pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / sysdig / default.nix
at 24.11-pre 145 lines 4.6 kB view raw
1{ lib, stdenv, fetchFromGitHub, cmake, kernel, installShellFiles, pkg-config 2, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb 3, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash }: 4 5let 6 # Compare with https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/falcosecurity-libs.cmake 7 libsRev = "0.16.0"; 8 libsHash = "sha256-aduO2pLj91tRdZ1dW1F1JFEg//SopialXWPd6Oav/u8="; 9 10 # Compare with https://github.com/falcosecurity/libs/blob/0.16.0/cmake/modules/valijson.cmake 11 valijson = fetchFromGitHub { 12 owner = "tristanpenman"; 13 repo = "valijson"; 14 rev = "v1.0.2"; 15 hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo="; 16 }; 17 18 # https://github.com/draios/sysdig/blob/0.37.1/cmake/modules/driver.cmake 19 driver = fetchFromGitHub { 20 owner = "falcosecurity"; 21 repo = "libs"; 22 rev = "7.1.0+driver"; 23 hash = "sha256-FIlnJsNgofGo4HETEEpW28wpC3U9z5AZprwFR5AgFfA="; 24 }; 25 26 version = "0.37.1"; 27in stdenv.mkDerivation { 28 pname = "sysdig"; 29 inherit version; 30 31 src = fetchFromGitHub { 32 owner = "draios"; 33 repo = "sysdig"; 34 rev = version; 35 hash = "sha256-V1rvQ6ZznL9UiUFW2lyW6gvdoGttOd5kgT2KPQCjmvQ="; 36 }; 37 38 nativeBuildInputs = [ cmake perl installShellFiles pkg-config ]; 39 buildInputs = [ 40 luajit 41 ncurses 42 openssl 43 curl 44 jq 45 gcc 46 elfutils 47 tbb 48 re2 49 protobuf 50 grpc 51 yaml-cpp 52 jsoncpp 53 nlohmann_json 54 zstd 55 uthash 56 ] ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies; 57 58 hardeningDisable = [ "pic" ]; 59 60 postUnpack = '' 61 cp -r ${ 62 fetchFromGitHub { 63 owner = "falcosecurity"; 64 repo = "libs"; 65 rev = libsRev; 66 hash = libsHash; 67 } 68 } libs 69 chmod -R +w libs 70 71 substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \ 72 --replace-fail "\''${prefix}/@CMAKE_INSTALL_LIBDIR@" "@CMAKE_INSTALL_FULL_LIBDIR@" \ 73 --replace-fail "\''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@" "@CMAKE_INSTALL_FULL_INCLUDEDIR@" 74 75 cp -r ${driver} driver-src 76 chmod -R +w driver-src 77 78 cmakeFlagsArray+=( 79 "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs" 80 "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver" 81 ) 82 ''; 83 84 cmakeFlags = [ 85 "-DUSE_BUNDLED_DEPS=OFF" 86 "-DSYSDIG_VERSION=${version}" 87 "-DUSE_BUNDLED_B64=OFF" 88 "-DUSE_BUNDLED_TBB=OFF" 89 "-DUSE_BUNDLED_RE2=OFF" 90 "-DUSE_BUNDLED_JSONCPP=OFF" 91 "-DCREATE_TEST_TARGETS=OFF" 92 "-DVALIJSON_INCLUDE=${valijson}/include" 93 "-DUTHASH_INCLUDE=${uthash}/include" 94 ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF"; 95 96 env.NIX_CFLAGS_COMPILE = 97 # fix compiler warnings been treated as errors 98 "-Wno-error"; 99 100 preConfigure = '' 101 if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then 102 echo "falcosecurity-libs checksum needs to be updated!" 103 exit 1 104 fi 105 cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") 106 '' + lib.optionalString (kernel != null) '' 107 export INSTALL_MOD_PATH="$out" 108 export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" 109 ''; 110 111 postInstall = '' 112 # Fix the bash completion location 113 installShellCompletion --bash $out/etc/bash_completion.d/sysdig 114 rm $out/etc/bash_completion.d/sysdig 115 rmdir $out/etc/bash_completion.d 116 rmdir $out/etc 117 '' + lib.optionalString (kernel != null) '' 118 make install_driver 119 kernel_dev=${kernel.dev} 120 kernel_dev=''${kernel_dev#${builtins.storeDir}/} 121 kernel_dev=''${kernel_dev%%-linux*dev*} 122 if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then 123 sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko 124 else 125 for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do 126 if test -f "$i"; then 127 xz -d $i 128 sed -i "s#$kernel_dev#................................#g" ''${i%.xz} 129 xz -9 ''${i%.xz} 130 fi 131 done 132 fi 133 ''; 134 135 meta = { 136 description = 137 "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; 138 license = with lib.licenses; [ asl20 gpl2 mit ]; 139 maintainers = with lib.maintainers; [ raskin ]; 140 platforms = [ "x86_64-linux" ] ++ lib.platforms.darwin; 141 broken = kernel != null && ((lib.versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen); 142 homepage = "https://sysdig.com/opensource/"; 143 downloadPage = "https://github.com/draios/sysdig/releases"; 144 }; 145}