tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom
nixpkgs / pkgs / os-specific / linux / sysdig / default.nix
at fix-function-merge 197 lines 5.3 kB view raw
1{ 2 lib, 3 stdenv, 4 fetchFromGitHub, 5 cmake, 6 kernel, 7 installShellFiles, 8 pkg-config, 9 luajit, 10 ncurses, 11 perl, 12 jsoncpp, 13 openssl, 14 curl, 15 jq, 16 gcc, 17 elfutils, 18 tbb, 19 protobuf, 20 grpc, 21 yaml-cpp, 22 nlohmann_json, 23 re2, 24 zstd, 25 uthash, 26 clang, 27 libbpf, 28 bpftools, 29 fetchurl, 30}: 31 32let 33 # Compare with https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/falcosecurity-libs.cmake 34 libsRev = "0.17.2"; 35 libsHash = "sha256-BTLXtdU7GjOJReaycHvXkSd2vtybnCn0rTR7OEsvaMQ="; 36 37 # Compare with https://github.com/falcosecurity/libs/blob/0.17.2/cmake/modules/valijson.cmake 38 valijson = fetchFromGitHub { 39 owner = "tristanpenman"; 40 repo = "valijson"; 41 rev = "v1.0.2"; 42 hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo="; 43 }; 44 45 # https://github.com/draios/sysdig/blob/0.38.1/cmake/modules/driver.cmake 46 driver = fetchFromGitHub { 47 owner = "falcosecurity"; 48 repo = "libs"; 49 rev = "7.2.0+driver"; 50 hash = "sha256-FIlnJsNgofGo4HETEEpW28wpC3U9z5AZprwFR5AgFfA="; 51 }; 52 53 # "main.c" from master after (https://github.com/falcosecurity/libs/pull/1884) 54 # Remove when an upstream release includes the driver update 55 driverKernel610MainC = fetchurl { 56 url = "https://raw.githubusercontent.com/falcosecurity/libs/fa26daf65bb4117ecfe099fcad48ea75fe86d8bb/driver/main.c"; 57 hash = "sha256-VI/tOSXs5OcEDehSqICF3apmSnwe4QCmbkHz+DGH4uM="; 58 }; 59 60 version = "0.38.1"; 61in 62stdenv.mkDerivation { 63 pname = "sysdig"; 64 inherit version; 65 66 src = fetchFromGitHub { 67 owner = "draios"; 68 repo = "sysdig"; 69 rev = version; 70 hash = "sha256-oufRTr5TFdpF50pmem2L3bBFIfwxCR8f1xi0A328iHo="; 71 }; 72 73 nativeBuildInputs = [ 74 cmake 75 perl 76 installShellFiles 77 pkg-config 78 ]; 79 buildInputs = [ 80 luajit 81 ncurses 82 openssl 83 curl 84 jq 85 gcc 86 elfutils 87 tbb 88 re2 89 protobuf 90 grpc 91 yaml-cpp 92 jsoncpp 93 nlohmann_json 94 zstd 95 uthash 96 clang 97 libbpf 98 bpftools 99 ] ++ lib.optionals (kernel != null) kernel.moduleBuildDependencies; 100 101 hardeningDisable = [ "pic" "zerocallusedregs" ]; 102 103 postUnpack = '' 104 cp -r ${ 105 fetchFromGitHub { 106 owner = "falcosecurity"; 107 repo = "libs"; 108 rev = libsRev; 109 hash = libsHash; 110 } 111 } libs 112 chmod -R +w libs 113 114 substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \ 115 --replace-fail "\''${prefix}/@CMAKE_INSTALL_LIBDIR@" "@CMAKE_INSTALL_FULL_LIBDIR@" \ 116 --replace-fail "\''${prefix}/@CMAKE_INSTALL_INCLUDEDIR@" "@CMAKE_INSTALL_FULL_INCLUDEDIR@" 117 118 cp -r ${driver} driver-src 119 chmod -R +w driver-src 120 cp ${driverKernel610MainC} driver-src/driver/main.c 121 122 cmakeFlagsArray+=( 123 "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs" 124 "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver" 125 ) 126 ''; 127 128 cmakeFlags = [ 129 "-DUSE_BUNDLED_DEPS=OFF" 130 "-DSYSDIG_VERSION=${version}" 131 "-DUSE_BUNDLED_B64=OFF" 132 "-DUSE_BUNDLED_TBB=OFF" 133 "-DUSE_BUNDLED_RE2=OFF" 134 "-DUSE_BUNDLED_JSONCPP=OFF" 135 "-DCREATE_TEST_TARGETS=OFF" 136 "-DVALIJSON_INCLUDE=${valijson}/include" 137 "-DUTHASH_INCLUDE=${uthash}/include" 138 ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF"; 139 140 env.NIX_CFLAGS_COMPILE = 141 # fix compiler warnings been treated as errors 142 "-Wno-error"; 143 144 preConfigure = 145 '' 146 if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then 147 echo "falcosecurity-libs checksum needs to be updated!" 148 exit 1 149 fi 150 cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -lzstd -labsl_synchronization") 151 '' 152 + lib.optionalString (kernel != null) '' 153 export INSTALL_MOD_PATH="$out" 154 export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" 155 ''; 156 157 postInstall = 158 '' 159 # Fix the bash completion location 160 installShellCompletion --bash $out/etc/bash_completion.d/sysdig 161 rm $out/etc/bash_completion.d/sysdig 162 rmdir $out/etc/bash_completion.d 163 rmdir $out/etc 164 '' 165 + lib.optionalString (kernel != null) '' 166 make install_driver 167 kernel_dev=${kernel.dev} 168 kernel_dev=''${kernel_dev#${builtins.storeDir}/} 169 kernel_dev=''${kernel_dev%%-linux*dev*} 170 if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then 171 sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko 172 else 173 for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do 174 if test -f "$i"; then 175 xz -d $i 176 sed -i "s#$kernel_dev#................................#g" ''${i%.xz} 177 xz -9 ''${i%.xz} 178 fi 179 done 180 fi 181 ''; 182 183 meta = { 184 description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)"; 185 license = with lib.licenses; [ 186 asl20 187 gpl2Only 188 mit 189 ]; 190 maintainers = with lib.maintainers; [ raskin ]; 191 platforms = [ "x86_64-linux" ] ++ lib.platforms.darwin; 192 broken = 193 kernel != null && ((lib.versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen); 194 homepage = "https://sysdig.com/opensource/"; 195 downloadPage = "https://github.com/draios/sysdig/releases"; 196 }; 197}