Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(builder-indexes): cli flag to build Images map #258

Merged
merged 6 commits into from
Mar 24, 2023
+161 −71
Merged

feat(builder-indexes): cli flag to build Images map #258

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
f2e4ae7
feat(builder-indexes): Update builderrepo flag to handle index file path
Lowaiz Mar 17, 2023
e9cb51c
feat(builder-indexes): apply reviews
Lowaiz Mar 20, 2023
a7d5818
feat(builder-indexes): factorization
Lowaiz Mar 20, 2023
3156a8b
feat(builder-indexes): fix loop over builder repos
Lowaiz Mar 20, 2023
b7e62f5
feat(builder-indexes): default value + target extraction + fail when …
Lowaiz Mar 22, 2023
46a73a5
feat(builder-indexes): yaml file for builderrepo
Lowaiz Mar 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ func NewRootCmd() *RootCmd {
flags.StringVar(&rootOpts.ModuleDeviceName, "moduledevicename", rootOpts.ModuleDeviceName, "kernel module device name (the default is falco, so the device will be under /dev/falco*)")
flags.StringVar(&rootOpts.ModuleDriverName, "moduledrivername", rootOpts.ModuleDriverName, "kernel module driver name, i.e. the name you see when you check installed modules via lsmod")
flags.StringVar(&rootOpts.BuilderImage, "builderimage", rootOpts.BuilderImage, "docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.")
flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit")
flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0")
flags.StringSliceVar(&rootOpts.BuilderRepos, "builderrepo", rootOpts.BuilderRepos, "list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line example: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0")

Btw is this example good? Because i see that below you are splitting by commas:

for scanner.Scan() {
		infos := strings.Split(scanner.Text(), ",")

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw what if we used a structured text (like a yaml) instead of a txt file?
That way we could just parse it to a []Image and be good to go!

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(we can do this later before next release!)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, getting a yaml can be good yes, applying that right now !

flags.StringVar(&rootOpts.GCCVersion, "gccversion", rootOpts.GCCVersion, "enforce a specific gcc version for the build")

flags.StringSliceVar(&rootOpts.KernelUrls, "kernelurls", nil, "list of kernel header urls (e.g. --kernelurls <URL1> --kernelurls <URL2> --kernelurls \"<URL3>,<URL4>\")")
Expand Down
28 changes: 22 additions & 6 deletions cmd/root_options.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,14 @@ package cmd

import (
"fmt"

"github.com/creasty/defaults"
"github.com/falcosecurity/driverkit/pkg/driverbuilder/builder"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"github.com/falcosecurity/driverkit/validate"
"github.com/go-playground/validator/v10"
logger "github.com/sirupsen/logrus"
"regexp"
"strings"
)

// OutputOptions wraps the two drivers that driverkit builds.
Expand All @@ -33,7 +34,7 @@ type RootOptions struct {
Target string `validate:"required,target" name:"target"`
KernelConfigData string `validate:"omitempty,base64" name:"kernel config data"` // fixme > tag "name" does not seem to work when used at struct level, but works when used at inner level
BuilderImage string `validate:"omitempty,imagename" name:"builder image"`
BuilderRepos []string `validate:"omitempty" name:"docker repositories to look for builder images"`
BuilderRepos []string `validate:"omitempty" name:"docker repositories to look for builder images or absolute path pointing to a file container builder image index"`
GCCVersion string `validate:"omitempty,semvertolerant" name:"gcc version"`
KernelUrls []string `name:"kernel header urls"`
Repo RepoOptions
Expand Down Expand Up @@ -132,12 +133,27 @@ func (ro *RootOptions) toBuild() *builder.Build {
KernelUrls: ro.KernelUrls,
RepoOrg: ro.Repo.Org,
RepoName: ro.Repo.Name,
Images: make(builder.ImagesMap),
}

// loop over BuilderRepos to constuct the list ImagesListers based on the value of the builderRepo, if it's a local path, add FileImagesLister, otherwise add RepoImagesLister
for _, builderRepo := range ro.BuilderRepos {
if strings.HasPrefix(builderRepo, "/") {
build.ImagesListers = append(build.ImagesListers, &builder.FileImagesLister{FilePath: builderRepo})
} else {
if len(build.Regs) == 0 {
// Create the proper regexes to load "any" and target-specific images for requested arch
arch := kernelrelease.Architecture(build.Architecture).ToNonDeb()
build.Regs = make([]*regexp.Regexp, 0)
targetFmt := fmt.Sprintf("driverkit-builder-%s-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)$", build.TargetType.String(), arch)
build.Regs = append(build.Regs, regexp.MustCompile(targetFmt))
genericFmt := fmt.Sprintf("driverkit-builder-any-%s(?P<gccVers>(_gcc[0-9]+.[0-9]+.[0-9]+)+)$", arch)
build.Regs = append(build.Regs, regexp.MustCompile(genericFmt))
}
build.ImagesListers = append(build.ImagesListers, &builder.RepoImagesLister{Repo: builderRepo})
}
}

// Always append falcosecurity repo; Note: this is a prio first slice
// therefore, default falcosecurity repo has lowest prio.
build.BuilderRepos = append(build.BuilderRepos, "docker.io/falcosecurity/driverkit")
Lowaiz marked this conversation as resolved.
Show resolved Hide resolved

// attempt the build in case it comes from an invalid config
kr := build.KernelReleaseFromBuildConfig()
if len(build.ModuleFilePath) > 0 && !kr.SupportsModule() {
Expand Down
2 changes: 1 addition & 1 deletion cmd/testdata/templates/flags.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Flags:
--architecture string target architecture for the built driver, one of {{ .Architectures }} (default "{{ .CurrentArch }}")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
Expand Down
2 changes: 1 addition & 1 deletion docs/driverkit.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ driverkit
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
Expand Down
2 changes: 1 addition & 1 deletion docs/driverkit_docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ driverkit docker [flags]
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
Expand Down
2 changes: 1 addition & 1 deletion docs/driverkit_images.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ driverkit images [flags]
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
Expand Down
2 changes: 1 addition & 1 deletion docs/driverkit_kubernetes-in-cluster.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ driverkit kubernetes-in-cluster [flags]
```
--architecture string target architecture for the built driver, one of [amd64,arm64] (default "amd64")
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
-c, --config string config file path (default $HOME/.driverkit.yaml if exists)
--driverversion string driver version as a git commit hash or as a git tag (default "master")
--dryrun do not actually perform the action
Expand Down
2 changes: 1 addition & 1 deletion docs/driverkit_kubernetes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ driverkit kubernetes [flags]
--as-group stringArray group to impersonate for the operation, this flag can be repeated to specify multiple groups
--as-uid string uID to impersonate for the operation
--builderimage string docker image to be used to build the kernel module and eBPF probe. If not provided, an automatically selected image will be used.
--builderrepo strings list of docker repositories in descending priority order, used to search for builder images. Default falcosecurity/driverkit will always be enforced as lowest priority repo. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit
--builderrepo strings list of docker repositories or file (absolute path) containing builder images index with the format '<image>,<target>,<gcc-version>[,<gcc-version>,...]', in descending priority order. Used to search for builder images. eg: --builderrepo myorg/driverkit --builderrepo falcosecurity/driverkit --builderrepo /path/to/my/index.txt. Index file line exmaple: yourorg/driverkit-builder;any;4.9.0;5.0.0;6.0.0;8.0.0
--cache-dir string default cache directory (default "$HOME/.kube/cache")
--certificate-authority string path to a cert file for the certificate authority
--client-certificate string path to a client certificate file for TLS
Expand Down
3 changes: 3 additions & 0 deletions pkg/driverbuilder/builder/build.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package builder
import (
"fmt"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"regexp"
)

// Build contains the info about the on-going build.
Expand All @@ -19,11 +20,13 @@ type Build struct {
ModuleDeviceName string
BuilderImage string
BuilderRepos []string
ImagesListers []ImagesLister
KernelUrls []string
GCCVersion string
RepoOrg string
RepoName string
Images ImagesMap
Regs []*regexp.Regexp
}

func (b *Build) KernelReleaseFromBuildConfig() kernelrelease.KernelRelease {
Expand Down
4 changes: 2 additions & 2 deletions pkg/driverbuilder/builder/builders.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,7 @@ func defaultGCC(kr kernelrelease.KernelRelease) semver.Version {
}
}

func mustParseTolerant(gccStr string) semver.Version {
func MustParseTolerant(gccStr string) semver.Version {
Lowaiz marked this conversation as resolved.
Show resolved Hide resolved
g, err := semver.ParseTolerant(gccStr)
if err != nil {
panic(err)
Expand Down Expand Up @@ -235,7 +235,7 @@ func (b *Build) GetBuilderImage() string {
// to find an image, because setGCCVersion()
// has already set an existent gcc version
// (ie: one provided by an image) for us
image, _ := b.Images.findImage(b.TargetType, mustParseTolerant(b.GCCVersion))
image, _ := b.Images.findImage(b.TargetType, MustParseTolerant(b.GCCVersion))
return image.Name + ":" + imageTag
}

Expand Down
Loading