diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d56f5022d4..cc3195bf4b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -298,6 +298,43 @@ jobs: KERNELDIR=/lib/modules/$(ls /lib/modules)/build make scap-open driver bpf unit-test-libsinsp -j6 ./libsinsp/test/unit-test-libsinsp + # This job checks that a bundled deps of libs is as static as possible + test-libs-static: + name: test-libs-static (bundled_deps) + runs-on: ubuntu-22.04 + steps: + - name: Checkout Libs ⤵️ + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install deps ⛓️ + run: | + sudo apt update + sudo apt install -y --no-install-recommends ca-certificates cmake build-essential clang-14 llvm-14 git pkg-config autoconf automake libtool libelf-dev libcap-dev linux-headers-$(uname -r) + sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-14 90 + sudo update-alternatives --install /usr/bin/llvm-strip llvm-strip /usr/bin/llvm-strip-14 90 + sudo update-alternatives --install /usr/bin/llc llc /usr/bin/llc-14 90 + + - name: Build sinsp-example + run: | + mkdir -p build + cd build && cmake -DUSE_BUNDLED_DEPS=On -DBUILD_DRIVER=ON -DBUILD_LIBSCAP_MODERN_BPF=ON -DBUILD_BPF=On -DBUILD_LIBSCAP_GVISOR=On -DCREATE_TEST_TARGETS=Off -DENABLE_LIBSCAP_TESTS=Off ../ + make -j$(nproc) sinsp-example + + - name: Ensure that sinsp-example with bundled deps is as static as possible + run: | + ldd "build/libsinsp/examples/sinsp-example" | cut --fields=2 | cut --delimiter=' ' --fields=1 | rev | cut --delimiter='/' --fields=1 | rev | sort --unique --version-sort > ldd_out.txt + cat > expected_ldd_out.txt <= KERNEL_VERSION(4, 1, 0) + /* + * The following if/else preprocessor directive is to cover for that change: + * https://github.com/torvalds/linux/commit/90f31d0ea88880f780574f3d0bb1a227c4c66ca3#diff-e37b5cb4c23f6ab27741c60ec48674eff0268624a228c9a1cddddb9e4ee2922dL709 + * That was introduced in linux 4.1, but it's backported in some distro kernels. + * Luckily enough, `get_file_rcu` is a define, so we can check for it and use + * the safer version. + */ +#if defined(get_file_rcu) rcu_read_lock(); exe_file = rcu_dereference(mm->exe_file); if (exe_file && !get_file_rcu(exe_file))