blob: 667b9936af54d6cbaba0ebb8d26e4b4487789285 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
LLVM_COMPAT=( {15..19} )
LLVM_OPTIONAL=1
LUA_COMPAT=( luajit )
inherit bash-completion-r1 cmake flag-o-matic linux-info llvm-r1 lua-single
DESCRIPTION="A system exploration and troubleshooting tool"
HOMEPAGE="https://sysdig.com/"
# The version of falcosecurity-libs required by sysdig as source tree
LIBS_VERSION="0.19.0"
LIBS="falcosecurity-libs-${LIBS_VERSION}"
SRC_URI="https://github.com/draios/sysdig/archive/${PV}.tar.gz -> ${P}.tar.gz
https://github.com/falcosecurity/libs/archive/${LIBS_VERSION}.tar.gz -> ${LIBS}.tar.gz"
# The driver version as found in cmake/modules/driver.cmake or alternatively
# as git tag on the $LIBS_VERSION of falcosecurity-libs.
DRIVER_VERSION="7.3.0+driver"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="bpf +modules"
REQUIRED_USE="${LUA_REQUIRED_USE}"
RDEPEND="${LUA_DEPS}
dev-cpp/abseil-cpp:=
dev-cpp/tbb:=
dev-cpp/yaml-cpp:=
dev-libs/jsoncpp:=
dev-libs/libb64:=
bpf? ( >=dev-libs/libbpf-1.1:= )
dev-libs/protobuf:=
dev-libs/re2:=
dev-libs/uthash
net-libs/grpc:=
net-misc/curl
sys-libs/ncurses:=
sys-libs/zlib:=
virtual/libelf:="
DEPEND="${RDEPEND}
dev-cpp/nlohmann_json
dev-cpp/valijson
bpf? ( $(llvm_gen_dep '
sys-devel/clang:${LLVM_SLOT}=
sys-devel/llvm:${LLVM_SLOT}=[llvm_targets_BPF(+)]
')
)
virtual/os-headers"
BDEPEND="bpf? ( dev-util/bpftool )"
# pin the driver to the falcosecurity-libs version
PDEPEND="modules? ( =dev-debug/scap-driver-${LIBS_VERSION}* )"
PATCHES=(
"${FILESDIR}/0.38.1-scap-loader.patch"
)
pkg_pretend() {
if use bpf; then
local CONFIG_CHECK="
~BPF
~BPF_EVENTS
~BPF_JIT
~BPF_SYSCALL
~FTRACE_SYSCALLS
~HAVE_EBPF_JIT
"
check_extra_config
fi
}
pkg_setup() {
use bpf && llvm-r1_pkg_setup
}
src_prepare() {
# do not build with debugging info
sed -i -e 's/-ggdb//g' CMakeLists.txt "${WORKDIR}"/libs-${LIBS_VERSION}/cmake/modules/CompilerFlags.cmake || die
# fix the driver version
sed -i -e 's/0.0.0-local/${DRIVER_VERSION}/g' cmake/modules/driver.cmake || die
cmake_src_prepare
}
src_configure() {
# known problems with strict aliasing:
# https://github.com/falcosecurity/libs/issues/1964
append-flags -fno-strict-aliasing
local mycmakeargs=(
# do not build the kernel driver
-DBUILD_DRIVER=OFF
# libscap examples are not installed or really useful
-DBUILD_LIBSCAP_EXAMPLES=OFF
# do not build internal libs as shared
-DBUILD_SHARED_LIBS=OFF
# build BPF probe depending on USE
-DBUILD_SYSDIG_MODERN_BPF:BOOL=$(usex bpf)
# set driver version to prevent downloading (don't ask..)
-DDRIVER_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}/driver
-DDRIVER_VERSION=${DRIVER_VERSION}
# point sysdig to the libs tree
-DFALCOSECURITY_LIBS_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}
# explicitly set sysdig version - required for some reason
-DSYSDIG_VERSION=${PV}
# do not use bundled dependencies for sysdig
-DUSE_BUNDLED_DEPS=OFF
# do not use bundled dependencies for falcosecurity-libs
-DUSE_BUNDLED_B64=OFF
-DUSE_BUNDLED_JSONCPP=OFF
-DUSE_BUNDLED_RE2=OFF
-DUSE_BUNDLED_TBB=OFF
-DUSE_BUNDLED_VALIJSON=OFF
# set valijson include path to prevent downloading
-DVALIJSON_INCLUDE="${ESYSROOT}"/usr/include
# enable chisels
-DWITH_CHISEL=ON
)
cmake_src_configure
}
src_install() {
cmake_src_install
# remove driver headers
rm -r "${ED}"/usr/src || die
# remove libscap/libsinsp headers & libs (see #938187)
rm -r "${ED}"/usr/include/sysdig || die
rm -r "${ED}"/usr/$(get_libdir) || die
# move bashcomp to the proper location
dobashcomp "${ED}"/usr/etc/bash_completion.d/sysdig || die
rm -r "${ED}"/usr/etc || die
}
pkg_postinst() {
if use bpf; then
elog
elog "You have enabled the 'modern BPF' probe."
elog "This eBPF-based event source is an alternative to the traditional"
elog "scap kernel module."
elog
elog "To use it, start sysdig/csysdig with '--modern-bpf'."
elog
fi
}
|