tjh.dev
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
1{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, kernel, installShellFiles, pkg-config
2, luajit, ncurses, perl, jsoncpp, libb64, openssl, curl, jq, gcc, elfutils, tbb, protobuf, grpc
3, libyamlcpp, nlohmann_json, re2
4}:
5
6with lib;
7let
8 # Compare with https://github.com/draios/sysdig/blob/dev/cmake/modules/falcosecurity-libs.cmake
9 libsRev = "0.9.1";
10 libsSha256 = "sha256-X+zLEnage8AuGdGn9sl1RN9b1CKTA1ErrdPNbYKY0s0=";
11
12 # Compare with https://github.com/falcosecurity/libs/blob/master/cmake/modules/valijson.cmake#L17
13 valijson = fetchFromGitHub {
14 owner = "tristanpenman";
15 repo = "valijson";
16 rev = "v0.6";
17 sha256 = "sha256-ZD19Q2MxMQd3yEKbY90GFCrerie5/jzgO8do4JQDoKM=";
18 };
19
20 driver = fetchFromGitHub {
21 owner = "falcosecurity";
22 repo = "libs";
23 rev = "3.0.1+driver";
24 sha256 = "sha256-bK9wv17bVl93rOqw7JICnMOM0fDtPIErfMmUmNKOD5c=";
25 };
26
27in
28stdenv.mkDerivation rec {
29 pname = "sysdig";
30 version = "0.30.2";
31
32 src = fetchFromGitHub {
33 owner = "draios";
34 repo = "sysdig";
35 rev = version;
36 sha256 = "sha256-bDlrnTfm43zpYBIiP2MGB+LM5jtalmeUNtWHgxe81HM=";
37 };
38
39 nativeBuildInputs = [ cmake perl installShellFiles pkg-config ];
40 buildInputs = [
41 luajit
42 ncurses
43 libb64
44 openssl
45 curl
46 jq
47 gcc
48 elfutils
49 tbb
50 libb64
51 re2
52 protobuf
53 grpc
54 libyamlcpp
55 jsoncpp
56 nlohmann_json
57 ] ++ optionals (kernel != null) kernel.moduleBuildDependencies;
58
59 hardeningDisable = [ "pic" ];
60
61 postUnpack = ''
62 cp -r ${fetchFromGitHub {
63 owner = "falcosecurity";
64 repo = "libs";
65 rev = libsRev;
66 sha256 = libsSha256;
67 }} libs
68 chmod -R +w libs
69 cp -r ${driver} driver-src
70 chmod -R +w driver-src
71 cmakeFlagsArray+=(
72 "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs"
73 "-DVALIJSON_INCLUDE=${valijson}/include"
74 "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver"
75 )
76 '';
77
78 cmakeFlags = [
79 "-DUSE_BUNDLED_DEPS=OFF"
80 "-DSYSDIG_VERSION=${version}"
81 "-DUSE_BUNDLED_B64=OFF"
82 "-DUSE_BUNDLED_TBB=OFF"
83 "-DUSE_BUNDLED_RE2=OFF"
84 "-DCREATE_TEST_TARGETS=OFF"
85 ] ++ optional (kernel == null) "-DBUILD_DRIVER=OFF";
86
87 # needed since luajit-2.1.0-beta3
88 NIX_CFLAGS_COMPILE = "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i))";
89
90 preConfigure = ''
91 if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then
92 echo "falcosecurity-libs checksum needs to be updated!"
93 exit 1
94 fi
95 cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -labsl_synchronization")
96 '' + optionalString (kernel != null) ''
97 export INSTALL_MOD_PATH="$out"
98 export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
99 '';
100
101 postInstall =
102 ''
103 # Fix the bash completion location
104 installShellCompletion --bash $out/etc/bash_completion.d/sysdig
105 rm $out/etc/bash_completion.d/sysdig
106 rmdir $out/etc/bash_completion.d
107 rmdir $out/etc
108 ''
109 + optionalString (kernel != null) ''
110 make install_driver
111 kernel_dev=${kernel.dev}
112 kernel_dev=''${kernel_dev#/nix/store/}
113 kernel_dev=''${kernel_dev%%-linux*dev*}
114 if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
115 sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
116 else
117 xz -d $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko.xz
118 sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
119 xz $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
120 fi
121 '';
122
123
124 meta = {
125 description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
126 license = with licenses; [ asl20 gpl2 mit ];
127 maintainers = [maintainers.raskin];
128 platforms = ["x86_64-linux"] ++ platforms.darwin;
129 broken = kernel != null && versionOlder kernel.version "4.14";
130 homepage = "https://sysdig.com/opensource/";
131 downloadPage = "https://github.com/draios/sysdig/releases";
132 };
133}