From baa95053110fca21965c71953b6e677088211a39 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 28 Aug 2024 09:58:18 +0200 Subject: [PATCH 1/2] new(ci): use `zig` compiler instead of relying on centos7. Signed-off-by: Federico Di Pierro --- .../workflows/reusable_build_packages.yaml | 41 +++---------------- cmake/modules/driver.cmake | 4 +- cmake/modules/falcosecurity-libs.cmake | 5 +-- userspace/falco/stats_writer.cpp | 4 +- 4 files changed, 12 insertions(+), 42 deletions(-) diff --git a/.github/workflows/reusable_build_packages.yaml b/.github/workflows/reusable_build_packages.yaml index bc4fe02b5de..061999a551c 100644 --- a/.github/workflows/reusable_build_packages.yaml +++ b/.github/workflows/reusable_build_packages.yaml @@ -52,44 +52,17 @@ jobs: retention-days: 1 build-packages: - env: - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true # See https://github.com/actions/runner/issues/409#issuecomment-1158849936 runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }} needs: [build-modern-bpf-skeleton] - container: centos:7 steps: # Always install deps before invoking checkout action, to properly perform a full clone. - - name: Fix mirrors to use vault.centos.org - run: | - sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo - sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo - sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo - - - name: Install scl repos - run: | - yum -y install centos-release-scl - - - name: Fix new mirrors to use vault.centos.org - run: | - sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo - sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo - sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo - - - name: Fix arm64 scl repos to use correct mirror - if: inputs.arch == 'aarch64' - run: | - sed -i 's/vault.centos.org\/centos/vault.centos.org\/altarch/g' /etc/yum.repos.d/CentOS-SCLo-scl*.repo - - name: Install build deps run: | - yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ - source /opt/rh/devtoolset-9/enable - yum install -y wget git make m4 rpm-build elfutils-libelf-devel perl-IPC-Cmd devtoolset-9-libasan-devel devtoolset-9-libubsan-devel + sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool libelf-dev m4 rpm - name: Checkout - # It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc. - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 - name: Download skeleton uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -97,14 +70,12 @@ jobs: name: bpf_probe_${{ inputs.arch }}.skel.h path: /tmp - - name: Install updated cmake - run: | - curl -L https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz \ - | tar --directory=/usr --strip-components=1 -xzp + - name: Install zig + if: inputs.sanitizers == false + uses: falcosecurity/libs/.github/actions/install-zig@master - name: Prepare project run: | - source /opt/rh/devtoolset-9/enable cmake -B build -S . \ -DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \ -DUSE_BUNDLED_DEPS=On \ @@ -117,12 +88,10 @@ jobs: - name: Build project run: | - source /opt/rh/devtoolset-9/enable cmake --build build --target falco -j6 - name: Build packages run: | - source /opt/rh/devtoolset-9/enable cmake --build build --target package - name: Upload Falco tar.gz package diff --git a/cmake/modules/driver.cmake b/cmake/modules/driver.cmake index 012549a430f..f5fb8745395 100644 --- a/cmake/modules/driver.cmake +++ b/cmake/modules/driver.cmake @@ -35,9 +35,9 @@ else() # FALCOSECURITY_LIBS_VERSION. In case you want to test against another driver version (or # branch, or commit) just pass the variable - ie., `cmake -DDRIVER_VERSION=dev ..` if(NOT DRIVER_VERSION) - set(DRIVER_VERSION "7.3.0+driver") + set(DRIVER_VERSION "aeb87935dcdd6b3bffb50302269353f2468f612c") set(DRIVER_CHECKSUM - "SHA256=8f572d9a83feda635a3fa53b859d61e37af127c241e35068aadee3bc50d212c0" + "SHA256=fc2f18ed2f9e4bdcb93f32eee326a813a3614af50b82d30a7ccf96ac2a7cfbf0" ) endif() diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake index 7d2468a2e3b..a2678b73766 100644 --- a/cmake/modules/falcosecurity-libs.cmake +++ b/cmake/modules/falcosecurity-libs.cmake @@ -42,9 +42,9 @@ else() # version (or branch, or commit) just pass the variable - ie., `cmake # -DFALCOSECURITY_LIBS_VERSION=dev ..` if(NOT FALCOSECURITY_LIBS_VERSION) - set(FALCOSECURITY_LIBS_VERSION "0.18.1") + set(FALCOSECURITY_LIBS_VERSION "aeb87935dcdd6b3bffb50302269353f2468f612c") set(FALCOSECURITY_LIBS_CHECKSUM - "SHA256=1812e8236c4cb51d3fe5dd066d71be99f25da7ed22d8feeeebeed09bdc26325f" + "SHA256=fc2f18ed2f9e4bdcb93f32eee326a813a3614af50b82d30a7ccf96ac2a7cfbf0" ) endif() @@ -73,7 +73,6 @@ set(LIBS_PACKAGE_NAME "falcosecurity") if(CMAKE_SYSTEM_NAME MATCHES "Linux") add_definitions(-D_GNU_SOURCE) - add_definitions(-DHAS_CAPTURE) endif() if(MUSL_OPTIMIZED_BUILD) diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp index 25d55c31e22..c5af9698e74 100644 --- a/userspace/falco/stats_writer.cpp +++ b/userspace/falco/stats_writer.cpp @@ -360,7 +360,9 @@ void stats_writer::collector::get_metrics_output_fields_wrapper( output_fields["evt.hostname"] = machine_info->hostname; /* Explicitly add hostname to log msg in case hostname rule output field is disabled. */ - output_fields["falco.host_boot_ts"] = machine_info->boot_ts_epoch; + // This line generates a SIGTRAP in zig debug builds if the casting is removed. + // It seems caused by the pragma pack for the scap_machine_info structure. + output_fields["falco.host_boot_ts"] = (uint64_t)machine_info->boot_ts_epoch; output_fields["falco.host_num_cpus"] = machine_info->num_cpus; } output_fields["falco.outputs_queue_num_drops"] = From be9c09d4bd9763949c9de3788ef86caebdf6dfb9 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Mon, 30 Sep 2024 18:06:34 +0200 Subject: [PATCH 2/2] chore(userspace/engine): fix build warning. Signed-off-by: Federico Di Pierro --- userspace/engine/rule_loader.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/userspace/engine/rule_loader.h b/userspace/engine/rule_loader.h index fe358f5a0d8..4a270e4932f 100644 --- a/userspace/engine/rule_loader.h +++ b/userspace/engine/rule_loader.h @@ -250,7 +250,7 @@ class result : public falco::load_result { const context& ctx); void set_schema_validation_status(const std::vector& status); - std::string schema_validation(); + std::string schema_validation() override; protected: const std::string& as_summary_string();