 ```
-      --architecture string       target architecture for the built driver (default "$runtime.GOARCH")
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
   -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
       --driverversion string       driver version as a git commit hash or as a git tag (default "master")
       --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
   -h, --help                       help for docker
       --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
       --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls []string       list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
-  -l, --loglevel string           log level (default "info")
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
       --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
       --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
       --output-module string       filepath where to save the resulting kernel module
       --output-probe string        filepath where to save the resulting eBPF probe
       --proxy string               the proxy to use to download data
-  -t, --target string             the system to target the build for
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
       --timeout int                timeout in seconds (default 120)
 ```
 

docs/driverkit_images.md

@@ -0,0 +1,43 @@
+## driverkit images
+
+List builder images
+
+```
+driverkit images [flags]
+```
+
+### Options
+
+```
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for images
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+

docs/driverkit_kubernetes-in-cluster.md

@@ -0,0 +1,46 @@
+## driverkit kubernetes-in-cluster
+
+Build Falco kernel modules and eBPF probes against a Kubernetes cluster inside a Kubernetes cluster.
+
+```
+driverkit kubernetes-in-cluster [flags]
+```
+
+### Options
+
+```
+      --architecture string        target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --builderimage string        docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings        list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+  -c, --config string              config file path (default $HOME/.driverkit.yaml if exists)
+      --driverversion string       driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                     do not actually perform the action
+      --gccversion string          enforce a specific gcc version for the build
+  -h, --help                       help for kubernetes-in-cluster
+      --image-pull-secret string   ImagePullSecret
+      --kernelconfigdata string    base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
+      --kernelrelease string       kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelurls strings         list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string       kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string            set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string    kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string    kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+  -n, --namespace string           If present, the namespace scope for the pods and its config  (default "default")
+      --output-module string       filepath where to save the resulting kernel module
+      --output-probe string        filepath where to save the resulting eBPF probe
+      --proxy string               the proxy to use to download data
+      --registry-name string       registry name to which authenticate
+      --registry-password string   registry password
+      --registry-plain-http        allows interacting with remote registry via plain http requests
+      --registry-user string       registry username
+      --repo-name string           repository github name (default "libs")
+      --repo-org string            repository github organization (default "falcosecurity")
+      --run-as-user int            Pods runner user
+  -t, --target string              the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int                timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+

docs/driverkit_kubernetes.md

@@ -2,10 +2,6 @@
 
 Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
 
-### Synopsis
-
-Build Falco kernel modules and eBPF probes against a Kubernetes cluster.
-
 ```
 driverkit kubernetes [flags]
 ```
@@ -13,36 +9,50 @@ driverkit kubernetes [flags]
 ### Options
 
 ```
-      --architecture string            target architecture for the built driver (default "$runtime.GOARCH")
-      --as string                      username to impersonate for the operation
+      --architecture string            target architecture for the built driver, one of [amd64,arm64] (default "amd64")
+      --as string                      username to impersonate for the operation, user could be a regular user or a service account in a namespace
       --as-group stringArray           group to impersonate for the operation, this flag can be repeated to specify multiple groups
-      --cache-dir string               default HTTP cache directory (default "$HOME/.kube/http-cache")
+      --as-uid string                  uID to impersonate for the operation
+      --builderimage string            docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
+      --builderrepo strings            list of docker repositories or yaml file (absolute path) containing builder images index with the format 'images: [ { target:<target>, name:<image-name>, arch: <arch>, tag: <imagetag>, gcc_versions: [ <gcc-tag> ] },...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit-builder --builderrepo falcosecurity/driverkit-builder --builderrepo '/path/to/my/index.yaml'. (default [docker.io/falcosecurity/driverkit-builder])
+      --cache-dir string               default cache directory (default "$HOME/.kube/cache")
       --certificate-authority string   path to a cert file for the certificate authority
       --client-certificate string      path to a client certificate file for TLS
       --client-key string              path to a client key file for TLS
       --cluster string                 the name of the kubeconfig cluster to use
   -c, --config string                  config file path (default $HOME/.driverkit.yaml if exists)
       --context string                 the name of the kubeconfig context to use
+      --disable-compression            if true, opt-out of response compression for all requests to the server
       --driverversion string           driver version as a git commit hash or as a git tag (default "master")
       --dryrun                         do not actually perform the action
+      --gccversion string              enforce a specific gcc version for the build
   -h, --help                           help for kubernetes
+      --image-pull-secret string       ImagePullSecret
       --insecure-skip-tls-verify       if true, the server's certificate will not be checked for validity, this will make your HTTPS connections insecure
       --kernelconfigdata string        base64 encoded kernel config data: in some systems it can be found under the /boot directory, in other it is gzip compressed under /proc
       --kernelrelease string           kernel release to build the module for, it can be found by executing 'uname -v'
-      --kernelurls []string            list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
-      --kernelversion uint16           kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default 1)
+      --kernelurls strings             list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls "<URL3>,<URL4>")
+      --kernelversion string           kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
       --kubeconfig string              path to the kubeconfig file to use for CLI requests
-  -l, --loglevel string                log level (default "info")
+  -l, --loglevel string                set level for logs (info, warn, debug, trace) (default "info")
       --moduledevicename string        kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
       --moduledrivername string        kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
-  -n, --namespace string               if present, the namespace scope for this CLI request
+  -n, --namespace string               If present, the namespace scope for the pods and its config  (default "default")
       --output-module string           filepath where to save the resulting kernel module
       --output-probe string            filepath where to save the resulting eBPF probe
       --proxy string                   the proxy to use to download data
+      --registry-name string           registry name to which authenticate
+      --registry-password string       registry password
+      --registry-plain-http            allows interacting with remote registry via plain http requests
+      --registry-user string           registry username
+      --repo-name string               repository github name (default "libs")
+      --repo-org string                repository github organization (default "falcosecurity")
       --request-timeout string         the length of time to wait before giving up on a single server request, non-zero values should contain a corresponding time unit (e.g, 1s, 2m, 3h), a value of zero means don't timeout requests (default "0")
+      --run-as-user int                Pods runner user
   -s, --server string                  the address and port of the Kubernetes API server
-  -t, --target string                  the system to target the build for
+  -t, --target string                  the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
       --timeout int                    timeout in seconds (default 120)
+      --tls-server-name string         server name to use for server certificate validation, if it is not provided, the hostname used to contact the server is used
       --token string                   bearer token for authentication to the API server
       --user string                    the name of the kubeconfig user to use
 ```

docs/driverkit_local.md

@@ -0,0 +1,36 @@
+## driverkit local
+
+Build Falco kernel modules and eBPF probes in local env with local kernel sources and gcc/clang.
+
+```
+driverkit local [flags]
+```
+
+### Options
+
+```
+  -c, --config string             config file path (default $HOME/.driverkit.yaml if exists)
+      --dkms                      Enforce usage of DKMS to build the kernel module.
+      --download-headers          Try to automatically download kernel headers.
+      --driverversion string      driver version as a git commit hash or as a git tag (default "master")
+      --dryrun                    do not actually perform the action
+      --env stringToString        Env variables to be enforced during the driver build. (default [])
+  -h, --help                      help for local
+      --kernelrelease string      kernel release to build the module for, it can be found by executing 'uname -v'
+      --kernelversion string      kernel version to build the module for, it's the numeric value after the hash when you execute 'uname -v' (default "1")
+  -l, --loglevel string           set level for logs (info, warn, debug, trace) (default "info")
+      --moduledevicename string   kernel module device name (the default is falco, so the device will be under /dev/falco*) (default "falco")
+      --moduledrivername string   kernel module driver name, i.e. the name you see when you check installed modules via lsmod (default "falco")
+      --output-module string      filepath where to save the resulting kernel module
+      --output-probe string       filepath where to save the resulting eBPF probe
+      --repo-name string          repository github name (default "libs")
+      --repo-org string           repository github organization (default "falcosecurity")
+      --src-dir string            Enforce usage of local source dir to build drivers.
+  -t, --target string             the system to target the build for, one of [alinux,almalinux,amazonlinux,amazonlinux2,amazonlinux2022,amazonlinux2023,arch,bottlerocket,centos,debian,fedora,flatcar,minikube,ol,opensuse,photon,redhat,rocky,sles,talos,ubuntu,vanilla]
+      --timeout int               timeout in seconds (default 120)
+```
+
+### SEE ALSO
+
+* [driverkit](driverkit.md)	 - A command line tool to build Falco kernel modules and eBPF probes.
+

docs/index.yaml

@@ -0,0 +1,31 @@
+images:
+  - name: docker.io/falcosecurity/driverkit-builder:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+      - 6.0.0
+      - 5.0.0
+      - 4.9.0
+      - 4.8.0
+  # Name is just the image name that will be used to download the image.
+  # Contrarily to normal repo lister there is no constraint on it,
+  # since all fields are already explicitly available
+  - name: docker.io/foo/bar:mytag
+    target: arch
+    arch: x86_64
+    tag: mytag
+    gcc_versions:
+      - 13.1.1
+
+  # Image name tag ("mytag" in this case)
+  # is not even required to match "tag" property below,
+  # since the latter is used to match against the desired builder image tag for the build,
+  # while the former is the real image tag that will be used.
+  - name: docker.io/foo/baz:mytag
+    target: arch
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 13.1.1

go.mod

@@ -1,33 +1,162 @@
 module github.com/falcosecurity/driverkit
 
-go 1.16
+go 1.24.1
+
+toolchain go1.24.2
 
 require (
-	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d
-	github.com/containerd/containerd v1.6.3 // indirect
-	github.com/creasty/defaults v1.6.0
-	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.14+incompatible
-	github.com/go-playground/locales v0.14.0
-	github.com/go-playground/universal-translator v0.18.0
-	github.com/go-playground/validator/v10 v10.10.1
-	github.com/mattn/go-sqlite3 v1.14.12
+	github.com/blang/semver/v4 v4.0.0
+	github.com/creasty/defaults v1.7.0
+	github.com/docker/docker v28.3.3+incompatible
+	github.com/falcosecurity/falcoctl v0.11.1
+	github.com/go-playground/locales v0.14.1
+	github.com/go-playground/universal-translator v0.18.1
+	github.com/go-playground/validator/v10 v10.24.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
-	github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799
-	github.com/sirupsen/logrus v1.8.1
-	github.com/spf13/cobra v1.4.0
-	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.11.0
-	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
-	google.golang.org/grpc v1.46.0 // indirect
+	github.com/olekukonko/tablewriter v0.0.5
+	github.com/opencontainers/image-spec v1.1.1
+	github.com/pterm/pterm v0.12.80
+	github.com/spf13/cobra v1.9.1
+	github.com/spf13/pflag v1.0.6
+	github.com/spf13/viper v1.20.0
+	gopkg.in/yaml.v3 v3.0.1
 	gotest.tools v2.2.0+incompatible
-	gotest.tools/v3 v3.2.0 // indirect
-	k8s.io/api v0.23.6
-	k8s.io/apimachinery v0.23.6
-	k8s.io/cli-runtime v0.23.6
-	k8s.io/client-go v0.23.6
-	k8s.io/kubectl v0.23.6
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
+	k8s.io/api v0.32.3
+	k8s.io/apimachinery v0.32.3
+	k8s.io/cli-runtime v0.30.0
+	k8s.io/client-go v0.32.3
+	k8s.io/kubectl v0.30.0
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
+	modernc.org/sqlite v1.29.9
+	oras.land/oras-go/v2 v2.5.0
+)
+
+require (
+	atomicgo.dev/cursor v0.2.0 // indirect
+	atomicgo.dev/keyboard v0.2.9 // indirect
+	atomicgo.dev/schedule v0.1.0 // indirect
+	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
+	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/chai2010/gettext-go v1.0.3 // indirect
+	github.com/containerd/console v1.0.4 // indirect
+	github.com/containerd/errdefs v1.0.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect
+	github.com/creack/pty v1.1.21 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
+	github.com/evanphx/json-patch v5.9.0+incompatible // indirect
+	github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
+	github.com/fatih/camelcase v1.0.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/fvbommel/sortorder v1.1.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
+	github.com/go-errors/errors v1.5.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.3.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/btree v1.1.3 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/gookit/color v1.5.4 // indirect
+	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
+	github.com/lithammer/fuzzysearch v1.1.8 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/moby/go-archive v0.1.0 // indirect
+	github.com/moby/patternmatcher v0.6.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
+	github.com/moby/sys/atomicwriter v0.1.0 // indirect
+	github.com/moby/sys/sequential v0.6.0 // indirect
+	github.com/moby/sys/user v0.4.0 // indirect
+	github.com/moby/sys/userns v0.1.0 // indirect
+	github.com/moby/term v0.5.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sagikazarmark/locafero v0.7.0 // indirect
+	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
+	github.com/spf13/afero v1.12.0 // indirect
+	github.com/spf13/cast v1.7.1 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.starlark.net v0.0.0-20240507195648-35fe9f26b4bc // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/oauth2 v0.28.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/time v0.11.0 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gotest.tools/v3 v3.5.2 // indirect
+	k8s.io/component-base v0.30.0 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	modernc.org/gc/v3 v3.0.0-20240304020402-f0dba7c97c2b // indirect
+	modernc.org/libc v1.50.5 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/strutil v1.2.0 // indirect
+	modernc.org/token v1.1.0 // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/kustomize/api v0.17.1 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )

main.go

@@ -1,3 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package main
 
 import (

pkg/driverbuilder/builder/aliyunlinux.go

@@ -0,0 +1,84 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/alinux_kernel.sh
+var alinuxKernelTemplate string
+
+//go:embed templates/alinux.sh
+var alinuxTemplate string
+
+// TargetTypeAlinux identifies the AliyunLinux 2 and 3 target.
+const TargetTypeAlinux Type = "alinux"
+
+func init() {
+	byTarget[TargetTypeAlinux] = &alinux{}
+}
+
+type alinuxTemplateData struct {
+	KernelDownloadURL string
+}
+
+type alinux struct {
+}
+
+func (c *alinux) Name() string {
+	return TargetTypeAlinux.String()
+}
+
+func (c *alinux) TemplateKernelUrlsScript() string {
+	return alinuxKernelTemplate
+}
+
+func (c *alinux) TemplateScript() string {
+	return alinuxTemplate
+}
+
+func (c *alinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAlinuxKernelURLS(kr), nil
+}
+
+func (c *alinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return alinuxTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchAlinuxKernelURLS(kr kernelrelease.KernelRelease) []string {
+	alinuxReleases := []string{
+		"2",
+		"2.1903",
+		"3",
+	}
+
+	urls := []string{}
+	for _, r := range alinuxReleases {
+		urls = append(urls, fmt.Sprintf(
+			"http://mirrors.aliyun.com/alinux/%s/os/%s/Packages/kernel-devel-%s%s.rpm",
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+	}
+	return urls
+}

pkg/driverbuilder/builder/almalinux.go

@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/almalinux_kernel.sh
+var almaKernelTemplate string
+
+//go:embed templates/almalinux.sh
+var almaTemplate string
+
+// TargetTypeAlma identifies the AlmaLinux target.
+const TargetTypeAlma Type = "almalinux"
+
+func init() {
+	byTarget[TargetTypeAlma] = &alma{}
+}
+
+type almaTemplateData struct {
+	KernelDownloadURL string
+}
+
+// alma is a driverkit target.
+type alma struct {
+}
+
+func (c *alma) Name() string {
+	return TargetTypeAlma.String()
+}
+
+func (c *alma) TemplateKernelUrlsScript() string {
+	return almaKernelTemplate
+}
+
+func (c *alma) TemplateScript() string {
+	return almaTemplate
+}
+
+func (c *alma) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAlmaKernelURLS(kr), nil
+}
+
+func (c *alma) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return almaTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchAlmaKernelURLS(kr kernelrelease.KernelRelease) []string {
+	almaReleases := []string{
+		"8",
+		"8.6",
+		"9",
+		"9.0",
+	}
+
+	urls := []string{}
+	for _, r := range almaReleases {
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://repo.almalinux.org/almalinux/%s/AppStream/%s/os/Packages/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
+			urls = append(urls, fmt.Sprintf(
+				"https://repo.almalinux.org/almalinux/%s/BaseOS/%s/os/Packages/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		}
+	}
+	return urls
+}

pkg/driverbuilder/builder/amazonlinux.go

@@ -1,3 +1,17 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
@@ -5,28 +19,55 @@ import (
 	"bytes"
 	"compress/bzip2"
 	"compress/gzip"
+	"database/sql"
+	_ "embed"
 	"fmt"
+	"github.com/blang/semver/v4"
 	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"strings"
-	"text/template"
 
-	"database/sql"
+	_ "modernc.org/sqlite"
 
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
-	_ "github.com/mattn/go-sqlite3" // Why do you want me to justify? Leave me alone :)
-	logger "github.com/sirupsen/logrus"
 )
 
-type amazonlinux2 struct {
+//go:embed templates/amazonlinux_kernel.sh
+var amazonlinuxKernelTemplate string
+
+//go:embed templates/amazonlinux.sh
+var amazonlinuxTemplate string
+
+type amazonBuilder interface {
+	Builder
+	repos() []string
+	baseUrl() string
+	ext() string
 }
 
 type amazonlinux struct {
 }
 
+type amazonlinux2 struct {
+	amazonlinux
+}
+
+type amazonlinux2022 struct {
+	amazonlinux
+}
+
+type amazonlinux2023 struct {
+	amazonlinux
+}
+
+// TargetTypeAmazonLinux2023 identifies the AmazonLinux2023 target.
+const TargetTypeAmazonLinux2023 Type = "amazonlinux2023"
+
+// TargetTypeAmazonLinux2022 identifies the AmazonLinux2022 target.
+const TargetTypeAmazonLinux2022 Type = "amazonlinux2022"
+
 // TargetTypeAmazonLinux2 identifies the AmazonLinux2 target.
 const TargetTypeAmazonLinux2 Type = "amazonlinux2"
 
@@ -34,136 +75,38 @@ const TargetTypeAmazonLinux2 Type = "amazonlinux2"
 const TargetTypeAmazonLinux Type = "amazonlinux"
 
 func init() {
-	BuilderByTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
-	BuilderByTarget[TargetTypeAmazonLinux] = &amazonlinux{}
+	byTarget[TargetTypeAmazonLinux2023] = &amazonlinux2023{}
+	byTarget[TargetTypeAmazonLinux2022] = &amazonlinux2022{}
+	byTarget[TargetTypeAmazonLinux2] = &amazonlinux2{}
+	byTarget[TargetTypeAmazonLinux] = &amazonlinux{}
 }
 
-const amazonlinuxTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-{{ range $url := .KernelDownloadURLs }}
-curl --silent -o kernel.rpm -SL {{ $url }}
-rpm2cpio kernel.rpm | cpio --extract --make-directories
-rm -rf kernel.rpm
-{{ end }}
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-{{ if .BuildModule }}
-# Build the kernel module
-cd {{ .DriverBuildDir }}
-
-make KERNELDIR=/tmp/kernel CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE=""
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-{{ .LLVMVersion }} CLANG=/usr/bin/clang-{{ .LLVMVersion }} CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
 type amazonlinuxTemplateData struct {
-	DriverBuildDir     string
-	ModuleDownloadURL  string
 	KernelDownloadURLs []string
-	GCCVersion         string
-	ModuleDriverName   string
-	ModuleFullPath     string
-	BuildModule        bool
-	BuildProbe         bool
-	LLVMVersion        string
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (a amazonlinux2) Script(c Config) (string, error) {
-	return script(c, TargetTypeAmazonLinux2)
+func (a *amazonlinux) Name() string {
+	return TargetTypeAmazonLinux.String()
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (a amazonlinux) Script(c Config) (string, error) {
-	return script(c, TargetTypeAmazonLinux)
+func (a *amazonlinux) TemplateKernelUrlsScript() string { return amazonlinuxKernelTemplate }
+
+func (a *amazonlinux) TemplateScript() string {
+	return amazonlinuxTemplate
 }
 
-func script(c Config, targetType Type) (string, error) {
-	t := template.New(string(targetType))
-	parsed, err := t.Parse(amazonlinuxTemplate)
-	if err != nil {
-		return "", err
+func (a *amazonlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
 }
 
-	kv := kernelReleaseFromBuildConfig(c.Build)
-
-	var urls []string
-    if c.KernelUrls == nil {
-        // Check (and filter) existing kernels before continuing
-        var packages []string
-        packages, err = fetchAmazonLinuxPackagesURLs(kv, targetType)
-        if err != nil {
-            return "", err
-        }
-        urls, err = getResolvingURLs(packages)
-    } else {
-        urls, err = getResolvingURLs(c.KernelUrls)
-    }
-    if err != nil {
-        return "", err
-    }
-    if len(urls) < 2 {
-        return "", fmt.Errorf("target %s needs to find both kernel and kernel-devel packages", targetType)
-    }
-
-	td := amazonlinuxTemplateData{
-		DriverBuildDir:     DriverDirectory,
-		ModuleDownloadURL:  moduleDownloadURL(c),
+func (a *amazonlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return amazonlinuxTemplateData{
 		KernelDownloadURLs: urls,
-		GCCVersion:         amazonGccVersionFromKernelRelease(kv),
-		ModuleDriverName:   c.DriverName,
-		ModuleFullPath:     ModuleFullPath,
-		BuildModule:        len(c.Build.ModuleFilePath) > 0,
-		BuildProbe:         len(c.Build.ProbeFilePath) > 0,
-		LLVMVersion:        amazonLLVMVersionFromKernelRelease(kv),
+	}
 }
 
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
-}
-
-var reposByTarget = map[Type][]string{
-	TargetTypeAmazonLinux2: []string{
-		"core/2.0",
-		"core/latest",
-		"extras/kernel-5.4/latest",
-		"extras/kernel-5.10/latest",
-	},
-	TargetTypeAmazonLinux: []string{
+func (a *amazonlinux) repos() []string {
+	return []string{
 		"latest/updates",
 		"latest/main",
 		"2017.03/updates",
@@ -172,36 +115,138 @@ var reposByTarget = map[Type][]string{
 		"2017.09/main",
 		"2018.03/updates",
 		"2018.03/main",
-	},
+	}
 }
 
-var baseByTarget = map[Type]string{
-	TargetTypeAmazonLinux:  "http://repo.us-east-1.amazonaws.com/%s",
-	TargetTypeAmazonLinux2: "http://amazonlinux.us-east-1.amazonaws.com/2/core/%s/%s",
+func (a *amazonlinux) baseUrl() string {
+	return "http://repo.us-east-1.amazonaws.com"
 }
 
-func fetchAmazonLinuxPackagesURLs(kv kernelrelease.KernelRelease, targetType Type) ([]string, error) {
-	urls := []string{}
-	visited := map[string]bool{}
-	amazonlinux2baseURL := "http://amazonlinux.us-east-1.amazonaws.com"
+func (a *amazonlinux) ext() string {
+	return "bz2"
+}
 
-	for _, v := range reposByTarget[targetType] {
+func (a *amazonlinux2022) Name() string {
+	return TargetTypeAmazonLinux2022.String()
+}
+
+func (a *amazonlinux2022) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2022) repos() []string {
+	return []string{
+		"2022.0.20220202",
+		"2022.0.20220315",
+	}
+}
+
+func (a *amazonlinux2022) baseUrl() string {
+	return "https://al2022-repos-us-east-1-9761ab97.s3.dualstack.us-east-1.amazonaws.com/core/mirrors"
+}
+
+func (a *amazonlinux2022) ext() string {
+	return "gz"
+}
+
+func (a *amazonlinux2023) Name() string {
+	return TargetTypeAmazonLinux2023.String()
+}
+
+func (a *amazonlinux2023) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2023) repos() []string {
+	return []string{
+		"latest",
+	}
+}
+
+func (a *amazonlinux2023) baseUrl() string {
+	return "https://cdn.amazonlinux.com/al2023/core/mirrors"
+}
+
+func (a *amazonlinux2023) ext() string {
+	return "gz"
+}
+
+func (a *amazonlinux2) Name() string {
+	return TargetTypeAmazonLinux2.String()
+}
+
+func (a *amazonlinux2) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchAmazonLinuxPackagesURLs(a, kr)
+}
+
+func (a *amazonlinux2) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// 5.10 amazonlinux2 kernels need gcc 10
+	if kr.Major == 5 && kr.Minor == 10 {
+		return semver.Version{Major: 10}
+	}
+	return semver.Version{}
+}
+
+func (a *amazonlinux2) repos() []string {
+	return []string{
+		"core/2.0",
+		"core/latest",
+		"extras/kernel-5.4/latest",
+		"extras/kernel-5.10/latest",
+		"extras/kernel-5.15/latest",
+	}
+}
+
+func (a *amazonlinux2) baseUrl() string {
+	return "http://amazonlinux.us-east-1.amazonaws.com/2"
+}
+
+func (a *amazonlinux2) ext() string {
+	return "gz"
+}
+
+func buildMirror(a amazonBuilder, r string, kv kernelrelease.KernelRelease) (string, error) {
 	var baseURL string
-		switch targetType {
-		case TargetTypeAmazonLinux:
-			baseURL = fmt.Sprintf("http://repo.us-east-1.amazonaws.com/%s", v)
-		case TargetTypeAmazonLinux2:
-			baseURL = fmt.Sprintf("%s/2/%s/%s", amazonlinux2baseURL, v, kv.Architecture.ToNonDeb())
+	switch a.(type) {
+	case *amazonlinux:
+		baseURL = fmt.Sprintf("%s/%s", a.baseUrl(), r)
+	case *amazonlinux2, *amazonlinux2022, *amazonlinux2023:
+		baseURL = fmt.Sprintf("%s/%s/%s", a.baseUrl(), r, kv.Architecture.ToNonDeb())
 	default:
-			return nil, fmt.Errorf("unsupported target")
+		return "", fmt.Errorf("unsupported target")
 	}
 
 	mirror := fmt.Sprintf("%s/%s", baseURL, "mirror.list")
-		logger.WithField("url", mirror).WithField("version", v).Debug("looking for repo...")
+	return mirror, nil
+}
+
+type unzipFunc func(io.Reader) ([]byte, error)
+
+func unzipFuncFromBuilder(a amazonBuilder) (unzipFunc, error) {
+	switch a.ext() {
+	case "gz":
+		return gunzip, nil
+	case "bz2":
+		return bunzip, nil
+	}
+	return nil, fmt.Errorf("unsupported extension: %s", a.ext())
+}
+
+func fetchAmazonLinuxPackagesURLs(a amazonBuilder, kv kernelrelease.KernelRelease) ([]string, error) {
+	urls := []string{}
+	visited := make(map[string]struct{})
+
+	for _, v := range a.repos() {
+		err := func() error {
+			mirror, err := buildMirror(a, v, kv)
+			if err != nil {
+				return err
+			}
+
 			// Obtain the repo URL by getting mirror URL content
 			mirrorRes, err := http.Get(mirror)
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer mirrorRes.Body.Close()
 
@@ -211,64 +256,57 @@ func fetchAmazonLinuxPackagesURLs(kv kernelrelease.KernelRelease, targetType Typ
 				repo = scanner.Text()
 			}
 			if repo == "" {
-			return nil, fmt.Errorf("repository not found")
+				return fmt.Errorf("repository not found")
 			}
-		repo = strings.ReplaceAll(strings.TrimSuffix(string(repo), "\n"), "$basearch", kv.Architecture.ToNonDeb())
-
-		ext := "gz"
-		if targetType == TargetTypeAmazonLinux {
-			ext = "bz2"
-		}
-		repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, ext)
+			repo = strings.ReplaceAll(strings.TrimSuffix(repo, "\n"), "$basearch", kv.Architecture.ToNonDeb())
+			repo = strings.TrimSuffix(repo, "/")
+			repoDatabaseURL := fmt.Sprintf("%s/repodata/primary.sqlite.%s", repo, a.ext())
 			if _, ok := visited[repoDatabaseURL]; ok {
-			continue
+				return nil
 			}
 			// Download the repo database
 			repoRes, err := http.Get(repoDatabaseURL)
-		logger.WithField("url", repoDatabaseURL).Debug("downloading...")
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer repoRes.Body.Close()
-		visited[repoDatabaseURL] = true
-		// Decompress the database
-		var unzipFunc func(io.Reader) ([]byte, error)
-		if targetType == TargetTypeAmazonLinux {
-			unzipFunc = bunzip
-		} else {
-			unzipFunc = gunzip
-		}
-		dbBytes, err := unzipFunc(repoRes.Body)
+			visited[repoDatabaseURL] = struct{}{}
+
+			unzip, err := unzipFuncFromBuilder(a)
 			if err != nil {
-			return nil, err
+				return err
+			}
+
+			dbBytes, err := unzip(repoRes.Body)
+			if err != nil {
+				return err
 			}
 			// Create the temporary database file
-		dbFile, err := ioutil.TempFile(os.TempDir(), fmt.Sprintf("%s-*.sqlite", targetType))
+			dbFile, err := os.CreateTemp(os.TempDir(), fmt.Sprintf("%s-*.sqlite", a.Name()))
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer os.Remove(dbFile.Name())
 			if _, err := dbFile.Write(dbBytes); err != nil {
-			return nil, err
+				return err
 			}
 			// Open the database
-		db, err := sql.Open("sqlite3", dbFile.Name())
+			db, err := sql.Open("sqlite", dbFile.Name())
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer db.Close()
-		logger.WithField("db", dbFile.Name()).Debug("connecting to database...")
 			// Query the database
 			rel := strings.TrimPrefix(strings.TrimSuffix(kv.FullExtraversion, fmt.Sprintf(".%s", kv.Architecture.ToNonDeb())), "-")
-		q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel%%' AND name NOT LIKE 'kernel-livepatch%%' AND name NOT LIKE '%%doc%%' AND name NOT LIKE '%%tools%%' AND name NOT LIKE '%%headers%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
+			q := fmt.Sprintf("SELECT location_href FROM packages WHERE name LIKE 'kernel-devel%%' AND version='%s' AND release='%s'", kv.Fullversion, rel)
 			stmt, err := db.Prepare(q)
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer stmt.Close()
 			rows, err := stmt.Query()
 			if err != nil {
-			return nil, err
+				return err
 			}
 			defer rows.Close()
 			for rows.Next() {
@@ -277,21 +315,16 @@ func fetchAmazonLinuxPackagesURLs(kv kernelrelease.KernelRelease, targetType Typ
 				if err != nil {
 					log.Fatal(err)
 				}
-			base := repo
-			if targetType == TargetTypeAmazonLinux2 {
-				base = amazonlinux2baseURL
+				urls = append(urls, fmt.Sprintf("%s/%s", repo, href))
 			}
-			href = strings.ReplaceAll(href, "../", "")
-			urls = append(urls, fmt.Sprintf("%s/%s", base, href))
-		}
-
-		if err := dbFile.Close(); err != nil {
+			return dbFile.Close()
+		}()
+		if err != nil {
 			return nil, err
 		}
 
 		// Found, do not continue
-		// todo > verify amazonlinux always needs 2 packages (kernel and kernel-devel) too
-		if len(urls) == 2 {
+		if len(urls) > 0 {
 			break
 		}
 	}
@@ -331,18 +364,3 @@ func bunzip(data io.Reader) (res []byte, err error) {
 
 	return
 }
-
-func amazonGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	return "8"
-}
-
-func amazonLLVMVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "4":
-		return "7"
-	case "5":
-		return "12"
-	default:
-		return "12"
-	}
-}

pkg/driverbuilder/builder/archlinux.go

@@ -0,0 +1,157 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/archlinux_kernel.sh
+var archlinuxKernelTemplate string
+
+//go:embed templates/archlinux.sh
+var archlinuxTemplate string
+
+// TargetTypeArchlinux identifies the Archlinux target.
+const TargetTypeArchlinux Type = "arch"
+
+func init() {
+	byTarget[TargetTypeArchlinux] = &archlinux{}
+}
+
+// archlinux is a driverkit target.
+type archlinux struct {
+}
+
+type archlinuxTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *archlinux) Name() string {
+	return TargetTypeArchlinux.String()
+}
+
+func (c *archlinux) TemplateKernelUrlsScript() string { return archlinuxKernelTemplate }
+
+func (c *archlinux) TemplateScript() string {
+	return archlinuxTemplate
+}
+
+func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	// uname -r returns "6.8.1-arch1-1" but headers URL is "6.8.1.arch1-1"
+	// Also, for 0-patch releases, like: "6.8.0-arch1-1", headers url is "6.8.arch1-1"
+	kr.FullExtraversion = strings.Replace(kr.FullExtraversion, "-arch", ".arch", 1)
+	if kr.Patch == 0 {
+		kr.Fullversion = strings.TrimSuffix(kr.Fullversion, ".0")
+	}
+
+	urls := []string{}
+	possibleCompressionSuffixes := []string{
+		"xz",
+		"zst",
+	}
+
+	// check the architecture, which limits the mirror options
+	if kr.Architecture.ToNonDeb() == "x86_64" {
+		if strings.Contains(kr.FullExtraversion, "arch") { // arch stable kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else if strings.Contains(kr.FullExtraversion, "hardened") || strings.Contains(kr.FullExtraversion, ".a-1") { // arch hardened kernel ("a-1" is old naming standard)
+			baseURL := "https://archive.archlinux.org/packages/l/linux-hardened-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-hardened-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else if strings.Contains(kr.FullExtraversion, "zen") { // arch zen kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-zen-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-zen-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		} else { // arch LTS kernel
+			baseURL := "https://archive.archlinux.org/packages/l/linux-lts-headers"
+			for _, compressionAlgo := range possibleCompressionSuffixes {
+				urls = append(
+					urls,
+					fmt.Sprintf(
+						"%s/linux-lts-headers-%s-%s-%s.pkg.tar.%s",
+						baseURL,
+						kr.String(),
+						kr.KernelVersion,
+						kr.Architecture.ToNonDeb(),
+						compressionAlgo,
+					),
+				)
+			}
+		}
+	} else if kr.Architecture.ToNonDeb() == "aarch64" {
+		baseURL := "https://alaa.ad24.cz/packages/l/linux-aarch64-headers/"
+		for _, compressionAlgo := range possibleCompressionSuffixes {
+			urls = append(
+				urls,
+				fmt.Sprintf(
+					"%s/linux-aarch64-headers-%s-%s-%s.pkg.tar.%s",
+					baseURL,
+					kr.String(),
+					kr.KernelVersion,
+					kr.Architecture.ToNonDeb(),
+					compressionAlgo,
+				),
+			)
+		}
+	}
+
+	return urls, nil
+}
+
+func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return archlinuxTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}

pkg/driverbuilder/builder/bottlerocket.go

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeBottlerocket identifies the Bottlerocket target.
+const TargetTypeBottlerocket Type = "bottlerocket"
+
+func init() {
+	byTarget[TargetTypeBottlerocket] = &bottlerocket{
+		vanilla{},
+	}
+}
+
+type bottlerocket struct {
+	vanilla
+}
+
+func (b *bottlerocket) Name() string {
+	return TargetTypeBottlerocket.String()
+}
+
+func (b *bottlerocket) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}

pkg/driverbuilder/builder/build.go

@@ -1,17 +1,113 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
+import (
+	"context"
+	"fmt"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"oras.land/oras-go/v2/registry/remote/auth"
+)
+
+var defaultImageTag = "latest" // This is overwritten when using the Makefile to build
+
 // Build contains the info about the on-going build.
 type Build struct {
 	TargetType        Type
 	KernelConfigData  string
 	KernelRelease     string
-	KernelVersion      uint16
+	KernelVersion     string
 	DriverVersion     string
 	Architecture      string
 	ModuleFilePath    string
 	ProbeFilePath     string
 	ModuleDriverName  string
 	ModuleDeviceName  string
-	CustomBuilderImage string
+	BuilderImage      string
+	BuilderRepos      []string
+	ImagesListers     []ImagesLister
 	KernelUrls        []string
+	GCCVersion        string
+	RepoOrg           string
+	RepoName          string
+	Images            ImagesMap
+	RegistryName      string
+	RegistryUser      string
+	RegistryPassword  string
+	RegistryPlainHTTP bool
+
+	*output.Printer
+}
+
+func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {
+	kv := kernelrelease.FromString(b.KernelRelease)
+	kv.Architecture = kernelrelease.Architecture(b.Architecture)
+	kv.KernelVersion = b.KernelVersion
+	return kv
+}
+
+func (b *Build) toGithubRepoArchive() string {
+	return fmt.Sprintf("https://github.com/%s/%s/archive", b.RepoOrg, b.RepoName)
+}
+
+func (b *Build) ToConfig() Config {
+	return Config{
+		DriverName:      b.ModuleDriverName,
+		DeviceName:      b.ModuleDeviceName,
+		DownloadBaseURL: b.toGithubRepoArchive(),
+		Build:           b,
+	}
+}
+
+// hasCustomBuilderImage return true if a custom builder image has been set by the user.
+func (b *Build) hasCustomBuilderImage() bool {
+	if len(b.BuilderImage) > 0 {
+		customNames := strings.Split(b.BuilderImage, ":")
+		return customNames[0] != "auto"
+	}
+	return false
+}
+
+// builderImageTag returns the tag(latest, master or hash) to be used for the builder image.
+func (b *Build) builderImageTag() string {
+	if len(b.BuilderImage) > 0 {
+		customNames := strings.Split(b.BuilderImage, ":")
+		// Updated image tag if "auto:tag" is passed
+		if len(customNames) > 1 {
+			return customNames[1]
+		}
+	}
+	return defaultImageTag
+}
+
+func (b *Build) ClientForRegistry(registry string) *auth.Client {
+	client := auth.DefaultClient
+	client.SetUserAgent("driverkit")
+	client.Credential = func(ctx context.Context, reg string) (auth.Credential, error) {
+		if b.RegistryName == registry {
+			return auth.Credential{
+				Username: b.RegistryUser,
+				Password: b.RegistryPassword,
+			}, nil
+		}
+
+		return auth.EmptyCredential, nil
+	}
+
+	return client
 }

pkg/driverbuilder/builder/builders.go

@@ -1,28 +1,60 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
+	"bytes"
+	_ "embed"
+	"errors"
 	"fmt"
-	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"github.com/falcosecurity/falcoctl/pkg/output"
 	"net/http"
+	"net/url"
 	"path"
+	"strings"
+	"text/template"
 
-	logger "github.com/sirupsen/logrus"
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )
 
 // DriverDirectory is the directory the processor uses to store the driver.
-const DriverDirectory = "/tmp/driver"
+const (
+	DriverDirectory = "/tmp/driver"
+	cmakeCmdFmt     = `cmake -Wno-dev \
+  -DUSE_BUNDLED_DEPS=On \
+  -DCREATE_TEST_TARGETS=Off \
+  -DBUILD_LIBSCAP_GVISOR=Off \
+  -DBUILD_LIBSCAP_MODERN_BPF=Off \
+  -DENABLE_DRIVERS_TESTS=Off \
+  -DDRIVER_NAME=%s \
+  -DPROBE_NAME=%s \
+  -DBUILD_BPF=On \
+  -DDRIVER_VERSION=%s \
+  -DPROBE_VERSION=%s \
+  -DGIT_COMMIT=%s \
+  -DDRIVER_DEVICE_NAME=%s \
+  -DPROBE_DEVICE_NAME=%s \
+  .. && \
+  sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h`
+)
 
-// ModuleFileName is the standard file name for the kernel module.
-const ModuleFileName = "module.ko"
+//go:embed templates/libs_download.sh
+var libsDownloadTemplate string
 
-// ProbeFileName is the standard file name for the eBPF probe.
-const ProbeFileName = "probe.o"
-
-// ModuleFullPath is the standard path for the kernel module. Builders must place the compiled module at this location.
-var ModuleFullPath = path.Join(DriverDirectory, ModuleFileName)
-
-// ProbeFullPath is the standard path for the eBPF probe. Builders must place the compiled probe at this location.
-var ProbeFullPath = path.Join(DriverDirectory, "bpf", ProbeFileName)
+var HeadersNotFoundErr = errors.New("kernel headers not found")
 
 // Config contains all the configurations needed to build the kernel module or the eBPF probe.
 type Config struct {
@@ -32,45 +64,370 @@ type Config struct {
 	*Build
 }
 
+func (c Config) ToDriverFullPath() string {
+	return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName))
+}
+
+func (c Config) ToProbeFullPath() string {
+	return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o")
+}
+
+type commonTemplateData struct {
+	DriverBuildDir   string
+	ModuleDriverName string
+	ModuleFullPath   string
+	BuildModule      bool
+	BuildProbe       bool
+	GCCVersion       string
+	CmakeCmd         string
+}
+
 // Builder represents a builder capable of generating a script for a driverkit target.
 type Builder interface {
-	Script(c Config) (string, error)
+	Name() string
+	TemplateKernelUrlsScript() string
+	TemplateScript() string
+	URLs(kr kernelrelease.KernelRelease) ([]string, error)
+	KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed
+}
+
+// MinimumURLsBuilder is an optional interface implemented by builders
+// to specify minimum number of requested headers urls
+type MinimumURLsBuilder interface {
+	MinimumURLs() int
+}
+
+// TemplateDataSpecifier is an optional interface implemented by builders
+// to specify a custom template data instead of the default one.
+type TemplateDataSpecifier interface {
+	TemplateData(c Config, kr kernelrelease.KernelRelease) interface{}
+}
+
+type libsDownloadTemplateData struct {
+	DriverBuildDir    string
+	ModuleDownloadURL string
+}
+
+// LibsDownloadScript returns the script that downloads and configures libs repo at requested commit/tag
+func LibsDownloadScript(c Config) (string, error) {
+	t := template.New("download-libs")
+	parsed, err := t.Parse(libsDownloadTemplate)
+	if err != nil {
+		return "", err
+	}
+
+	td := libsDownloadTemplateData{
+		DriverBuildDir:    DriverDirectory,
+		ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion),
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+// KernelDownloadScript returns the script that will download and extract kernel headers
+func KernelDownloadScript(b Builder,
+	kernelurls []string,
+	kr kernelrelease.KernelRelease,
+	printer *output.Printer,
+) (string, error) {
+	t := template.New("download-kernel")
+	parsed, err := t.Parse(b.TemplateKernelUrlsScript())
+	if err != nil {
+		return "", err
+	}
+
+	var urls []string
+	minimumURLs := 1
+	if bb, ok := b.(MinimumURLsBuilder); ok {
+		minimumURLs = bb.MinimumURLs()
+	}
+
+	if kernelurls == nil {
+		urls, err = b.URLs(kr)
+		if err != nil {
+			return "", err
+		}
+		// Only if returned urls array is not empty
+		// Otherwise, it is up to the builder to return an error
+		if len(urls) > 0 {
+			// Check (and filter) existing kernels before continuing
+			urls, err = GetResolvingURLs(urls)
+		}
+	} else {
+		urls, err = GetResolvingURLs(kernelurls)
+	}
+	if err != nil {
+		return "", err
+	}
+
+	if len(urls) < minimumURLs {
+		return "", fmt.Errorf("not enough headers packages found; expected %d, found %d", minimumURLs, len(urls))
+	}
+
+	printer.Logger.Debug("kernel headers found",
+		printer.Logger.Args("urls", urls))
+
+	td := b.KernelTemplateData(kr, urls)
+	if tdErr, ok := td.(error); ok {
+		return "", tdErr
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+// Script retrieves the actually drivers building script
+func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) {
+	t := template.New(b.Name())
+	parsed, err := t.Parse(b.TemplateScript())
+	if err != nil {
+		return "", err
+	}
+
+	var td interface{}
+	if bb, ok := b.(TemplateDataSpecifier); ok {
+		td = bb.TemplateData(c, kr)
+	} else {
+		td = c.toTemplateData(b, kr)
+	}
+
+	buf := bytes.NewBuffer(nil)
+	err = parsed.Execute(buf, td)
+	if err != nil {
+		return "", err
+	}
+
+	return buf.String(), nil
+}
+
+type GCCVersionRequestor interface {
+	// GCCVersion returns the GCC version to be used.
+	// If the returned value is empty, the default algorithm will be enforced.
+	GCCVersion(kr kernelrelease.KernelRelease) semver.Version
+}
+
+func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
+	switch kr.Major {
+	case 6:
+		if kr.Minor >= 9 {
+			return semver.Version{Major: 14}
+		}
+		if kr.Minor >= 5 {
+			return semver.Version{Major: 13}
+		}
+		return semver.Version{Major: 12}
+	case 5:
+		if kr.Minor >= 15 {
+			return semver.Version{Major: 12}
+		}
+		return semver.Version{Major: 11}
+	case 4:
+		return semver.Version{Major: 8}
+	case 3:
+		if kr.Minor >= 18 {
+			return semver.Version{Major: 5}
+		}
+		return semver.Version{Major: 4, Minor: 9}
+	case 2:
+		return semver.Version{Major: 4, Minor: 8}
+	default:
+		return semver.Version{Major: 14}
+	}
+}
+
+func mustParseTolerant(gccStr string) semver.Version {
+	g, err := semver.ParseTolerant(gccStr)
+	if err != nil {
+		panic(err)
+	}
+	return g
+}
+
+// Algorithm.
+// * always load images (note that it loads only images that provide gccversion, if set by user)
+// * if user set a fixed gccversion, we are good to go
+// * otherwise, try to fix the best-match gcc version provided by any of the loaded images;
+// see below for algorithm explanation
+func (b *Build) setGCCVersion(builder Builder, kr kernelrelease.KernelRelease) {
+	if !b.hasCustomBuilderImage() {
+		b.LoadImages()
+	}
+
+	if len(b.GCCVersion) > 0 {
+		// If set from user, go on
+		return
+	}
+
+	b.GCCVersion = "8" // default value
+
+	// if builder implements "GCCVersionRequestor" interface -> use it
+	// Else, fetch the best builder available from the kernelrelease version
+	// using the deadly simple defaultGCC() algorithm
+	// Always returns the nearest one
+	var targetGCC semver.Version
+	if bb, ok := builder.(GCCVersionRequestor); ok {
+		targetGCC = bb.GCCVersion(kr)
+	}
+	// If builder implements GCCVersionRequestor but returns an empty semver.Version
+	// it means that it does not want to manage this kernelrelease,
+	// and instead wants to fallback to default algorithm
+	if targetGCC.EQ(semver.Version{}) {
+		targetGCC = defaultGCC(kr)
+	}
+
+	if b.hasCustomBuilderImage() {
+		b.GCCVersion = targetGCC.String()
+		return
+	}
+
+	// Step 1:
+	// If we are able to either find a specific-target image,
+	// or "any" target image that provide desired gcc,
+	// we are over.
+	image, ok := b.Images.findImage(b.TargetType, targetGCC)
+	if ok {
+		b.GCCVersion = image.GCCVersion.String()
+	} else {
+		// Step 2:
+		// Build the list of "proposed" GCC versions,
+		// that is, the list of available gccs from images
+		// for each builder image
+		proposedGCCs := make([]semver.Version, 0)
+		for _, img := range b.Images {
+			proposedGCCs = append(proposedGCCs, img.GCCVersion)
+			b.Logger.Debug("proposed GCC",
+				b.Logger.Args("image", img.Name,
+					"targetGCC", targetGCC.String(),
+					"proposedGCC", img.GCCVersion.String()))
+		}
+
+		// Now, sort versions and fetch
+		// the nearest gcc, that is also < targetGCC
+		semver.Sort(proposedGCCs)
+		lastGCC := proposedGCCs[0]
+		for _, gcc := range proposedGCCs {
+			if gcc.GT(targetGCC) {
+				break
+			}
+			lastGCC = gcc
+		}
+		b.GCCVersion = lastGCC.String()
+	}
+	b.Logger.Debug("found GCC",
+		b.Logger.Args("targetGCC", targetGCC.String(), "version", b.GCCVersion))
+}
+
+type BuilderImageNetworkMode interface {
+	// sets the network mode of the builder image, allows individual builders to override
+	BuilderImageNetMode() string
+}
+
+func (b *Build) GetBuilderImage() string {
+	if b.hasCustomBuilderImage() {
+		// BuilderImage MUST have requested GCC installed inside
+		return b.BuilderImage
+	}
+
+	// NOTE: here below we are already sure that we are going
+	// to find an image, because setGCCVersion()
+	// has already set an existent gcc version
+	// (ie: one provided by an image) for us
+	image, _ := b.Images.findImage(b.TargetType, mustParseTolerant(b.GCCVersion))
+	return image.Name
 }
 
 // Factory returns a builder for the given target.
 func Factory(target Type) (Builder, error) {
-	b, ok := BuilderByTarget[target]
+	// Workaround for "local" target (that is not exposed to users,
+	// nor registered in byTarget map)".
+	if target.String() == "local" {
+		return &LocalBuilder{}, nil
+	}
+
+	// Driverkit builder is named "ubuntu"; there is no ubuntu-foo
+	if strings.HasPrefix(target.String(), "ubuntu") {
+		target = Type("ubuntu")
+	}
+
+	b, ok := byTarget[target]
 	if !ok {
 		return nil, fmt.Errorf("no builder found for target: %s", target)
 	}
 	return b, nil
 }
 
-func moduleDownloadURL(c Config) string {
-	return fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion)
+// Targets returns the list of all the supported targets.
+func Targets() []string {
+	res := []string{}
+	for k := range byTarget {
+		res = append(res, k.String())
+	}
+	return res
 }
 
-func getResolvingURLs(urls []string) ([]string, error) {
-	results := []string{}
+func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) commonTemplateData {
+	c.setGCCVersion(b, kr)
+	return commonTemplateData{
+		DriverBuildDir:   DriverDirectory,
+		ModuleDriverName: c.DriverName,
+		ModuleFullPath:   c.ToDriverFullPath(),
+		BuildModule:      len(c.ModuleFilePath) > 0,
+		BuildProbe:       len(c.ProbeFilePath) > 0,
+		GCCVersion:       c.GCCVersion,
+		CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
+			c.DriverName,
+			c.DriverName,
+			c.DriverVersion,
+			c.DriverVersion,
+			c.DriverVersion,
+			c.DeviceName,
+			c.DeviceName,
+			c.DriverVersion),
+	}
+}
+
+func resolveURLReference(u string) string {
+	uu, err := url.Parse(u)
+	if err != nil {
+		panic(err)
+	}
+	base, err := url.Parse(uu.Host)
+	if err != nil {
+		panic(err)
+	}
+	return base.ResolveReference(uu).String()
+}
+
+func GetResolvingURLs(urls []string) ([]string, error) {
+	var results []string
 	for _, u := range urls {
+		// in case url has some relative paths
+		// (kernel-crawler does not resolve them for us,
+		// neither it is expected, because they are effectively valid urls),
+		// resolve the absolute one.
+		// HEAD would fail otherwise.
+		u = resolveURLReference(u)
 		res, err := http.Head(u)
 		if err != nil {
 			continue
 		}
 		if res.StatusCode == http.StatusOK {
 			results = append(results, u)
-			logger.WithField("url", u).Debug("kernel header url found")
 		}
 	}
 	if len(results) == 0 {
-		return nil, fmt.Errorf("kernel not found")
+		return nil, HeadersNotFoundErr
 	}
 	return results, nil
 }
-
-// KernelReleaseFromBuildConfig extracts a KernelRelease object from builder config.
-func kernelReleaseFromBuildConfig(build *Build) kernelrelease.KernelRelease {
-	kv := kernelrelease.FromString(build.KernelRelease)
-	kv.Architecture = kernelrelease.Architecture(build.Architecture)
-	return kv
-}

pkg/driverbuilder/builder/builders_test.go

@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"testing"
+
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+var gccTests = []struct {
+	config      kernelrelease.KernelRelease
+	expectedGCC semver.Version
+}{
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "4.15.0",
+			Version: semver.Version{
+				Major: 4,
+				Minor: 15,
+				Patch: 0,
+			},
+			Extraversion:     "188",
+			FullExtraversion: "-188",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 8,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "5.15.0",
+			Version: semver.Version{
+				Major: 5,
+				Minor: 15,
+				Patch: 0,
+			},
+			Extraversion:     "1004-intel-iotg",
+			FullExtraversion: "-1004-intel-iotg",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 12,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "3.13.0",
+			Version: semver.Version{
+				Major: 3,
+				Minor: 13,
+				Patch: 0,
+			},
+			Extraversion:     "100",
+			FullExtraversion: "-100",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 4,
+			Minor: 9,
+		},
+	},
+	{
+		config: kernelrelease.KernelRelease{
+			Fullversion: "5.18.0",
+			Version: semver.Version{
+				Major: 5,
+				Minor: 18,
+				Patch: 0,
+			},
+			Extraversion:     "1001-kvm",
+			FullExtraversion: "-1001-kvm",
+			Architecture:     kernelrelease.ArchitectureAmd64,
+		},
+		expectedGCC: semver.Version{
+			Major: 12,
+		},
+	},
+}
+
+func TestDefaultGCC(t *testing.T) {
+	for _, test := range gccTests {
+		// call function
+		selectedGCC := defaultGCC(test.config)
+
+		// compare errors
+		// there are no official errors, so comparing fmt.Errorf() doesn't really work
+		// compare error message text instead
+		if test.expectedGCC.NE(selectedGCC) {
+			t.Fatalf("SelectedGCC (%s) != expectedGCC (%s) with kernelrelease: '%v'", selectedGCC, test.expectedGCC, test.config)
+		}
+	}
+}

pkg/driverbuilder/builder/centos.go

@@ -1,65 +1,59 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
-	"bytes"
+	_ "embed"
 	"fmt"
-	"text/template"
 
+	"github.com/blang/semver/v4"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )
 
+//go:embed templates/centos_kernel.sh
+var centosKernelTemplate string
+
+//go:embed templates/centos.sh
+var centosTemplate string
+
 // TargetTypeCentos identifies the Centos target.
 const TargetTypeCentos Type = "centos"
 
 func init() {
-	BuilderByTarget[TargetTypeCentos] = &centos{}
+	byTarget[TargetTypeCentos] = &centos{}
 }
 
 // centos is a driverkit target.
 type centos struct {
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (c centos) Script(cfg Config) (string, error) {
-	t := template.New(string(TargetTypeCentos))
-	parsed, err := t.Parse(centosTemplate)
-	if err != nil {
-		return "", err
+type centosTemplateData struct {
+	KernelDownloadURL string
 }
 
-	kr := kernelReleaseFromBuildConfig(cfg.Build)
-
-	var urls []string
-    if cfg.KernelUrls == nil {
-        // Check (and filter) existing kernels before continuing
-        urls, err = getResolvingURLs(fetchCentosKernelURLS(kr))
-    } else {
-        urls, err = getResolvingURLs(cfg.KernelUrls)
-    }
-    if err != nil {
-        return "", err
+func (c *centos) Name() string {
+	return TargetTypeCentos.String()
 }
 
-	td := centosTemplateData{
-		DriverBuildDir:    DriverDirectory,
-		ModuleDownloadURL: moduleDownloadURL(cfg),
-		KernelDownloadURL: urls[0],
-		GCCVersion:        centosGccVersionFromKernelRelease(kr),
-		ModuleDriverName:  cfg.DriverName,
-		ModuleFullPath:    ModuleFullPath,
-		BuildModule:       len(cfg.Build.ModuleFilePath) > 0,
-		BuildProbe:        len(cfg.Build.ProbeFilePath) > 0,
+func (c *centos) TemplateKernelUrlsScript() string { return centosKernelTemplate }
+
+func (c *centos) TemplateScript() string {
+	return centosTemplate
 }
 
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
-}
-
-func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
+func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
 	vaultReleases := []string{
 		"6.0/os",
 		"6.0/updates",
@@ -130,6 +124,11 @@ func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
 		"8-stream/BaseOS",
 	}
 
+	stream9Releases := []string{
+		"9-stream/AppStream",
+		"9-stream/BaseOS",
+	}
+
 	urls := []string{}
 	for _, r := range edgeReleases {
 		urls = append(urls, fmt.Sprintf(
@@ -167,71 +166,35 @@ func fetchCentosKernelURLS(kr kernelrelease.KernelRelease) []string {
 			kr.FullExtraversion,
 		))
 	}
-	return urls
+
+	for _, r := range stream9Releases {
+		urls = append(urls, fmt.Sprintf(
+			"http://mirror.stream.centos.org/%s/%s/os/Packages/kernel-devel-%s%s.rpm",
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
 	}
 
-type centosTemplateData struct {
-	DriverBuildDir    string
-	ModuleDownloadURL string
-	KernelDownloadURL string
-	GCCVersion        string
-	ModuleDriverName  string
-	ModuleFullPath    string
-	BuildModule       bool
-	BuildProbe        bool
+	return urls, nil
 }
 
-const centosTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
-rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make KERNELDIR=/tmp/kernel
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
-func centosGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "3":
-		return "5"
-	case "2":
-		return "4.8"
+func (c *centos) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return centosTemplateData{
+		KernelDownloadURL: urls[0],
 	}
-	return "8"
+}
+
+func (c *centos) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// 4.18+ centos 8 kernels need gcc 9
+	if kr.Major == 4 && kr.Minor >= 18 {
+		return semver.Version{Major: 9}
+	}
+	// 3.10.X kernels need 4.8.5 gcc version; see:
+	// https://github.com/falcosecurity/driverkit/issues/236
+	if kr.Major == 3 && kr.Minor == 10 {
+		return semver.Version{Major: 4, Minor: 8, Patch: 5}
+	}
+	return semver.Version{}
 }

pkg/driverbuilder/builder/debian.go

@@ -1,76 +1,93 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
-	"bytes"
+	_ "embed"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"regexp"
 	"strings"
-	"text/template"
 
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )
 
+//go:embed templates/debian_kernel.sh
+var debianKernelTemplate string
+
+//go:embed templates/debian.sh
+var debianTemplate string
+
 // TargetTypeDebian identifies the Debian target.
 const TargetTypeDebian Type = "debian"
 
+// We need:
+// kernel devel
+// kernel devel common
+// kbuild package
+const debianRequiredURLs = 3
+
 func init() {
-	BuilderByTarget[TargetTypeDebian] = &debian{}
+	byTarget[TargetTypeDebian] = &debian{}
+}
+
+type debianTemplateData struct {
+	KernelDownloadURLS   []string
+	KernelLocalVersion   string
+	KernelHeadersPattern string
 }
 
 // debian is a driverkit target.
 type debian struct {
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (v debian) Script(c Config) (string, error) {
-	t := template.New(string(TargetTypeDebian))
-
-	kr := kernelReleaseFromBuildConfig(c.Build)
-
-	debTemplateStr := fmt.Sprintf(debianTemplate, kr.Architecture.String())
-	parsed, err := t.Parse(debTemplateStr)
-	if err != nil {
-		return "", err
+func (v *debian) Name() string {
+	return TargetTypeDebian.String()
 }
 
-	var urls []string
-    if c.KernelUrls == nil {
-        var kurls []string
-        kurls, err = fetchDebianKernelURLs(kr)
-        if err != nil {
-            return "", err
+func (v *debian) TemplateKernelUrlsScript() string { return debianKernelTemplate }
+
+func (v *debian) TemplateScript() string {
+	return debianTemplate
 }
-        urls, err = getResolvingURLs(kurls)
+
+func (v *debian) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchDebianKernelURLs(kr)
+}
+
+func (v *debian) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	var KernelHeadersPattern string
+	if strings.HasSuffix(kr.Extraversion, "pve") {
+		KernelHeadersPattern = "linux-headers-*pve"
+	} else if strings.Contains(kr.FullExtraversion, "rpi") {
+		KernelHeadersPattern = "linux-headers-*-rpi-v*"
 	} else {
-        urls, err = getResolvingURLs(c.KernelUrls)
-    }
-    if err != nil {
-        return "", err
-    }
-	if len(urls) < 2 {
-		return "", fmt.Errorf("specific kernel headers not found")
+		KernelHeadersPattern = "linux-headers-*" + kr.Architecture.String()
 	}
 
-	td := debianTemplateData{
-		DriverBuildDir:     DriverDirectory,
-		ModuleDownloadURL:  fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.Build.DriverVersion),
+	return debianTemplateData{
 		KernelDownloadURLS:   urls,
 		KernelLocalVersion:   kr.FullExtraversion,
-		ModuleDriverName:   c.DriverName,
-		ModuleFullPath:     ModuleFullPath,
-		BuildModule:        len(c.Build.ModuleFilePath) > 0,
-		BuildProbe:         len(c.Build.ProbeFilePath) > 0,
-		LLVMVersion:        debianLLVMVersionFromKernelRelease(kr),
+		KernelHeadersPattern: KernelHeadersPattern,
+	}
 }
 
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+func (v *debian) MinimumURLs() int {
+	return debianRequiredURLs
 }
 
 func fetchDebianKernelURLs(kr kernelrelease.KernelRelease) ([]string, error) {
@@ -88,71 +105,6 @@ func fetchDebianKernelURLs(kr kernelrelease.KernelRelease) ([]string, error) {
 	return urls, nil
 }
 
-type debianTemplateData struct {
-	DriverBuildDir     string
-	ModuleDownloadURL  string
-	KernelDownloadURLS []string
-	KernelLocalVersion string
-	ModuleDriverName   string
-	ModuleFullPath     string
-	BuildModule        bool
-	BuildProbe         bool
-	LLVMVersion        string
-}
-
-const debianTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-{{ range $url := .KernelDownloadURLS }}
-curl --silent -o kernel.deb -SL {{ $url }}
-ar x kernel.deb
-tar -xvf data.tar.xz
-{{ end }}
-ls -la /tmp/kernel-download
-
-cd /tmp/kernel-download/
-
-cp -r usr/* /usr
-cp -r lib/* /lib
-
-cd /usr/src
-sourcedir=$(find . -type d -name "linux-headers-*%s" | head -n 1 | xargs readlink -f)
-
-ls -la $sourcedir
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-{{ .LLVMVersion }} CLANG=/usr/bin/clang-{{ .LLVMVersion }} CC=/usr/bin/gcc-8 KERNELDIR=$sourcedir
-ls -l probe.o
-{{ end }}
-`
-
 func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, error) {
 	baseURLS := []string{
 		"http://security-cdn.debian.org/pool/main/l/linux/",
@@ -168,24 +120,33 @@ func debianHeadersURLFromRelease(kr kernelrelease.KernelRelease) ([]string, erro
 		}
 	}
 
-	return nil, fmt.Errorf("kernel headers not found")
+	return nil, HeadersNotFoundErr
 }
 
 func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRelease) ([]string, error) {
 	extraVersionPartial := strings.TrimSuffix(kr.FullExtraversion, "-"+kr.Architecture.String())
 	matchExtraGroup := kr.Architecture.String()
-	rmatch := `href="(linux-headers-%s\.%s\.%s%s-(%s)_.*(%s|all)\.deb)"`
+	rmatch := `href="(linux-headers-%d\.%d\.%d%s-(%s)_.*(%s|all)\.deb)"`
 
 	// For urls like: http://security.debian.org/pool/updates/main/l/linux/linux-headers-5.10.0-12-amd64_5.10.103-1_amd64.deb
 	// when 5.10.103-1 is passed as kernel version
-	rmatchNew := `href="(linux-headers-[0-9]+\.[0-9]+\.[0-9]+-[0-9]+-(%s)_%s\.%s\.%s%s_(%s|all)\.deb)"`
+	rmatchNew := `href="(linux-headers-[0-9]+\.[0-9]+\.[0-9]+-[0-9]+-(%s)_%d\.%d\.%d%s_(%s|all)\.deb)"`
 
 	matchExtraGroupCommon := "common"
 
 	// match for kernel versions like 4.19.0-6-cloud-amd64
-	if strings.Contains(kr.FullExtraversion, "-cloud") {
-		extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-cloud")
-		matchExtraGroup = "cloud-" + matchExtraGroup
+	supportedExtraFlavors := []string{"cloud", "rt", "rpi"}
+	for _, supportedExtraFlavor := range supportedExtraFlavors {
+		if strings.Contains(kr.FullExtraversion, "-"+supportedExtraFlavor) {
+			extraVersionPartial = strings.TrimSuffix(extraVersionPartial, "-"+supportedExtraFlavor)
+			matchExtraGroup = supportedExtraFlavor + "-" + matchExtraGroup
+
+			// rpi and rt have a different common package, named `common-{rt,rpi}`
+			if supportedExtraFlavor == "rt" || supportedExtraFlavor == "rpi" {
+				matchExtraGroupCommon += "-" + supportedExtraFlavor
+			}
+			break
+		}
 	}
 
 	// download index
@@ -194,19 +155,19 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
 		return nil, err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
 	bodyStr := string(body)
 
 	// look for kernel headers
-	fullregex := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel,
+	fullregex := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
 		extraVersionPartial, matchExtraGroup, kr.Architecture.String())
 	pattern := regexp.MustCompile(fullregex)
 	matches := pattern.FindStringSubmatch(bodyStr)
 	if len(matches) < 1 {
-		fullregex = fmt.Sprintf(rmatchNew, matchExtraGroup, kr.Version, kr.PatchLevel, kr.Sublevel,
+		fullregex = fmt.Sprintf(rmatchNew, matchExtraGroup, kr.Major, kr.Minor, kr.Patch,
 			extraVersionPartial, kr.Architecture.String())
 		pattern = regexp.MustCompile(fullregex)
 		matches = pattern.FindStringSubmatch(bodyStr)
@@ -216,12 +177,12 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
 	}
 
 	// look for kernel headers common
-	fullregexCommon := fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Sublevel,
+	fullregexCommon := fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Patch,
 		extraVersionPartial, matchExtraGroupCommon, kr.Architecture.String())
 	patternCommon := regexp.MustCompile(fullregexCommon)
 	matchesCommon := patternCommon.FindStringSubmatch(bodyStr)
 	if len(matchesCommon) < 1 {
-		fullregexCommon = fmt.Sprintf(rmatchNew, matchExtraGroupCommon, kr.Version, kr.PatchLevel, kr.Sublevel,
+		fullregexCommon = fmt.Sprintf(rmatchNew, matchExtraGroupCommon, kr.Major, kr.Minor, kr.Patch,
 			extraVersionPartial, kr.Architecture.String())
 		patternCommon = regexp.MustCompile(fullregexCommon)
 		matchesCommon = patternCommon.FindStringSubmatch(bodyStr)
@@ -237,11 +198,11 @@ func fetchDebianHeadersURLFromRelease(baseURL string, kr kernelrelease.KernelRel
 }
 
 func debianKbuildURLFromRelease(kr kernelrelease.KernelRelease) (string, error) {
-	rmatch := `href="(linux-kbuild-%s\.%s.*%s\.deb)"`
+	rmatch := `href="(linux-kbuild-%d\.%d.*%s\.deb)"`
 
-	kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Version, kr.PatchLevel, kr.Architecture.String()))
+	kbuildPattern := regexp.MustCompile(fmt.Sprintf(rmatch, kr.Major, kr.Minor, kr.Architecture.String()))
 	baseURL := "http://mirrors.kernel.org/debian/pool/main/l/linux/"
-	if kr.Version == "3" {
+	if kr.Major == 3 {
 		baseURL = "http://mirrors.kernel.org/debian/pool/main/l/linux-tools/"
 	}
 
@@ -262,11 +223,3 @@ func debianKbuildURLFromRelease(kr kernelrelease.KernelRelease) (string, error)
 
 	return fmt.Sprintf("%s%s", baseURL, match[1]), nil
 }
-
-func debianLLVMVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "5":
-		return "12"
-	}
-	return "7"
-}

pkg/driverbuilder/builder/fedora.go

@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/fedora_kernel.sh
+var fedoraKernelTemplate string
+
+//go:embed templates/fedora.sh
+var fedoraTemplate string
+
+// TargetTypeFedora identifies the Fedora target.
+const TargetTypeFedora Type = "fedora"
+
+func init() {
+	byTarget[TargetTypeFedora] = &fedora{}
+}
+
+// fedora is a driverkit target.
+type fedora struct {
+}
+
+type fedoraTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *fedora) Name() string {
+	return TargetTypeFedora.String()
+}
+
+func (c *fedora) TemplateKernelUrlsScript() string { return fedoraKernelTemplate }
+
+func (c *fedora) TemplateScript() string {
+	return fedoraTemplate
+}
+
+func (c *fedora) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// fedora FullExtraversion looks like "-200.fc36.x86_64"
+	// need to get the "fc36" out of the middle
+	fedoraVersion := strings.Split(kr.FullExtraversion, ".")[1]
+
+	// trim off the "fc" from fedoraVersion
+	version := strings.Trim(fedoraVersion, "fc")
+
+	// template the kernel info into all possible URL strings
+	urls := []string{
+		fmt.Sprintf( // updates
+			"https://mirrors.kernel.org/fedora/updates/%s/Everything/%s/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // releases
+			"https://mirrors.kernel.org/fedora/releases/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // development
+			"https://mirrors.kernel.org/fedora/development/%s/Everything/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // updates-archive
+			"https://fedoraproject-updates-archive.fedoraproject.org/fedora/%s/%s/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+	}
+
+	// return out all possible urls
+	return urls, nil
+}
+
+func (c *fedora) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return fedoraTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}

pkg/driverbuilder/builder/flatcar.go

@@ -1,97 +1,113 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
-	"bytes"
+	_ "embed"
 	"fmt"
 	"io/ioutil"
 	"net/http"
-	"strconv"
 	"strings"
-	"text/template"
 
+	"github.com/blang/semver/v4"
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )
 
+//go:embed templates/flatcar_kernel.sh
+var flatcarKernelTemplate string
+
+//go:embed templates/flatcar.sh
+var flatcarTemplate string
+
 // TargetTypeFlatcar identifies the Flatcar target.
 const TargetTypeFlatcar Type = "flatcar"
 
 func init() {
-	BuilderByTarget[TargetTypeFlatcar] = &flatcar{}
+	byTarget[TargetTypeFlatcar] = &flatcar{}
+}
+
+type flatcarTemplateData struct {
+	KernelDownloadURL string
 }
 
 // flatcar is a driverkit target.
 type flatcar struct {
+	info *flatcarReleaseInfo
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (c flatcar) Script(cfg Config) (string, error) {
-	t := template.New(string(TargetTypeFlatcar))
-	parsed, err := t.Parse(flatcarTemplate)
-	if err != nil {
-		return "", err
+func (f *flatcar) Name() string {
+	return TargetTypeFlatcar.String()
 }
 
-	kr :=  kernelReleaseFromBuildConfig(cfg.Build)
+func (f *flatcar) TemplateKernelUrlsScript() string {
+	return flatcarKernelTemplate
+}
+
+func (f *flatcar) TemplateScript() string {
+	return flatcarTemplate
+}
+
+func (f *flatcar) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	if err := f.fillFlatcarInfos(kr); err != nil {
+		return nil, err
+	}
+	return fetchFlatcarKernelURLS(f.info.KernelVersion), nil
+}
+
+func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	// This happens when `kernelurls` option is passed,
+	// therefore URLs() method is not called.
+	if f.info == nil {
+		if err := f.fillFlatcarInfos(kr); err != nil {
+			return err
+		}
+	}
+
+	return flatcarTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func (f *flatcar) GCCVersion(_ kernelrelease.KernelRelease) semver.Version {
+	return f.info.GCCVersion
+}
+
+func (f *flatcar) fillFlatcarInfos(kr kernelrelease.KernelRelease) error {
 	if kr.Extraversion != "" {
-		return "", fmt.Errorf("unexpected extraversion: %s", kr.Extraversion)
+		return fmt.Errorf("unexpected extraversion: %s", kr.Extraversion)
 	}
 
 	// convert string to int
-	version, err := strconv.Atoi(kr.Version)
-	if err != nil {
-		return "", err
-	}
-	if version < 1500 {
-		return "", fmt.Errorf("not a valid flatcar release version: %s", kr.Version)
-	}
-	flatcarVersion := kr.Fullversion
-	flatcarInfo, err := fetchFlatcarMetadata(kr)
-	if err != nil {
-		return "", err
+	if kr.Major < 1500 {
+		return fmt.Errorf("not a valid flatcar release version: %d", kr.Major)
 	}
 
-	kconfUrls, err := getResolvingURLs(fetchFlatcarKernelConfigURL(kr.Architecture, flatcarInfo.Channel, kr.Fullversion))
-	if err != nil {
-		return "", err
+	var err error
+	f.info, err = fetchFlatcarMetadata(kr)
+	return err
 }
 
-	var urls []string
-    if cfg.KernelUrls == nil {
-        // Check (and filter) existing kernels before continuing
-        urls, err = getResolvingURLs(fetchFlatcarKernelURLS(flatcarInfo.KernelVersion))
-    } else {
-        urls, err = getResolvingURLs(cfg.KernelUrls)
-    }
-    if err != nil {
-        return "", err
-    }
-
-	td := flatcarTemplateData{
-		DriverBuildDir:    DriverDirectory,
-		ModuleDownloadURL: moduleDownloadURL(cfg),
-		KernelDownloadURL: urls[0],
-		GCCVersion:        flatcarGccVersion(flatcarInfo.GCCVersion),
-		FlatcarVersion:    flatcarVersion,
-		FlatcarChannel:    flatcarInfo.Channel,
-		KernelConfigURL:   kconfUrls[0],
-		ModuleDriverName:  cfg.DriverName,
-		ModuleFullPath:    ModuleFullPath,
-		BuildModule:       len(cfg.Build.ModuleFilePath) > 0,
-		BuildProbe:        len(cfg.Build.ProbeFilePath) > 0,
-	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
+func fetchFlatcarKernelURLS(kernelVersion string) []string {
+	kv := kernelrelease.FromString(kernelVersion)
+	return []string{fetchVanillaKernelURLFromKernelVersion(kv)}
 }
 
 func fetchFlatcarMetadata(kr kernelrelease.KernelRelease) (*flatcarReleaseInfo, error) {
 	flatcarInfo := flatcarReleaseInfo{}
 	flatcarVersion := kr.Fullversion
-	packageIndexUrl, err := getResolvingURLs(fetchFlatcarPackageListURL(kr.Architecture, flatcarVersion))
+	packageIndexUrl, err := GetResolvingURLs(fetchFlatcarPackageListURL(kr.Architecture, flatcarVersion))
 	if err != nil {
 		return nil, err
 	}
@@ -126,7 +142,10 @@ func fetchFlatcarMetadata(kr kernelrelease.KernelRelease) (*flatcarReleaseInfo,
 			kernelVersion = strings.Split(kernelVersion, "-")[0]
 		}
 	}
-	flatcarInfo.GCCVersion = gccVersion
+	flatcarInfo.GCCVersion, err = semver.ParseTolerant(gccVersion)
+	if err != nil {
+		return nil, err
+	}
 	flatcarInfo.KernelVersion = kernelVersion
 
 	return &flatcarInfo, nil
@@ -146,94 +165,8 @@ func fetchFlatcarPackageListURL(architecture kernelrelease.Architecture, flatcar
 	return urls
 }
 
-func fetchFlatcarKernelConfigURL(architecture kernelrelease.Architecture, flatcarChannel, flatcarVersion string) []string {
-	return []string{fmt.Sprintf("https://%s.release.flatcar-linux.net/%s-usr/%s/flatcar_production_image_kernel_config.txt", flatcarChannel, architecture.String(), flatcarVersion)}
-}
-
-func fetchFlatcarKernelURLS(kernelVersion string) []string {
-	kv := kernelrelease.FromString(kernelVersion)
-	return []string{fmt.Sprintf("https://cdn.kernel.org/pub/linux/kernel/v%s.x/linux-%s.tar.xz", kv.Version, kv.Fullversion)}
-}
-
 type flatcarReleaseInfo struct {
 	Channel       string
-	GCCVersion    string
+	GCCVersion    semver.Version
 	KernelVersion string
 }
-
-type flatcarTemplateData struct {
-	DriverBuildDir    string
-	ModuleDownloadURL string
-	KernelDownloadURL string
-	GCCVersion        string
-	FlatcarVersion    string
-	FlatcarChannel    string
-	KernelConfigURL   string
-	ModuleDriverName  string
-	ModuleFullPath    string
-	BuildModule       bool
-	BuildProbe        bool
-}
-
-const flatcarTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv /tmp/kernel-download/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-curl --silent -o /tmp/kernel.config -SL {{ .KernelConfigURL }}
-
-cd /tmp/kernel
-sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile
-make KCONFIG_CONFIG=/tmp/kernel.config oldconfig
-make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make KERNELDIR=/tmp/kernel
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-12 CLANG=/usr/bin/clang-12 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
-func flatcarGccVersion(gccVersion string) string {
-	// reuse kernelrelease version parsing for gcc
-	gv := kernelrelease.FromString(gccVersion)
-	switch gv.Version {
-	case "7":
-		return "6"
-	default:
-		// builder doesn't support anything newer than 8 right now
-		return "8"
-	}
-}

pkg/driverbuilder/builder/image.go

@@ -0,0 +1,263 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"context"
+	"fmt"
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"github.com/falcosecurity/falcoctl/pkg/oci/repository"
+	"gopkg.in/yaml.v3"
+)
+
+type YAMLImage struct {
+	Target      string   `yaml:"target"`
+	GCCVersions []string `yaml:"gcc_versions"` // we expect images to internally link eg: gcc5 to gcc5.0.0
+	Name        string   `yaml:"name"`
+	Arch        string   `yaml:"arch"`
+	Tag         string   `yaml:"tag"`
+}
+
+type YAMLImagesList struct {
+	Images []YAMLImage `yaml:"images"`
+}
+
+type Image struct {
+	Target     Type
+	GCCVersion semver.Version // we expect images to internally link eg: gcc5 to gcc5.0.0
+	Name       string
+}
+
+type ImagesLister interface {
+	LoadImages(printer *output.Printer) []Image
+}
+
+type FileImagesLister struct {
+	FilePath string
+	Arch     string
+	Tag      string
+	Target   string
+}
+
+type RepoImagesLister struct {
+	*repository.Repository
+}
+
+type ImageKey string
+
+func (i *Image) toKey() ImageKey {
+	return ImageKey(i.Target.String() + "_" + i.GCCVersion.String())
+}
+
+type ImagesMap map[ImageKey]Image
+
+var tagReg *regexp.Regexp
+
+func (im ImagesMap) findImage(target Type, gccVers semver.Version) (Image, bool) {
+	targetImage := Image{
+		Target:     target,
+		GCCVersion: gccVers,
+	}
+	// Try to find specific image for specific target first
+	if img, ok := im[targetImage.toKey()]; ok {
+		return img, true
+	}
+
+	// Fallback at "any" target that offers specific gcc
+	targetImage.Target = "any"
+	if img, ok := im[targetImage.toKey()]; ok {
+		return img, true
+	}
+	return Image{}, false
+}
+
+func NewFileImagesLister(filePath string, build *Build) (*FileImagesLister, error) {
+	return &FileImagesLister{
+		FilePath: filePath,
+		Arch:     kernelrelease.Architecture(build.Architecture).ToNonDeb(),
+		Tag:      build.builderImageTag(),
+		Target:   build.TargetType.String(),
+	}, nil
+}
+
+func (f *FileImagesLister) LoadImages(printer *output.Printer) []Image {
+	var (
+		res       []Image
+		imageList YAMLImagesList
+	)
+
+	// loop over lines in file to print them
+	fileData, err := os.ReadFile(f.FilePath)
+	if err != nil {
+		printer.Logger.Warn("error opening builder repo file",
+			printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
+		return res
+	}
+
+	err = yaml.Unmarshal(fileData, &imageList)
+	if err != nil {
+		printer.Logger.Warn("error unmarshalling builder repo file",
+			printer.Logger.Args("err", err.Error(), "filepath", f.FilePath))
+		return res
+	}
+
+	for _, image := range imageList.Images {
+		// Values checks
+		if image.Arch != f.Arch {
+			printer.Logger.Debug("skipping wrong-arch image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Tag != f.Tag {
+			printer.Logger.Debug("skipping wrong-tag image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Target != "any" && image.Target != f.Target {
+			printer.Logger.Debug("skipping wrong-target image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if image.Name == "" {
+			printer.Logger.Debug("skipping empty name image",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+		if len(image.GCCVersions) == 0 {
+			printer.Logger.Debug("expected at least 1 gcc version",
+				printer.Logger.Args("filepath", f.FilePath, "image", image))
+			continue
+		}
+
+		for _, gcc := range image.GCCVersions {
+			buildImage := Image{
+				Name:       image.Name,
+				Target:     Type(image.Target),
+				GCCVersion: mustParseTolerant(gcc),
+			}
+			res = append(res, buildImage)
+		}
+	}
+	return res
+}
+
+func NewRepoImagesLister(repo string, build *Build) (*RepoImagesLister, error) {
+	// Lazy inizialization
+	if tagReg == nil {
+		imageTag := build.builderImageTag()
+		// Create the proper regexes to load "any" and target-specific images for requested arch
+		arch := kernelrelease.Architecture(build.Architecture).ToNonDeb()
+		targetFmt := fmt.Sprintf("^(?P<target>%s|any)-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)-%s$", build.TargetType.String(), arch, imageTag)
+		tagReg = regexp.MustCompile(targetFmt)
+	}
+
+	// Get the registry URL from repository.
+	registry, err := getRegistryFromRef(repo)
+	if err != nil {
+		return nil, err
+	}
+
+	repoOCI, err := repository.NewRepository(repo,
+		repository.WithPlainHTTP(build.RegistryPlainHTTP),
+		repository.WithClient(build.ClientForRegistry(registry)))
+	if err != nil {
+		return nil, err
+	}
+	return &RepoImagesLister{repoOCI}, nil
+}
+
+func (repo *RepoImagesLister) LoadImages(printer *output.Printer) []Image {
+	tags, err := repo.Tags(context.Background())
+	if err != nil {
+		printer.Logger.Warn("skipping repo",
+			printer.Logger.Args("repo", repo.Reference, "err", err.Error()))
+		return nil
+	}
+
+	var res []Image
+	for _, t := range tags {
+		img := fmt.Sprintf("%s:%s", repo.Reference, t)
+		match := tagReg.FindStringSubmatch(t)
+		if len(match) == 0 {
+			continue
+		}
+
+		var (
+			target  string
+			gccVers []string
+		)
+		for i, name := range tagReg.SubexpNames() {
+			if i > 0 && i <= len(match) {
+				switch name {
+				case "gccVers":
+					gccVers = strings.Split(match[i], "_gcc")
+					gccVers = gccVers[1:] // remove initial whitespace
+				case "target":
+					target = match[i]
+				}
+			}
+		}
+
+		// Note: we store "any" target images as "any",
+		// instead of adding them to the target,
+		// because we always prefer specific target images,
+		// and we cannot guarantee here that any subsequent docker repos
+		// does not provide a target-specific image that offers same gcc version
+		for _, gccVer := range gccVers {
+			// If user set a fixed gcc version, only load images that provide it.
+			buildImage := Image{
+				GCCVersion: mustParseTolerant(gccVer),
+				Name:       img,
+				Target:     Type(target),
+			}
+			res = append(res, buildImage)
+		}
+	}
+	return res
+}
+
+func (b *Build) LoadImages() {
+	for _, imagesLister := range b.ImagesListers {
+		for _, image := range imagesLister.LoadImages(b.Printer) {
+			// User forced a gcc version? Only load images matching the requested gcc version.
+			if b.GCCVersion != "" && b.GCCVersion != image.GCCVersion.String() {
+				continue
+			}
+			// Skip if key already exists: we have a descending prio list of docker repos!
+			if _, ok := b.Images[image.toKey()]; !ok {
+				b.Images[image.toKey()] = image
+			}
+		}
+	}
+	if len(b.Images) == 0 {
+		b.Printer.Logger.Fatal("Could not load any builder image. Leaving.")
+	}
+}
+
+// getRegistryFromRef extracts the registry from a ref string.
+func getRegistryFromRef(ref string) (string, error) {
+	index := strings.Index(ref, "/")
+	if index <= 0 {
+		return "", fmt.Errorf("cannot extract registry name from ref %q", ref)
+	}
+
+	return ref[0:index], nil
+}

pkg/driverbuilder/builder/image_test.go

@@ -0,0 +1,311 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/falcoctl/pkg/output"
+	"github.com/pterm/pterm"
+	"io"
+	"net/http"
+	"os"
+	"testing"
+
+	"github.com/blang/semver/v4"
+	"github.com/docker/docker/testutil/registry"
+	"gotest.tools/assert"
+)
+
+var imagesTests = []struct {
+	yamlData string
+	jsonData string
+	expected []Image
+}{
+	// Test that multiple gcc versions are correctly mapped to multiple images
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+      - 6.0.0
+      - 5.0.0
+      - 4.9.0
+      - 4.8.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("6.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("5.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("4.9.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("4.8.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0_gcc6.0.0_gcc5.0.0_gcc4.9.0_gcc4.8.0-latest",
+			},
+		},
+	},
+	// Test that arm64 is correctly skipped on amd64 images listing
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: foo/test:any-aarch64_gcc8.0.0-latest
+    target: any
+    arch: aarch64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0-latest",
+	"any-aarch64_gcc8.0.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty gcc versions image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: bar/test:any-x86_64-latest
+    target: any
+    arch: x86_64
+    tag: latest
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "any-x86_64_gcc8.0.0-latest",
+    "any-x86_64-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test wrong target image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:centos-x86_64_gcc8.0.0-latest
+    target: centos
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - name: foo/test:wrongtarget-x86_64_gcc6.0.0-latest
+    target: wrongtarget
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 6.0.0
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+    "centos-x86_64_gcc8.0.0-latest",
+    "wrongtarget-x86_64_gcc8.0.0-latest"
+  ]
+}
+`,
+		expected: []Image{
+			{
+				Target:     "centos",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:centos-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty name image is skipped
+	{
+		yamlData: `
+images:
+  - name: foo/test:any-x86_64_gcc8.0.0-latest
+    target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 8.0.0
+  - target: any
+    arch: x86_64
+    tag: latest
+    gcc_versions:
+      - 6.0.0
+`,
+		jsonData: "",
+		expected: []Image{
+			{
+				Target:     "any",
+				GCCVersion: semver.MustParse("8.0.0"),
+				Name:       "foo/test:any-x86_64_gcc8.0.0-latest",
+			},
+		},
+	},
+	// Test empty list returned for yaml/json with no images
+	{
+		yamlData: `
+images:
+`,
+		jsonData: `
+{
+  "name": "foo/test",
+  "tags": [
+  ]
+}
+`,
+		expected: nil,
+	},
+	// Test empty list returned for malformed yaml/json answer
+	{
+		yamlData: `
+images:
+  * name: foo/test
+    target: any
+    arch: x86_64
+    gcc_versions:
+      * 8.0.0
+`,
+		jsonData: "malformedresponse",
+		expected: nil,
+	},
+}
+
+func TestFileImagesLister(t *testing.T) {
+	printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
+
+	// setup images file
+	f, err := os.CreateTemp(t.TempDir(), "imagetest")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.Remove(f.Name())
+
+	lister, err := NewFileImagesLister(f.Name(), &Build{
+		TargetType:   Type("centos"),
+		Architecture: "amd64",
+		BuilderImage: "auto:latest",
+	})
+	assert.NilError(t, err)
+
+	for _, test := range imagesTests {
+		if test.yamlData == "" {
+			t.Log("Skipping unsuitable test for FileImagesLister")
+			continue
+		}
+
+		err = f.Truncate(0)
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, err = f.Seek(0, io.SeekStart)
+		if err != nil {
+			t.Fatal(err)
+		}
+		_, err = f.WriteString(test.yamlData)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
+	}
+}
+
+func TestRepoImagesLister(t *testing.T) {
+	printer := output.NewPrinter(pterm.LogLevelInfo, pterm.LogFormatterColorful, os.Stdout)
+
+	mock, err := registry.NewMock(t)
+	assert.NilError(t, err)
+	defer mock.Close()
+
+	lister, err := NewRepoImagesLister(mock.URL()+"/foo/test", &Build{
+		TargetType:        Type("centos"),
+		Architecture:      "amd64",
+		BuilderImage:      "auto:latest",
+		RegistryPlainHTTP: true,
+	})
+	assert.NilError(t, err)
+
+	for _, test := range imagesTests {
+		if test.jsonData == "" {
+			t.Log("Skipping unsuitable test for RepoImagesLister")
+			continue
+		}
+
+		// Update expected names adding the mocked server URL as prefix
+		for idx, _ := range test.expected {
+			test.expected[idx].Name = mock.URL() + "/" + test.expected[idx].Name
+		}
+
+		mock.RegisterHandler("/v2/foo/test/tags/list", func(w http.ResponseWriter, r *http.Request) {
+			w.Write([]byte(test.jsonData))
+		})
+		assert.DeepEqual(t, test.expected, lister.LoadImages(printer))
+	}
+}

pkg/driverbuilder/builder/local.go

@@ -0,0 +1,106 @@
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+	"path/filepath"
+)
+
+// NOTE: since this is only used by local build,
+// it is not exposed in `target` array,
+// so no init() function to register it is present.
+
+//go:embed templates/local.sh
+var localTemplate string
+
+type LocalBuilder struct {
+	GccPath string
+	UseDKMS bool
+	SrcDir  string
+}
+
+func (l *LocalBuilder) Name() string {
+	return "local"
+}
+
+func (l *LocalBuilder) TemplateKernelUrlsScript() string {
+	panic("cannot be called on local builder")
+}
+
+func (l *LocalBuilder) TemplateScript() string {
+	return localTemplate
+}
+
+func (l *LocalBuilder) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (l *LocalBuilder) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+type localTemplateData struct {
+	commonTemplateData
+	UseDKMS       bool
+	DownloadSrc   bool
+	DriverVersion string
+	KernelRelease string
+}
+
+func (l *LocalBuilder) KernelTemplateData(_ kernelrelease.KernelRelease, _ []string) interface{} {
+	panic("cannot be called on local builder")
+}
+
+func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} {
+	return localTemplateData{
+		commonTemplateData: commonTemplateData{
+			DriverBuildDir:   l.GetDriverBuildDir(),
+			ModuleDriverName: c.DriverName,
+			ModuleFullPath:   l.GetModuleFullPath(c, kr),
+			BuildModule:      len(c.ModuleFilePath) > 0,
+			BuildProbe:       len(c.ProbeFilePath) > 0,
+			GCCVersion:       l.GccPath,
+			CmakeCmd: fmt.Sprintf(cmakeCmdFmt,
+				c.DriverName,
+				c.DriverName,
+				c.DriverVersion,
+				c.DriverVersion,
+				c.DriverVersion,
+				c.DeviceName,
+				c.DeviceName,
+				c.DriverVersion),
+		},
+		UseDKMS:       l.UseDKMS,
+		DownloadSrc:   len(l.SrcDir) == 0, // if no srcdir is provided, download src!
+		DriverVersion: c.DriverVersion,
+		KernelRelease: c.KernelRelease,
+	}
+}
+
+func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelRelease) string {
+	if l.UseDKMS {
+		// When using dkms, we will use a GLOB to match the pattern; ModuleFullPath won't be used in the templated script anyway.
+		return fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName)
+	}
+	if l.SrcDir != "" {
+		return filepath.Join(l.SrcDir, fmt.Sprintf("%s.ko", c.DriverName))
+	}
+	return c.ToDriverFullPath()
+}
+
+func (l *LocalBuilder) GetProbeFullPath(c Config) string {
+	if l.SrcDir != "" {
+		return filepath.Join(l.SrcDir, "bpf", "probe.o")
+	}
+	return c.ToProbeFullPath()
+}
+
+func (l *LocalBuilder) GetDriverBuildDir() string {
+	driverBuildDir := DriverDirectory
+	if l.SrcDir != "" {
+		driverBuildDir = l.SrcDir
+	}
+	return driverBuildDir
+}

pkg/driverbuilder/builder/minikube.go

@@ -0,0 +1,56 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/blang/semver/v4"
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeMinikube identifies the Minikube target.
+const TargetTypeMinikube Type = "minikube"
+
+func init() {
+	byTarget[TargetTypeMinikube] = &minikube{
+		vanilla{},
+	}
+}
+
+type minikube struct {
+	vanilla
+}
+
+func (m *minikube) Name() string {
+	return TargetTypeMinikube.String()
+}
+
+func (m *minikube) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}
+
+func (m *minikube) GCCVersion(kr kernelrelease.KernelRelease) semver.Version {
+	// The supported versions of minikube use kernels > 4.19.
+	switch kr.Major {
+	case 5:
+		return semver.Version{Major: 10}
+	case 4:
+		return semver.Version{Major: 8}
+	default:
+		return semver.Version{Major: 12}
+	}
+}

pkg/driverbuilder/builder/opensuse.go

@@ -0,0 +1,272 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/opensuse_kernel.sh
+var opensuseKernelTemplate string
+
+//go:embed templates/opensuse.sh
+var opensuseTemplate string
+
+// TargetTypeOpenSUSE identifies the OpenSUSE target.
+const TargetTypeOpenSUSE Type = "opensuse"
+
+// We need:
+// kernel-default-devel-*-{arch}
+// kernel-devel-*-noarch
+const opensuseMinimumURLs = 2
+
+// base URLs to begin searches
+var baseURLs []string = []string{
+	// general releases, leap releases
+	"https://mirrors.edge.kernel.org/opensuse/distribution",
+	"http://download.opensuse.org/distribution",
+	"https://download.opensuse.org/repositories/Kernel:",
+	// some releases are stored at the top level specifically
+	"http://download.opensuse.org",
+}
+
+// all known releases - will need to expand as more are added
+var releases = []string{
+	// openSUSE leap
+	"43.2",
+	"15.0",
+	"15.1",
+	"15.2",
+	"15.3",
+	"15.4",
+	"15.5",
+	"15.6",
+	// other releases
+	"HEAD",
+	"stable",
+	"tumbleweed",
+}
+
+func init() {
+	byTarget[TargetTypeOpenSUSE] = &opensuse{}
+}
+
+// opensuse is a driverkit target.
+type opensuse struct {
+}
+
+type opensuseTemplateData struct {
+	KernelDownloadURLs []string
+}
+
+func (o *opensuse) MinimumURLs() int {
+	return opensuseMinimumURLs
+}
+
+func (o *opensuse) Name() string {
+	return TargetTypeOpenSUSE.String()
+}
+
+func (o *opensuse) TemplateKernelUrlsScript() string {
+	return opensuseKernelTemplate
+}
+
+func (o *opensuse) TemplateScript() string {
+	return opensuseTemplate
+}
+
+func (o *opensuse) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// SUSE requires 2 urls: a kernel-default-devel*{arch}.rpm and a kernel-devel*noarch.rpm
+	kernelDefaultDevelPattern := fmt.Sprintf("kernel-default-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion)
+	kernelDevelNoArchPattern := strings.ReplaceAll( // need to replace architecture string with "noarch"
+		fmt.Sprintf("kernel-devel-%s%s.rpm", kr.Fullversion, kr.FullExtraversion),
+		kr.Architecture.ToNonDeb(),
+		"noarch",
+	)
+
+	// get all possible URLs
+	possibleURLs := buildURLs(kr, kernelDefaultDevelPattern, kernelDevelNoArchPattern)
+
+	// trim the list to only resolving URLs
+	urls, err := GetResolvingURLs(possibleURLs)
+	if err != nil {
+		return nil, err
+	}
+
+	// ensure there is at least one URL of each required package type
+	if validateURLs(urls, kernelDefaultDevelPattern, kernelDevelNoArchPattern) {
+		return urls, nil
+	} else {
+		return nil, fmt.Errorf(
+			"missing one of the required package types: [ kernel-default-devel, kernel-devel*noarch ]: %v",
+			urls,
+		)
+	}
+}
+
+// build all possible url combinations from base URLs and releases
+func buildURLs(kr kernelrelease.KernelRelease, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) []string {
+
+	possibleURLs := []string{}
+	for _, release := range releases {
+		for _, baseURL := range baseURLs {
+
+			possibleURLs = append(
+				possibleURLs,
+				// leap urls
+				fmt.Sprintf(
+					"%s/leap/%s/repo/oss/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf( // noarch
+					"%s/leap/%s/repo/oss/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				// other urls
+				fmt.Sprintf(
+					"%s/%s/repo/oss/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf( // noarch
+					"%s/%s/repo/oss/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				// weird opensuse site urls
+				fmt.Sprintf(
+					"%s/openSUSE-%s/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/Submit/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/standard/%s/%s",
+					baseURL,
+					release,
+					kr.Architecture.ToNonDeb(),
+					kernelDefaultDevelPattern,
+				),
+				// weird opensuse site urls - kernel-devel*noarch edition
+				fmt.Sprintf(
+					"%s/openSUSE-%s/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/openSUSE-%s:/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/Submit/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+				fmt.Sprintf(
+					"%s/%s/standard/noarch/%s",
+					baseURL,
+					release,
+					kernelDevelNoArchPattern,
+				),
+			)
+		}
+	}
+
+	return possibleURLs
+}
+
+// check to ensure there is at least one URL of each package type
+func validateURLs(urls []string, kernelDefaultDevelPattern string, kernelDevelNoArchPattern string) bool {
+
+	// setup some flags
+	kernelDefaultDevelFlag := false
+	kernelDevelNoArchFlag := false
+
+	for _, url := range urls {
+		if strings.Contains(url, kernelDefaultDevelPattern) {
+			kernelDefaultDevelFlag = true
+		}
+		if strings.Contains(url, kernelDevelNoArchPattern) {
+			kernelDevelNoArchFlag = true
+		}
+	}
+
+	return kernelDefaultDevelFlag && kernelDevelNoArchFlag
+
+}
+
+func (o *opensuse) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return opensuseTemplateData{
+		KernelDownloadURLs: urls,
+	}
+}

pkg/driverbuilder/builder/oracle.go

@@ -0,0 +1,132 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+	"strings"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/oracle_kernel.sh
+var oracleKernelTemplate string
+
+//go:embed templates/oracle.sh
+var oracleTemplate string
+
+// TargetTypeoracle identifies the oracle target ("ol" is the ID from /etc/os-release that Oracle uses)
+const TargetTypeoracle Type = "ol"
+
+func init() {
+	byTarget[TargetTypeoracle] = &oracle{}
+}
+
+// oracle is a driverkit target.
+type oracle struct {
+}
+
+type oracleTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (c *oracle) Name() string {
+	return TargetTypeoracle.String()
+}
+
+func (c *oracle) TemplateKernelUrlsScript() string {
+	return oracleKernelTemplate
+}
+
+func (c *oracle) TemplateScript() string {
+	return oracleTemplate
+}
+
+func (c *oracle) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+
+	// oracle FullExtraversion looks like "-2047.510.5.5.el7uek.x86_64"
+	// need to get the "el7uek" out of the middle
+	splitVersion := strings.Split(kr.FullExtraversion, ".")
+	oracleVersion := splitVersion[len(splitVersion)-2] // [ "-2047", "510", "5", "5", "el7uek","x86_64" ] want -2
+
+	// trim off the "el" and "uek" from oracleVersion
+	version := strings.Trim(strings.Trim(oracleVersion, "el"), "uek")
+
+	// sometimes Oracle 8 does "8_x" for version, only want the "8"
+	if strings.Contains(version, "_") {
+		version = strings.Split(version, "_")[0]
+	}
+
+	// list of possible UEK versions, which are used in the URL - ex: "UEKR3"
+	// may need to evolve over time if Oracle adds more
+	ueks := []string{"R3", "R4", "R5", "R6", "R7"}
+
+	// template the kernel info into all possible URL strings
+	urls := []string{
+		fmt.Sprintf( // latest (Oracle 7)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/latest/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // latest + baseos (Oracle 8 + 9)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/baseos/latest/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // appstream (Oracle 8 + 9)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/appstream/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+		fmt.Sprintf( // MODRHCK (Oracle 7)
+			"http://yum.oracle.com/repo/OracleLinux/OL%s/MODRHCK/%s/getPackage/kernel-devel-%s%s.rpm",
+			version,
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		),
+	}
+
+	// add in all the UEK versions
+	for _, uekVers := range ueks {
+		urls = append(
+			urls,
+			fmt.Sprintf( // UEK versions URL
+				"http://yum.oracle.com/repo/OracleLinux/OL%s/UEK%s/%s/getPackage/kernel-uek-devel-%s%s.rpm",
+				version,
+				uekVers,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			),
+		)
+	}
+
+	// return out all possible urls
+	return urls, nil
+}
+
+func (c *oracle) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return oracleTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}

pkg/driverbuilder/builder/photon.go

@@ -0,0 +1,105 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypePhoton identifies the Photon target.
+const TargetTypePhoton Type = "photon"
+
+//go:embed templates/photonos_kernel.sh
+var photonKernelTemplate string
+
+//go:embed templates/photonos.sh
+var photonTemplate string
+
+func init() {
+	byTarget[TargetTypePhoton] = &photon{}
+}
+
+// photon is a driverkit target.
+type photon struct {
+}
+
+type photonTemplateData struct {
+	KernelDownloadURL string
+}
+
+func (p *photon) Name() string {
+	return TargetTypePhoton.String()
+}
+
+func (p *photon) TemplateKernelUrlsScript() string {
+	return photonKernelTemplate
+}
+
+func (p *photon) TemplateScript() string {
+	return photonTemplate
+}
+
+func (p *photon) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchPhotonKernelURLS(kr), nil
+}
+
+func (p *photon) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return photonTemplateData{
+		KernelDownloadURL: urls[0],
+	}
+}
+
+func fetchPhotonKernelURLS(kr kernelrelease.KernelRelease) []string {
+	photonReleases := []string{
+		"3.0",
+		"4.0",
+		"5.0",
+	}
+
+	var urls []string
+	for _, r := range photonReleases {
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_release_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+		urls = append(urls, fmt.Sprintf(
+			"https://packages.vmware.com/photon/%s/photon_updates_%s_%s/%s/linux-devel-%s%s.x86_64.rpm",
+			r,
+			r,
+			kr.Architecture.ToNonDeb(),
+			kr.Architecture.ToNonDeb(),
+			kr.Fullversion,
+			kr.FullExtraversion,
+		))
+	}
+	return urls
+}

pkg/driverbuilder/builder/redhat.go

@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/redhat_kernel.sh
+var redhatKernelTemplate string
+
+//go:embed templates/redhat.sh
+var redhatTemplate string
+
+// TargetTypeRedhat identifies the redhat target.
+const TargetTypeRedhat Type = "redhat"
+
+// redhat is a driverkit target.
+type redhat struct {
+}
+
+func init() {
+	byTarget[TargetTypeRedhat] = &redhat{}
+}
+
+type redhatTemplateData struct {
+	KernelPackage string
+}
+
+func (v *redhat) Name() string {
+	return TargetTypeRedhat.String()
+}
+
+func (v *redhat) TemplateKernelUrlsScript() string {
+	return redhatKernelTemplate
+}
+
+func (v *redhat) TemplateScript() string {
+	return redhatTemplate
+}
+
+func (v *redhat) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (v *redhat) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+func (v *redhat) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
+	return redhatTemplateData{
+		KernelPackage: kr.Fullversion + kr.FullExtraversion,
+	}
+}

pkg/driverbuilder/builder/rocky.go

@@ -1,72 +1,96 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
 import (
-	"bytes"
+	_ "embed"
 	"fmt"
-	"text/template"
 
 	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
 )
 
+//go:embed templates/rocky_kernel.sh
+var rockyKernelTemplate string
+
+//go:embed templates/rocky.sh
+var rockyTemplate string
+
 // TargetTypeRocky identifies the Rocky target.
 const TargetTypeRocky Type = "rocky"
 
 func init() {
-	BuilderByTarget[TargetTypeRocky] = &rocky{}
+	byTarget[TargetTypeRocky] = &rocky{}
+}
+
+type rockyTemplateData struct {
+	KernelDownloadURL string
 }
 
 // rocky is a driverkit target.
 type rocky struct {
 }
 
-// Script compiles the script to build the kernel module and/or the eBPF probe.
-func (c rocky) Script(cfg Config) (string, error) {
-	t := template.New(string(TargetTypeRocky))
-	parsed, err := t.Parse(rockyTemplate)
-	if err != nil {
-		return "", err
+func (c *rocky) Name() string {
+	return TargetTypeRocky.String()
 }
 
-	kr := kernelReleaseFromBuildConfig(cfg.Build)
-
-	var urls []string
-    if cfg.KernelUrls == nil {
-        // Check (and filter) existing kernels before continuing
-        urls, err = getResolvingURLs(fetchRockyKernelURLS(kr))
-    } else {
-        urls, err = getResolvingURLs(cfg.KernelUrls)
-    }
-    if err != nil {
-        return "", err
+func (c *rocky) TemplateKernelUrlsScript() string {
+	return rockyKernelTemplate
 }
 
-	td := rockyTemplateData{
-		DriverBuildDir:    DriverDirectory,
-		ModuleDownloadURL: moduleDownloadURL(cfg),
+func (c *rocky) TemplateScript() string {
+	return rockyTemplate
+}
+
+func (c *rocky) URLs(kr kernelrelease.KernelRelease) ([]string, error) {
+	return fetchRockyKernelURLS(kr), nil
+}
+
+func (c *rocky) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} {
+	return rockyTemplateData{
 		KernelDownloadURL: urls[0],
-		GCCVersion:        rockyGccVersionFromKernelRelease(kr),
-		ModuleDriverName:  cfg.DriverName,
-		ModuleFullPath:    ModuleFullPath,
-		BuildModule:       len(cfg.Build.ModuleFilePath) > 0,
-		BuildProbe:        len(cfg.Build.ProbeFilePath) > 0,
 	}
-
-	buf := bytes.NewBuffer(nil)
-	err = parsed.Execute(buf, td)
-	if err != nil {
-		return "", err
-	}
-	return buf.String(), nil
 }
 
 func fetchRockyKernelURLS(kr kernelrelease.KernelRelease) []string {
 	rockyReleases := []string{
 		"8",
+		"8.7",
+		"9",
+		"9.1",
+	}
+
+	rockyVaultReleases := []string{
+		"8.3",
+		"8.4",
 		"8.5",
+		"8.6",
+		"9.1",
 	}
 
 	urls := []string{}
 	for _, r := range rockyReleases {
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/pub/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
 			urls = append(urls, fmt.Sprintf(
 				"https://download.rockylinux.org/pub/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
 				r,
@@ -75,71 +99,25 @@ func fetchRockyKernelURLS(kr kernelrelease.KernelRelease) []string {
 				kr.FullExtraversion,
 			))
 		}
+	}
+	for _, r := range rockyVaultReleases {
+		if r >= "9" {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/vault/rocky/%s/AppStream/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		} else {
+			urls = append(urls, fmt.Sprintf(
+				"https://download.rockylinux.org/vault/rocky/%s/BaseOS/%s/os/Packages/k/kernel-devel-%s%s.rpm",
+				r,
+				kr.Architecture.ToNonDeb(),
+				kr.Fullversion,
+				kr.FullExtraversion,
+			))
+		}
+	}
 	return urls
 }
-
-type rockyTemplateData struct {
-	DriverBuildDir    string
-	ModuleDownloadURL string
-	KernelDownloadURL string
-	GCCVersion        string
-	ModuleDriverName  string
-	ModuleFullPath    string
-	BuildModule       bool
-	BuildProbe        bool
-}
-
-const rockyTemplate = `
-#!/bin/bash
-set -xeuo pipefail
-
-rm -Rf {{ .DriverBuildDir }}
-mkdir {{ .DriverBuildDir }}
-rm -Rf /tmp/module-download
-mkdir -p /tmp/module-download
-
-curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download
-mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }}
-
-cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile
-bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }}
-
-# Fetch the kernel
-mkdir /tmp/kernel-download
-cd /tmp/kernel-download
-curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
-rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
-rm -Rf /tmp/kernel
-mkdir -p /tmp/kernel
-mv usr/src/kernels/*/* /tmp/kernel
-
-# Change current gcc
-ln -sf /usr/bin/gcc-{{ .GCCVersion }} /usr/bin/gcc
-
-{{ if .BuildModule }}
-# Build the module
-cd {{ .DriverBuildDir }}
-make KERNELDIR=/tmp/kernel
-mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }}
-strip -g {{ .ModuleFullPath }}
-# Print results
-modinfo {{ .ModuleFullPath }}
-{{ end }}
-
-{{ if .BuildProbe }}
-# Build the eBPF probe
-cd {{ .DriverBuildDir }}/bpf
-make LLC=/usr/bin/llc-7 CLANG=/usr/bin/clang-7 CC=/usr/bin/gcc KERNELDIR=/tmp/kernel
-ls -l probe.o
-{{ end }}
-`
-
-func rockyGccVersionFromKernelRelease(kr kernelrelease.KernelRelease) string {
-	switch kr.Version {
-	case "3":
-		return "5"
-	case "2":
-		return "4.8"
-	}
-	return "8"
-}

pkg/driverbuilder/builder/sles.go

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	_ "embed"
+
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+//go:embed templates/sles_kernel.sh
+var slesKernelTemplate string
+
+//go:embed templates/sles.sh
+var slesTemplate string
+
+// TargetTypeSLES identifies the sles target.
+const TargetTypeSLES Type = "sles"
+
+// sles is a driverkit target.
+type sles struct {
+}
+
+func init() {
+	byTarget[TargetTypeSLES] = &sles{}
+}
+
+type slesTemplateData struct {
+	KernelPackage string
+}
+
+func (v *sles) Name() string {
+	return TargetTypeSLES.String()
+}
+
+func (v *sles) TemplateKernelUrlsScript() string {
+	return slesKernelTemplate
+}
+
+func (v *sles) TemplateScript() string {
+	return slesTemplate
+}
+
+func (v *sles) URLs(_ kernelrelease.KernelRelease) ([]string, error) {
+	return nil, nil
+}
+
+func (v *sles) MinimumURLs() int {
+	// We don't need any url
+	return 0
+}
+
+func (v *sles) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} {
+	return slesTemplateData{
+		KernelPackage: kr.Fullversion + kr.FullExtraversion,
+	}
+}
+
+// sles requires docker to run with `--net=host` for builder images to work
+// for more info, see the suse container connect README: https://github.com/SUSE/container-suseconnect
+func (v *sles) BuilderImageNetMode() string {
+	return "host"
+}

pkg/driverbuilder/builder/talos.go

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package builder
+
+import (
+	"github.com/falcosecurity/driverkit/pkg/kernelrelease"
+)
+
+// TargetTypeTalos identifies the Talos target.
+const TargetTypeTalos Type = "talos"
+
+func init() {
+	byTarget[TargetTypeTalos] = &talos{
+		vanilla{},
+	}
+}
+
+type talos struct {
+	vanilla
+}
+
+func (b *talos) Name() string {
+	return TargetTypeTalos.String()
+}
+
+func (b *talos) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} {
+	return vanillaTemplateData{
+		KernelDownloadURL:  urls[0],
+		KernelLocalVersion: kr.FullExtraversion,
+	}
+}

pkg/driverbuilder/builder/target.go

@@ -1,7 +1,21 @@
+// SPDX-License-Identifier: Apache-2.0
+/*
+Copyright (C) 2023 The Falco Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package builder
 
-// BuilderByTarget maps targets to their builder.
-var BuilderByTarget = Targets{}
+// byTarget maps targets to their builder.
+var byTarget = map[Type]Builder{}
 
 // Type is a type representing targets.
 type Type string
@@ -9,15 +23,3 @@ type Type string
 func (t Type) String() string {
 	return string(t)
 }
-
-// Targets is a type representing the list of the supported targets.
-type Targets map[Type]Builder
-
-// Targets returns the list of all the supported targets.
-func (t Targets) Targets() []string {
-	res := []string{}
-	for k := range t {
-		res = append(res, k.String())
-	}
-	return res
-}

pkg/driverbuilder/builder/templates/alinux.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (C) 2023 The Falco Authors.
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Simple script that desperately tries to load the kernel instrumentation by
+# looking for it in a bunch of ways. Convenient when running Falco inside
+# a container or in other weird environments.
+#
+set -xeuo pipefail
+
+cd {{ .DriverBuildDir }}
+mkdir -p build && cd build
+{{ .CmakeCmd }}
+
+{{ if .BuildModule }}
+# Build the module
+make CC=/usr/bin/gcc-{{ .GCCVersion }} driver
+strip -g {{ .ModuleFullPath }}
+# Print results
+modinfo {{ .ModuleFullPath }}
+{{ end }}
+
+{{ if .BuildProbe }}
+# Build the eBPF probe
+make bpf
+ls -l driver/bpf/probe.o
+{{ end }}

pkg/driverbuilder/builder/templates/alinux_kernel.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+#
+# Copyright (C) 2023 The Falco Authors.
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Simple script that desperately tries to load the kernel instrumentation by
+# looking for it in a bunch of ways. Convenient when running Falco inside
+# a container or in other weird environments.
+#
+set -xeuo pipefail
+
+# Fetch the kernel
+mkdir /tmp/kernel-download
+cd /tmp/kernel-download
+curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }}
+rpm2cpio kernel-devel.rpm | cpio --extract --make-directories
+rm -Rf /tmp/kernel
+mkdir -p /tmp/kernel
+mv usr/src/kernels/*/* /tmp/kernel
+
+# exit value
+export KERNELDIR=/tmp/kernel