|
|
|
|
@ -1,39 +1,41 @@ |
|
|
|
|
{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, kernel, installShellFiles |
|
|
|
|
{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake, kernel, installShellFiles, pkg-config |
|
|
|
|
, luajit, ncurses, perl, jsoncpp, libb64, openssl, curl, jq, gcc, elfutils, tbb, protobuf, grpc |
|
|
|
|
}: |
|
|
|
|
|
|
|
|
|
with lib; |
|
|
|
|
let |
|
|
|
|
libsRev = "2160111cd088aea9ae2235d3385ecb0b1ab6623c"; |
|
|
|
|
libsSha256 = "sha256-TOuxXtrxujyAjzAtlX3/eCfM16mwxnmZ6Wg44SG0dTs="; |
|
|
|
|
in |
|
|
|
|
stdenv.mkDerivation rec { |
|
|
|
|
pname = "sysdig"; |
|
|
|
|
version = "0.27.1"; |
|
|
|
|
version = "0.28.0"; |
|
|
|
|
|
|
|
|
|
src = fetchFromGitHub { |
|
|
|
|
owner = "draios"; |
|
|
|
|
repo = "sysdig"; |
|
|
|
|
rev = version; |
|
|
|
|
sha256 = "sha256-lYjMvxMIReANNwMr62u881Nugrs9piOaN3EmrvGzRns="; |
|
|
|
|
sha256 = "sha256-oE3vCmOw+gcmvGqj7Xk5injpNC/YThckJMNg5XRFhME="; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
patches = [ |
|
|
|
|
# Fix pending upstream inclusion for ncurses-6.3 support: |
|
|
|
|
# https://github.com/draios/sysdig/pull/1810 |
|
|
|
|
(fetchpatch { |
|
|
|
|
name = "ncurses-6.3.patch"; |
|
|
|
|
url = "https://github.com/draios/sysdig/commit/1e37fffe0337b8f8f8e0b5345db2f8631851c209.patch"; |
|
|
|
|
sha256 = "sha256-T+yC6iXQ3MY+ub0c+Hv+cC18PV8YlAOKB6YB1Hdm7Yc="; |
|
|
|
|
# change 'a/userspace/sinspui' for 'a/userspace/libsinsp' to follow upstream rename. |
|
|
|
|
stripLen = 3; |
|
|
|
|
extraPrefix = "userspace/libsinsp/"; |
|
|
|
|
}) |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
nativeBuildInputs = [ cmake perl installShellFiles ]; |
|
|
|
|
nativeBuildInputs = [ cmake perl installShellFiles pkg-config ]; |
|
|
|
|
buildInputs = [ |
|
|
|
|
luajit ncurses jsoncpp libb64 openssl curl jq gcc elfutils tbb protobuf grpc |
|
|
|
|
] ++ optionals (kernel != null) kernel.moduleBuildDependencies; |
|
|
|
|
|
|
|
|
|
hardeningDisable = [ "pic" ]; |
|
|
|
|
|
|
|
|
|
postUnpack = '' |
|
|
|
|
cp -r ${fetchFromGitHub { |
|
|
|
|
owner = "falcosecurity"; |
|
|
|
|
repo = "libs"; |
|
|
|
|
rev = libsRev; |
|
|
|
|
sha256 = libsSha256; |
|
|
|
|
}} libs |
|
|
|
|
chmod -R +w libs |
|
|
|
|
cmakeFlagsArray+=("-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs") |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
cmakeFlags = [ |
|
|
|
|
"-DUSE_BUNDLED_DEPS=OFF" |
|
|
|
|
"-DSYSDIG_VERSION=${version}" |
|
|
|
|
@ -45,9 +47,8 @@ stdenv.mkDerivation rec { |
|
|
|
|
|
|
|
|
|
preConfigure = '' |
|
|
|
|
cmakeFlagsArray+=(-DCMAKE_EXE_LINKER_FLAGS="-ltbb -lcurl -labsl_synchronization") |
|
|
|
|
|
|
|
|
|
export INSTALL_MOD_PATH="$out" |
|
|
|
|
'' + optionalString (kernel != null) '' |
|
|
|
|
export INSTALL_MOD_PATH="$out" |
|
|
|
|
export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
@ -64,12 +65,12 @@ stdenv.mkDerivation rec { |
|
|
|
|
kernel_dev=${kernel.dev} |
|
|
|
|
kernel_dev=''${kernel_dev#/nix/store/} |
|
|
|
|
kernel_dev=''${kernel_dev%%-linux*dev*} |
|
|
|
|
if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/sysdig-probe.ko"; then |
|
|
|
|
sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/sysdig-probe.ko |
|
|
|
|
if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then |
|
|
|
|
sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko |
|
|
|
|
else |
|
|
|
|
xz -d $out/lib/modules/${kernel.modDirVersion}/extra/sysdig-probe.ko.xz |
|
|
|
|
sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/sysdig-probe.ko |
|
|
|
|
xz $out/lib/modules/${kernel.modDirVersion}/extra/sysdig-probe.ko |
|
|
|
|
xz -d $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko.xz |
|
|
|
|
sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko |
|
|
|
|
xz $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko |
|
|
|
|
fi |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
|
Jörg Thalheim
2 years ago