diff options
Diffstat (limited to 'pkgs/os-specific/linux/sysdig/default.nix')
-rw-r--r-- | pkgs/os-specific/linux/sysdig/default.nix | 145 |
1 files changed, 94 insertions, 51 deletions
diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index ff149e771bcbf..1162b3363caee 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -1,13 +1,39 @@ -{ lib, stdenv, fetchFromGitHub, cmake, kernel, installShellFiles, pkg-config -, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb -, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash }: +{ + lib, + stdenv, + fetchFromGitHub, + cmake, + kernel, + installShellFiles, + pkg-config, + luajit, + ncurses, + perl, + jsoncpp, + openssl, + curl, + jq, + gcc, + elfutils, + tbb, + protobuf, + grpc, + yaml-cpp, + nlohmann_json, + re2, + zstd, + uthash, + clang, + libbpf, + bpftools, +}: let - # Compare with https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/falcosecurity-libs.cmake - libsRev = "0.16.0"; - libsHash = "sha256-aduO2pLj91tRdZ1dW1F1JFEg//SopialXWPd6Oav/u8="; + # Compare with https://github.com/draios/sysdig/blob/0.38.0/cmake/modules/falcosecurity-libs.cmake + libsRev = "0.17.2"; + libsHash = "sha256-BTLXtdU7GjOJReaycHvXkSd2vtybnCn0rTR7OEsvaMQ="; - # Compare with https://github.com/falcosecurity/libs/blob/0.16.0/cmake/modules/valijson.cmake + # Compare with https://github.com/falcosecurity/libs/blob/0.17.2/cmake/modules/valijson.cmake valijson = fetchFromGitHub { owner = "tristanpenman"; repo = "valijson"; @@ -15,16 +41,17 @@ let hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo="; }; - # https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/driver.cmake + # https://github.com/draios/sysdig/blob/0.38.0/cmake/modules/driver.cmake driver = fetchFromGitHub { owner = "falcosecurity"; repo = "libs"; - rev = "7.1.0+driver"; + rev = "7.2.0+driver"; hash = "sha256-FIlnJsNgofGo4HETEEpW28wpC3U9z5AZprwFR5AgFfA="; }; - version = "0.37.1"; -in stdenv.mkDerivation { + version = "0.38.0"; +in +stdenv.mkDerivation { pname = "sysdig"; inherit version; @@ -32,10 +59,15 @@ in stdenv.mkDerivation { owner = "draios"; repo = "sysdig"; rev = version; - hash = "sha256-V1rvQ6ZznL9UiUFW2lyW6gvdoGttOd5kgT2KPQCjmvQ="; + hash = "sha256-y6WArSz57w8vb3A3nHT37G6D8++6en2jQfeIS4YCD9U="; }; - nativeBuildInputs = [ cmake perl installShellFiles pkg-config ]; + nativeBuildInputs = [ + cmake + perl + installShellFiles + pkg-config + ]; buildInputs = [ luajit ncurses @@ -53,6 +85,9 @@ in stdenv.mkDerivation { nlohmann_json zstd uthash + clang + libbpf + bpftools ] ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies; hardeningDisable = [ "pic" ]; @@ -97,48 +132,56 @@ in stdenv.mkDerivation { # fix compiler warnings been treated as errors "-Wno-error"; - preConfigure = '' - if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then - echo "falcosecurity-libs checksum needs to be updated!" - exit 1 - fi - cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") - '' + lib.optionalString (kernel != null) '' - export INSTALL_MOD_PATH="$out" - export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" - ''; - - postInstall = '' - # Fix the bash completion location - installShellCompletion --bash $out/etc/bash_completion.d/sysdig - rm $out/etc/bash_completion.d/sysdig - rmdir $out/etc/bash_completion.d - rmdir $out/etc - '' + lib.optionalString (kernel != null) '' - make install_driver - kernel_dev=${kernel.dev} - kernel_dev=''${kernel_dev#${builtins.storeDir}/} - kernel_dev=''${kernel_dev%%-linux*dev*} - if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then - sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko - else - for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do - if test -f "$i"; then - xz -d $i - sed -i "s#$kernel_dev#................................#g" ''${i%.xz} - xz -9 ''${i%.xz} - fi - done - fi - ''; + preConfigure = + '' + if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then + echo "falcosecurity-libs checksum needs to be updated!" + exit 1 + fi + cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") + '' + + lib.optionalString (kernel != null) '' + export INSTALL_MOD_PATH="$out" + export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ''; + + postInstall = + '' + # Fix the bash completion location + installShellCompletion --bash $out/etc/bash_completion.d/sysdig + rm $out/etc/bash_completion.d/sysdig + rmdir $out/etc/bash_completion.d + rmdir $out/etc + '' + + lib.optionalString (kernel != null) '' + make install_driver + kernel_dev=${kernel.dev} + kernel_dev=''${kernel_dev#${builtins.storeDir}/} + kernel_dev=''${kernel_dev%%-linux*dev*} + if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then + sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko + else + for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do + if test -f "$i"; then + xz -d $i + sed -i "s#$kernel_dev#................................#g" ''${i%.xz} + xz -9 ''${i%.xz} + fi + done + fi + ''; meta = { - description = - "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; - license = with lib.licenses; [ asl20 gpl2Only mit ]; + description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; + license = with lib.licenses; [ + asl20 + gpl2Only + mit + ]; maintainers = with lib.maintainers; [ raskin ]; platforms = [ "x86_64-linux" ] ++ lib.platforms.darwin; - broken = kernel != null && ((lib.versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen); + broken = + kernel != null && ((lib.versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen); homepage = "https://sysdig.com/opensource/"; downloadPage = "https://github.com/draios/sysdig/releases"; }; |