pkgs/by-name/tr/tracee/package.nix at devShellTools-shell · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / by-name / tr / tracee / package.nix
at devShellTools-shell 128 lines 2.9 kB view raw
  1{
  2  lib,
  3  buildGoModule,
  4  fetchFromGitHub,
  5
  6  clang_14,
  7  pkg-config,
  8
  9  elfutils,
 10  libbpf,
 11  zlib,
 12  zstd,
 13
 14  nixosTests,
 15  testers,
 16  tracee,
 17  makeWrapper,
 18}:
 19
 20buildGoModule rec {
 21  pname = "tracee";
 22  version = "0.23.2";
 23
 24  # src = /home/tim/repos/tracee;
 25  src = fetchFromGitHub {
 26    owner = "aquasecurity";
 27    repo = "tracee";
 28    # project has branches and tags of the same name
 29    tag = "v${version}";
 30    hash = "sha256-Rf1pa9e6t002ltg40xZZVpE5OL9Vl02Xcn2Ux0To408=";
 31  };
 32  vendorHash = "sha256-2+4UN9WB6eGzedogy5dMvhHj1x5VeUUkDM0Z28wKQgM=";
 33
 34  patches = [
 35    ./0001-fix-do-not-build-libbpf.patch
 36  ];
 37
 38  enableParallelBuilding = true;
 39  # needed to build bpf libs
 40  hardeningDisable = [ "stackprotector" ];
 41
 42  nativeBuildInputs = [
 43    clang_14
 44    pkg-config
 45  ];
 46  buildInputs = [
 47    elfutils
 48    libbpf
 49    zlib.dev
 50    zstd.dev
 51  ];
 52
 53  makeFlags = [
 54    "RELEASE_VERSION=v${version}"
 55    "GO_DEBUG_FLAG=-s -w"
 56    # don't actually need git but the Makefile checks for it
 57    "CMD_GIT=echo"
 58  ];
 59
 60  buildPhase = ''
 61    runHook preBuild
 62    mkdir -p ./dist
 63    make $makeFlags ''${enableParallelBuilding:+-j$NIX_BUILD_CORES} bpf all
 64    runHook postBuild
 65  '';
 66
 67  # tests require a separate go module
 68  # integration tests are ran within a nixos vm
 69  # see passthru.tests.integration
 70  doCheck = false;
 71
 72  outputs = [
 73    "out"
 74    "lib"
 75    "share"
 76  ];
 77
 78  installPhase = ''
 79    runHook preInstall
 80
 81    mkdir -p $out/bin $lib/lib/tracee $share/share/tracee
 82
 83    mv ./dist/{tracee,signatures} $out/bin/
 84    mv ./dist/tracee.bpf.o $lib/lib/tracee/
 85    mv ./cmd/tracee-rules/templates $share/share/tracee/
 86
 87    runHook postInstall
 88  '';
 89
 90  passthru.tests = {
 91    integration = nixosTests.tracee;
 92    integration-test-cli = import ./integration-tests.nix { inherit lib tracee makeWrapper; };
 93    version = testers.testVersion {
 94      package = tracee;
 95      version = "v${version}";
 96      command = "tracee version";
 97    };
 98  };
 99
100  meta = with lib; {
101    homepage = "https://aquasecurity.github.io/tracee/latest/";
102    changelog = "https://github.com/aquasecurity/tracee/releases/tag/v${version}";
103    description = "Linux Runtime Security and Forensics using eBPF";
104    mainProgram = "tracee";
105    longDescription = ''
106      Tracee is a Runtime Security and forensics tool for Linux. It is using
107      Linux eBPF technology to trace your system and applications at runtime,
108      and analyze collected events to detect suspicious behavioral patterns. It
109      is delivered as a Docker image that monitors the OS and detects suspicious
110      behavior based on a pre-defined set of behavioral patterns.
111    '';
112    license = with licenses; [
113      # general license
114      asl20
115      # pkg/ebpf/c/*
116      gpl2Plus
117    ];
118    maintainers = with maintainers; [ jk ];
119    platforms = [
120      "x86_64-linux"
121      "aarch64-linux"
122    ];
123    outputsToInstall = [
124      "out"
125      "share"
126    ];
127  };
128}