pkgs/os-specific/linux/sysdig/default.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / pkgs / os-specific / linux / sysdig / default.nix
at 23.11-beta 149 lines 4.5 kB view raw
  1{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, kernel, installShellFiles, pkg-config
  2, luajit, ncurses, perl, jsoncpp, libb64, openssl, curl, jq, gcc, elfutils, tbb, protobuf, grpc
  3, yaml-cpp, nlohmann_json, re2, zstd
  4}:
  5
  6let
  7  # Compare with https://github.com/draios/sysdig/blob/dev/cmake/modules/falcosecurity-libs.cmake
  8  libsRev = "59fb313475b82f842e9e9bbc1e0e629428c0a4cf";
  9  libsSha256 = "sha256-IjzLbCOpB6EgPDgkGIyg1dNxHfYgU10OLgXrDOPmoTs=";
 10
 11  # Compare with https://github.com/falcosecurity/libs/blob/master/cmake/modules/valijson.cmake#L17
 12  valijson = fetchFromGitHub {
 13    owner = "tristanpenman";
 14    repo = "valijson";
 15    rev = "v0.6";
 16    sha256 = "sha256-ZD19Q2MxMQd3yEKbY90GFCrerie5/jzgO8do4JQDoKM=";
 17  };
 18
 19  # https://github.com/draios/sysdig/blob/0.31.5/cmake/modules/driver.cmake
 20  driver = fetchFromGitHub {
 21    owner = "falcosecurity";
 22    repo = "libs";
 23    rev = libsRev;
 24    sha256 = libsSha256;
 25  };
 26
 27in
 28stdenv.mkDerivation rec {
 29  pname = "sysdig";
 30  version = "0.33.1";
 31
 32  src = fetchFromGitHub {
 33    owner = "draios";
 34    repo = "sysdig";
 35    rev = version;
 36    sha256 = "sha256-qcJ9EcePrsKic+wgsck+pTrRdQic0xhzguH4EYVP0gk=";
 37  };
 38
 39  patches = [
 40    # https://github.com/draios/sysdig/pull/2024
 41    (fetchpatch {
 42      url = "https://github.com/draios/sysdig/commit/d9515aad2be660b2ba7ec8c0b4fb2467a10434af.patch";
 43      sha256 = "sha256-3m+Rn8BZS8U8QTBDJ6x7kQbH6BE3HKgt1iNnRjPEr8k=";
 44    })
 45  ];
 46
 47  nativeBuildInputs = [ cmake perl installShellFiles pkg-config ];
 48  buildInputs = [
 49    luajit
 50    ncurses
 51    libb64
 52    openssl
 53    curl
 54    jq
 55    gcc
 56    elfutils
 57    tbb
 58    libb64
 59    re2
 60    protobuf
 61    grpc
 62    yaml-cpp
 63    jsoncpp
 64    nlohmann_json
 65    zstd
 66  ] ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies;
 67
 68  hardeningDisable = [ "pic" ];
 69
 70  postUnpack = ''
 71    cp -r ${fetchFromGitHub {
 72      owner = "falcosecurity";
 73      repo = "libs";
 74      rev = libsRev;
 75      sha256 = libsSha256;
 76    }} libs
 77    chmod -R +w libs
 78    cp -r ${driver} driver-src
 79    chmod -R +w driver-src
 80    cmakeFlagsArray+=(
 81      "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs"
 82      "-DVALIJSON_INCLUDE=${valijson}/include"
 83      "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver"
 84    )
 85  '';
 86
 87  cmakeFlags = [
 88    "-DUSE_BUNDLED_DEPS=OFF"
 89    "-DSYSDIG_VERSION=${version}"
 90    "-DUSE_BUNDLED_B64=OFF"
 91    "-DUSE_BUNDLED_TBB=OFF"
 92    "-DUSE_BUNDLED_RE2=OFF"
 93    "-DCREATE_TEST_TARGETS=OFF"
 94  ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF";
 95
 96  env.NIX_CFLAGS_COMPILE =
 97   # needed since luajit-2.1.0-beta3
 98   "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i)) " +
 99   # fix compiler warnings been treated as errors
100   "-Wno-error";
101
102  preConfigure = ''
103    if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then
104      echo "falcosecurity-libs checksum needs to be updated!"
105      exit 1
106    fi
107    cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization")
108  '' + lib.optionalString (kernel != null) ''
109    export INSTALL_MOD_PATH="$out"
110    export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
111  '';
112
113  postInstall =
114    ''
115      # Fix the bash completion location
116      installShellCompletion --bash $out/etc/bash_completion.d/sysdig
117      rm $out/etc/bash_completion.d/sysdig
118      rmdir $out/etc/bash_completion.d
119      rmdir $out/etc
120    ''
121    + lib.optionalString (kernel != null) ''
122      make install_driver
123      kernel_dev=${kernel.dev}
124      kernel_dev=''${kernel_dev#${builtins.storeDir}/}
125      kernel_dev=''${kernel_dev%%-linux*dev*}
126      if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
127          sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
128      else
129          for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do
130            if test -f "$i"; then
131              xz -d $i
132              sed -i "s#$kernel_dev#................................#g" ''${i%.xz}
133              xz -9 ''${i%.xz}
134            fi
135          done
136      fi
137    '';
138
139
140  meta = with lib; {
141    description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
142    license = with licenses; [ asl20 gpl2 mit ];
143    maintainers = [maintainers.raskin];
144    platforms = ["x86_64-linux"] ++ platforms.darwin;
145    broken = kernel != null && versionOlder kernel.version "4.14";
146    homepage = "https://sysdig.com/opensource/";
147    downloadPage = "https://github.com/draios/sysdig/releases";
148  };
149}