commit: 8efa75ce221f1748bbe3cb83aed9988a001c62e5 Author: Holger Hoffstätte <holger <AT> applied-asynchrony <DOT> com> AuthorDate: Mon Oct 14 12:45:30 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Nov 1 17:28:23 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8efa75ce
dev-debug/sysdig: add 0.39.0 Closes: https://bugs.gentoo.org/938218 Closes: https://bugs.gentoo.org/938188 Signed-off-by: Holger Hoffstätte <holger <AT> applied-asynchrony.com> Signed-off-by: Sam James <sam <AT> gentoo.org> dev-debug/sysdig/metadata.xml | 2 + dev-debug/sysdig/sysdig-0.39.0.ebuild | 169 ++++++++++++++++++++++++++++++++++ 2 files changed, 171 insertions(+) diff --git a/dev-debug/sysdig/metadata.xml b/dev-debug/sysdig/metadata.xml index c16f8ef41665..05dad048fe79 100644 --- a/dev-debug/sysdig/metadata.xml +++ b/dev-debug/sysdig/metadata.xml @@ -10,6 +10,8 @@ <name>Proxy Maintainers</name> </maintainer> <use> + <flag name="bpf">Enable the BPF probe as alternative event source + to <pkg>dev-debug/scap-driver</pkg>.</flag> <flag name="modules">Build kernel modules needed for tracing local events. Disable this only if you intend to use sysdig purely to work with dumpfiles.</flag> diff --git a/dev-debug/sysdig/sysdig-0.39.0.ebuild b/dev-debug/sysdig/sysdig-0.39.0.ebuild new file mode 100644 index 000000000000..2a9539574c2c --- /dev/null +++ b/dev-debug/sysdig/sysdig-0.39.0.ebuild @@ -0,0 +1,169 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LLVM_COMPAT=( {15..19} ) +LLVM_OPTIONAL=1 + +LUA_COMPAT=( luajit ) + +inherit bash-completion-r1 cmake flag-o-matic linux-info llvm-r1 lua-single + +DESCRIPTION="A system exploration and troubleshooting tool" +HOMEPAGE="https://sysdig.com/"; + +# The version of falcosecurity-libs required by sysdig as source tree +LIBS_VERSION="0.18.1" +LIBS="falcosecurity-libs-${LIBS_VERSION}" + +SRC_URI="https://github.com/draios/sysdig/archive/${PV}.tar.gz -> ${P}.tar.gz + https://github.com/falcosecurity/libs/archive/${LIBS_VERSION}.tar.gz -> ${LIBS}.tar.gz" + +# The driver version as found in cmake/modules/driver.cmake or alternatively +# as git tag on the $LIBS_VERSION of falcosecurity-libs. +DRIVER_VERSION="7.3.0+driver" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="bpf +modules" +REQUIRED_USE="${LUA_REQUIRED_USE}" + +RDEPEND="${LUA_DEPS} + dev-cpp/abseil-cpp:= + dev-cpp/tbb:= + dev-cpp/yaml-cpp:= + dev-libs/jsoncpp:= + dev-libs/libb64:= + bpf? ( >=dev-libs/libbpf-1.1:= ) + dev-libs/protobuf:= + dev-libs/re2:= + dev-libs/uthash + net-libs/grpc:= + net-misc/curl + sys-libs/ncurses:= + sys-libs/zlib:= + virtual/libelf:=" + +DEPEND="${RDEPEND} + dev-cpp/nlohmann_json + dev-cpp/valijson + bpf? ( $(llvm_gen_dep ' + sys-devel/clang:${LLVM_SLOT}= + sys-devel/llvm:${LLVM_SLOT}=[llvm_targets_BPF(+)] + ') + ) + virtual/os-headers" + +BDEPEND="bpf? ( dev-util/bpftool )" + +# pin the driver to the falcosecurity-libs version +PDEPEND="modules? ( =dev-debug/scap-driver-${LIBS_VERSION}* )" + +PATCHES=( + "${FILESDIR}/0.38.1-scap-loader.patch" +) + +pkg_pretend() { + if use bpf; then + local CONFIG_CHECK=" + ~BPF + ~BPF_EVENTS + ~BPF_JIT + ~BPF_SYSCALL + ~FTRACE_SYSCALLS + ~HAVE_EBPF_JIT + " + check_extra_config + fi +} + +pkg_setup() { + use bpf && llvm-r1_pkg_setup +} + +src_prepare() { + # do not build with debugging info + sed -i -e 's/-ggdb//g' CMakeLists.txt "${WORKDIR}"/libs-${LIBS_VERSION}/cmake/modules/CompilerFlags.cmake || die + + # fix the driver version + sed -i -e 's/0.0.0-local/${DRIVER_VERSION}/g' cmake/modules/driver.cmake || die + + cmake_src_prepare +} + +src_configure() { + # known problems with strict aliasing: + # https://github.com/falcosecurity/libs/issues/1964 + append-flags -fno-strict-aliasing + + local mycmakeargs=( + # do not build the kernel driver + -DBUILD_DRIVER=OFF + + # libscap examples are not installed or really useful + -DBUILD_LIBSCAP_EXAMPLES=OFF + + # do not build internal libs as shared + -DBUILD_SHARED_LIBS=OFF + + # build BPF probe depending on USE + -DBUILD_SYSDIG_MODERN_BPF:BOOL=$(usex bpf) + + # set driver version to prevent downloading (don't ask..) + -DDRIVER_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}/driver + -DDRIVER_VERSION=${DRIVER_VERSION} + + # point sysdig to the libs tree + -DFALCOSECURITY_LIBS_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION} + + # explicitly set sysdig version - required for some reason + -DSYSDIG_VERSION=${PV} + + # do not use bundled dependencies for sysdig + -DUSE_BUNDLED_DEPS=OFF + + # do not use bundled dependencies for falcosecurity-libs + -DUSE_BUNDLED_B64=OFF + -DUSE_BUNDLED_JSONCPP=OFF + -DUSE_BUNDLED_RE2=OFF + -DUSE_BUNDLED_TBB=OFF + -DUSE_BUNDLED_VALIJSON=OFF + + # set valijson include path to prevent downloading + -DVALIJSON_INCLUDE="${ESYSROOT}"/usr/include + + # enable chisels + -DWITH_CHISEL=ON + ) + + cmake_src_configure +} + +src_install() { + cmake_src_install + + # remove driver headers + rm -r "${ED}"/usr/src || die + + # remove libscap/libsinsp headers & libs (see #938187) + rm -r "${ED}"/usr/include/sysdig || die + rm -r "${ED}"/usr/$(get_libdir) || die + + # move bashcomp to the proper location + dobashcomp "${ED}"/usr/etc/bash_completion.d/sysdig || die + rm -r "${ED}"/usr/etc || die +} + +pkg_postinst() { + if use bpf; then + elog + elog "You have enabled the 'modern BPF' probe." + elog "This eBPF-based event source is an alternative to the traditional" + elog "scap kernel module." + elog + elog "To use it, start sysdig/csysdig with '--modern-bpf'." + elog + fi +}
