sysdig: 0.35.3 -> 0.36.0

pkgs/os-specific/linux/sysdig/default.nix

@@ -1,38 +1,36 @@
 { lib, stdenv, fetchFromGitHub, cmake, kernel, installShellFiles, pkg-config
-, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb, protobuf, grpc
-, yaml-cpp, nlohmann_json, re2, zstd, uthash
-}:
+, luajit, ncurses, perl, jsoncpp, openssl, curl, jq, gcc, elfutils, tbb
+, protobuf, grpc, yaml-cpp, nlohmann_json, re2, zstd, uthash }:
 
 let
-  # Compare with https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/falcosecurity-libs.cmake
-  libsRev = "0.14.2";
-  libsHash = "sha256-sWrniRB/vQd1BZnsiz+wLHugrF3LhuAr9e9gDMavLoo=";
+  # Compare with https://github.com/draios/sysdig/blob/0.36.0/cmake/modules/falcosecurity-libs.cmake
+  libsRev = "0.15.1";
+  libsHash = "sha256-CsKa5ybRj7Mjb71xNwd8FtDprOMfpJMrm3mvkeqZE3o=";
 
-  # Compare with https://github.com/falcosecurity/libs/blob/0.14.2/cmake/modules/valijson.cmake
+  # Compare with https://github.com/falcosecurity/libs/blob/0.15.1/cmake/modules/valijson.cmake
   valijson = fetchFromGitHub {
     owner = "tristanpenman";
     repo = "valijson";
-    rev = "v0.6";
-    hash = "sha256-ZD19Q2MxMQd3yEKbY90GFCrerie5/jzgO8do4JQDoKM=";
+    rev = "v1.0.2";
+    hash = "sha256-wvFdjsDtKH7CpbEpQjzWtLC4RVOU9+D2rSK0Xo1cJqo=";
   };
 
-  # https://github.com/draios/sysdig/blob/0.35.1/cmake/modules/driver.cmake
+  # https://github.com/draios/sysdig/blob/0.36.0/cmake/modules/driver.cmake
   driver = fetchFromGitHub {
     owner = "falcosecurity";
     repo = "libs";
     rev = "7.0.0+driver";
     hash = "sha256-kXqvfM7HbGh2wEGaO4KBkFDW+m5gpOShJZKJLu9McKk=";
   };
-in
-stdenv.mkDerivation rec {
+in stdenv.mkDerivation rec {
   pname = "sysdig";
-  version = "0.35.3";
+  version = "0.36.0";
 
   src = fetchFromGitHub {
     owner = "draios";
     repo = "sysdig";
     rev = version;
-    hash = "sha256-wvCnWzQbkkM8qEG93li22P67WX1bGX9orTk+2vsBHZY=";
+    hash = "sha256-EQnmtxByTsSawQPFmTe2pBMcv5rFaNtST+2KXZSFuoo=";
   };
 
   nativeBuildInputs = [ cmake perl installShellFiles pkg-config ];
@@ -58,12 +56,14 @@ stdenv.mkDerivation rec {
   hardeningDisable = [ "pic" ];
 
   postUnpack = ''
-    cp -r ${fetchFromGitHub {
-      owner = "falcosecurity";
-      repo = "libs";
-      rev = libsRev;
-      hash = libsHash;
-    }} libs
+    cp -r ${
+      fetchFromGitHub {
+        owner = "falcosecurity";
+        repo = "libs";
+        rev = libsRev;
+        hash = libsHash;
+      }
+    } libs
     chmod -R +w libs
 
     substituteInPlace libs/userspace/libscap/libscap.pc.in libs/userspace/libsinsp/libsinsp.pc.in \
@@ -72,6 +72,13 @@ stdenv.mkDerivation rec {
 
     cp -r ${driver} driver-src
     chmod -R +w driver-src
+
+    # Hacky but needed until https://github.com/draios/sysdig/issues/2077 is resolved for kernel >= 6.8 as strlcpy got removed and build fails
+    ${lib.optionalString
+    (kernel != null && lib.versionAtLeast kernel.version "6.8") ''
+      substituteInPlace libs/driver/ppm_events.c driver-src/driver/ppm_events.c --replace-fail "strlcpy" "strscpy"
+    ''}
+
     cmakeFlagsArray+=(
       "-DFALCOSECURITY_LIBS_SOURCE_DIR=$(pwd)/libs"
       "-DDRIVER_SOURCE_DIR=$(pwd)/driver-src/driver"
@@ -91,10 +98,10 @@ stdenv.mkDerivation rec {
   ] ++ lib.optional (kernel == null) "-DBUILD_DRIVER=OFF";
 
   env.NIX_CFLAGS_COMPILE =
-   # needed since luajit-2.1.0-beta3
-   "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i)) " +
-   # fix compiler warnings been treated as errors
-   "-Wno-error";
+    # needed since luajit-2.1.0-beta3
+    "-DluaL_reg=luaL_Reg -DluaL_getn(L,i)=((int)lua_objlen(L,i)) " +
+    # fix compiler warnings been treated as errors
+    "-Wno-error";
 
   preConfigure = ''
     if ! grep -q "${libsRev}" cmake/modules/falcosecurity-libs.cmake; then
@@ -107,39 +114,37 @@ stdenv.mkDerivation rec {
     export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
   '';
 
-  postInstall =
-    ''
-      # Fix the bash completion location
-      installShellCompletion --bash $out/etc/bash_completion.d/sysdig
-      rm $out/etc/bash_completion.d/sysdig
-      rmdir $out/etc/bash_completion.d
-      rmdir $out/etc
-    ''
-    + lib.optionalString (kernel != null) ''
-      make install_driver
-      kernel_dev=${kernel.dev}
-      kernel_dev=''${kernel_dev#${builtins.storeDir}/}
-      kernel_dev=''${kernel_dev%%-linux*dev*}
-      if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
-          sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
-      else
-          for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do
-            if test -f "$i"; then
-              xz -d $i
-              sed -i "s#$kernel_dev#................................#g" ''${i%.xz}
-              xz -9 ''${i%.xz}
-            fi
-          done
-      fi
-    '';
-
+  postInstall = ''
+    # Fix the bash completion location
+    installShellCompletion --bash $out/etc/bash_completion.d/sysdig
+    rm $out/etc/bash_completion.d/sysdig
+    rmdir $out/etc/bash_completion.d
+    rmdir $out/etc
+  '' + lib.optionalString (kernel != null) ''
+    make install_driver
+    kernel_dev=${kernel.dev}
+    kernel_dev=''${kernel_dev#${builtins.storeDir}/}
+    kernel_dev=''${kernel_dev%%-linux*dev*}
+    if test -f "$out/lib/modules/${kernel.modDirVersion}/extra/scap.ko"; then
+        sed -i "s#$kernel_dev#................................#g" $out/lib/modules/${kernel.modDirVersion}/extra/scap.ko
+    else
+        for i in $out/lib/modules/${kernel.modDirVersion}/{extra,updates}/scap.ko.xz; do
+          if test -f "$i"; then
+            xz -d $i
+            sed -i "s#$kernel_dev#................................#g" ''${i%.xz}
+            xz -9 ''${i%.xz}
+          fi
+        done
+    fi
+  '';
 
   meta = with lib; {
-    description = "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
+    description =
+      "A tracepoint-based system tracing tool for Linux (with clients for other OSes)";
     license = with licenses; [ asl20 gpl2 mit ];
-    maintainers = [maintainers.raskin];
-    platforms = ["x86_64-linux"] ++ platforms.darwin;
-    broken = kernel != null && versionOlder kernel.version "4.14";
+    maintainers = [ maintainers.raskin ];
+    platforms = [ "x86_64-linux" ] ++ platforms.darwin;
+    broken = kernel != null && ((versionOlder kernel.version "4.14") || kernel.isHardened || kernel.isZen);
     homepage = "https://sysdig.com/opensource/";
     downloadPage = "https://github.com/draios/sysdig/releases";
   };