pkgs/tools/security/tracee/default.nix at 23.11-beta

pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / tools / security / tracee / default.nix
at 23.11-beta 113 lines 2.7 kB view raw
wrap content
R. Ryantm tracee: 0.13.0 -> 0.13.1 2 years ago
68e9d5df
  1{ lib
  2, buildGoModule
  3, fetchFromGitHub
  4
  5, clang
  6, pkg-config
  7
  8, zlib
  9, elfutils
 10, libbpf
 11
 12, nixosTests
 13, testers
 14, tracee
 15}:
 16
 17buildGoModule rec {
 18  pname = "tracee";
 19  version = "0.13.1";
 20
 21  src = fetchFromGitHub {
 22    owner = "aquasecurity";
 23    repo = pname;
 24    rev = "v${version}";
 25    hash = "sha256-YO5u/hE5enoqh8niV4Zi+NFUsU+UXCCxdqvxolZImGk=";
 26  };
 27  vendorHash = "sha256-swMvJe+Dz/kwPIStPlQ7d6U/UwXSMcJ3eONxjzebXCc=";
 28
 29  patches = [
 30    ./use-our-libbpf.patch
 31  ];
 32
 33  enableParallelBuilding = true;
 34  # needed to build bpf libs
 35  hardeningDisable = [ "stackprotector" ];
 36
 37  nativeBuildInputs = [ pkg-config clang ];
 38  buildInputs = [ elfutils libbpf zlib ];
 39
 40  makeFlags = [
 41    "VERSION=v${version}"
 42    "GO_DEBUG_FLAG=-s -w"
 43    # don't actually need git but the Makefile checks for it
 44    "CMD_GIT=echo"
 45  ];
 46
 47  buildPhase = ''
 48    runHook preBuild
 49    mkdir -p ./dist
 50    make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core all
 51    runHook postBuild
 52  '';
 53
 54  # tests require a separate go module
 55  # integration tests are ran within a nixos vm
 56  # see passthru.tests.integration
 57  doCheck = false;
 58
 59  outputs = [ "out" "lib" "share" ];
 60
 61  installPhase = ''
 62    runHook preInstall
 63
 64    mkdir -p $out/bin $lib/lib/tracee $share/share/tracee
 65
 66    mv ./dist/tracee $out/bin/
 67    mv ./dist/tracee.bpf.core.o $lib/lib/tracee/
 68    mv ./cmd/tracee-rules/templates $share/share/tracee/
 69
 70    runHook postInstall
 71  '';
 72
 73  doInstallCheck = true;
 74  installCheckPhase = ''
 75    runHook preInstallCheck
 76
 77    $out/bin/tracee --help
 78    $out/bin/tracee --version | grep "v${version}"
 79
 80    runHook postInstallCheck
 81  '';
 82
 83  passthru.tests = {
 84    integration = nixosTests.tracee;
 85    version = testers.testVersion {
 86      package = tracee;
 87      version = "v${version}";
 88      command = "tracee --version";
 89    };
 90  };
 91
 92  meta = with lib; {
 93    homepage = "https://aquasecurity.github.io/tracee/latest/";
 94    changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}";
 95    description = "Linux Runtime Security and Forensics using eBPF";
 96    longDescription = ''
 97      Tracee is a Runtime Security and forensics tool for Linux. It is using
 98      Linux eBPF technology to trace your system and applications at runtime,
 99      and analyze collected events to detect suspicious behavioral patterns. It
100      is delivered as a Docker image that monitors the OS and detects suspicious
101      behavior based on a pre-defined set of behavioral patterns.
102    '';
103    license = with licenses; [
104      # general license
105      asl20
106      # pkg/ebpf/c/*
107      gpl2Plus
108    ];
109    maintainers = with maintainers; [ jk ];
110    platforms = [ "x86_64-linux" "aarch64-linux" ];
111    outputsToInstall = [ "out" "share" ];
112  };
113}