diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile deleted file mode 100644 index 6af2bd097f..0000000000 --- a/docker/dev/Dockerfile +++ /dev/null @@ -1,106 +0,0 @@ -FROM debian:stable - -LABEL maintainer="Sysdig " - -ENV SYSDIG_REPOSITORY dev - -LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" - -ENV SYSDIG_HOST_ROOT /host - -ENV HOME /root - -RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root - -ADD https://download.sysdig.com/apt-draios-priority /etc/apt/preferences.d/ - -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ - bash-completion \ - bc \ - clang-7 \ - curl \ - dkms \ - gnupg2 \ - ca-certificates \ - gcc \ - libc6-dev \ - libelf-dev \ - libelf1 \ - less \ - llvm-7 \ - procps \ - xz-utils \ - libmpx2 \ - && rm -rf /var/lib/apt/lists/* - -# gcc 6 is no longer included in debian unstable, but we need it to -# build kernel modules on the default debian-based ami used by -# kops. So grab copies we've saved from debian snapshots with the -# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z -# or so. - -RUN curl -o cpp-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/cpp-6_6.3.0-18_amd64.deb \ - && curl -o gcc-6-base_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6-base_6.3.0-18_amd64.deb \ - && curl -o gcc-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6_6.3.0-18_amd64.deb \ - && curl -o libasan3_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libasan3_6.3.0-18_amd64.deb \ - && curl -o libcilkrts5_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libcilkrts5_6.3.0-18_amd64.deb \ - && curl -o libgcc-6-dev_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libgcc-6-dev_6.3.0-18_amd64.deb \ - && curl -o libubsan0_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libubsan0_6.3.0-18_amd64.deb \ - && curl -o libmpfr4_3.1.3-2_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libmpfr4_3.1.3-2_amd64.deb \ - && curl -o libisl15_0.18-1_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libisl15_0.18-1_amd64.deb \ - && dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \ - && rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb - -# gcc 5 is no longer included in debian unstable, but we need it to -# build centos kernels, which are 3.x based and explicitly want a gcc -# version 3, 4, or 5 compiler. So grab copies we've saved from debian -# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z. - -RUN curl -o cpp-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/cpp-5_5.5.0-12_amd64.deb \ - && curl -o gcc-5-base_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5-base_5.5.0-12_amd64.deb \ - && curl -o gcc-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5_5.5.0-12_amd64.deb \ - && curl -o libasan2_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libasan2_5.5.0-12_amd64.deb \ - && curl -o libgcc-5-dev_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \ - && curl -o libisl15_0.18-4_amd64.deb https://download.sysdig.com/dependencies/libisl15_0.18-4_amd64.deb \ - && curl -o libmpx0_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libmpx0_5.5.0-12_amd64.deb \ - && dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \ - && rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb - -# Since our base Debian image ships with GCC 7 which breaks older kernels, revert the -# default to gcc-5. -RUN rm -rf /usr/bin/gcc && ln -s /usr/bin/gcc-5 /usr/bin/gcc - -RUN rm -rf /usr/bin/clang \ - && rm -rf /usr/bin/llc \ - && ln -s /usr/bin/clang-7 /usr/bin/clang \ - && ln -s /usr/bin/llc-7 /usr/bin/llc - -RUN curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | apt-key add - \ - && curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/$SYSDIG_REPOSITORY/deb/draios.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends sysdig \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Some base images have an empty /lib/modules by default -# If it's not empty, docker build will fail instead of -# silently overwriting the existing directory -RUN rm -df /lib/modules \ - && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules - -# debian:unstable head contains binutils 2.31, which generates -# binaries that are incompatible with kernels < 4.16. So manually -# forcibly install binutils 2.30-22 instead. -RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \ - && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \ - && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \ - && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \ - && dpkg -i *binutils*.deb - -COPY ./docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/dev/docker-entrypoint.sh b/docker/dev/docker-entrypoint.sh deleted file mode 100755 index 0c6e6fab9f..0000000000 --- a/docker/dev/docker-entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#set -e - -echo "* Setting up /usr/src links from host" - -for i in $(ls $SYSDIG_HOST_ROOT/usr/src) -do - ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i -done - -/usr/bin/scap-driver-loader - -exec "$@" diff --git a/docker/ebpf-probe-builder/Dockerfile b/docker/ebpf-probe-builder/Dockerfile deleted file mode 100644 index 1c84a670e0..0000000000 --- a/docker/ebpf-probe-builder/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM debian:unstable - -MAINTAINER Sysdig - -# Based on the sysdig container, used for building eBPF probe - -RUN apt-get update \ - && apt-get dist-upgrade -y \ - && apt-get install -y --no-install-recommends \ - clang \ - gcc \ - libelf-dev \ - libelf1 \ - llvm \ - make \ - && rm -rf /var/lib/apt/lists/* - -COPY ./probe-builder-entrypoint.sh / - -ENTRYPOINT ["/probe-builder-entrypoint.sh"] diff --git a/docker/ebpf-probe-builder/build_bpf_probe.sh b/docker/ebpf-probe-builder/build_bpf_probe.sh deleted file mode 100755 index dfec5f39e9..0000000000 --- a/docker/ebpf-probe-builder/build_bpf_probe.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -set -eu - -# Defaults -DRIVER_DIR=/opt/draios/src/draios-agent-0.1.1dev -KERNEL_DIR=/lib/modules/$(uname -r)/build -OUT_DIR=${HOME}/.sysdig - -usage() -{ - echo "build_bpf_probe [-d ] [-k ] [-o ]" -} - -# Options parsing -while [ -n "${1-}" ]; do - case $1 in - -d | --driver ) shift - DRIVER_DIR=$1 - ;; - -k | --kernel ) shift - KERNEL_DIR=$1 - ;; - -o | --output ) shift - OUT_DIR=$1 - ;; - -h | --help ) usage - exit - ;; - * ) usage - exit 1 - ;; - esac - shift -done - -mkdir -p ${HOME}/.sysdig - -# -# Mapped volumes: -# - ${OUT_DIR}: The directory that the probe gets put in. Defaults to ~/.sysdig -# - ${DRIVER_DIR}: The prepared bpf driver code that gets written by the installer -# - ${KERNEL_DIR}: The kmod build directory for the target kernel. -# - /lib/modules: Unfortunately, on some distros (Debian / Ubuntu), there are -# additional support directories (such as a -common counterpart to -amd64) which -# need to be accessible for the makefile -# - /usr: As with the above, on Debian based systems the /lib/modules tree will have -# symlinks into /usr/lib/linux-kbuild* and these directories need to be present. - -docker build -t ebpf-probe-builder:latest --pull . -docker images -q -f 'dangling=true' | xargs --no-run-if-empty docker rmi -f -docker run --rm -i -v ${OUT_DIR}:/out -v ${DRIVER_DIR}:/driver -v ${KERNEL_DIR}:/kernel -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -e BPF_PROBE_FILENAME=bpf_probe.o ebpf-probe-builder:latest - -echo "Probe is in ${OUT_DIR}/" diff --git a/docker/ebpf-probe-builder/probe-builder-entrypoint.sh b/docker/ebpf-probe-builder/probe-builder-entrypoint.sh deleted file mode 100755 index b360b2c96f..0000000000 --- a/docker/ebpf-probe-builder/probe-builder-entrypoint.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2019 Draios Inc dba Sysdig. -# -# This file is part of sysdig. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# Simple script to build the BPF probe. Assumes that all the dependencies -# and requirements are already satisfied (as they are in the accompanying -# docker container) -# - -set -exu - -echo "* Building probe ${BPF_PROBE_FILENAME}" - -# On some distros, the modules dir links into /usr/src, so we need to make sure -# we have that sorted so we can build properly -for i in $(ls /host/usr/src); do - ln -s /host/usr/src/$i /usr/src/$i -done - -# Again, on some distros, we need to populate the /lib/modules directory -# because the kernel header info is split among several subdirs - -mkdir -p /lib/modules - -for i in $(ls /host/lib/modules); do - ln -s /host/lib/modules/$i /lib/modules/$i -done - -cd /driver/bpf -echo "Building bpf" -KERNELDIR=/kernel make - -echo "** Done building probe" -cp probe.o /out/${BPF_PROBE_FILENAME} diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile deleted file mode 100644 index f0f97c397a..0000000000 --- a/docker/local/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi - -LABEL maintainer="Sysdig " -LABEL usage="docker run --rm -i -t --privileged --net=host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /src:/src -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --name NAME IMAGE" - -ARG VERSION=0.34.1 -ENV VERSION=${VERSION} - -ENV HOST_ROOT /host -ENV HOME /root - -RUN yum -y install \ - make \ - kmod \ - gcc \ - clang \ - llvm-toolset \ - less \ - && mkdir -p /tmp/dkms \ - && cd /tmp/dkms \ - && curl --remote-name-all -L https://github.com/dell/dkms/archive/refs/tags/v2.8.5.tar.gz \ - && tar --strip-components=1 -xf v2.8.5.tar.gz \ - && make tarball \ - && make install \ - && cd /tmp \ - && rm -fr /tmp/dkms \ - && curl -L -o sysdig.rpm "https://github.com/draios/sysdig/releases/download/${VERSION}/sysdig-${VERSION}-x86_64.rpm" \ - && rpm --nodeps --force -i ./sysdig.rpm \ - && rm ./sysdig.rpm \ - && rm -df /lib/modules \ - && ln -s $HOST_ROOT/lib/modules /lib/modules - -COPY docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/local/docker-entrypoint.sh b/docker/local/docker-entrypoint.sh deleted file mode 100755 index a061c9ce78..0000000000 --- a/docker/local/docker-entrypoint.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#set -e - -if echo $@ | grep -q -v modern-bpf; then - echo "* Setting up /usr/src links from host" - - for i in $(ls $HOST_ROOT/usr/src) - do - ln -s $HOST_ROOT/usr/src/$i /usr/src/$i - done - - /usr/bin/scap-driver-loader -fi - -exec "$@" diff --git a/docker/scap-driver-toolchains/Dockerfile b/docker/scap-driver-toolchains/Dockerfile deleted file mode 100644 index f7ff741ec1..0000000000 --- a/docker/scap-driver-toolchains/Dockerfile +++ /dev/null @@ -1,146 +0,0 @@ -FROM registry.access.redhat.com/ubi8 AS base - -RUN yum update \ - && yum install -y gcc \ - gcc-c++ \ - make \ - cmake \ - xz \ - curl \ - python3 \ - gnupg \ - diffutils \ - wget \ - bzip2 - -RUN curl -O -L https://mirrors.ocf.berkeley.edu/gnu/gnu-keyring.gpg \ - && gpg -q --import gnu-keyring.gpg - -RUN gpg --batch --keyserver keyserver.ubuntu.com --recv-keys A2C794A986419D8A - -FROM base AS tools - -WORKDIR /src/binutils - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/binutils/binutils-2.30.tar.gz{,.sig} \ - && gpg --verify binutils-2.30.tar.gz.sig \ - && tar --strip-components=1 -xf binutils-2.30.tar.gz - -RUN ./configure --prefix=/opt/scap-driver-toolchains/binutils-2.30 \ - && make \ - && make install-strip - -WORKDIR /src/dkms - -RUN curl --remote-name-all -L https://github.com/dell/dkms/archive/refs/tags/v2.8.5.tar.gz \ - && tar --strip-components=1 -xf v2.8.5.tar.gz \ - && make tarball \ - && make install DESTDIR=/opt/scap-driver-toolchains/dkms - -FROM base AS llvm-7 - -WORKDIR /src/llvm/7 - -RUN curl --remote-name-all -L https://github.com/llvm/llvm-project/releases/download/llvmorg-7.1.0/cfe-7.1.0.src.tar.xz{,.sig} \ - https://github.com/llvm/llvm-project/releases/download/llvmorg-7.1.0/llvm-7.1.0.src.tar.xz{,.sig} \ - && gpg --verify cfe-7.1.0.src.tar.xz.sig \ - && gpg --verify llvm-7.1.0.src.tar.xz.sig \ - && tar -xf llvm-7.1.0.src.tar.xz \ - && tar -xf cfe-7.1.0.src.tar.xz \ - && mv cfe-7.1.0.src clang - -WORKDIR /src/llvm/7/build - -RUN cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_INSTALL_PREFIX=/opt/scap-driver-toolchains/llvm-7 -DLLVM_ENABLE_PROJECTS=clang -DCMAKE_CXX_FLAGS='-static-libgcc' -G "Unix Makefiles" ../llvm-7.1.0.src \ - && make \ - && make install/strip - -FROM base AS gcc-5 - -WORKDIR /src/gcc/5 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-5.5.0/gcc-5.5.0.tar.gz{,.sig} \ - && gpg --verify gcc-5.5.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-5.5.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-5 --enable-languages=c --disable-libsanitizer --disable-multilib \ - && make \ - && make install-strip - -FROM base AS gcc-6 - -WORKDIR /src/gcc/6 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-6.5.0/gcc-6.5.0.tar.gz{,.sig} \ - && gpg --verify gcc-6.5.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-6.5.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-6 --enable-languages=c --disable-libsanitizer --disable-multilib \ - && make \ - && make install-strip - -FROM base AS gcc-7 - -WORKDIR /src/gcc/7 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-7.5.0/gcc-7.5.0.tar.gz{,.sig} \ - && gpg --verify gcc-7.5.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-7.5.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-7 --enable-languages=c --disable-libsanitizer --disable-multilib \ - && make \ - && make install-strip - -FROM base AS gcc-8 - -WORKDIR /src/gcc/8 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-8.5.0/gcc-8.5.0.tar.gz{,.sig} \ - && gpg --verify gcc-8.5.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-8.5.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-8 --enable-languages=c --disable-multilib \ - && make \ - && make install-strip - -FROM base AS gcc-9 - -WORKDIR /src/gcc/9 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-9.4.0/gcc-9.4.0.tar.gz{,.sig} \ - && gpg --verify gcc-9.4.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-9.4.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-9 --enable-languages=c --disable-multilib \ - && make \ - && make install-strip - -FROM base AS gcc-10 - -WORKDIR /src/gcc/10 - -RUN curl --remote-name-all -L https://ftp.gnu.org/gnu/gcc/gcc-10.3.0/gcc-10.3.0.tar.gz{,.sig} \ - && gpg --verify gcc-10.3.0.tar.gz.sig \ - && tar --strip-components=1 -xf gcc-10.3.0.tar.gz \ - && ./contrib/download_prerequisites - -RUN ./configure --prefix=/opt/scap-driver-toolchains/gcc-10 --enable-languages=c --disable-multilib \ - && make \ - && make install-strip - -FROM registry.access.redhat.com/ubi8 - -COPY --from=tools /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=llvm-7 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-5 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-6 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-7 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-8 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-9 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ -COPY --from=gcc-10 /opt/scap-driver-toolchains/ /opt/scap-driver-toolchains/ - diff --git a/docker/stable/Dockerfile b/docker/stable/Dockerfile deleted file mode 100644 index 5a8638f23a..0000000000 --- a/docker/stable/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -FROM debian:stable - -LABEL maintainer="Sysdig " - -ENV SYSDIG_REPOSITORY stable - -LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" - -ENV SYSDIG_HOST_ROOT /host - -ENV HOME /root - -RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root - -ADD https://download.sysdig.com/apt-draios-priority /etc/apt/preferences.d/ - -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ - bash-completion \ - bc \ - clang-7 \ - curl \ - dkms \ - gnupg2 \ - ca-certificates \ - gcc \ - libc6-dev \ - libelf-dev \ - libelf1 \ - less \ - llvm-7 \ - procps \ - xz-utils \ - libmpx2 \ - && rm -rf /var/lib/apt/lists/* - -# gcc 6 is no longer included in debian unstable, but we need it to -# build kernel modules on the default debian-based ami used by -# kops. So grab copies we've saved from debian snapshots with the -# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z -# or so. - -RUN curl -o cpp-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/cpp-6_6.3.0-18_amd64.deb \ - && curl -o gcc-6-base_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6-base_6.3.0-18_amd64.deb \ - && curl -o gcc-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6_6.3.0-18_amd64.deb \ - && curl -o libasan3_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libasan3_6.3.0-18_amd64.deb \ - && curl -o libcilkrts5_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libcilkrts5_6.3.0-18_amd64.deb \ - && curl -o libgcc-6-dev_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libgcc-6-dev_6.3.0-18_amd64.deb \ - && curl -o libubsan0_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libubsan0_6.3.0-18_amd64.deb \ - && curl -o libmpfr4_3.1.3-2_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libmpfr4_3.1.3-2_amd64.deb \ - && curl -o libisl15_0.18-1_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libisl15_0.18-1_amd64.deb \ - && dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \ - && rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb - -# gcc 5 is no longer included in debian unstable, but we need it to -# build centos kernels, which are 3.x based and explicitly want a gcc -# version 3, 4, or 5 compiler. So grab copies we've saved from debian -# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z. - -RUN curl -o cpp-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/cpp-5_5.5.0-12_amd64.deb \ - && curl -o gcc-5-base_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5-base_5.5.0-12_amd64.deb \ - && curl -o gcc-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5_5.5.0-12_amd64.deb \ - && curl -o libasan2_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libasan2_5.5.0-12_amd64.deb \ - && curl -o libgcc-5-dev_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \ - && curl -o libisl15_0.18-4_amd64.deb https://download.sysdig.com/dependencies/libisl15_0.18-4_amd64.deb \ - && curl -o libmpx0_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libmpx0_5.5.0-12_amd64.deb \ - && dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \ - && rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb - - -# Since our base Debian image ships with GCC 7 which breaks older kernels, revert the -# default to gcc-5. -RUN rm -rf /usr/bin/gcc && ln -s /usr/bin/gcc-5 /usr/bin/gcc - -RUN rm -rf /usr/bin/clang \ - && rm -rf /usr/bin/llc \ - && ln -s /usr/bin/clang-7 /usr/bin/clang \ - && ln -s /usr/bin/llc-7 /usr/bin/llc - -RUN curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | apt-key add - \ - && curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/$SYSDIG_REPOSITORY/deb/draios.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends sysdig \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Some base images have an empty /lib/modules by default -# If it's not empty, docker build will fail instead of -# silently overwriting the existing directory -RUN rm -df /lib/modules \ - && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules - -# debian:unstable head contains binutils 2.31, which generates -# binaries that are incompatible with kernels < 4.16. So manually -# forcibly install binutils 2.30-22 instead. -RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \ - && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \ - && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \ - && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \ - && dpkg -i *binutils*.deb - -COPY ./docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/stable/docker-entrypoint.sh b/docker/stable/docker-entrypoint.sh deleted file mode 100755 index f68d0916de..0000000000 --- a/docker/stable/docker-entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -#set -e - -echo "* Setting up /usr/src links from host" - -for i in $(ls $SYSDIG_HOST_ROOT/usr/src) -do - ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i -done - -/usr/bin/scap-driver-loader - -exec "$@" diff --git a/docker/sysdig/Dockerfile b/docker/sysdig/Dockerfile index e8a3987a0d..4946379729 100644 --- a/docker/sysdig/Dockerfile +++ b/docker/sysdig/Dockerfile @@ -1,8 +1,8 @@ -FROM registry.access.redhat.com/ubi8/ubi +FROM registry.access.redhat.com/ubi9/ubi LABEL usage="docker run --rm -i -t --privileged --net=host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /src:/src -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --name NAME IMAGE" -ARG BUILD_VERSION=0.1.1dev +ARG BUILD_VERSION=0.38.0-rc1 ENV BUILD_VERSION=${BUILD_VERSION} ENV HOST_ROOT /host @@ -23,17 +23,15 @@ RUN mkdir -p /tmp/dkms \ && make tarball \ && make install \ && cd /tmp \ - && rm -fr /tmp/dkms + && rm -fr /tmp/dkms \ + && curl -LO https://github.com/draios/sysdig/releases/download/${BUILD_VERSION}/sysdig-${BUILD_VERSION}-x86_64.rpm \ + && rpm --nodeps --force -i sysdig-${BUILD_VERSION}-$(uname -m).rpm && rm sysdig-*.rpm -COPY ./sysdig-${BUILD_VERSION}-*.rpm / - -RUN rpm --nodeps --force -i /sysdig-${BUILD_VERSION}-$(uname -p).rpm && rm /sysdig-*.rpm - -COPY docker/sysdig/docker-entrypoint.sh / +COPY ./docker-entrypoint.sh / RUN rm -df /lib/modules \ && ln -s $HOST_ROOT/lib/modules /lib/modules ENTRYPOINT ["/docker-entrypoint.sh"] -CMD ["bash"] +CMD ["/usr/bin/sysdig"] diff --git a/probe-builder/builder-entrypoint-coreos.sh b/probe-builder/builder-entrypoint-coreos.sh deleted file mode 100755 index 0dd1da507c..0000000000 --- a/probe-builder/builder-entrypoint-coreos.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# required env vars: -# HASH -# HASH_ORIG -# KERNELDIR -# KERNEL_RELEASE -# OUTPUT -# DRIVER_DEVICE_NAME -# DRIVER_NAME -# DRIVER_VERSION - -set -euo pipefail - -ARCH=$(uname -m) - -if [[ -f "${KERNELDIR}/scripts/gcc-plugins/stackleak_plugin.so" ]]; then - echo "Rebuilding gcc plugins for ${KERNELDIR}" - (cd "${KERNELDIR}" && make gcc-plugins) -fi - -(cd $KERNELDIR && make modules_prepare) - -echo Building $DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH.ko - -mkdir -p /build/sysdig -cd /build/sysdig - -cmake -DCMAKE_BUILD_TYPE=Release -DDRIVER_NAME=$DRIVER_NAME -DDRIVER_VERSION=$DRIVER_VERSION -DDRIVER_DEVICE_NAME=$DRIVER_DEVICE_NAME -DCREATE_TEST_TARGETS=OFF /build/probe/sysdig -make driver -strip -g driver/$DRIVER_NAME.ko - -KO_VERSION=$(/sbin/modinfo driver/$DRIVER_NAME.ko | grep vermagic | tr -s " " | cut -d " " -f 2) -if [ "$KO_VERSION" != "$KERNEL_RELEASE" ]; then - echo "Corrupted driver, KO_VERSION " $KO_VERSION ", KERNEL_RELEASE " $KERNEL_RELEASE - exit 1 -fi - -cp driver/$DRIVER_NAME.ko $OUTPUT/$DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH.ko -cp driver/$DRIVER_NAME.ko $OUTPUT/$DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH_ORIG.ko - diff --git a/probe-builder/builder-entrypoint.sh b/probe-builder/builder-entrypoint.sh deleted file mode 100755 index a054e37afa..0000000000 --- a/probe-builder/builder-entrypoint.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -# required env vars: -# HASH -# HASH_ORIG -# KERNELDIR -# KERNEL_RELEASE -# OUTPUT -# DRIVER_DEVICE_NAME -# DRIVER_NAME -# DRIVER_VERSION - -set -euo pipefail - -ARCH=$(uname -m) - -if [[ -f "${KERNELDIR}/scripts/gcc-plugins/stackleak_plugin.so" ]]; then - echo "Rebuilding gcc plugins for ${KERNELDIR}" - (cd "${KERNELDIR}" && make gcc-plugins) -fi - -echo Building $DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH.ko - -mkdir -p /build/sysdig -cd /build/sysdig - -cmake -DCMAKE_BUILD_TYPE=Release -DDRIVER_NAME=$DRIVER_NAME -DDRIVER_VERSION=$DRIVER_VERSION -DDRIVER_DEVICE_NAME=$DRIVER_DEVICE_NAME -DCREATE_TEST_TARGETS=OFF /build/probe/sysdig -make driver -strip -g driver/$DRIVER_NAME.ko - -KO_VERSION=$(/sbin/modinfo driver/$DRIVER_NAME.ko | grep vermagic | tr -s " " | cut -d " " -f 2) -if [ "$KO_VERSION" != "$KERNEL_RELEASE" ]; then - echo "Corrupted driver, KO_VERSION " $KO_VERSION ", KERNEL_RELEASE " $KERNEL_RELEASE - exit 1 -fi - -cp driver/$DRIVER_NAME.ko $OUTPUT/$DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH.ko -cp driver/$DRIVER_NAME.ko $OUTPUT/$DRIVER_NAME-$DRIVER_VERSION-$ARCH-$KERNEL_RELEASE-$HASH_ORIG.ko