-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds falco and falco-driver-loader 0.39.0 and falcoctl 0.10.0 rocks
Note that the Dockerfiles are identical to the previous versions. Thus, the rockfiles are also the same. Falco 0.39.0 comes with falcoctl 0.10.0, which is why we're building that version as well. Added the new versions into the sanity and integration tests.
- Loading branch information
1 parent
650a6da
commit 80171ad
Showing
8 changed files
with
388 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh | ||
index 52df15f3..1eea148c 100755 | ||
--- a/docker/driver-loader/docker-entrypoint.sh | ||
+++ b/docker/driver-loader/docker-entrypoint.sh | ||
@@ -17,6 +17,8 @@ | ||
# limitations under the License. | ||
# | ||
|
||
+# Pebble doesn't like it when the process ends too suddenly. | ||
+trap "sleep 1.1" EXIT | ||
|
||
print_usage() { | ||
echo "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
# Copyright 2024 Canonical, Ltd. | ||
# See LICENSE file for licensing details | ||
|
||
# Based on the Falco 0.39.0 rockcraft.yaml file. | ||
name: falco-driver-loader | ||
summary: falco-driver-loader rock | ||
description: | | ||
A rock containing the Falco driver loader. | ||
Falco is a cloud native runtime security tool for Linux operating systems. It is designed | ||
to detect and alert on abnormal behavior and potential security threats in real-time. | ||
This rock closely resembles the Falco rock of the same version, the only difference being | ||
the entrypoint and entrypoint script. | ||
license: Apache-2.0 | ||
version: 0.39.0 | ||
|
||
base: [email protected] | ||
build-base: [email protected] | ||
|
||
platforms: | ||
amd64: | ||
arm64: | ||
|
||
environment: | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16 | ||
VERSION_BUCKET: deb | ||
FALCO_VERSION: 0.39.0 | ||
HOST_ROOT: /host | ||
HOME: /root | ||
|
||
# Services to be loaded by the Pebble entrypoint. | ||
services: | ||
entrypoint: | ||
summary: "entrypoint service" | ||
override: replace | ||
startup: enabled | ||
command: "/docker-entrypoint.sh [ --help ]" | ||
on-success: shutdown | ||
on-failure: shutdown | ||
|
||
entrypoint-service: entrypoint | ||
|
||
parts: | ||
build-falco: | ||
plugin: nil | ||
source: https://github.com/falcosecurity/falco | ||
source-type: git | ||
source-tag: $CRAFT_PROJECT_VERSION | ||
source-depth: 1 | ||
build-packages: | ||
# https://falco.org/docs/developer-guide/source/ | ||
- git | ||
- cmake | ||
- clang | ||
- build-essential | ||
- linux-tools-common | ||
- linux-tools-generic | ||
- libelf-dev | ||
- llvm | ||
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with | ||
# this version of gcc. Thus, we're building with gcc 12. | ||
# xref: https://github.com/apache/arrow/issues/36969 | ||
- gcc-12 | ||
- g++-12 | ||
stage-packages: | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42 | ||
- bc | ||
- bison | ||
- ca-certificates | ||
- clang | ||
- curl | ||
- dkms | ||
- dwarves | ||
- flex | ||
- gcc | ||
- gcc-11 | ||
- gnupg2 | ||
- jq | ||
- libc6-dev | ||
- libelf-dev | ||
- libssl-dev | ||
- llvm | ||
- make | ||
- netcat-openbsd | ||
- patchelf | ||
- xz-utils | ||
- zstd | ||
build-environment: | ||
- GOOS: linux | ||
- GOARCH: $CRAFT_ARCH_BUILD_FOR | ||
- HOST_ROOT: /host | ||
override-build: | | ||
# Installing additional packages here because of the $(uname -r) part. We need that for | ||
# build idempotency, so we can build locally *and* in the CI. | ||
# linux-tools and linux-cloud-tools are required for building BPF (for x86_64). | ||
if [ "$(uname -m)" == "x86_64" ]; then | ||
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r) | ||
else | ||
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools | ||
fi | ||
# https://falco.org/docs/developer-guide/source/ | ||
mkdir -p build | ||
pushd build | ||
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with | ||
# this version of gcc. Thus, we're building with gcc 12. | ||
# xref: https://github.com/apache/arrow/issues/36969 | ||
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12 | ||
# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105 | ||
cmake -S .. \ | ||
-DUSE_BUNDLED_DEPS=On \ | ||
-DBUILD_BPF=On \ | ||
-DFALCO_ETC_DIR=/etc/falco \ | ||
-DBUILD_DRIVER=Off \ | ||
-DCREATE_TEST_TARGETS=Off | ||
make falco -j6 | ||
# Generate the .deb file. | ||
# make package will also generate the .tar.gz amd .rpm files, which we do not need, | ||
# so we call cpack ourselves. | ||
# make package depends on the preinstall target. | ||
make preinstall | ||
cpack --config ./CPackConfig.cmake -G DEB | ||
popd | ||
# Unpack the .deb into the install directory. | ||
dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/ | ||
# Change the falco config within the container to enable ISO 8601 output. | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52 | ||
sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61 | ||
mkdir -p ${CRAFT_PART_INSTALL}/lib | ||
ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules | ||
# The entrypoint script is different from the falco image. | ||
# We do however need to apply a patch for Pebble's sake (it doesn't like it when | ||
# processes end too suddenly).. | ||
git apply -v $CRAFT_PROJECT_DIR/pebble-entrypoint.patch | ||
cp docker/driver-loader/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
# Copyright 2024 Canonical, Ltd. | ||
# See LICENSE file for licensing details | ||
|
||
# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile | ||
name: falco | ||
summary: Falco rock | ||
description: | | ||
A rock containing Falco. | ||
Falco is a cloud native runtime security tool for Linux operating systems. It is designed | ||
to detect and alert on abnormal behavior and potential security threats in real-time. | ||
license: Apache-2.0 | ||
version: 0.39.0 | ||
|
||
base: [email protected] | ||
build-base: [email protected] | ||
|
||
platforms: | ||
amd64: | ||
arm64: | ||
|
||
environment: | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16 | ||
VERSION_BUCKET: deb | ||
FALCO_VERSION: 0.39.0 | ||
HOST_ROOT: /host | ||
HOME: /root | ||
|
||
# Services to be loaded by the Pebble entrypoint. | ||
services: | ||
falco: | ||
summary: "falco service" | ||
override: replace | ||
startup: enabled | ||
command: "/docker-entrypoint.sh /usr/bin/falco [ --help ]" | ||
on-success: shutdown | ||
on-failure: shutdown | ||
|
||
entrypoint-service: falco | ||
|
||
parts: | ||
build-falco: | ||
plugin: nil | ||
source: https://github.com/falcosecurity/falco | ||
source-type: git | ||
source-tag: $CRAFT_PROJECT_VERSION | ||
source-depth: 1 | ||
build-packages: | ||
# https://falco.org/docs/developer-guide/source/ | ||
- git | ||
- cmake | ||
- clang | ||
- build-essential | ||
- linux-tools-common | ||
- linux-tools-generic | ||
- libelf-dev | ||
- llvm | ||
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with | ||
# this version of gcc. Thus, we're building with gcc 12. | ||
# xref: https://github.com/apache/arrow/issues/36969 | ||
- gcc-12 | ||
- g++-12 | ||
stage-packages: | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42 | ||
- bc | ||
- bison | ||
- ca-certificates | ||
- clang | ||
- curl | ||
- dkms | ||
- dwarves | ||
- flex | ||
- gcc | ||
- gcc-11 | ||
- gnupg2 | ||
- jq | ||
- libc6-dev | ||
- libelf-dev | ||
- libssl-dev | ||
- llvm | ||
- make | ||
- netcat-openbsd | ||
- patchelf | ||
- xz-utils | ||
- zstd | ||
build-environment: | ||
- GOOS: linux | ||
- GOARCH: $CRAFT_ARCH_BUILD_FOR | ||
- HOST_ROOT: /host | ||
override-build: | | ||
# Installing additional packages here because of the $(uname -r) part. We need that for | ||
# build idempotency, so we can build locally *and* in the CI. | ||
# linux-tools and linux-cloud-tools are required for building BPF (for x86_64). | ||
if [ "$(uname -m)" == "x86_64" ]; then | ||
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r) | ||
else | ||
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools | ||
fi | ||
# https://falco.org/docs/developer-guide/source/ | ||
mkdir -p build | ||
pushd build | ||
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with | ||
# this version of gcc. Thus, we're building with gcc 12. | ||
# xref: https://github.com/apache/arrow/issues/36969 | ||
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12 | ||
# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105 | ||
cmake -S .. \ | ||
-DUSE_BUNDLED_DEPS=On \ | ||
-DBUILD_BPF=On \ | ||
-DFALCO_ETC_DIR=/etc/falco \ | ||
-DBUILD_DRIVER=Off \ | ||
-DCREATE_TEST_TARGETS=Off | ||
make falco -j6 | ||
# Generate the .deb file. | ||
# make package will also generate the .tar.gz amd .rpm files, which we do not need, | ||
# so we call cpack ourselves. | ||
# make package depends on the preinstall target. | ||
make preinstall | ||
cpack --config ./CPackConfig.cmake -G DEB | ||
popd | ||
# Unpack the .deb into the install directory. | ||
dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/ | ||
# Change the falco config within the container to enable ISO 8601 output. | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52 | ||
sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml | ||
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61 | ||
mkdir -p ${CRAFT_PART_INSTALL}/lib | ||
ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules | ||
cp docker/falco/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/bash | ||
|
||
# Required to prevent Pebble from considering the service to have | ||
# exited too quickly to be worth restarting or respecting the | ||
# "on-failure: shutdown" directive and thus hanging indefinitely: | ||
# https://github.com/canonical/pebble/issues/240#issuecomment-1599722443 | ||
sleep 1.1 | ||
|
||
/usr/bin/falcoctl $@ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# Copyright 2024 Canonical, Ltd. | ||
# See LICENSE file for licensing details | ||
|
||
# Based on: https://github.com/falcosecurity/falcoctl/blob/v0.10.0/build/Dockerfile | ||
name: falcoctl | ||
summary: falcoctl rock | ||
description: | | ||
A rock containing falcoctl. | ||
falcoctl is the official CLI tool for working with Falco and its ecosystem components. | ||
license: Apache-2.0 | ||
version: 0.10.0 | ||
|
||
base: [email protected] | ||
build-base: [email protected] | ||
run-user: _daemon_ | ||
|
||
platforms: | ||
amd64: | ||
arm64: | ||
|
||
environment: | ||
APP_VERSION: 0.10.0 | ||
|
||
# Services to be loaded by the Pebble entrypoint. | ||
services: | ||
falcoctl: | ||
summary: "falcoctl service" | ||
override: replace | ||
startup: enabled | ||
command: "/falcoctl-entrypoint.sh [ --help ]" | ||
on-success: shutdown | ||
on-failure: shutdown | ||
|
||
entrypoint-service: falcoctl | ||
|
||
parts: | ||
build-falcoctl: | ||
plugin: go | ||
source: https://github.com/falcosecurity/falcoctl | ||
source-type: git | ||
source-tag: v${CRAFT_PROJECT_VERSION} | ||
source-depth: 1 | ||
stage-packages: | ||
# Required by falcoctl in order to verify certificates. | ||
- ca-certificates | ||
build-snaps: | ||
- go/1.23/stable | ||
build-environment: | ||
- CGO_ENABLED: 0 | ||
- GOOS: linux | ||
- GOARCH: $CRAFT_ARCH_BUILD_FOR | ||
- VERSION: $CRAFT_PROJECT_VERSION | ||
- PROJECT: github.com/falcosecurity/falcoctl | ||
- LDFLAGS: -X $PROJECT/cmd/version.semVersion=$VERSION -X $PROJECT/cmd/version.buildDate="\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\"" -s -w | ||
override-build: | | ||
mkdir -p ${CRAFT_PART_INSTALL}/usr/bin/ | ||
go mod download | ||
go build -o ${CRAFT_PART_INSTALL}/usr/bin/ -ldflags "${LDFLAGS}" . | ||
add-falcoctl-entrypoint: | ||
plugin: nil | ||
override-build: | | ||
# Running falcoctl directly may finish sooner than 1 second, which means Pebble will just | ||
# hang around and not finish, which is undesirable for an init container. | ||
# We're setting this as the entrypoint, which will just pass the arguments to falcoctl + 1.1s sleep. | ||
cp $CRAFT_PROJECT_DIR/falcoctl-entrypoint.sh ${CRAFT_PART_INSTALL}/ |
Oops, something went wrong.