From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id OHvLA2nqRGaxOgEAqHPOHw:P1 (envelope-from ) for ; Wed, 15 May 2024 19:01:29 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id OHvLA2nqRGaxOgEAqHPOHw (envelope-from ) for ; Wed, 15 May 2024 19:01:29 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=R5GJ1NoY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1715792488; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=iqWs/VWLZxbRK+fEFmwTl251qwOVmr1yc6mfp9h/a9g=; b=QO/Z3And5cAQEqfn7vDcefNxKN8zCVBPduB/QieiINt+9dwYIwZPEAb5yz7VCsYSDOjc2X qAHGTXUsxCt2OzMj5W15RbCaKNsb8hXd1pTRUsCEbbaAoe0WOY1dt5Jr/hGV79veCr4EDA 6opEM/+VLm9fn09S6bvZlo5HXccFsVdBh+Hz00NhKONujHTNBbZZEogAPqzkKy+KrDAIJA Maav+sV0cqd194+5lmt0vbhDCXBjGiRizo1AYkKNx1zO4Sl9l0AA9N+0VWA30+7oa6c29g 0T1j323LkuBOJqO7hB8LI781Gkllwtx6BfrE2MtiSIxPjLVmjoyFi9tBF08Xag== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=R5GJ1NoY; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1715792488; a=rsa-sha256; cv=none; b=Y6FSqbvK/y3hkGeYhraeP848gQy0RWTYqnMveHEfKOZIKWidCPbjX8sKFRJqa6jlt0omNa BDjOdkcH1mMPLIeQ90Rf2+IEXn4TYeWZTZA7RS7PLK6Mg7bIyjtlIHmPcdgIn7AHT0QoDT tYJBNWR7fUiEKCyLDuaFGV49OYjQ3BiKQrXt6OTNf96P8HvbfbBl8eP8DZjV8S7efhYxbH GMRbxJZYpZz0ceDthPO7bMQhYf7dfdbDfeKhhrHzBP9Ib4iokgXteJ/4VIgjikf5e65wuS nnrRJChydTUo4DTBOYI8oB++MWkawhghqYW1QzqCW6vHHAwqUeeRK6NZHwGWZA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BFBB45167E for ; Wed, 15 May 2024 19:01:28 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s7HzI-0001um-Mg; Wed, 15 May 2024 13:00:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s7Hz1-0001nK-Vq for guix-patches@gnu.org; Wed, 15 May 2024 13:00:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s7Hz1-0007Fg-GM for guix-patches@gnu.org; Wed, 15 May 2024 13:00:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s7Hz2-0007Bj-LX; Wed, 15 May 2024 13:00:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#70962] [PATCH 06/14] gnu: Add falcosecurity-libs. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: leo@famulari.name, me@tobias.gr, w@wmeyer.eu, guix-patches@gnu.org Resent-Date: Wed, 15 May 2024 17:00:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70962 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 70962@debbugs.gnu.org Cc: Maxim Cournoyer , Leo Famulari , Tobias Geerinckx-Rice , Wilko Meyer X-Debbugs-Original-Xcc: Leo Famulari , Tobias Geerinckx-Rice , Wilko Meyer Received: via spool by 70962-submit@debbugs.gnu.org id=B70962.171579236627467 (code B ref 70962); Wed, 15 May 2024 17:00:04 +0000 Received: (at 70962) by debbugs.gnu.org; 15 May 2024 16:59:26 +0000 Received: from localhost ([127.0.0.1]:43158 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7HyO-00078r-Qj for submit@debbugs.gnu.org; Wed, 15 May 2024 12:59:26 -0400 Received: from mail-qk1-f175.google.com ([209.85.222.175]:46358) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7HyM-00078C-2j for 70962@debbugs.gnu.org; Wed, 15 May 2024 12:59:23 -0400 Received: by mail-qk1-f175.google.com with SMTP id af79cd13be357-792b8ebc4eeso535376185a.1 for <70962@debbugs.gnu.org>; Wed, 15 May 2024 09:59:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715792294; x=1716397094; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iqWs/VWLZxbRK+fEFmwTl251qwOVmr1yc6mfp9h/a9g=; b=R5GJ1NoYQqJw/gctvAgLHLLrXGshmAnVWbDV2h5mBkCpqQYYJ1tRtFSFUWMImjZmzT T553A3NperAI/AtytON8NVEKZunve4PYIgbW/pksj0GlxSd7GJbQvt88gczB2dxMMINw M64Arn9cU/5rxbGlpigrPt4l6u7bUxpjINw3hVLXl8Sj194EWDnCY61Q3Ntn9NmhOtr0 vYzHTPjfSS7m4IhFD5GoXu3w+S5lqj97R7ppU4sKXYsIVTwR9a3IMiS2x9U20HMQPrre 1tSlcsNeLvuQ6wl1CX3DCaOqBzD1i5TVQ6WV0mGAn0sVOYKqkVD+3b1P8uMQVvl+W2Jq Z5rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715792294; x=1716397094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iqWs/VWLZxbRK+fEFmwTl251qwOVmr1yc6mfp9h/a9g=; b=WvM3jUVMHUh+JQ3Yn646PsdmCQ3W6Ga8qGf80CbwS7TxKTf4DsqNdgeEwgkREjnLoN nL0xehSrSk8EIsAO0+EwErMfmN1e/sBIyqVsxR/jMCbXsm3k2qb0UZK9H6Plc4b1jEwJ DEOXVZaCJ6MERN7poNKthWP1RlpWOPgWaoPz55H2dcjG9+j2tE6YmM+JEIDob31ux+V/ 9/RnfTmOMXR9hicrxhMwmimk4N0d7+/c7m34yJlvpolIhbwUwQoDUrHrFMj84ZJXRQRa R8COEb0dgw7FQNJLJ6EdWSaJ77KwpsMFjy2Ue0n+WrxauvC6d7e4/LTqQK0+MnPS1zsk rhPQ== X-Gm-Message-State: AOJu0YypFPj5S8opSOAQllH4mhT7vo0djFBnqqt3QO8kCydQwYvMgRAQ JtNaSOWlsPNZapFDptKY4+WLegv0RAlbjrH90edReAflWw5Jlhxm+45X6A== X-Google-Smtp-Source: AGHT+IFeu2alq2l97OzNy9r4O1/8u1RYDWRUrNN41fY6b4cG9tJ6SWmsr+1n975FRcjtKmay30csfg== X-Received: by 2002:a05:6214:2c03:b0:69b:683b:8686 with SMTP id 6a1803df08f44-6a168147e59mr175008056d6.3.1715792292198; Wed, 15 May 2024 09:58:12 -0700 (PDT) Received: from localhost.localdomain (dsl-205-233-125-107.b2b2c.ca. [205.233.125.107]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6a15f194871sm66068896d6.59.2024.05.15.09.58.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 May 2024 09:58:11 -0700 (PDT) From: Maxim Cournoyer Date: Wed, 15 May 2024 12:57:16 -0400 Message-ID: X-Mailer: git-send-email 2.41.0 In-Reply-To: <7cf609dcf83c85b6897c9fb9af46ce8a854a15c8.1715791830.git.maxim.cournoyer@gmail.com> References: <7cf609dcf83c85b6897c9fb9af46ce8a854a15c8.1715791830.git.maxim.cournoyer@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 6.13 X-Spam-Score: 6.13 X-Migadu-Queue-Id: BFBB45167E X-Migadu-Scanner: mx13.migadu.com X-TUID: b0imKx+YRPyI * gnu/packages/linux.scm (falcosecurity-libs): New variable. * gnu/packages/patches/falcosecurity-libs-install-pman.patch * gnu/packages/patches/falcosecurity-libs-libscap-pc.patch * gnu/packages/patches/falcosecurity-libs-pkg-config.patch * gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch * gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. Change-Id: I0cb15e6a25256598678fc20eb298ad947d699ef4 --- gnu/local.mk | 5 + gnu/packages/linux.scm | 92 +++++++++++ .../falcosecurity-libs-install-pman.patch | 14 ++ .../falcosecurity-libs-libscap-pc.patch | 16 ++ ...lcosecurity-libs-libsinsp-pkg-config.patch | 155 ++++++++++++++++++ .../falcosecurity-libs-pkg-config.patch | 23 +++ ...alcosecurity-libs-shared-library-fix.patch | 50 ++++++ 7 files changed, 355 insertions(+) create mode 100644 gnu/packages/patches/falcosecurity-libs-install-pman.patch create mode 100644 gnu/packages/patches/falcosecurity-libs-libscap-pc.patch create mode 100644 gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch create mode 100644 gnu/packages/patches/falcosecurity-libs-pkg-config.patch create mode 100644 gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch diff --git a/gnu/local.mk b/gnu/local.mk index 7f43f57f57..bb7dfa0b12 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1179,6 +1179,11 @@ dist_patch_DATA = \ %D%/packages/patches/fail2ban-python310-server-action.patch \ %D%/packages/patches/fail2ban-python310-server-actions.patch \ %D%/packages/patches/fail2ban-python310-server-jails.patch \ + %D%/packages/patches/falcosecurity-libs-install-pman.patch \ + %D%/packages/patches/falcosecurity-libs-libscap-pc.patch \ + %D%/packages/patches/falcosecurity-libs-pkg-config.patch \ + %D%/packages/patches/falcosecurity-libs-shared-library-fix.patch \ + %D%/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch \ %D%/packages/patches/farstream-gupnp.patch \ %D%/packages/patches/farstream-make.patch \ %D%/packages/patches/fastcap-mulGlobal.patch \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index cb348276e3..a51ce5c27a 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -100,6 +100,7 @@ (define-module (gnu packages linux) #:use-module (gnu packages) #:use-module (gnu packages acl) + #:use-module (gnu packages adns) #:use-module (gnu packages admin) #:use-module (gnu packages algebra) #:use-module (gnu packages apparmor) @@ -114,10 +115,12 @@ (define-module (gnu packages linux) #:use-module (gnu packages calendar) #:use-module (gnu packages check) #:use-module (gnu packages cpio) + #:use-module (gnu packages cpp) #:use-module (gnu packages crates-io) #:use-module (gnu packages crypto) #:use-module (gnu packages cryptsetup) #:use-module (gnu packages compression) + #:use-module (gnu packages curl) #:use-module (gnu packages databases) #:use-module (gnu packages datastructures) #:use-module (gnu packages dbm) @@ -166,11 +169,14 @@ (define-module (gnu packages linux) #:use-module (gnu packages pkg-config) #:use-module (gnu packages polkit) #:use-module (gnu packages popt) + #:use-module (gnu packages protobuf) #:use-module (gnu packages pulseaudio) #:use-module (gnu packages python) #:use-module (gnu packages python-xyz) #:use-module (gnu packages qt) #:use-module (gnu packages readline) + #:use-module (gnu packages regex) + #:use-module (gnu packages rpc) #:use-module (gnu packages rrdtool) #:use-module (gnu packages rsync) #:use-module (gnu packages samba) @@ -178,6 +184,7 @@ (define-module (gnu packages linux) #:use-module (gnu packages serialization) #:use-module (gnu packages slang) #:use-module (gnu packages sqlite) + #:use-module (gnu packages tbb) #:use-module (gnu packages texinfo) #:use-module (gnu packages textutils) #:use-module (gnu packages tls) @@ -9539,6 +9546,91 @@ (define-public fakechroot (home-page "https://github.com/dex4er/fakechroot/") (license license:lgpl2.1+)))) +(define-public falcosecurity-libs + (package + (name "falcosecurity-libs") + (version "0.16.0") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/falcosecurity/libs/") + (commit version))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1vzymzkfipb3bnjjd9m8ykzj0l94fm8mnpcxfm8mpxz3jbd8xnv9")) + (patches + (search-patches + "falcosecurity-libs-pkg-config.patch" + "falcosecurity-libs-install-pman.patch" + "falcosecurity-libs-libscap-pc.patch" + "falcosecurity-libs-shared-library-fix.patch" + "falcosecurity-libs-libsinsp-pkg-config.patch")))) + (build-system cmake-build-system) + (arguments + (list + #:configure-flags + #~(list "-DUSE_BUNDLED_DEPS=OFF" + "-DBUILD_DRIVER=OFF" + "-DENABLE_DKMS=OFF" + "-DBUILD_LIBSCAP_MODERN_BPF=ON" + "-DSCAP_FILES_SUITE_ENABLE=OFF" ;attempts to download scap files + "-DBUILD_SHARED_LIBS=ON" + #$(string-append "-DFALCOSECURITY_LIBS_VERSION=" version)) + ;; Only the libsinsp test suite is run, as the one for libscap requires + ;; elevated privileges. + #:test-target "run-unit-test-libsinsp" + #:phases + #~(modify-phases %standard-phases + (add-after 'unpack 'disable-problematic-tests + (lambda _ + (substitute* "userspace/libsinsp/test/user.ut.cpp" + ;; The 'system_lookup' test assumes a root user + ;; exists in the build environment. + (("TEST_F\\(usergroup_manager_test, system_lookup)") + "TEST_F(usergroup_manager_test, DISABLED_system_lookup)")))) + (add-after 'install 'delete-src + (lambda _ + (delete-file-recursively + (string-append #$output "/src"))))))) + (native-inputs (list bpftool + clang + googletest + pkg-config + valijson)) ;header-only library + (inputs + (list elfutils + libbpf + libelf)) + (propagated-inputs + ;; The following inputs are in the 'Requires' field of libscap.pc and + ;; libsinp.pc. + (list c-ares + grpc + jsoncpp + openssl + protobuf + uthash ;included in libscap headers + zlib + ;; These are in the 'Requires.private' field of libscap.pc and + ;; libsinp.pc. They are required because the headers are installed + ;; to a non-standard directory, and thus need to be found via the + ;; 'Cflags' field, which in turn mandates that both the pkg-config + ;; modules listed in the 'Requires' and 'Requires.private' be + ;; available. + curl + re2 + tbb)) + (home-page "https://github.com/falcosecurity/libs/") + (synopsis "libscap and lisbinsp Falco security libraries") + (description "The Falco security libraries include @code{libsinsp} and +@code{libscap}. @code{libscap} manages the data capture process, while +@code{libsinsp} is a system inspection library that enriches events from +@code{libscap} with machine state. @code{libsinsp} also performs events +filtering with rule evaluation through its internal rule engine. These +libraries are used by the @command{sysdig} command-line utility.") + (license license:asl2.0))) + (define-public inputattach (package (name "inputattach") diff --git a/gnu/packages/patches/falcosecurity-libs-install-pman.patch b/gnu/packages/patches/falcosecurity-libs-install-pman.patch new file mode 100644 index 0000000000..38dcc0c4b8 --- /dev/null +++ b/gnu/packages/patches/falcosecurity-libs-install-pman.patch @@ -0,0 +1,14 @@ +Install the pman library and its header. +Upstream status: https://github.com/falcosecurity/libs/pull/1842 + +diff --git a/userspace/libpman/CMakeLists.txt b/userspace/libpman/CMakeLists.txt +index da92e9f27..4b57365fe 100644 +--- a/userspace/libpman/CMakeLists.txt ++++ b/userspace/libpman/CMakeLists.txt +@@ -58,3 +58,6 @@ endif() + if(USE_BUNDLED_LIBBPF) + add_dependencies(pman libbpf) + endif() ++ ++install(TARGETS pman LIBRARY ARCHIVE FRAMEWORK) ++install(FILES include/libpman.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) diff --git a/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch b/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch new file mode 100644 index 0000000000..ff650942ff --- /dev/null +++ b/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch @@ -0,0 +1,16 @@ +libscap: Guard against install_lib_link_libraries-NOTFOUND. +Upstream status: https://github.com/falcosecurity/libs/pull/1842 + +diff --git a/cmake/modules/libscap.cmake b/cmake/modules/libscap.cmake +index 81ad2d28d..8b6b4197e 100644 +--- a/cmake/modules/libscap.cmake ++++ b/cmake/modules/libscap.cmake +@@ -95,7 +95,7 @@ foreach(libscap_install_lib ${LIBSCAP_INSTALL_LIBS}) + list(APPEND libscap_link_libraries ${libscap_install_lib}) + get_target_property(install_lib_link_libraries ${libscap_install_lib} LINK_LIBRARIES) + foreach (install_lib_link_library ${install_lib_link_libraries}) +- if (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets) ++ if (${install_lib_link_library} AND (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets)) + if(${install_lib_link_library} MATCHES "/") + # We have a path. Convert it to -L + -l. + get_filename_component(scap_lib_dir ${install_lib_link_library} DIRECTORY) diff --git a/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch b/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch new file mode 100644 index 0000000000..347e0ac90d --- /dev/null +++ b/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch @@ -0,0 +1,155 @@ +libsinsp: Refine pkg-config file generation. +Upstream status: https://github.com/falcosecurity/libs/pull/1842 + +diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in +index a379744f3..1d4b20056 100644 +--- a/userspace/libscap/libscap.pc.in ++++ b/userspace/libscap/libscap.pc.in +@@ -1,4 +1,4 @@ +-prefix=${pcfiledir}/../.. ++prefix=@CMAKE_INSTALL_PREFIX@ + libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ + includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ + +@@ -6,5 +6,6 @@ Name: libscap + Description: lib for System CAPture + Version: @FALCOSECURITY_LIBS_VERSION@ + +-Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@ ++Requires: zlib ++Libs: -L${libdir} -L{libdir}/@LIBS_PACKAGE_NAME@/libscap @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@ + Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ +diff --git a/userspace/libsinsp/CMakeLists.txt b/userspace/libsinsp/CMakeLists.txt +index 6104603e8..832f86067 100644 +--- a/userspace/libsinsp/CMakeLists.txt ++++ b/userspace/libsinsp/CMakeLists.txt +@@ -169,13 +169,9 @@ target_link_libraries(sinsp + "${RE2_LIB}" + ) + +-set(SINSP_PKGCONFIG_LIBRARIES +- scap +- "${ZLIB_LIB}" +- "${CURL_LIBRARIES}" +- "${JSONCPP_LIB}" +- "${RE2_LIB}" +-) ++set(SINSP_PKGCONFIG_LIBRARIES) ++set(SINSP_PKGCONFIG_REQUIRES jsoncpp) ++set(SINSP_PKGCONFIG_REQUIRES_PRIVATE libcurl re2) + + if(NOT EMSCRIPTEN) + target_link_libraries(sinsp +@@ -184,7 +180,8 @@ if(NOT EMSCRIPTEN) + PRIVATE + "${TBB_LIB}" + ) +- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${CARES_LIB}") ++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcares) ++ list(APPEND SINSP_PKGCONFIG_REQUIRES_PRIVATE tbb) + endif() + + if(USE_BUNDLED_VALIJSON) +@@ -248,14 +245,12 @@ if(NOT WIN32) + "${PROTOBUF_LIB}" + "${CARES_LIB}" + ) +- list(APPEND SINSP_PKGCONFIG_LIBRARIES +- "${GRPC_LIBRARIES}" +- "${GRPCPP_LIB}" +- "${GRPC_LIB}" +- "${GPR_LIB}" +- "${PROTOBUF_LIB}" +- "${CARES_LIB}" +- ) ++ list(APPEND SINSP_PKGCONFIG_REQUIRES ++ gpr ++ grpc ++ grpc++ ++ protobuf ++ libcares) + + if(NOT MUSL_OPTIMIZED_BUILD) + target_link_libraries(sinsp INTERFACE rt anl) +@@ -269,7 +264,7 @@ if(NOT WIN32) + endif() # NOT APPLE + + target_link_libraries(sinsp INTERFACE "${OPENSSL_LIBRARIES}") +- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${OPENSSL_LIBRARIES}") ++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcrypto libssl) + + target_link_libraries(sinsp INTERFACE dl pthread) + list(APPEND SINSP_PKGCONFIG_LIBRARIES dl pthread) +@@ -306,41 +301,17 @@ if(NOT DEFINED SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR) + endif() + add_definitions(-DSINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR="${SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR}") + +-# Build our pkg-config "Libs:" flags. For now, loop over SINSP_PKGCONFIG_LIBRARIES. If +-# we ever start using pkg_search_module or pkg_check_modules in cmake/modules +-# we could add each module to our "Requires:" line instead. We might need to +-# expand this to use some of the techniques in +-# https://github.com/curl/curl/blob/curl-7_84_0/CMakeLists.txt#L1539 +-set(SINSP_PKG_CONFIG_LIBS) +-set(SINSP_PKG_CONFIG_LIBDIRS "") +-foreach(sinsp_lib ${SINSP_PKGCONFIG_LIBRARIES}) +- if(${sinsp_lib} MATCHES "^-") +- # We have a flag. Pass it through unchanged. +- list(APPEND SINSP_PKG_CONFIG_LIBS ${sinsp_lib}) +- elseif(${sinsp_lib} MATCHES "/") +- # We have a path. Convert it to -L + -l. +- get_filename_component(sinsp_lib_dir ${sinsp_lib} DIRECTORY) +- list(APPEND SINSP_PKG_CONFIG_LIBDIRS -L${sinsp_lib_dir}) +- get_filename_component(sinsp_lib_base ${sinsp_lib} NAME_WE) +- string(REGEX REPLACE "^lib" "" sinsp_lib_base ${sinsp_lib_base}) +- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib_base}) +- elseif(${sinsp_lib} STREQUAL "scap") +- # We require libscap.pc, so skip it. +- else() +- # Assume we have a plain library name. Prefix it with "-l". +- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib}) +- endif() +-endforeach() ++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_LIBRARIES) ++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES) ++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES_PRIVATE) + +-# Build our pkg-config "Cflags:" flags. +-set(SINSP_PKG_CONFIG_INCLUDES "") +-foreach(sinsp_include_directory ${LIBSINSP_INCLUDE_DIRS}) +- list(APPEND SINSP_PKG_CONFIG_INCLUDES -I${sinsp_include_directory}) ++set(SINSP_LINK_FLAGS) ++foreach(sinsp_link_library ${SINSP_PKGCONFIG_LIBRARIES}) ++ list(APPEND SINSP_LINK_FLAGS "-l${sinsp_link_library}") + endforeach() + +-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBS "${SINSP_PKG_CONFIG_LIBS}") +-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_LIBDIRS) +-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBDIRS "${SINSP_PKG_CONFIG_LIBDIRS}") +-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_INCLUDES) +-string(REPLACE ";" " " SINSP_PKG_CONFIG_INCLUDES "${SINSP_PKG_CONFIG_INCLUDES}") ++string(REPLACE ";" " " LIBSINSP_LINK_FLAGS "${SINSP_LINK_FLAGS}") ++string(REPLACE ";" " " LIBSINSP_REQUIRES "${SINSP_PKGCONFIG_REQUIRES}") ++string(REPLACE ";" " " LIBSINSP_REQUIRES_PRIVATE "${SINSP_PKGCONFIG_REQUIRES_PRIVATE}") ++ + configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libsinsp.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libsinsp.pc @ONLY) +diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in +index 9292e73ce..f20da76b3 100644 +--- a/userspace/libsinsp/libsinsp.pc.in ++++ b/userspace/libsinsp/libsinsp.pc.in +@@ -1,4 +1,4 @@ +-prefix=${pcfiledir}/../.. ++prefix=@CMAKE_INSTALL_PREFIX@ + libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@ + includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@ + +@@ -6,6 +6,7 @@ Name: libsinsp + Description: lib for System INSPection + Version: @FALCOSECURITY_LIBS_VERSION@ + +-Requires: libscap +-Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@ +-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@ ++Requires: libscap @LIBSINSP_REQUIRES@ ++Requires.private: @LIBSINSP_REQUIRES_PRIVATE@ ++Libs: -L${libdir} -lsinsp @LIBSINSP_LINK_FLAGS@ ++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ diff --git a/gnu/packages/patches/falcosecurity-libs-pkg-config.patch b/gnu/packages/patches/falcosecurity-libs-pkg-config.patch new file mode 100644 index 0000000000..9ddfdfffde --- /dev/null +++ b/gnu/packages/patches/falcosecurity-libs-pkg-config.patch @@ -0,0 +1,23 @@ +userspace: Extend CFLAGS of libscap.pc and libsinsp.pc. +Upstream status: https://github.com/falcosecurity/libs/pull/1842 + +diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in +index 40b6e96ed..a379744f3 100644 +--- a/userspace/libscap/libscap.pc.in ++++ b/userspace/libscap/libscap.pc.in +@@ -7,4 +7,4 @@ Description: lib for System CAPture + Version: @FALCOSECURITY_LIBS_VERSION@ + + Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@ +-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap ++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ +diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in +index c1cc4a1e2..9292e73ce 100644 +--- a/userspace/libsinsp/libsinsp.pc.in ++++ b/userspace/libsinsp/libsinsp.pc.in +@@ -8,4 +8,4 @@ Version: @FALCOSECURITY_LIBS_VERSION@ + + Requires: libscap + Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@ +-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp @SINSP_PKG_CONFIG_INCLUDES@ ++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@ diff --git a/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch b/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch new file mode 100644 index 0000000000..3334a89516 --- /dev/null +++ b/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch @@ -0,0 +1,50 @@ +Fix shared library build. +Upstream status: https://github.com/falcosecurity/libs/pull/1842 + +diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt +index 80229cc03..70c9ba65b 100644 +--- a/driver/CMakeLists.txt ++++ b/driver/CMakeLists.txt +@@ -152,6 +152,11 @@ set(DRIVER_SOURCES + ppm_consumer.h + capture_macro.h + socketcall_to_syscall.h ++ syscall_compat_loongarch64.h ++ syscall_compat_ppc64le.h ++ syscall_compat_riscv64.h ++ syscall_compat_s390x.h ++ syscall_compat_x86_64.h + syscall_ia32_64_map.c + ) + +diff --git a/test/libscap/CMakeLists.txt b/test/libscap/CMakeLists.txt +index e88603ebd..fa26ba7ee 100644 +--- a/test/libscap/CMakeLists.txt ++++ b/test/libscap/CMakeLists.txt +@@ -45,6 +45,7 @@ set(LIBSCAP_TESTS_LIBRARIES + "${GTEST_LIB}" + "${GTEST_MAIN_LIB}" + "${CMAKE_THREAD_LIBS_INIT}" ++ "${PROTOBUF_LIB}" + scap + ) + +diff --git a/userspace/libscap/engine/gvisor/CMakeLists.txt b/userspace/libscap/engine/gvisor/CMakeLists.txt +index 6dfbafb14..875847b5d 100644 +--- a/userspace/libscap/engine/gvisor/CMakeLists.txt ++++ b/userspace/libscap/engine/gvisor/CMakeLists.txt +@@ -76,6 +76,14 @@ if (BUILD_SHARED_LIBS) + add_dependencies(scap_engine_gvisor_o uthash) + add_dependencies(scap scap_engine_gvisor_o) + target_sources(scap PRIVATE $) ++ ++ target_include_directories(scap_engine_gvisor_o ++ PRIVATE ++ ${CMAKE_BINARY_DIR} ++ ${CMAKE_CURRENT_BINARY_DIR} ++ ${CMAKE_SOURCE_DIR} ++ ${CMAKE_SOURCE_DIR}/userspace ++ ) + else() + add_library(scap_engine_gvisor + ${scap_engine_gvisor_sources} -- 2.41.0