pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / pkgs / os-specific / linux / sysdig / default.nix
at 25.11-pre 204 lines 5.4 kB view raw
winter.bsky.social Revert "treewide: replace `rev` with `tag`"
a19cd4ff
1{ 2 lib, 3 stdenv, 4 fetchFromGitHub, 5 cmake, 6 kernel, 7 installShellFiles, 8 pkg-config, 9 luajit, 10 ncurses, 11 perl, 12 jsoncpp, 13 openssl, 14 curl, 15 jq, 16 gcc, 17 elfutils, 18 tbb, 19 protobuf, 20 grpc, 21 yaml-cpp, 22 nlohmann_json, 23 re2, 24 zstd, 25 uthash, 26 clang, 27 libbpf, 28 bpftools, 29 fetchurl, 30}: 31 32let 33 # Compare with https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/falcosecurity-libs.cmake 34 libsRev = "0.17.2"; 35 libsHash = "sha256-BTLXtdU7GjOJReaycHvXkSd2vtybnCn0rTR7OEsvaMQ="; 36 37 # Compare with https://github.com/falcosecurity/libs/blob/0.17.2/cmake/modules/valijson.cmake 38 valijson = fetchFromGitHub { 39 owner = "tristanpenman"; 40 repo = "valijson"; 41 rev = "v1.0.2"; 42 hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo="; 43 }; 44 45 # https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/driver.cmake 46 driver = fetchFromGitHub { 47 owner = "falcosecurity"; 48 repo = "libs"; 49 rev = "7.2.0+driver"; 50 hash = "sha256-FIlnJsNgofGo4HETEEpW28wpC3U9z5AZprwFR5AgFfA="; 51 }; 52 53 # "main.c" from master after (https://github.com/falcosecurity/libs/pull/1884) 54 # Remove when an upstream release includes the driver update 55 driverKernel610MainC = fetchurl { 56 url = "https://raw.githubusercontent.com/falcosecurity/libs/fa26daf65bb4117ecfe099fcad48ea75fe86d8bb/driver/main.c"; 57 hash = "sha256-VI/tOSXs5OcEDehSqICF3apmSnwe4QCmbkHz+DGH4uM="; 58 }; 59 60 version = "0.38.1"; 61in 62stdenv.mkDerivation { 63 pname = "sysdig"; 64 inherit version; 65 66 src = fetchFromGitHub { 67 owner = "draios"; 68 repo = "sysdig"; 69 rev = version; 70 hash = "sha256-oufRTr5TFdpF50pmem2L3bBFIfwxCR8f1xi0A328iHo="; 71 }; 72 73 nativeBuildInputs = [ 74 cmake 75 perl 76 installShellFiles 77 pkg-config 78 ]; 79 buildInputs = 80 [ 81 luajit 82 ncurses 83 openssl 84 curl 85 jq 86 tbb 87 re2 88 protobuf 89 grpc 90 yaml-cpp 91 jsoncpp 92 nlohmann_json 93 zstd 94 uthash 95 ] 96 ++ lib.optionals stdenv.isLinux [ 97 bpftools 98 elfutils 99 libbpf 100 clang 101 gcc 102 ] 103 ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies; 104 105 hardeningDisable = [ 106 "pic" 107 "zerocallusedregs" 108 ]; 109 110 postUnpack = '' 111 cp -r ${ 112 fetchFromGitHub { 113 owner = "falcosecurity"; 114 repo = "libs"; 115 rev = libsRev; 116 hash = libsHash; 117 } 118 } libs 119 chmod -R +w libs 120 121 substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \ 122 --replace-fail "\''${prefix}/@CMAKE_INSTALL_LIBDIR@" "@CMAKE_INSTALL_FULL_LIBDIR@" \ 123 --replace-fail "\''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@" "@CMAKE_INSTALL_FULL_INCLUDEDIR@" 124 125 cp -r ${driver} driver-src 126 chmod -R +w driver-src 127 cp ${driverKernel610MainC} driver-src/driver/main.c 128 129 cmakeFlagsArray+=( 130 "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs" 131 "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver" 132 ) 133 ''; 134 135 cmakeFlags = [ 136 "-DUSE_BUNDLED_DEPS=OFF" 137 "-DSYSDIG_VERSION=${version}" 138 "-DUSE_BUNDLED_B64=OFF" 139 "-DUSE_BUNDLED_TBB=OFF" 140 "-DUSE_BUNDLED_RE2=OFF" 141 "-DUSE_BUNDLED_JSONCPP=OFF" 142 "-DCREATE_TEST_TARGETS=OFF" 143 "-DVALIJSON_INCLUDE=${valijson}/include" 144 "-DUTHASH_INCLUDE=${uthash}/include" 145 ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF"; 146 147 env.NIX_CFLAGS_COMPILE = 148 # fix compiler warnings been treated as errors 149 "-Wno-error"; 150 151 preConfigure = 152 '' 153 if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then 154 echo "falcosecurity-libs checksum needs to be updated!" 155 exit 1 156 fi 157 cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") 158 '' 159 + lib.optionalString (kernel != null) '' 160 export INSTALL_MOD_PATH="$out" 161 export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" 162 ''; 163 164 postInstall = 165 lib.optionalString stdenv.isLinux '' 166 # Fix the bash completion location 167 installShellCompletion --bash $out/etc/bash_completion.d/sysdig 168 rm $out/etc/bash_completion.d/sysdig 169 rmdir $out/etc/bash_completion.d 170 rmdir $out/etc 171 '' 172 + lib.optionalString (kernel != null) '' 173 make install_driver 174 kernel_dev=${kernel.dev} 175 kernel_dev=''${kernel_dev#${builtins.storeDir}/} 176 kernel_dev=''${kernel_dev%%-linux*dev*} 177 if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then 178 sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko 179 else 180 for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do 181 if test -f "$i"; then 182 xz -d $i 183 sed -i "s#$kernel_dev#................................#g" ''${i%.xz} 184 xz -9 ''${i%.xz} 185 fi 186 done 187 fi 188 ''; 189 190 meta = { 191 description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; 192 license = with lib.licenses; [ 193 asl20 194 gpl2Only 195 mit 196 ]; 197 maintainers = with lib.maintainers; [ raskin ]; 198 platforms = lib.platforms.linux ++ lib.platforms.darwin; 199 broken = 200 kernel != null && ((lib.versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen); 201 homepage = "https://sysdig.com/opensource/"; 202 downloadPage = "https://github.com/draios/sysdig/releases"; 203 }; 204}