commit 4a98070507a2bc16429ba4e1cae1b17b6d7befed · pyrox.dev/nixpkgs

+7 -4

nixos/tests/tracee.nix

··· 14 14 patches = oa.patches or [] ++ [ 15 15 # change the prefix from /usr/bin to /run to find nix processes 16 16 ../../pkgs/tools/security/tracee/test-EventFilters-prefix-nix-friendly.patch 17 - # skip magic_write test that currently fails 18 - ../../pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch 19 17 ]; 20 18 buildPhase = '' 21 19 runHook preBuild 22 20 # just build the static lib we need for the go test binary 23 - make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub ./dist/libbpf/libbpf.a 21 + make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES -l$NIX_BUILD_CORES} bpf-core ./dist/btfhub 22 + 23 + # remove the /usr/bin prefix to work with the patch above 24 + substituteInPlace tests/integration/integration_test.go \ 25 + --replace "/usr/bin/ls" "ls" 26 + 24 27 # then compile the tests to be ran later 25 - CGO_CFLAGS="-I$PWD/dist/libbpf" CGO_LDFLAGS="-lelf -lz $PWD/dist/libbpf/libbpf.a" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... 28 + CGO_LDFLAGS="$(pkg-config --libs libbpf)" go test -tags core,ebpf,integration -p 1 -c -o $GOPATH/tracee-integration ./tests/integration/... 26 29 runHook postBuild 27 30 ''; 28 31 doCheck = false;

+9 -13

pkgs/tools/security/tracee/default.nix

··· 19 19 in 20 20 buildGoModule rec { 21 21 pname = "tracee"; 22 - version = "0.8.3"; 22 + version = "0.9.2"; 23 23 24 24 src = fetchFromGitHub { 25 25 owner = "aquasecurity"; 26 26 repo = pname; 27 27 rev = "v${version}"; 28 - sha256 = "sha256-VxTJcl7gHRZEXpFbxU4iMwqxuR1r0BNSseWQ5ijWHU4="; 28 + sha256 = "sha256-w/x7KhopkADKvpDc5TE5Kf34pRY6HP3kX1Lqujnl0b8="; 29 29 }; 30 - vendorSha256 = "sha256-szPoJUtzya3+8dOnkDxHEs3+a1LTVoMMLjUSrUlfiGg="; 30 + vendorSha256 = "sha256-5RXNRNoMydFcemNGgyfqcUPtfMVgMYdiyWo/sZi8GQw="; 31 + 32 + patches = [ 33 + ./use-our-libbpf.patch 34 + ]; 31 35 32 36 enableParallelBuilding = true; 33 37 # needed to build bpf libs 34 38 hardeningDisable = [ "stackprotector" ]; 35 39 36 40 nativeBuildInputs = [ pkg-config clang ]; 37 - # ensure libbpf version exactly matches the version added as a submodule 38 - buildInputs = [ libbpf zlib elfutils ]; 41 + buildInputs = [ elfutils libbpf zlib ]; 39 42 40 43 makeFlags = [ 41 44 "VERSION=v${version}" ··· 44 47 "CMD_GIT=echo" 45 48 ]; 46 49 47 - # TODO: patch tracee to take libbpf.a and headers via include path 48 - preBuild = '' 49 - mkdir -p 3rdparty/libbpf/src 50 - mkdir -p ./dist 51 - cp -r ${libbpf}/lib ./dist/libbpf 52 - chmod +w ./dist/libbpf 53 - cp -r ${libbpf}/include/bpf ./dist/libbpf/ 54 - ''; 55 50 buildPhase = '' 56 51 runHook preBuild 52 + mkdir -p ./dist 57 53 make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf-core all 58 54 runHook postBuild 59 55 '';

-16

pkgs/tools/security/tracee/test-EventFilters-magic_write-skip.patch

··· 1 - diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go 2 - index afbc5330..3b38a1b8 100644 3 - --- a/tests/integration/integration_test.go 4 - +++ b/tests/integration/integration_test.go 5 - @@ -205,11 +205,6 @@ func Test_EventFilters(t *testing.T) { 6 - filterArgs []string 7 - eventFunc func(*testing.T, *[]trace.Event) 8 - }{ 9 - - { 10 - - name: "do a file write", 11 - - filterArgs: []string{"event=magic_write"}, 12 - - eventFunc: checkMagicwrite, 13 - - }, 14 - { 15 - name: "execute a command", 16 - filterArgs: []string{"comm=ls"},

+129

pkgs/tools/security/tracee/use-our-libbpf.patch

··· 1 + diff --git a/Makefile b/Makefile 2 + index c72cf63d..e96b7eed 100644 3 + --- a/Makefile 4 + +++ b/Makefile 5 + @@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck 6 + # libs 7 + # 8 + 9 + +LIB_BPF ?= libbpf 10 + LIB_ELF ?= libelf 11 + LIB_ZLIB ?= zlib 12 + 13 + @@ -172,10 +173,6 @@ env: 14 + @echo "KERN_BUILD_PATH $(KERN_BUILD_PATH)" 15 + @echo "KERN_SRC_PATH $(KERN_SRC_PATH)" 16 + @echo --------------------------------------- 17 + - @echo "LIBBPF_CFLAGS $(LIBBPF_CFLAGS)" 18 + - @echo "LIBBPF_LDLAGS $(LIBBPF_LDFLAGS)" 19 + - @echo "LIBBPF_SRC $(LIBBPF_SRC)" 20 + - @echo --------------------------------------- 21 + @echo "STATIC $(STATIC)" 22 + @echo --------------------------------------- 23 + @echo "BPF_VCPU $(BPF_VCPU)" 24 + @@ -274,8 +271,6 @@ OUTPUT_DIR = ./dist 25 + $(OUTPUT_DIR): 26 + # 27 + @$(CMD_MKDIR) -p $@ 28 + - @$(CMD_MKDIR) -p $@/libbpf 29 + - @$(CMD_MKDIR) -p $@/libbpf/obj 30 + 31 + # 32 + # embedded btfhub 33 + @@ -286,37 +281,6 @@ $(OUTPUT_DIR)/btfhub: 34 + @$(CMD_MKDIR) -p $@ 35 + @$(CMD_TOUCH) $@/.place-holder # needed for embed.FS 36 + 37 + -# 38 + -# libbpf 39 + -# 40 + - 41 + -LIBBPF_CFLAGS = "-fPIC" 42 + -LIBBPF_LDLAGS = 43 + -LIBBPF_SRC = ./3rdparty/libbpf/src 44 + - 45 + -$(OUTPUT_DIR)/libbpf/libbpf.a: \ 46 + - $(LIBBPF_SRC) \ 47 + - $(wildcard $(LIBBPF_SRC)/*.[ch]) \ 48 + - | .checkver_$(CMD_CLANG) $(OUTPUT_DIR) 49 + -# 50 + - CC="$(CMD_CLANG)" \ 51 + - CFLAGS="$(LIBBPF_CFLAGS)" \ 52 + - LD_FLAGS="$(LIBBPF_LDFLAGS)" \ 53 + - $(MAKE) \ 54 + - -C $(LIBBPF_SRC) \ 55 + - BUILD_STATIC_ONLY=1 \ 56 + - DESTDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/) \ 57 + - OBJDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/obj) \ 58 + - INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \ 59 + - install install_uapi_headers 60 + - 61 + -$(LIBBPF_SRC): \ 62 + - | .check_$(CMD_GIT) 63 + -# 64 + -ifeq ($(wildcard $@), ) 65 + - @$(CMD_GIT) submodule update --init --recursive 66 + -endif 67 + - 68 + # 69 + # non co-re ebpf 70 + # 71 + @@ -333,7 +297,6 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION)) 72 + bpf-nocore: $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o 73 + 74 + $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \ 75 + - $(OUTPUT_DIR)/libbpf/libbpf.a \ 76 + $(TRACEE_EBPF_OBJ_SRC) 77 + # 78 + MAKEFLAGS="--no-print-directory" 79 + @@ -351,7 +314,6 @@ $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \ 80 + -I $(KERN_SRC_PATH)/include/uapi \ 81 + -I $(KERN_BUILD_PATH)/include/generated \ 82 + -I $(KERN_BUILD_PATH)/include/generated/uapi \ 83 + - -I $(OUTPUT_DIR)/libbpf \ 84 + -I ./3rdparty/include \ 85 + -Wunused \ 86 + -Wall \ 87 + @@ -412,7 +374,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h) 88 + bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o 89 + 90 + $(OUTPUT_DIR)/tracee.bpf.core.o: \ 91 + - $(OUTPUT_DIR)/libbpf/libbpf.a \ 92 + $(TRACEE_EBPF_OBJ_SRC) \ 93 + $(TRACEE_EBPF_OBJ_CORE_HEADERS) 94 + # 95 + @@ -421,7 +382,6 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \ 96 + -D__BPF_TRACING__ \ 97 + -DCORE \ 98 + -I./pkg/ebpf/c/ \ 99 + - -I$(OUTPUT_DIR)/libbpf/ \ 100 + -I ./3rdparty/include \ 101 + -target bpf \ 102 + -O2 -g \ 103 + @@ -447,8 +407,8 @@ ifeq ($(STATIC), 1) 104 + GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo 105 + endif 106 + 107 + -CUSTOM_CGO_CFLAGS = "-I$(abspath $(OUTPUT_DIR)/libbpf)" 108 + -CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB))) $(abspath $(OUTPUT_DIR)/libbpf/libbpf.a)" 109 + +CUSTOM_CGO_CFLAGS = "" 110 + +CUSTOM_CGO_LDFLAGS = "$(shell $(call pkg_config, $(LIB_BPF))) $(shell $(call pkg_config, $(LIB_ELF))) $(shell $(call pkg_config, $(LIB_ZLIB)))" 111 + 112 + GO_ENV_EBPF = 113 + GO_ENV_EBPF += GOOS=linux 114 + @@ -468,6 +428,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \ 115 + $(TRACEE_EBPF_SRC) \ 116 + ./embedded-ebpf.go \ 117 + | .checkver_$(CMD_GO) \ 118 + + .checklib_$(LIB_BPF) \ 119 + .checklib_$(LIB_ELF) \ 120 + .checklib_$(LIB_ZLIB) \ 121 + btfhub 122 + @@ -658,7 +619,6 @@ test-rules: \ 123 + .PHONY: test-upstream-libbpfgo 124 + test-upstream-libbpfgo: \ 125 + .checkver_$(CMD_GO) \ 126 + - $(OUTPUT_DIR)/libbpf/libbpf.a 127 + # 128 + ./tests/libbpfgo.sh $(GO_ENV_EBPF) 129 +

+1 -1

pkgs/top-level/all-packages.nix

··· 12076 12076 tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; }; 12077 12077 12078 12078 tracee = callPackage ../tools/security/tracee { 12079 - buildGoModule = buildGo118Module; # tests fail with 1.19 12079 + libbpf = libbpf_1; # keep inline with their submodule 12080 12080 }; 12081 12081 12082 12082 tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };