diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fe81da1a17..1ef16efd51 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -8,238 +8,104 @@ on: jobs: - builder: + build-sysdig-linux: + runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} + container: + image: ubuntu:22.04 + strategy: + matrix: + platform: + - amd64 + - arm64 env: - REGISTRY: ghcr.io - BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-builder-pr - SKEL_BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-skel-builder-pr - BUILDER_DEV: ghcr.io/draios/sysdig-builder:dev - SKEL_BUILDER_DEV: ghcr.io/draios/sysdig-skel-builder:dev + ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd - runs-on: ubuntu-latest steps: - name: Checkout Sysdig uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Check if builder is modified - id: builder-files - uses: tj-actions/changed-files@v34 - with: - files: | - docker/builder/** - - - name: Set up QEMU - if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' - - - name: Set up Docker Buildx - if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/setup-buildx-action@v2 - - - name: Login to Github Packages - if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Get new skeleton builder image tag - id: get-new-skeleton-builder - if: steps.builder-files.outputs.any_changed == 'true' + - name: Install deps run: | - echo "skeleton_builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.SKEL_BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.SKEL_BUILDER_DEV }}" >> $GITHUB_OUTPUT - - - name: Get new builder image tag - id: get-new-builder - if: steps.builder-files.outputs.any_changed == 'true' + cp -v scripts/zig-cc /usr/bin/ + cp -v scripts/zig-c++ /usr/bin/ + apt update && \ + apt install -y --no-install-recommends \ + autoconf \ + automake \ + build-essential \ + ca-certificates \ + clang \ + cmake \ + curl \ + git \ + libelf-dev \ + libtool \ + llvm \ + ninja-build \ + pkg-config \ + rpm \ + wget \ + xz-utils && \ + git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \ + cd bpftool && \ + git submodule update --init && \ + cd src && \ + make install && \ + cd ../.. && \ + rm -fr bpftool && \ + curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + cd zig-linux-$(uname -m)-${ZIG_VERSION} && \ + cp -v zig /usr/bin && \ + find lib -exec cp --parents {} /usr/ \; && \ + cd .. && \ + rm -fr zig* + + - name: Build Sysdig + env: + CC: zig-cc + CXX: zig-c++ + AR: zig ar + RANLIB: zig ranlib run: | - echo "builder_image=${{ (github.event.pull_request.number != '') && format('{0}:{1}', env.BUILDER_IMAGE_BASE, github.event.pull_request.number) || env.BUILDER_DEV }}" >> $GITHUB_OUTPUT - - - name: Build new skeleton builder - id: skeleton-builder - if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/build-push-action@v6 - with: - context: docker/builder - file: docker/builder/modern_bpf_probe.Dockerfile - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.get-new-skeleton-builder.outputs.skeleton_builder_image }} - push: true - - - name: Build new builder - id: build-builder - if: steps.builder-files.outputs.any_changed == 'true' - uses: docker/build-push-action@v6 - with: - context: docker/builder - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.get-new-builder.outputs.builder_image }} - push: true - - outputs: - builder_image: ${{ (steps.builder-files.outputs.any_changed == 'true') && steps.get-new-builder.outputs.builder_image || env.BUILDER_DEV }} - skeleton_builder_image: ${{ (steps.builder-files.outputs.any_changed == 'true') && steps.get-new-skeleton-builder.outputs.skeleton_builder_image || env.SKEL_BUILDER_DEV }} - - build-skeleton-sysdig-linux-amd64: - needs: builder - runs-on: ubuntu-latest - container: - image: ${{ needs.builder.outputs.skeleton_builder_image }} - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Link paths + cmake \ + -DUSE_BUNDLED_DEPS=ON \ + -DBUILD_BPF=OFF \ + -DBUILD_DRIVER=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -S . \ + -B build \ + -G Ninja + cmake --build build --target package --config Release + + - name: Set artifact name + id: artifact_name run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Prepare build skeleton - run: build cmake-skeleton - - name: Build skeleton - run: build make-skeleton - - name: Cache build skeleton - uses: actions/cache/save@v3 - if: always() - id: cache - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} + echo "name=sysdig-dev-linux-$(echo ${{ matrix.platform }} | sed -e 's|/|-|g')" >> "$GITHUB_OUTPUT" - build-sysdig-linux-amd64: - needs: [builder,build-skeleton-sysdig-linux-amd64] - runs-on: ubuntu-latest - container: - image: ${{ needs.builder.outputs.builder_image }} - volumes: - - '/node20217:/node20217:rw,rshared' - - '/node20217:/__e/node20:ro,rshared' - env: - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - steps: - - name: install nodejs20glibc2.17 - run: | - yum install curl -yyq - curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz - tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217 - ldd /__e/node20/bin/node - - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Link paths - run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Restore build skeleton - id: cache - uses: actions/cache/restore@v3 - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} - restore-keys: build-skeleton- - - name: Build - run: build cmake - - name: Build packages - run: build package - name: Upload rpm package - uses: actions/upload-artifact@v3 - with: - name: sysdig-dev-linux-x86_64.rpm - path: | - /build/release/sysdig-*.rpm - - name: Upload deb package - uses: actions/upload-artifact@v3 - with: - name: sysdig-dev-linux-x86_64.deb - path: | - /build/release/sysdig-*.deb - - name: Upload tar.gz package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-dev-linux-x86_64.tar.gz + name: ${{ steps.artifact_name.outputs.name }}.rpm path: | - /build/release/sysdig-*.tar.gz + build/sysdig-*.rpm - build-sysdig-linux-arm64: - needs: builder - env: - REGISTRY: ghcr.io - BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-builder-pr - SKEL_BUILDER_IMAGE_BASE: ghcr.io/draios/sysdig-skel-builder-pr - BUILDER_DEV: ghcr.io/draios/sysdig-builder:dev - SKEL_BUILDER_DEV: ghcr.io/draios/sysdig-skel-builder:dev - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - runs-on: ubuntu-latest - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Create build dir - run: | - mkdir -p ${{ github.workspace }}/sysdig-build-aarch64 - - - name: Login to Github Packages - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' - - name: Run the build skeleton process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ${{ needs.builder.outputs.skeleton_builder_image }} - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/dev-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton - run: | - mkdir -p /build/dev-packages && \ - build cmake-skeleton && \ - build make-skeleton - - name: Run the build process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ${{ needs.builder.outputs.builder_image }} - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/dev-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton - run: | - mkdir -p /build/dev-packages && \ - build cmake && \ - build package && \ - cp /build/release/sysdig-* /build/dev-packages - name: Upload deb package - uses: actions/upload-artifact@v3 - with: - name: sysdig-dev-linux-aarch64.deb - path: | - ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.deb - - name: Upload rpm package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-dev-linux-aarch64.rpm + name: ${{ steps.artifact_name.outputs.name }}.deb path: | - ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.rpm + build/sysdig-*.deb + - name: Upload tar.gz package - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-dev-linux-aarch64.tar.gz + name: ${{ steps.artifact_name.outputs.name }}.tar.gz path: | - ${{ github.workspace }}/sysdig-build-aarch64/sysdig-*.tar.gz + build/sysdig-*.tar.gz build-sysdig-others-amd64: name: build-sysdig-other-amd64 @@ -248,8 +114,6 @@ jobs: os: [windows-latest, macos-13] include: - os: windows-latest - artifact_name: win - artifact_ext: exe - os: macos-13 artifact_name: osx artifact_ext: dmg @@ -259,11 +123,10 @@ jobs: uses: actions/checkout@v4 - name: Build run: | - mkdir -p build - cd build && cmake -Wno-dev .. - cmake --build . --target package --config Release + cmake -Wno-dev -S . -B build + cmake --build build --target package --config Release - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-dev-${{ matrix.artifact_name }}-x86_64.${{ matrix.artifact_ext }} path: | @@ -284,11 +147,10 @@ jobs: uses: actions/checkout@v4 - name: Build run: | - mkdir -p build - cd build && cmake -Wno-dev .. - cmake --build . --target package --config Release + cmake -Wno-dev -S . -B build + cmake --build build --target package --config Release - name: Upload artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-dev-${{ matrix.artifact_name }}-arm64.${{ matrix.artifact_ext }} path: | diff --git a/.github/workflows/release-draft.yaml b/.github/workflows/release-draft.yaml index 2481b1efd3..0de84f6c99 100644 --- a/.github/workflows/release-draft.yaml +++ b/.github/workflows/release-draft.yaml @@ -6,206 +6,180 @@ on: - '[0-9]+.[0-9]+.[0-9]+-[a-z]+' - '[0-9]+.[0-9]+.[0-9]+-[a-z]+[0-9]+' -jobs: +env: + BUILD_VERSION: ${{ github.ref_name }} - build-skeleton-sysdig-linux-amd64: - runs-on: ubuntu-latest +jobs: + build-release-linux: + runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} container: - image: ghcr.io/draios/sysdig-skel-builder:dev - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Link paths - run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Prepare build skeleton - run: build cmake-skeleton - - name: Build skeleton - run: build make-skeleton - - name: Cache build skeleton - uses: actions/cache/save@v3 - if: always() - id: cache - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} + image: ubuntu:22.04 + strategy: + matrix: + platform: + - amd64 + - arm64 + include: + - platform: amd64 + base_arch: x86_64 + release_arch: x86_64 + - platform: arm64 + base_arch: aarch64 + release_arch: aarch64 - build-release-linux-amd64: - needs: build-skeleton-sysdig-linux-amd64 - runs-on: ubuntu-latest env: - BUILD_VERSION: ${{ github.ref_name }} - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - container: - image: ghcr.io/draios/sysdig-builder:dev + ZIG_VERSION: 0.14.0-dev.2851+b074fb7dd + steps: - name: Checkout Sysdig uses: actions/checkout@v4 with: - path: sysdig - - name: Link paths + fetch-depth: 0 + + - name: Install deps run: | - mkdir -p /source - ln -s "$GITHUB_WORKSPACE/sysdig" /source/sysdig - - name: Restore build skeleton - id: cache - uses: actions/cache/restore@v3 - with: - path: /build-skeleton - key: build-skeleton-${{ github.run_id }} - restore-keys: build-skeleton- - - name: Build - run: build cmake - - name: Build packages - run: build package - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - path: /build/release/sysdig-${{ env.BUILD_VERSION }}* - - build-release-linux-arm64: - runs-on: ubuntu-latest - env: - REGISTRY: ghcr.io - BUILD_VERSION: ${{ github.ref_name }} - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - with: - path: sysdig - - name: Create build dir + cp -v scripts/zig-cc /usr/bin/ + cp -v scripts/zig-c++ /usr/bin/ + apt update && \ + apt install -y --no-install-recommends \ + autoconf \ + automake \ + build-essential \ + ca-certificates \ + clang \ + cmake \ + curl \ + git \ + libelf-dev \ + libtool \ + llvm \ + ninja-build \ + pkg-config \ + rpm \ + wget \ + xz-utils && \ + git clone https://github.com/libbpf/bpftool.git --branch v7.3.0 --single-branch && \ + cd bpftool && \ + git submodule update --init && \ + cd src && \ + make install && \ + cd ../.. && \ + rm -fr bpftool && \ + curl -LO https://ziglang.org/builds/zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + tar -xaf zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + rm -v zig-linux-$(uname -m)-${ZIG_VERSION}.tar.xz && \ + cd zig-linux-$(uname -m)-${ZIG_VERSION} && \ + cp -v zig /usr/bin && \ + find lib -exec cp --parents {} /usr/ \; && \ + cd .. && \ + rm -fr zig* + + - name: Build Sysdig + env: + CC: zig-cc + CXX: zig-c++ + AR: zig ar + RANLIB: zig ranlib run: | - mkdir -p ${{ github.workspace }}/sysdig-build-aarch64 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' - - name: Run the build skeleton process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ghcr.io/draios/sysdig-skel-builder:dev - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/release-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton -e BUILD_VERSION=${{ env.BUILD_VERSION }} - run: | - mkdir -p /build/release-packages && \ - build cmake-skeleton && \ - build make-skeleton - - name: Run the build process with Docker - uses: addnab/docker-run-action@v3 - with: - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - registry: ${{ env.REGISTRY }} - image: ghcr.io/draios/sysdig-builder:dev - options: --platform=linux/arm64 -v ${{ github.workspace }}/sysdig:/source/sysdig -v ${{ github.workspace }}/sysdig-build-aarch64:/build/release-packages -v ${{ github.workspace }}/skeleton-build:/build-skeleton -e BUILD_VERSION=${{ env.BUILD_VERSION }} - run: | - mkdir -p /build/release-packages && \ - build cmake && \ - build package && \ - cp /build/release/sysdig-${{ env.BUILD_VERSION }}* /build/release-packages + cmake \ + -DUSE_BUNDLED_DEPS=ON \ + -DBUILD_BPF=OFF \ + -DBUILD_DRIVER=OFF \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_INSTALL_PREFIX="/usr" \ + -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" \ + -Wno-dev \ + -S . \ + -B build \ + -G Ninja + cmake --build build --target package --config Release - name: Upload Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 - path: ${{ github.workspace }}/sysdig-build-aarch64/sysdig-${{ env.BUILD_VERSION }}* - + name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.release_arch }} + path: | + build/sysdig-${{ env.BUILD_VERSION }}* + build-release-others-amd64: name: build-release-others-amd64 strategy: matrix: - os: [windows-latest, macos-13] + os: [windows-latest, macos-13, macos-14] include: - os: windows-latest artifact_name: win artifact_ext: exe + arch: x86_64 - os: macos-13 artifact_name: osx artifact_ext: dmg - env: - BUILD_VERSION: ${{ github.ref_name }} - runs-on: ${{ matrix.os }} - steps: - - name: Checkout Sysdig - uses: actions/checkout@v4 - - name: Build - run: | - mkdir -p build - cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. - cmake --build . --target package --config Release - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-x86_64 - path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} - - build-release-others-arm64: - name: build-release-others-arm64 - strategy: - matrix: - os: [macos-14] - include: + arch: x86_64 - os: macos-14 artifact_name: osx artifact_ext: dmg - env: - BUILD_VERSION: ${{ github.ref_name }} - runs-on: ${{ matrix.os }} + arch: arm64 + runs-on: ${{ matrix.os }} steps: - name: Checkout Sysdig uses: actions/checkout@v4 - name: Build run: | - mkdir -p build - cd build && cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" .. - cmake --build . --target package --config Release + cmake -Wno-dev -DBUILD_DRIVER=OFF -DSYSDIG_VERSION="${{ env.BUILD_VERSION }}" -S . -B build + cmake --build build --target package --config Release - name: Upload Artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-arm64 + name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.artifact_name }}-${{ matrix.arch }} path: build/sysdig-${{ env.BUILD_VERSION }}*.${{ matrix.artifact_ext }} push-container-image: - runs-on: ubuntu-latest - needs: [build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs] + runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }} + container: + image: ubuntu:22.04 + strategy: + matrix: + platform: + - amd64 + - arm64 + include: + - platform: amd64 + base_arch: x86_64 + release_arch: x86_64 + - platform: arm64 + base_arch: aarch64 + release_arch: aarch64 + needs: [build-release-linux, sign-rpms, sign-debs] env: - BUILD_VERSION: ${{ github.ref_name }} REGISTRY: ghcr.io SYSDIG_IMAGE_BASE: ghcr.io/draios/sysdig steps: - name: Checkout Sysdig uses: actions/checkout@v4 + - name: Download artifacts aarch64 - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 + - name: Download artifacts x86_64 - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: 'amd64,arm64' + - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 + - name: Login to Github Packages uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push container images uses: docker/build-push-action@v6 with: - platforms: linux/amd64,linux/arm64 file: docker/sysdig/Dockerfile context: . tags: ${{ env.SYSDIG_IMAGE_BASE }}:${{ env.BUILD_VERSION }}-draft @@ -222,10 +196,9 @@ jobs: arch: x86_64 - name: arm64 arch: aarch64 - needs: [build-release-linux-amd64, build-release-linux-arm64] + needs: build-release-linux runs-on: ubuntu-latest env: - BUILD_VERSION: ${{ github.ref_name }} KEY_ID: EC51E8C4 container: image: fedora:39 @@ -233,19 +206,19 @@ jobs: - name: Install deps run: dnf install -y rpm-sign pinentry - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - - - name: Sign RPMs + - name: Sign RPMs run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm - name: Check signature run: test "$(rpm -qpi *.rpm | awk '/Signature/' | grep -i none | wc -l)" -eq 0 - name: Upload Signed RPMs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} path: "*.rpm" @@ -260,57 +233,63 @@ jobs: arch: x86_64 - name: arm64 arch: aarch64 - needs: [build-release-linux-amd64, build-release-linux-arm64] + needs: build-release-linux env: - BUILD_VERSION: ${{ github.ref_name }} KEY_ID: EC51E8C4 container: image: debian:bullseye-slim steps: - name: Install deps run: apt-get update && apt-get -y install dpkg-sig + - name: Download artifacts - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} + - name: Import private key env: PRIVATE_KEY: ${{ secrets.SYSDIG_REPO_SIGNING_KEY }} run: printenv PRIVATE_KEY | gpg --import - + - name: Sign DEBs run: dpkg-sig -k ${{ env.KEY_ID }} -s builder *.deb + - name: Check signature run: dpkg-sig --verify *.deb + - name: Upload Signed DEBs - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-${{ matrix.arch }} path: "*.deb" create-draft-release: runs-on: ubuntu-latest - needs: [push-container-image, build-release-linux-amd64, build-release-linux-arm64, sign-rpms, sign-debs] - env: - BUILD_VERSION: ${{ github.ref_name }} + needs: [push-container-image, build-release-linux, sign-rpms, sign-debs] steps: - name: Download artifacts (linux-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-x86_64 - name: Download artifacts (linux-arm64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-aarch64 - name: Download artifacts (win-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-win-x86_64 - name: Download artifacts (osx-amd64) - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: sysdig-release-${{ env.BUILD_VERSION }}-osx-x86_64 + - name: Download artifacts (osx-arm64) + uses: actions/download-artifact@v4 + with: + name: sysdig-release-${{ env.BUILD_VERSION }}-osx-arm64 - name: Create draft release - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@v2 with: files: | sysdig-${{ env.BUILD_VERSION }}* diff --git a/cmake/modules/cares.cmake b/cmake/modules/cares.cmake deleted file mode 100644 index 1c7807f8d2..0000000000 --- a/cmake/modules/cares.cmake +++ /dev/null @@ -1,76 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2023 The Falco Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except -# in compliance with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software distributed under the License -# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express -# or implied. See the License for the specific language governing permissions and limitations under -# the License. -# - -option(USE_BUNDLED_CARES "Enable building of the bundled c-ares" ${USE_BUNDLED_DEPS}) - -if(CARES_INCLUDE) - # we already have c-ares -elseif(NOT USE_BUNDLED_CARES) - find_path(CARES_INCLUDE NAMES cares/ares.h ares.h) - find_library(CARES_LIB NAMES cares) - if(CARES_INCLUDE AND CARES_LIB) - message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}") - else() - message(FATAL_ERROR "Couldn't find system c-ares") - endif() -else() - if(BUILD_SHARED_LIBS) - set(CARES_LIB_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX}) - set(CARES_STATIC_OPTION "Off") - else() - set(CARES_LIB_SUFFIX ${CMAKE_STATIC_LIBRARY_SUFFIX}) - set(CARES_STATIC_OPTION "On") - endif() - set(CARES_SRC "${PROJECT_BINARY_DIR}/c-ares-prefix/src/c-ares") - set(CARES_INCLUDE "${CARES_SRC}/include/") - set(CARES_LIB "${CARES_SRC}/lib64/libcares${CARES_LIB_SUFFIX}") - - if(NOT TARGET c-ares) - message(STATUS "Using bundled c-ares in '${CARES_SRC}'") - ExternalProject_Add( - c-ares - PREFIX "${PROJECT_BINARY_DIR}/c-ares-prefix" - URL "https://github.com/c-ares/c-ares/releases/download/v1.33.1/c-ares-1.33.1.tar.gz" - URL_HASH "SHA256=06869824094745872fa26efd4c48e622b9bd82a89ef0ce693dc682a23604f415" - BUILD_IN_SOURCE 1 - CMAKE_ARGS -DCMAKE_POLICY_DEFAULT_CMP0091:STRING=NEW - -DCMAKE_MSVC_RUNTIME_LIBRARY=${CMAKE_MSVC_RUNTIME_LIBRARY} - -DCARES_SHARED=${BUILD_SHARED_LIBS} - -DCARES_STATIC=${CARES_STATIC_OPTION} - -DCARES_STATIC_PIC=${ENABLE_PIC} - -DCARES_BUILD_TOOLS=Off - -DCARES_INSTALL=Off - BUILD_BYPRODUCTS ${CARES_INCLUDE} ${CARES_LIB} - INSTALL_COMMAND "" - ) - install( - FILES "${CARES_LIB}" - DESTINATION "${CMAKE_INSTALL_LIBDIR}/${LIBS_PACKAGE_NAME}" - COMPONENT "libs-deps" - ) - install( - DIRECTORY "${CARES_INCLUDE}" - DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/${LIBS_PACKAGE_NAME}" - COMPONENT "libs-deps" - ) - endif() - -endif() - -if(NOT TARGET c-ares) - add_custom_target(c-ares) -endif() - -include_directories("${CARES_INCLUDE}") diff --git a/cmake/modules/ncurses.cmake b/cmake/modules/ncurses.cmake index f680040faa..bffa77e4e9 100644 --- a/cmake/modules/ncurses.cmake +++ b/cmake/modules/ncurses.cmake @@ -12,15 +12,15 @@ elseif(NOT USE_BUNDLED_NCURSES) else() set(CURSES_BUNDLE_DIR "${PROJECT_BINARY_DIR}/ncurses-prefix/src/ncurses") set(CURSES_INCLUDE_DIR "${CURSES_BUNDLE_DIR}/include/") - set(CURSES_LIBRARIES "${CURSES_BUNDLE_DIR}/lib/libncurses.a") + set(CURSES_LIBRARIES "${CURSES_BUNDLE_DIR}/lib/libncursesw.a") if(NOT TARGET ncurses) message(STATUS "Using bundled ncurses in '${CURSES_BUNDLE_DIR}'") ExternalProject_Add(ncurses PREFIX "${PROJECT_BINARY_DIR}/ncurses-prefix" - URL "https://download.sysdig.com/dependencies/ncurses-6.0-20150725.tgz" - URL_MD5 "32b8913312e738d707ae68da439ca1f4" + URL "https://ftp.gnu.org/gnu/ncurses/ncurses-6.5.tar.gz" + URL_MD5 "ac2d2629296f04c8537ca706b6977687" CONFIGURE_COMMAND ./configure --without-cxx --without-cxx-binding --without-ada --without-manpages --without-progs --without-tests --with-terminfo-dirs=/etc/terminfo:/lib/terminfo:/usr/share/terminfo BUILD_COMMAND ${CMD_MAKE} BUILD_IN_SOURCE 1 diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile deleted file mode 100644 index 3f030f89c9..0000000000 --- a/docker/builder/Dockerfile +++ /dev/null @@ -1,47 +0,0 @@ -FROM centos:7 - -LABEL name="sysdig/sysdig-builder" -LABEL usage="docker run -v $PWD/..:/source -v $PWD/build:/build sysdig/sysdig-builder cmake" - -ARG BUILD_TYPE=release -ARG BUILD_DRIVER=OFF -ARG BUILD_BPF=OFF -ARG BUILD_VERSION=dev -ARG BUILD_WARNINGS_AS_ERRORS=OFF -ARG MAKE_JOBS=4 - -ENV BUILD_TYPE=${BUILD_TYPE} -ENV BUILD_DRIVER=${BUILD_DRIVER} -ENV BUILD_BPF=${BUILD_BPF} -ENV BUILD_VERSION=${BUILD_VERSION} -ENV BUILD_WARNINGS_AS_ERRORS=${BUILD_WARNINGS_AS_ERRORS} -ENV MAKE_JOBS=${MAKE_JOBS} - -COPY ./root / - -WORKDIR / - -# build toolchain -RUN sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \ - sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \ - sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \ - yum -y install centos-release-scl; \ - sed -i 's/mirror.centos.org/vault.centos.org/g' /etc/yum.repos.d/*.repo && \ - sed -i 's/^#.*baseurl=http/baseurl=https/g' /etc/yum.repos.d/*.repo && \ - sed -i 's/^mirrorlist=http/#mirrorlist=https/g' /etc/yum.repos.d/*.repo && \ - yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ git wget make m4 rpm-build clang perl-IPC-Cmd ; \ - source scl_source enable devtoolset-9 - -RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.27.6/cmake-3.27.6-linux-$(uname -m).tar.gz; \ - gzip -d /tmp/cmake.tar.gz; \ - tar -xpf /tmp/cmake.tar --directory=/tmp; \ - cp -R /tmp/cmake-3.27.6-linux-$(uname -m)/* /usr; \ - rm -rf /tmp/cmake-3.27.6-linux-$(uname -m)/ - -# DTS -ENV BASH_ENV=/usr/bin/scl_enable \ - ENV=/usr/bin/scl_enable \ - PROMPT_COMMAND=". /usr/bin/scl_enable" - -ENTRYPOINT ["build"] -CMD ["usage"] diff --git a/docker/builder/modern_bpf_probe.Dockerfile b/docker/builder/modern_bpf_probe.Dockerfile deleted file mode 100644 index 68068c4905..0000000000 --- a/docker/builder/modern_bpf_probe.Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -FROM ubuntu:22.04 - -LABEL name="sysdig/sysdig-skel-builder" -LABEL usage="docker run -v $PWD/..:/source -v $PWD/build:/build sysdig/sysdig-skel-builder cmake" - -ARG BUILD_TYPE=release -ARG BUILD_DRIVER=OFF -ARG BUILD_BPF=OFF -ARG BUILD_VERSION=dev -ARG BUILD_WARNINGS_AS_ERRORS=OFF -ARG MAKE_JOBS=4 - -ENV BUILD_TYPE=${BUILD_TYPE} -ENV BUILD_DRIVER=${BUILD_DRIVER} -ENV BUILD_BPF=${BUILD_BPF} -ENV BUILD_VERSION=${BUILD_VERSION} -ENV BUILD_WARNINGS_AS_ERRORS=${BUILD_WARNINGS_AS_ERRORS} -ENV MAKE_JOBS=${MAKE_JOBS} - -COPY ./root / - -WORKDIR / - -# build toolchain -RUN apt update && \ - apt install -y build-essential git curl wget clang llvm libelf-dev && \ - git clone https://github.com/libbpf/bpftool.git --branch v7.0.0 --single-branch && \ - cd bpftool && \ - git submodule update --init && \ - cd src && make install && rm -r /bpftool - -# With some previous cmake versions it fails when downloading `zlib` with curl in the libs building phase -RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \ - gzip -d /tmp/cmake.tar.gz; \ - tar -xpf /tmp/cmake.tar --directory=/tmp; \ - cp -R /tmp/cmake-3.22.5-linux-$(uname -m)/* /usr; \ - rm -rf /tmp/cmake-3.22.5-linux-$(uname -m)/ - -# DTS -ENTRYPOINT ["build"] -CMD ["usage"] diff --git a/docker/builder/root/usr/bin/build b/docker/builder/root/usr/bin/build deleted file mode 100755 index 344c08ba57..0000000000 --- a/docker/builder/root/usr/bin/build +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/env bash - -set -eu -o pipefail - -SOURCE_DIR=/source -BUILD_DIR=/build -SKEL_DIR=/build-skeleton -BUILD_SYSDIG_MODERN_BPF=ON -CMD=${1:-usage} -shift - -# Build type can be "debug" or "release", fallbacks to "release" by default -BUILD_TYPE=$(echo "$BUILD_TYPE" | tr "[:upper:]" "[:lower:]") -case "$BUILD_TYPE" in -"debug") - DRAIOS_DEBUG_FLAGS="-D_DEBUG -DNDEBUG" - ;; -*) - BUILD_TYPE="release" - ;; -esac - -case "$CMD" in -"cmake-skeleton") - if [ ! -f "$SOURCE_DIR/sysdig/README.md" ]; then - echo "Could not find sysdig source in $SOURCE_DIR/sysdig. ($SOURCE_DIR/sysdig/README.md not found!)" >&2 - exit 1 - fi - - if [ -f "$SOURCE_DIR/libs/README.md" ]; then - echo "Found falcosecurity libs source in $SOURCE_DIR/libs" - FALCOSECURITY_LIBS_SOURCE_DIR="$SOURCE_DIR/libs" - fi - - # Prepare build directory - mkdir -p "$SKEL_DIR/$BUILD_TYPE" - cd "$SKEL_DIR/$BUILD_TYPE" - - CMAKE_ARGS=( - -DCMAKE_BUILD_TYPE="$BUILD_TYPE" - -DBUILD_SYSDIG_MODERN_BPF="$BUILD_SYSDIG_MODERN_BPF" - -DBUILD_WARNINGS_AS_ERRORS="$BUILD_WARNINGS_AS_ERRORS" - -DUSE_BUNDLED_DEPS=ON - ) - - if [ ! -z "${FALCOSECURITY_LIBS_SOURCE_DIR:=}" ]; then - CMAKE_ARGS+=(-DFALCOSECURITY_LIBS_SOURCE_DIR="$FALCOSECURITY_LIBS_SOURCE_DIR") - fi - - CMAKE_ARGS+=("$SOURCE_DIR/sysdig") - - echo "cmake ${CMAKE_ARGS[@]}" - cmake "${CMAKE_ARGS[@]}" - exit "$(printf '%d\n' $?)" - ;; -"make-skeleton") - # Prepare build directory - cd "$SKEL_DIR/$BUILD_TYPE" - - echo "make ProbeSkeleton" - make ProbeSkeleton - exit "$(printf '%d\n' $?)" - ;; -"cmake") - if [ ! -f "$SOURCE_DIR/sysdig/README.md" ]; then - echo "Could not find sysdig source in $SOURCE_DIR/sysdig. ($SOURCE_DIR/sysdig/README.md not found!)" >&2 - exit 1 - fi - - if [ -f "$SOURCE_DIR/libs/README.md" ]; then - echo "Found falcosecurity libs source in $SOURCE_DIR/libs" - FALCOSECURITY_LIBS_SOURCE_DIR="$SOURCE_DIR/libs" - fi - - # Prepare build directory - mkdir -p "$BUILD_DIR/$BUILD_TYPE" - cd "$BUILD_DIR/$BUILD_TYPE" - - CMAKE_ARGS=( - -DCMAKE_BUILD_TYPE="$BUILD_TYPE" - -DCMAKE_INSTALL_PREFIX="${INSTALL_PREFIX:-/usr}" - -DBUILD_DRIVER="$BUILD_DRIVER" - -DBUILD_BPF="$BUILD_BPF" - -DBUILD_SYSDIG_MODERN_BPF="$BUILD_SYSDIG_MODERN_BPF" - -DMODERN_BPF_SKEL_DIR="$SKEL_DIR/$BUILD_TYPE/skel_dir" - -DBUILD_WARNINGS_AS_ERRORS="$BUILD_WARNINGS_AS_ERRORS" - -DSYSDIG_VERSION="$BUILD_VERSION" - -DUSE_BUNDLED_DEPS=ON - ) - - if [ ! -z "${FALCOSECURITY_LIBS_SOURCE_DIR:=}" ]; then - CMAKE_ARGS+=(-DFALCOSECURITY_LIBS_SOURCE_DIR="$FALCOSECURITY_LIBS_SOURCE_DIR") - fi - - CMAKE_ARGS+=("$SOURCE_DIR/sysdig") - - echo "cmake ${CMAKE_ARGS[@]}" - cmake "${CMAKE_ARGS[@]}" - exit "$(printf '%d\n' $?)" - ;; -"bash") - CMD=/bin/bash - ;& # fallthrough -"usage") - exec "$CMD" "$@" - ;; -*) - if [ ! -d "$BUILD_DIR/$BUILD_TYPE" ]; then - echo "Missing $BUILD_DIR/$BUILD_TYPE directory: run cmake." - exit 1 - fi - cd "$BUILD_DIR/$BUILD_TYPE" - make -j"$MAKE_JOBS" "$CMD" - ;; -esac diff --git a/docker/builder/root/usr/bin/scl_enable b/docker/builder/root/usr/bin/scl_enable deleted file mode 100644 index 8b6b7e7b83..0000000000 --- a/docker/builder/root/usr/bin/scl_enable +++ /dev/null @@ -1,7 +0,0 @@ - -# IMPORTANT: Do not add more content to this file unless you know what you are doing. -# This file is sourced everytime the shell session is opened. -# -# This will make scl collection binaries work out of box. -unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable devtoolset-9 diff --git a/docker/builder/root/usr/bin/usage b/docker/builder/root/usr/bin/usage deleted file mode 100755 index d4b5967fbb..0000000000 --- a/docker/builder/root/usr/bin/usage +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash - -gccversion=$(gcc --version | head -n1) -cppversion=$(g++ -dM -E -x c++ /dev/null | grep -F __cplusplus | cut -d' ' -f3) -cmakeversion=$(cmake --version | head -n1) -clangversion=$(clang --version | head -n1) - -cat <, ..., ] - - Eg., - * docker run -v $PWD/..:/source -v $PWD/build:/build sysdig/sysdig-builder tests - * docker run -v $PWD/..:/source -v $PWD/build:/build sysdig/sysdig-builder install - -How to build. - - * cd docker/builder && DOCKER_BUILDKIT=1 docker build -t sysdig/sysdig-builder . - - In case you want to customise the builder at build time the following build arguments are provided: - - BUILD_TYPE whether you want a "release" or "debug" build (defaults to "release"). - - BUILD_DRIVER whether to build the driver or not (defaults to "OFF") - - BUILD_BPF whether to build the BPF driver or not (defaults to "OFF") - - BUILD_WARNINGS_AS_ERRORS whether to intend warnings as errors or not (defaults to "ON") - - MAKE_JOBS the number of jobs to use during make (defaults to "4") - - BUILD_VERSION the version to label the build (built from git index in case it is missing) - - It is possible to change these at runtime (in the container) since environment variables with the same names are provided, too. - -Environment. - - * ${gccversion} - * cplusplus ${cppversion} - * ${cmakeversion} - * ${clangversion} -EOF diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile deleted file mode 100644 index 6af2bd097f..0000000000 --- a/docker/dev/Dockerfile +++ /dev/null @@ -1,106 +0,0 @@ -FROM debian:stable - -LABEL maintainer="Sysdig " - -ENV SYSDIG_REPOSITORY dev - -LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" - -ENV SYSDIG_HOST_ROOT /host - -ENV HOME /root - -RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root - -ADD https://download.sysdig.com/apt-draios-priority /etc/apt/preferences.d/ - -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ - bash-completion \ - bc \ - clang-7 \ - curl \ - dkms \ - gnupg2 \ - ca-certificates \ - gcc \ - libc6-dev \ - libelf-dev \ - libelf1 \ - less \ - llvm-7 \ - procps \ - xz-utils \ - libmpx2 \ - && rm -rf /var/lib/apt/lists/* - -# gcc 6 is no longer included in debian unstable, but we need it to -# build kernel modules on the default debian-based ami used by -# kops. So grab copies we've saved from debian snapshots with the -# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z -# or so. - -RUN curl -o cpp-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/cpp-6_6.3.0-18_amd64.deb \ - && curl -o gcc-6-base_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6-base_6.3.0-18_amd64.deb \ - && curl -o gcc-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6_6.3.0-18_amd64.deb \ - && curl -o libasan3_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libasan3_6.3.0-18_amd64.deb \ - && curl -o libcilkrts5_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libcilkrts5_6.3.0-18_amd64.deb \ - && curl -o libgcc-6-dev_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libgcc-6-dev_6.3.0-18_amd64.deb \ - && curl -o libubsan0_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libubsan0_6.3.0-18_amd64.deb \ - && curl -o libmpfr4_3.1.3-2_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libmpfr4_3.1.3-2_amd64.deb \ - && curl -o libisl15_0.18-1_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libisl15_0.18-1_amd64.deb \ - && dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \ - && rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb - -# gcc 5 is no longer included in debian unstable, but we need it to -# build centos kernels, which are 3.x based and explicitly want a gcc -# version 3, 4, or 5 compiler. So grab copies we've saved from debian -# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z. - -RUN curl -o cpp-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/cpp-5_5.5.0-12_amd64.deb \ - && curl -o gcc-5-base_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5-base_5.5.0-12_amd64.deb \ - && curl -o gcc-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5_5.5.0-12_amd64.deb \ - && curl -o libasan2_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libasan2_5.5.0-12_amd64.deb \ - && curl -o libgcc-5-dev_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \ - && curl -o libisl15_0.18-4_amd64.deb https://download.sysdig.com/dependencies/libisl15_0.18-4_amd64.deb \ - && curl -o libmpx0_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libmpx0_5.5.0-12_amd64.deb \ - && dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \ - && rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb - -# Since our base Debian image ships with GCC 7 which breaks older kernels, revert the -# default to gcc-5. -RUN rm -rf /usr/bin/gcc && ln -s /usr/bin/gcc-5 /usr/bin/gcc - -RUN rm -rf /usr/bin/clang \ - && rm -rf /usr/bin/llc \ - && ln -s /usr/bin/clang-7 /usr/bin/clang \ - && ln -s /usr/bin/llc-7 /usr/bin/llc - -RUN curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | apt-key add - \ - && curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/$SYSDIG_REPOSITORY/deb/draios.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends sysdig \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Some base images have an empty /lib/modules by default -# If it's not empty, docker build will fail instead of -# silently overwriting the existing directory -RUN rm -df /lib/modules \ - && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules - -# debian:unstable head contains binutils 2.31, which generates -# binaries that are incompatible with kernels < 4.16. So manually -# forcibly install binutils 2.30-22 instead. -RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \ - && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \ - && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \ - && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \ - && dpkg -i *binutils*.deb - -COPY ./docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/dev/docker-entrypoint.sh b/docker/dev/docker-entrypoint.sh deleted file mode 100755 index 0c6e6fab9f..0000000000 --- a/docker/dev/docker-entrypoint.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#set -e - -echo "* Setting up /usr/src links from host" - -for i in $(ls $SYSDIG_HOST_ROOT/usr/src) -do - ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i -done - -/usr/bin/scap-driver-loader - -exec "$@" diff --git a/docker/ebpf-probe-builder/Dockerfile b/docker/ebpf-probe-builder/Dockerfile deleted file mode 100644 index 1c84a670e0..0000000000 --- a/docker/ebpf-probe-builder/Dockerfile +++ /dev/null @@ -1,20 +0,0 @@ -FROM debian:unstable - -MAINTAINER Sysdig - -# Based on the sysdig container, used for building eBPF probe - -RUN apt-get update \ - && apt-get dist-upgrade -y \ - && apt-get install -y --no-install-recommends \ - clang \ - gcc \ - libelf-dev \ - libelf1 \ - llvm \ - make \ - && rm -rf /var/lib/apt/lists/* - -COPY ./probe-builder-entrypoint.sh / - -ENTRYPOINT ["/probe-builder-entrypoint.sh"] diff --git a/docker/ebpf-probe-builder/build_bpf_probe.sh b/docker/ebpf-probe-builder/build_bpf_probe.sh deleted file mode 100755 index dfec5f39e9..0000000000 --- a/docker/ebpf-probe-builder/build_bpf_probe.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -set -eu - -# Defaults -DRIVER_DIR=/opt/draios/src/draios-agent-0.1.1dev -KERNEL_DIR=/lib/modules/$(uname -r)/build -OUT_DIR=${HOME}/.sysdig - -usage() -{ - echo "build_bpf_probe [-d ] [-k ] [-o ]" -} - -# Options parsing -while [ -n "${1-}" ]; do - case $1 in - -d | --driver ) shift - DRIVER_DIR=$1 - ;; - -k | --kernel ) shift - KERNEL_DIR=$1 - ;; - -o | --output ) shift - OUT_DIR=$1 - ;; - -h | --help ) usage - exit - ;; - * ) usage - exit 1 - ;; - esac - shift -done - -mkdir -p ${HOME}/.sysdig - -# -# Mapped volumes: -# - ${OUT_DIR}: The directory that the probe gets put in. Defaults to ~/.sysdig -# - ${DRIVER_DIR}: The prepared bpf driver code that gets written by the installer -# - ${KERNEL_DIR}: The kmod build directory for the target kernel. -# - /lib/modules: Unfortunately, on some distros (Debian / Ubuntu), there are -# additional support directories (such as a -common counterpart to -amd64) which -# need to be accessible for the makefile -# - /usr: As with the above, on Debian based systems the /lib/modules tree will have -# symlinks into /usr/lib/linux-kbuild* and these directories need to be present. - -docker build -t ebpf-probe-builder:latest --pull . -docker images -q -f 'dangling=true' | xargs --no-run-if-empty docker rmi -f -docker run --rm -i -v ${OUT_DIR}:/out -v ${DRIVER_DIR}:/driver -v ${KERNEL_DIR}:/kernel -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -e BPF_PROBE_FILENAME=bpf_probe.o ebpf-probe-builder:latest - -echo "Probe is in ${OUT_DIR}/" diff --git a/docker/ebpf-probe-builder/probe-builder-entrypoint.sh b/docker/ebpf-probe-builder/probe-builder-entrypoint.sh deleted file mode 100755 index b360b2c96f..0000000000 --- a/docker/ebpf-probe-builder/probe-builder-entrypoint.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2019 Draios Inc dba Sysdig. -# -# This file is part of sysdig. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# Simple script to build the BPF probe. Assumes that all the dependencies -# and requirements are already satisfied (as they are in the accompanying -# docker container) -# - -set -exu - -echo "* Building probe ${BPF_PROBE_FILENAME}" - -# On some distros, the modules dir links into /usr/src, so we need to make sure -# we have that sorted so we can build properly -for i in $(ls /host/usr/src); do - ln -s /host/usr/src/$i /usr/src/$i -done - -# Again, on some distros, we need to populate the /lib/modules directory -# because the kernel header info is split among several subdirs - -mkdir -p /lib/modules - -for i in $(ls /host/lib/modules); do - ln -s /host/lib/modules/$i /lib/modules/$i -done - -cd /driver/bpf -echo "Building bpf" -KERNELDIR=/kernel make - -echo "** Done building probe" -cp probe.o /out/${BPF_PROBE_FILENAME} diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile deleted file mode 100644 index f0f97c397a..0000000000 --- a/docker/local/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi - -LABEL maintainer="Sysdig " -LABEL usage="docker run --rm -i -t --privileged --net=host -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /src:/src -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro -v /etc:/host/etc:ro --name NAME IMAGE" - -ARG VERSION=0.34.1 -ENV VERSION=${VERSION} - -ENV HOST_ROOT /host -ENV HOME /root - -RUN yum -y install \ - make \ - kmod \ - gcc \ - clang \ - llvm-toolset \ - less \ - && mkdir -p /tmp/dkms \ - && cd /tmp/dkms \ - && curl --remote-name-all -L https://github.com/dell/dkms/archive/refs/tags/v2.8.5.tar.gz \ - && tar --strip-components=1 -xf v2.8.5.tar.gz \ - && make tarball \ - && make install \ - && cd /tmp \ - && rm -fr /tmp/dkms \ - && curl -L -o sysdig.rpm "https://github.com/draios/sysdig/releases/download/${VERSION}/sysdig-${VERSION}-x86_64.rpm" \ - && rpm --nodeps --force -i ./sysdig.rpm \ - && rm ./sysdig.rpm \ - && rm -df /lib/modules \ - && ln -s $HOST_ROOT/lib/modules /lib/modules - -COPY docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/local/docker-entrypoint.sh b/docker/local/docker-entrypoint.sh deleted file mode 100755 index a061c9ce78..0000000000 --- a/docker/local/docker-entrypoint.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#set -e - -if echo $@ | grep -q -v modern-bpf; then - echo "* Setting up /usr/src links from host" - - for i in $(ls $HOST_ROOT/usr/src) - do - ln -s $HOST_ROOT/usr/src/$i /usr/src/$i - done - - /usr/bin/scap-driver-loader -fi - -exec "$@" diff --git a/docker/stable/Dockerfile b/docker/stable/Dockerfile deleted file mode 100644 index 5a8638f23a..0000000000 --- a/docker/stable/Dockerfile +++ /dev/null @@ -1,107 +0,0 @@ -FROM debian:stable - -LABEL maintainer="Sysdig " - -ENV SYSDIG_REPOSITORY stable - -LABEL RUN="docker run -i -t -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro --name NAME IMAGE" - -ENV SYSDIG_HOST_ROOT /host - -ENV HOME /root - -RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root - -ADD https://download.sysdig.com/apt-draios-priority /etc/apt/preferences.d/ - -RUN apt-get update \ - && apt-get upgrade -y \ - && apt-get install -y --no-install-recommends \ - bash-completion \ - bc \ - clang-7 \ - curl \ - dkms \ - gnupg2 \ - ca-certificates \ - gcc \ - libc6-dev \ - libelf-dev \ - libelf1 \ - less \ - llvm-7 \ - procps \ - xz-utils \ - libmpx2 \ - && rm -rf /var/lib/apt/lists/* - -# gcc 6 is no longer included in debian unstable, but we need it to -# build kernel modules on the default debian-based ami used by -# kops. So grab copies we've saved from debian snapshots with the -# prefix https://snapshot.debian.org/archive/debian/20170517T033514Z -# or so. - -RUN curl -o cpp-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/cpp-6_6.3.0-18_amd64.deb \ - && curl -o gcc-6-base_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6-base_6.3.0-18_amd64.deb \ - && curl -o gcc-6_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/gcc-6_6.3.0-18_amd64.deb \ - && curl -o libasan3_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libasan3_6.3.0-18_amd64.deb \ - && curl -o libcilkrts5_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libcilkrts5_6.3.0-18_amd64.deb \ - && curl -o libgcc-6-dev_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libgcc-6-dev_6.3.0-18_amd64.deb \ - && curl -o libubsan0_6.3.0-18_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libubsan0_6.3.0-18_amd64.deb \ - && curl -o libmpfr4_3.1.3-2_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libmpfr4_3.1.3-2_amd64.deb \ - && curl -o libisl15_0.18-1_amd64.deb https://download.sysdig.com/dependencies/gcc-6-debs/libisl15_0.18-1_amd64.deb \ - && dpkg -i cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb \ - && rm -f cpp-6_6.3.0-18_amd64.deb gcc-6-base_6.3.0-18_amd64.deb gcc-6_6.3.0-18_amd64.deb libasan3_6.3.0-18_amd64.deb libcilkrts5_6.3.0-18_amd64.deb libgcc-6-dev_6.3.0-18_amd64.deb libubsan0_6.3.0-18_amd64.deb libmpfr4_3.1.3-2_amd64.deb libisl15_0.18-1_amd64.deb - -# gcc 5 is no longer included in debian unstable, but we need it to -# build centos kernels, which are 3.x based and explicitly want a gcc -# version 3, 4, or 5 compiler. So grab copies we've saved from debian -# snapshots with the prefix https://snapshot.debian.org/archive/debian/20190122T000000Z. - -RUN curl -o cpp-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/cpp-5_5.5.0-12_amd64.deb \ - && curl -o gcc-5-base_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5-base_5.5.0-12_amd64.deb \ - && curl -o gcc-5_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/gcc-5_5.5.0-12_amd64.deb \ - && curl -o libasan2_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libasan2_5.5.0-12_amd64.deb \ - && curl -o libgcc-5-dev_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libgcc-5-dev_5.5.0-12_amd64.deb \ - && curl -o libisl15_0.18-4_amd64.deb https://download.sysdig.com/dependencies/libisl15_0.18-4_amd64.deb \ - && curl -o libmpx0_5.5.0-12_amd64.deb https://download.sysdig.com/dependencies/libmpx0_5.5.0-12_amd64.deb \ - && dpkg -i cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb \ - && rm -f cpp-5_5.5.0-12_amd64.deb gcc-5-base_5.5.0-12_amd64.deb gcc-5_5.5.0-12_amd64.deb libasan2_5.5.0-12_amd64.deb libgcc-5-dev_5.5.0-12_amd64.deb libisl15_0.18-4_amd64.deb libmpx0_5.5.0-12_amd64.deb - - -# Since our base Debian image ships with GCC 7 which breaks older kernels, revert the -# default to gcc-5. -RUN rm -rf /usr/bin/gcc && ln -s /usr/bin/gcc-5 /usr/bin/gcc - -RUN rm -rf /usr/bin/clang \ - && rm -rf /usr/bin/llc \ - && ln -s /usr/bin/clang-7 /usr/bin/clang \ - && ln -s /usr/bin/llc-7 /usr/bin/llc - -RUN curl -s https://download.sysdig.com/DRAIOS-GPG-KEY.public | apt-key add - \ - && curl -s -o /etc/apt/sources.list.d/draios.list https://download.sysdig.com/$SYSDIG_REPOSITORY/deb/draios.list \ - && apt-get update \ - && apt-get install -y --no-install-recommends sysdig \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# Some base images have an empty /lib/modules by default -# If it's not empty, docker build will fail instead of -# silently overwriting the existing directory -RUN rm -df /lib/modules \ - && ln -s $SYSDIG_HOST_ROOT/lib/modules /lib/modules - -# debian:unstable head contains binutils 2.31, which generates -# binaries that are incompatible with kernels < 4.16. So manually -# forcibly install binutils 2.30-22 instead. -RUN curl -s -o binutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils_2.30-22_amd64.deb \ - && curl -s -o libbinutils_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/libbinutils_2.30-22_amd64.deb \ - && curl -s -o binutils-x86-64-linux-gnu_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-x86-64-linux-gnu_2.30-22_amd64.deb \ - && curl -s -o binutils-common_2.30-22_amd64.deb http://snapshot.debian.org/archive/debian/20180622T211149Z/pool/main/b/binutils/binutils-common_2.30-22_amd64.deb \ - && dpkg -i *binutils*.deb - -COPY ./docker-entrypoint.sh / - -ENTRYPOINT ["/docker-entrypoint.sh"] - -CMD ["bash"] diff --git a/docker/stable/docker-entrypoint.sh b/docker/stable/docker-entrypoint.sh deleted file mode 100755 index f68d0916de..0000000000 --- a/docker/stable/docker-entrypoint.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2013-2018 Draios Inc dba Sysdig. -# -# This file is part of sysdig . -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -#set -e - -echo "* Setting up /usr/src links from host" - -for i in $(ls $SYSDIG_HOST_ROOT/usr/src) -do - ln -s $SYSDIG_HOST_ROOT/usr/src/$i /usr/src/$i -done - -/usr/bin/scap-driver-loader - -exec "$@" diff --git a/scripts/zig-c++ b/scripts/zig-c++ new file mode 100755 index 0000000000..2b72de4ffe --- /dev/null +++ b/scripts/zig-c++ @@ -0,0 +1,2 @@ +#!/bin/bash +exec zig c++ -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline $@ diff --git a/scripts/zig-cc b/scripts/zig-cc new file mode 100755 index 0000000000..a6449a7f58 --- /dev/null +++ b/scripts/zig-cc @@ -0,0 +1,2 @@ +#!/bin/bash +exec zig cc -target $(uname -m)-linux-gnu.2.17 -mcpu=baseline $@