diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 00000000000..b073e7b95e5 --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,95 @@ +version: 2 +jobs: + # Build using ubuntu LTS + # This build is dynamic, most dependencies are taken from the OS + "build/ubuntu-bionic": + docker: + - image: ubuntu:bionic + steps: + - checkout + - run: + name: Update base image + command: apt update -y + - run: + name: Install dependencies + command: apt install libssl-dev libyaml-dev libncurses-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc rpm linux-headers-$(uname -r) libelf-dev cmake build-essential libcurl4-openssl-dev -y + - run: + name: Prepare project + command: | + mkdir build + pushd build + cmake .. + popd + - run: + name: build + command: | + pushd build + make -j4 all + popd + - run: + name: run unit tests + command: | + pushd build + make tests + popd + # Build using our own builder base image using centos 7 + # This build is static, dependencies are bundled in the falco binary + "build/centos8": + docker: + - image: falcosecurity/falco-builder:dynamic-builds # todo(fntlnz): replace this with the actual image once PR #968 is merged + environment: + BUILD_TYPE: "release" + steps: + - checkout: + path: /source/falco + - run: + name: Prepare project + command: /usr/bin/entrypoint cmake + - run: + name: Build + command: /usr/bin/entrypoint all + - run: + name: Run unit tests + command: /usr/bin/entrypoint tests + - run: + name: Build packages + command: /usr/bin/entrypoint package + - persist_to_workspace: + root: / + paths: + - build/release + - source + - run: + name: Prepare artifacts + command: | + mkdir -p /tmp/packages + cp /build/release/*.deb /tmp/packages + cp /build/release/*.tar.gz /tmp/packages + cp /build/release/*.rpm /tmp/packages + - store_artifacts: + path: /tmp/packages + destination: /packages + # Execute integration tests based on the build results coming from the "build/centos8" job + "tests/integration": + docker: + - image: falcosecurity/falco-tester:dynamic-builds # todo(fntlnz): replace this with the actual image once PR #968 is merged + environment: + SOURCE_DIR: "/source" + BUILD_DIR: "/build" + BUILD_TYPE: "release" + steps: + - setup_remote_docker + - attach_workspace: + at: / + - run: + name: Execute integration tests + command: /usr/bin/entrypoint test +workflows: + version: 2 + build_and_test: + jobs: + - "build/ubuntu-bionic" + - "build/centos8" + - "tests/integration": + requires: + - "build/centos8" diff --git a/.cmake-format b/.cmake-format index e6484a15e30..4c3d5ad2dfc 100644 --- a/.cmake-format +++ b/.cmake-format @@ -2,7 +2,7 @@ # General Formatting Options # -------------------------- # How wide to allow formatted cmake files -line_width = 80 +line_width = 120 # How many spaces to tab for indent tab_size = 2 @@ -116,4 +116,4 @@ input_encoding = 'utf-8' # Specify the encoding of the output file. Defaults to utf-8. Note that cmake # only claims to support utf-8 so be careful when using anything else -output_encoding = 'utf-8' \ No newline at end of file +output_encoding = 'utf-8' diff --git a/.travis.yml b/.travis.yml index 74bcf10ee2c..8fb30ee9f27 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,16 +19,19 @@ compiler: gcc env: - BUILD_TYPE=debug - BUILD_TYPE=release -dist: xenial +dist: bionic services: - docker before_install: - - sudo apt-get update + - sudo apt update -y install: + - sudo apt install libssl-dev libyaml-dev libncurses-dev libc-ares-dev libprotobuf-dev protobuf-compiler libjq-dev libyaml-cpp-dev libgrpc++-dev protobuf-compiler-grpc -y - export BRANCH=$(if [ "$TRAVIS_PULL_REQUEST" == "false" ]; then echo $TRAVIS_BRANCH; else echo $TRAVIS_PULL_REQUEST_BRANCH; fi) - sudo apt-get install rpm linux-headers-$(uname -r) libelf-dev - git clone https://github.com/draios/sysdig.git ../sysdig - pushd ../sysdig && (git checkout "${BRANCH}" || exit 0) && echo "Using branch:" $(git rev-parse --abbrev-ref HEAD) && popd script: - mkdir build - - ./scripts/build "${TRAVIS_BUILD_DIR}/.." "${TRAVIS_BUILD_DIR}/build" + - pushd build && cmake .. && make -j4 all && make tests && popd + # todo(fntlnz): execute tests and regression tests at this point + #- ./scripts/build "${TRAVIS_BUILD_DIR}/.." "${TRAVIS_BUILD_DIR}/build" diff --git a/CMakeLists.txt b/CMakeLists.txt index 6771aea54de..520e3c908e4 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,60 +1,65 @@ # # Copyright (C) 2019 The Falco Authors. # +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 # -# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -cmake_minimum_required(VERSION 3.3.2) +cmake_minimum_required(VERSION 3.5.1) project(falco) -option(FALCO_COVERAGE "Build test suite with coverage information" OFF) +option(USE_BUNDLED_DEPS "Bundle hard to find dependencies into the Falco binary" OFF) +option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags" OFF) + +# Elapsed time +# set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE "${CMAKE_COMMAND} -E time") # TODO(fntlnz, leodido): add a flag to enable this -if(NOT SYSDIG_DIR) - get_filename_component(SYSDIG_DIR "${PROJECT_SOURCE_DIR}/../sysdig" REALPATH) +# Make flag for parallel processing +include(ProcessorCount) +processorcount(PROCESSOR_COUNT) +if(NOT PROCESSOR_COUNT EQUAL 0) + set(PROCESSOUR_COUNT_MAKE_FLAG -j${PROCESSOR_COUNT}) endif() # Custom CMake modules list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules") -list(APPEND CMAKE_MODULE_PATH "${SYSDIG_DIR}/cmake/modules") -option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags") +# GNU standard installation directories' definitions +include(GNUInstallDirs) if(NOT DEFINED FALCO_ETC_DIR) - set(FALCO_ETC_DIR "/etc/falco") + set(FALCO_ETC_DIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/falco") endif() if(NOT DRAIOS_DEBUG_FLAGS) - set(DRAIOS_DEBUG_FLAGS "-D_DEBUG") + set(DRAIOS_DEBUG_FLAGS "-D_DEBUG") endif() string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE) -if (CMAKE_BUILD_TYPE STREQUAL "debug") - set(KBUILD_FLAGS "${DRAIOS_DEBUG_FLAGS} ${DRAIOS_FEATURE_FLAGS}") +if(CMAKE_BUILD_TYPE STREQUAL "debug") + set(KBUILD_FLAGS "${DRAIOS_DEBUG_FLAGS} ${DRAIOS_FEATURE_FLAGS}") else() - set(CMAKE_BUILD_TYPE "release") - set(KBUILD_FLAGS "${DRAIOS_FEATURE_FLAGS}") + set(CMAKE_BUILD_TYPE "release") + set(KBUILD_FLAGS "${DRAIOS_FEATURE_FLAGS}") endif() set(CMAKE_COMMON_FLAGS "-Wall -ggdb ${DRAIOS_FEATURE_FLAGS}") if(BUILD_WARNINGS_AS_ERRORS) - set(CMAKE_SUPPRESSED_WARNINGS "-Wno-unused-parameter -Wno-unused-variable -Wno-unused-but-set-variable -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-implicit-fallthrough -Wno-format-truncation") - set(CMAKE_COMMON_FLAGS "${CMAKE_COMMON_FLAGS} -Wextra -Werror ${CMAKE_SUPPRESSED_WARNINGS}") + set(CMAKE_SUPPRESSED_WARNINGS + "-Wno-unused-parameter -Wno-unused-variable -Wno-unused-but-set-variable -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-implicit-fallthrough -Wno-format-truncation -Wno-stringop-truncation -Wno-stringop-overflow -Wno-restrict" + ) + set(CMAKE_COMMON_FLAGS "${CMAKE_COMMON_FLAGS} -Wextra -Werror ${CMAKE_SUPPRESSED_WARNINGS}") endif() set(CMAKE_C_FLAGS "${CMAKE_COMMON_FLAGS}") -set(CMAKE_CXX_FLAGS "--std=c++0x ${CMAKE_COMMON_FLAGS}") +set(CMAKE_CXX_FLAGS "--std=c++0x ${CMAKE_COMMON_FLAGS} -Wno-class-memaccess") set(CMAKE_C_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}") set(CMAKE_CXX_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}") @@ -62,12 +67,6 @@ set(CMAKE_CXX_FLAGS_DEBUG "${DRAIOS_DEBUG_FLAGS}") set(CMAKE_C_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG") set(CMAKE_CXX_FLAGS_RELEASE "-O3 -fno-strict-aliasing -DNDEBUG") -add_definitions(-DPLATFORM_NAME="${CMAKE_SYSTEM_NAME}") -add_definitions(-DK8S_DISABLE_THREAD) -if(CMAKE_SYSTEM_NAME MATCHES "Linux") - add_definitions(-DHAS_CAPTURE) -endif() - # Create the falco version variable according to git index if(NOT FALCO_VERSION) include(GetGitRevisionDescription) @@ -82,11 +81,7 @@ if(NOT FALCO_VERSION) set(FALCO_VERSION "0.${FALCO_VERSION}") else() set(FALCO_VERSION "${FALCO_TAG}") - string(REGEX - REPLACE "^v([0-9]+)(\\.[0-9]+)(\\.[0-9]+)?" - "\\1\\2\\3" - FALCO_VERSION - ${FALCO_VERSION}) + string(REGEX REPLACE "^v([0-9]+)(\\.[0-9]+)(\\.[0-9]+)?" "\\1\\2\\3" FALCO_VERSION ${FALCO_VERSION}) endif() endif() message(STATUS "Falco version: ${FALCO_VERSION}") @@ -95,604 +90,187 @@ set(PACKAGE_NAME "falco") set(PROBE_VERSION "${FALCO_VERSION}") set(PROBE_NAME "falco-probe") set(PROBE_DEVICE_NAME "falco") -if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) - set(CMAKE_INSTALL_PREFIX /usr CACHE PATH "Default install path" FORCE) +if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) + set(CMAKE_INSTALL_PREFIX + /usr + CACHE PATH "Default install path" FORCE) endif() set(CMD_MAKE make) -# make luaJIT work on OS X -if(APPLE) - set(CMAKE_EXE_LINKER_FLAGS "-pagezero_size 10000 -image_base 100000000") -endif() - include(ExternalProject) -option(USE_BUNDLED_DEPS "Enable bundled dependencies instead of using the system ones" ON) - -# -# zlib -# -option(USE_BUNDLED_ZLIB "Enable building of the bundled zlib" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_ZLIB) - find_path(ZLIB_INCLUDE zlib.h PATH_SUFFIXES zlib) - find_library(ZLIB_LIB NAMES z) - if(ZLIB_INCLUDE AND ZLIB_LIB) - message(STATUS "Found zlib: include: ${ZLIB_INCLUDE}, lib: ${ZLIB_LIB}") - else() - message(FATAL_ERROR "Couldn't find system zlib") - endif() -else() - set(ZLIB_SRC "${PROJECT_BINARY_DIR}/zlib-prefix/src/zlib") - message(STATUS "Using bundled zlib in '${ZLIB_SRC}'") - set(ZLIB_INCLUDE "${ZLIB_SRC}") - set(ZLIB_LIB "${ZLIB_SRC}/libz.a") - ExternalProject_Add(zlib - # START CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 - URL "https://s3.amazonaws.com/download.draios.com/dependencies/zlib-1.2.11.tar.gz" - URL_MD5 "1c9f62f0778697a09d36121ead88e08e" - # END CHANGE for CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843 - CONFIGURE_COMMAND "./configure" - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() - -# # jq -# -option(USE_BUNDLED_JQ "Enable building of the bundled jq" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_JQ) - find_path(JQ_INCLUDE jq.h PATH_SUFFIXES jq) - find_library(JQ_LIB NAMES jq) - if(JQ_INCLUDE AND JQ_LIB) - message(STATUS "Found jq: include: ${JQ_INCLUDE}, lib: ${JQ_LIB}") - else() - message(FATAL_ERROR "Couldn't find system jq") - endif() -else() - set(JQ_SRC "${PROJECT_BINARY_DIR}/jq-prefix/src/jq") - message(STATUS "Using bundled jq in '${JQ_SRC}'") - set(JQ_INCLUDE "${JQ_SRC}") - set(JQ_LIB "${JQ_SRC}/.libs/libjq.a") - ExternalProject_Add(jq - URL "https://s3.amazonaws.com/download.draios.com/dependencies/jq-1.5.tar.gz" - URL_MD5 "0933532b086bd8b6a41c1b162b1731f9" - CONFIGURE_COMMAND ./configure --disable-maintainer-mode --enable-all-static --disable-dependency-tracking - BUILD_COMMAND ${CMD_MAKE} LDFLAGS=-all-static - BUILD_IN_SOURCE 1 - PATCH_COMMAND curl -L https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.patch | patch - INSTALL_COMMAND "") -endif() +include(jq) -set(JSONCPP_SRC "${SYSDIG_DIR}/userspace/libsinsp/third-party/jsoncpp") -set(JSONCPP_INCLUDE "${JSONCPP_SRC}") -set(JSONCPP_LIB_SRC "${JSONCPP_SRC}/jsoncpp.cpp") - -# # nlohmann-json -# -option(USE_BUNDLED_NJSON "Enable building of the bundled nlohmann-json" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_NJSON) - find_path(NJSON_INCLUDE json.hpp PATH_SUFFIXES nlohmann) - if(NJSON_INCLUDE) - message(STATUS "Found nlohmann-json: include: ${NJSON_INCLUDE}") - else() - message(FATAL_ERROR "Couldn't find system nlohmann-json") - endif() -else() - # No distinction needed for windows. The implementation is - # solely in json.hpp. - set(NJSON_SRC "${PROJECT_BINARY_DIR}/njson-prefix/src/njson") - message(STATUS "Using bundled nlohmann-json in '${NJSON_SRC}'") - set(NJSON_INCLUDE "${NJSON_SRC}/single_include") - ExternalProject_Add(njson - URL "https://s3.amazonaws.com/download.draios.com/dependencies/njson-3.3.0.tar.gz" - URL_MD5 "e26760e848656a5da400662e6c5d999a" - CONFIGURE_COMMAND "" - BUILD_COMMAND "" - INSTALL_COMMAND "") -endif() +set(NJSON_SRC "${PROJECT_BINARY_DIR}/njson-prefix/src/njson") +message(STATUS "Using bundled nlohmann-json in '${NJSON_SRC}'") +set(NJSON_INCLUDE "${NJSON_SRC}/single_include") +ExternalProject_Add( + njson + URL "https://s3.amazonaws.com/download.draios.com/dependencies/njson-3.3.0.tar.gz" + URL_MD5 "e26760e848656a5da400662e6c5d999a" + CONFIGURE_COMMAND "" + BUILD_COMMAND "" + INSTALL_COMMAND "") -# # curses -# -# we pull this in because libsinsp won't build without it - -option(USE_BUNDLED_NCURSES "Enable building of the bundled ncurses" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_NCURSES) - set(CURSES_NEED_NCURSES TRUE) - find_package(Curses REQUIRED) - message(STATUS "Found ncurses: include: ${CURSES_INCLUDE_DIR}, lib: ${CURSES_LIBRARIES}") -else() - set(CURSES_BUNDLE_DIR "${PROJECT_BINARY_DIR}/ncurses-prefix/src/ncurses") - set(CURSES_INCLUDE_DIR "${CURSES_BUNDLE_DIR}/include/") - set(CURSES_LIBRARIES "${CURSES_BUNDLE_DIR}/lib/libncurses.a") - message(STATUS "Using bundled ncurses in '${CURSES_BUNDLE_DIR}'") - ExternalProject_Add(ncurses - URL "https://s3.amazonaws.com/download.draios.com/dependencies/ncurses-6.0-20150725.tgz" - URL_MD5 "32b8913312e738d707ae68da439ca1f4" - CONFIGURE_COMMAND ./configure --without-cxx --without-cxx-binding --without-ada --without-manpages --without-progs --without-tests --with-terminfo-dirs=/etc/terminfo:/lib/terminfo:/usr/share/terminfo - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() +# We pull this in because libsinsp won't build without it +set(CURSES_NEED_NCURSES TRUE) +find_package(Curses REQUIRED) +message(STATUS "Found ncurses: include: ${CURSES_INCLUDE_DIR}, lib: ${CURSES_LIBRARIES}") -# # libb64 -# -option(USE_BUNDLED_B64 "Enable building of the bundled b64" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_B64) - find_path(B64_INCLUDE NAMES b64/encode.h) - find_library(B64_LIB NAMES b64) - if(B64_INCLUDE AND B64_LIB) - message(STATUS "Found b64: include: ${B64_INCLUDE}, lib: ${B64_LIB}") - else() - message(FATAL_ERROR "Couldn't find system b64") - endif() -else() - set(B64_SRC "${PROJECT_BINARY_DIR}/b64-prefix/src/b64") - message(STATUS "Using bundled b64 in '${B64_SRC}'") - set(B64_INCLUDE "${B64_SRC}/include") - set(B64_LIB "${B64_SRC}/src/libb64.a") - ExternalProject_Add(b64 - URL "https://s3.amazonaws.com/download.draios.com/dependencies/libb64-1.2.src.zip" - URL_MD5 "a609809408327117e2c643bed91b76c5" - CONFIGURE_COMMAND "" - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() +set(B64_SRC "${PROJECT_BINARY_DIR}/b64-prefix/src/b64") +message(STATUS "Using bundled b64 in '${B64_SRC}'") +set(B64_INCLUDE "${B64_SRC}/include") +set(B64_LIB "${B64_SRC}/src/libb64.a") +ExternalProject_Add( + b64 + URL "https://s3.amazonaws.com/download.draios.com/dependencies/libb64-1.2.src.zip" + URL_MD5 "a609809408327117e2c643bed91b76c5" + CONFIGURE_COMMAND "" + BUILD_COMMAND ${CMD_MAKE} + BUILD_IN_SOURCE 1 + INSTALL_COMMAND "") + +# yaml-cpp +include(yaml-cpp) -# -# yamlcpp -# -option(USE_BUNDLED_YAMLCPP "Enable building of the bundled yamlcpp" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_YAMLCPP) - find_path(YAMLCPP_INCLUDE_DIR NAMES yaml-cpp/yaml.h) - find_library(YAMLCPP_LIB NAMES yaml-cpp) - if(YAMLCPP_INCLUDE_DIR AND YAMLCPP_LIB) - message(STATUS "Found yamlcpp: include: ${YAMLCPP_INCLUDE_DIR}, lib: ${YAMLCPP_LIB}") - else() - message(FATAL_ERROR "Couldn't find system yamlcpp") - endif() -else() - set(YAMLCPP_SRC "${PROJECT_BINARY_DIR}/yamlcpp-prefix/src/yamlcpp") - message(STATUS "Using bundled yaml-cpp in '${YAMLCPP_SRC}'") - set(YAMLCPP_LIB "${YAMLCPP_SRC}/libyaml-cpp.a") - set(YAMLCPP_INCLUDE_DIR "${YAMLCPP_SRC}/include") - ExternalProject_Add(yamlcpp - URL "https://s3.amazonaws.com/download.draios.com/dependencies/yaml-cpp-yaml-cpp-0.6.2.tar.gz" - URL_MD5 "5b943e9af0060d0811148b037449ef82" - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() - -# # OpenSSL -# -option(USE_BUNDLED_OPENSSL "Enable building of the bundled OpenSSL" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_OPENSSL) - find_package(OpenSSL REQUIRED) - message(STATUS "Found OpenSSL: include: ${OPENSSL_INCLUDE_DIR}, lib: ${OPENSSL_LIBRARIES}") +find_package(OpenSSL REQUIRED) +message(STATUS "Found OpenSSL: include: ${OPENSSL_INCLUDE_DIR}, lib: ${OPENSSL_LIBRARIES}") +find_program(OPENSSL_BINARY openssl) +if(NOT OPENSSL_BINARY) + message(FATAL_ERROR "Couldn't find the openssl command line in PATH") else() - - set(OPENSSL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl") - set(OPENSSL_INSTALL_DIR "${OPENSSL_BUNDLE_DIR}/target") - set(OPENSSL_INCLUDE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl/include") - set(OPENSSL_LIBRARY_SSL "${OPENSSL_INSTALL_DIR}/lib/libssl.a") - set(OPENSSL_LIBRARY_CRYPTO "${OPENSSL_INSTALL_DIR}/lib/libcrypto.a") - - message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'") - - ExternalProject_Add(openssl - # START CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736 - URL "https://s3.amazonaws.com/download.draios.com/dependencies/openssl-1.0.2n.tar.gz" - URL_MD5 "13bdc1b1d1ff39b6fd42a255e74676a4" - # END CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736 - CONFIGURE_COMMAND ./config shared --prefix=${OPENSSL_INSTALL_DIR} - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND ${CMD_MAKE} install) + message(STATUS "Found openssl binary: ${OPENSSL_BINARY}") endif() -# # libcurl -# -option(USE_BUNDLED_CURL "Enable building of the bundled curl" ${USE_BUNDLED_DEPS}) +include(cURL) -if(NOT USE_BUNDLED_CURL) - find_package(CURL REQUIRED) - message(STATUS "Found CURL: include: ${CURL_INCLUDE_DIR}, lib: ${CURL_LIBRARIES}") -else() - set(CURL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/curl-prefix/src/curl") - set(CURL_INCLUDE_DIR "${CURL_BUNDLE_DIR}/include/") - set(CURL_LIBRARIES "${CURL_BUNDLE_DIR}/lib/.libs/libcurl.a") - - if(NOT USE_BUNDLED_OPENSSL) - set(CURL_SSL_OPTION "--with-ssl") - else() - set(CURL_SSL_OPTION "--with-ssl=${OPENSSL_INSTALL_DIR}") - message(STATUS "Using bundled curl in '${CURL_BUNDLE_DIR}'") - message(STATUS "Using SSL for curl in '${CURL_SSL_OPTION}'") - endif() - - ExternalProject_Add(curl - DEPENDS openssl - # START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007 - URL "https://s3.amazonaws.com/download.draios.com/dependencies/curl-7.61.0.tar.bz2" - URL_MD5 "31d0a9f48dc796a7db351898a1e5058a" - # END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007 - CONFIGURE_COMMAND ./configure ${CURL_SSL_OPTION} --disable-shared --enable-optimize --disable-curldebug --disable-rt --enable-http --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smb --disable-smtp --disable-gopher --disable-sspi --disable-ntlm-wb --disable-tls-srp --without-winssl --without-darwinssl --without-polarssl --without-cyassl --without-nss --without-axtls --without-ca-path --without-ca-bundle --without-libmetalink --without-librtmp --without-winidn --without-libidn2 --without-libpsl --without-nghttp2 --without-libssh2 --disable-threaded-resolver --without-brotli - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() - -# # LuaJIT -# -option(USE_BUNDLED_LUAJIT "Enable building of the bundled LuaJIT" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_LUAJIT) - find_path(LUAJIT_INCLUDE luajit.h PATH_SUFFIXES luajit-2.0 luajit) - find_library(LUAJIT_LIB NAMES luajit luajit-5.1) - if(LUAJIT_INCLUDE AND LUAJIT_LIB) - message(STATUS "Found LuaJIT: include: ${LUAJIT_INCLUDE}, lib: ${LUAJIT_LIB}") - else() - # alternatively try stock Lua - find_package(Lua51) - set(LUAJIT_LIB ${LUA_LIBRARY}) - set(LUAJIT_INCLUDE ${LUA_INCLUDE_DIR}) - - if(NOT ${LUA51_FOUND}) - message(FATAL_ERROR "Couldn't find system LuaJIT or Lua") - endif() - endif() -else() - set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src") - message(STATUS "Using bundled LuaJIT in '${LUAJIT_SRC}'") - set(LUAJIT_INCLUDE "${LUAJIT_SRC}") - set(LUAJIT_LIB "${LUAJIT_SRC}/libluajit.a") - ExternalProject_Add(luajit - URL "https://s3.amazonaws.com/download.draios.com/dependencies/LuaJIT-2.0.3.tar.gz" - URL_MD5 "f14e9104be513913810cd59c8c658dc0" - CONFIGURE_COMMAND "" - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - INSTALL_COMMAND "") -endif() +set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src") +message(STATUS "Using bundled LuaJIT in '${LUAJIT_SRC}'") +set(LUAJIT_INCLUDE "${LUAJIT_SRC}") +set(LUAJIT_LIB "${LUAJIT_SRC}/libluajit.a") +ExternalProject_Add( + luajit + URL "https://s3.amazonaws.com/download.draios.com/dependencies/LuaJIT-2.0.3.tar.gz" + URL_MD5 "f14e9104be513913810cd59c8c658dc0" + CONFIGURE_COMMAND "" + BUILD_COMMAND ${CMD_MAKE} + BUILD_IN_SOURCE 1 + INSTALL_COMMAND "") -# # Lpeg -# -option(USE_BUNDLED_LPEG "Enable building of the bundled lpeg" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_LPEG) - find_library(LPEG_LIB NAMES lpeg.a) - if(LPEG_LIB) - message(STATUS "Found lpeg: lib: ${LPEG_LIB}") - else() - message(FATAL_ERROR "Couldn't find system lpeg") - endif() +set(LPEG_SRC "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg") +set(LPEG_LIB "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg/build/lpeg.a") +message(STATUS "Using bundled lpeg in '${LPEG_SRC}'") +set(LPEG_DEPENDENCIES "") +list(APPEND LPEG_DEPENDENCIES "luajit") +ExternalProject_Add( + lpeg + DEPENDS ${LPEG_DEPENDENCIES} + URL "https://s3.amazonaws.com/download.draios.com/dependencies/lpeg-1.0.0.tar.gz" + URL_MD5 "0aec64ccd13996202ad0c099e2877ece" + BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE} "${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh" "${LPEG_SRC}/build" + BUILD_IN_SOURCE 1 + CONFIGURE_COMMAND "" + INSTALL_COMMAND "") + +# libyaml +find_library(LIBYAML_LIB NAMES libyaml.so) +if(LIBYAML_LIB) + message(STATUS "Found libyaml: lib: ${LIBYAML_LIB}") else() - set(LPEG_SRC "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg") - set(LPEG_LIB "${PROJECT_BINARY_DIR}/lpeg-prefix/src/lpeg/build/lpeg.a") - message(STATUS "Using bundled lpeg in '${LPEG_SRC}'") - set(LPEG_DEPENDENCIES "") - if(USE_BUNDLED_LUAJIT) - list(APPEND LPEG_DEPENDENCIES "luajit") - endif() - ExternalProject_Add(lpeg - DEPENDS ${LPEG_DEPENDENCIES} - URL "https://s3.amazonaws.com/download.draios.com/dependencies/lpeg-1.0.0.tar.gz" - URL_MD5 "0aec64ccd13996202ad0c099e2877ece" - BUILD_COMMAND LUA_INCLUDE=${LUAJIT_INCLUDE} "${PROJECT_SOURCE_DIR}/scripts/build-lpeg.sh" "${LPEG_SRC}/build" - BUILD_IN_SOURCE 1 - CONFIGURE_COMMAND "" - INSTALL_COMMAND "") + message(FATAL_ERROR "Couldn't find system libyaml") endif() -# -# Libyaml -# -option(USE_BUNDLED_LIBYAML "Enable building of the bundled libyaml" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_LIBYAML) - # Note: to distinguish libyaml.a and yaml.a we specify a full - # file name here, so you'll have to arrange for static - # libraries being available. - find_library(LIBYAML_LIB NAMES libyaml.a) - if(LIBYAML_LIB) - message(STATUS "Found libyaml: lib: ${LIBYAML_LIB}") - else() - message(FATAL_ERROR "Couldn't find system libyaml") - endif() -else() - find_path(AUTORECONF_BIN NAMES autoreconf) - if(AUTORECONF_BIN) - message(STATUS "Found autoreconf: ${AUTORECONF_BIN}") - else() - message(FATAL_ERROR "Couldn't find system autoreconf. Please install autoreconf before continuing or use system libyaml") - endif() - - set(LIBYAML_SRC "${PROJECT_BINARY_DIR}/libyaml-prefix/src/libyaml/src") - set(LIBYAML_INCLUDE "${PROJECT_BINARY_DIR}/libyaml-prefix/src/libyaml/include") - set(LIBYAML_LIB "${LIBYAML_SRC}/.libs/libyaml.a") - message(STATUS "Using bundled libyaml in '${LIBYAML_SRC}'") - ExternalProject_Add(libyaml - URL "https://s3.amazonaws.com/download.draios.com/dependencies/libyaml-0.1.4.tar.gz" - URL_MD5 "4a4bced818da0b9ae7fc8ebc690792a7" - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - CONFIGURE_COMMAND ./bootstrap && ./configure - INSTALL_COMMAND "") -endif() - -# # lyaml -# -option(USE_BUNDLED_LYAML "Enable building of the bundled lyaml" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_LYAML) - # Note: to distinguish libyaml.a and yaml.a we specify a full - # file name here, so you'll have to arrange for static - # libraries being available. - find_library(LYAML_LIB NAMES yaml.a) - if(LYAML_LIB) - message(STATUS "Found lyaml: lib: ${LYAML_LIB}") - else() - message(FATAL_ERROR "Couldn't find system lyaml") - endif() -else() - set(LYAML_SRC "${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/ext/yaml") - set(LYAML_LIB "${LYAML_SRC}/.libs/yaml.a") - message(STATUS "Using bundled lyaml in '${LYAML_SRC}'") - set(LYAML_DEPENDENCIES "") - if(USE_BUNDLED_LUAJIT) - list(APPEND LYAML_DEPENDENCIES "luajit") - endif() - if(USE_BUNDLED_LIBYAML) - list(APPEND LYAML_DEPENDENCIES "libyaml") - endif() - - ExternalProject_Add(lyaml - DEPENDS ${LYAML_DEPENDENCIES} - URL "https://s3.amazonaws.com/download.draios.com/dependencies/lyaml-release-v6.0.tar.gz" - URL_MD5 "dc3494689a0dce7cf44e7a99c72b1f30" - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - CONFIGURE_COMMAND ./configure --enable-static LIBS=-L${LIBYAML_SRC}/.libs CFLAGS=-I${LIBYAML_INCLUDE} CPPFLAGS=-I${LIBYAML_INCLUDE} LUA_INCLUDE=-I${LUAJIT_INCLUDE} LUA=${LUAJIT_SRC}/luajit - INSTALL_COMMAND sh -c "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/engine/lua") -endif() - -option(USE_BUNDLED_TBB "Enable building of the bundled tbb" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_TBB) - find_path(TBB_INCLUDE_DIR tbb.h PATH_SUFFIXES tbb) - find_library(TBB_LIB NAMES tbb) - if(TBB_INCLUDE_DIR AND TBB_LIB) - message(STATUS "Found tbb: include: ${TBB_INCLUDE_DIR}, lib: ${TBB_LIB}") - else() - message(FATAL_ERROR "Couldn't find system tbb") - endif() -else() - set(TBB_SRC "${PROJECT_BINARY_DIR}/tbb-prefix/src/tbb") - - message(STATUS "Using bundled tbb in '${TBB_SRC}'") - - set(TBB_INCLUDE_DIR "${TBB_SRC}/include/") - set(TBB_LIB "${TBB_SRC}/build/lib_release/libtbb.a") - ExternalProject_Add(tbb - URL "https://s3.amazonaws.com/download.draios.com/dependencies/tbb-2018_U5.tar.gz" - URL_MD5 "ff3ae09f8c23892fbc3008c39f78288f" - CONFIGURE_COMMAND "" - BUILD_COMMAND ${CMD_MAKE} tbb_build_dir=${TBB_SRC}/build tbb_build_prefix=lib extra_inc=big_iron.inc - BUILD_IN_SOURCE 1 - BUILD_BYPRODUCTS ${TBB_LIB} - INSTALL_COMMAND "") -endif() +set(LYAML_SRC "${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/ext/yaml") +set(LYAML_LIB "${LYAML_SRC}/.libs/yaml.a") +message(STATUS "Using bundled lyaml in '${LYAML_SRC}'") +set(LYAML_DEPENDENCIES "") +list(APPEND LYAML_DEPENDENCIES "luajit") +ExternalProject_Add( + lyaml + DEPENDS ${LYAML_DEPENDENCIES} + URL "https://s3.amazonaws.com/download.draios.com/dependencies/lyaml-release-v6.0.tar.gz" + URL_MD5 "dc3494689a0dce7cf44e7a99c72b1f30" + BUILD_COMMAND ${CMD_MAKE} + BUILD_IN_SOURCE 1 + CONFIGURE_COMMAND ./configure --enable-static LIBS=-lyaml LUA_INCLUDE=-I${LUAJIT_INCLUDE} LUA=${LUAJIT_SRC}/luajit + INSTALL_COMMAND sh -c + "cp -R ${PROJECT_BINARY_DIR}/lyaml-prefix/src/lyaml/lib/* ${PROJECT_SOURCE_DIR}/userspace/engine/lua") + +# Intel TBB +set(TBB_SRC "${PROJECT_BINARY_DIR}/tbb-prefix/src/tbb") + +message(STATUS "Using bundled tbb in '${TBB_SRC}'") + +set(TBB_INCLUDE_DIR "${TBB_SRC}/include/") +set(TBB_LIB "${TBB_SRC}/build/lib_release/libtbb.a") +ExternalProject_Add( + tbb + URL "https://github.com/intel/tbb/archive/2018_U5.tar.gz" + URL_MD5 "ff3ae09f8c23892fbc3008c39f78288f" + CONFIGURE_COMMAND "" + BUILD_COMMAND ${CMD_MAKE} tbb_build_dir=${TBB_SRC}/build tbb_build_prefix=lib extra_inc=big_iron.inc + BUILD_IN_SOURCE 1 + BUILD_BYPRODUCTS ${TBB_LIB} + INSTALL_COMMAND "") -# # civetweb -# -option(USE_BUNDLED_CIVETWEB "Enable building of the bundled civetweb" ${USE_BUNDLED_DEPS}) - -if(NOT USE_BUNDLED_CIVETWEB) - find_library(CIVETWEB_LIB NAMES civetweb) - if(CIVETWEB_LIB) - message(STATUS "Found civetweb: lib: ${CIVETWEB_LIB}") - else() - message(FATAL_ERROR "Couldn't find system civetweb") - endif() -else() - set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/") - set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a") - set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include") - message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'") - set(CIVETWEB_DEPENDENCIES "") - if(USE_BUNDLED_OPENSSL) - list(APPEND CIVETWEB_DEPENDENCIES "openssl") - endif() - ExternalProject_Add(civetweb - DEPENDS ${CIVETWEB_DEPENDENCIES} - URL "https://s3.amazonaws.com/download.draios.com/dependencies/civetweb-1.11.tar.gz" - URL_MD5 "b6d2175650a27924bccb747cbe084cd4" - CONFIGURE_COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/lib - COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/include - BUILD_IN_SOURCE 1 - BUILD_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" WITH_CPP=1 - INSTALL_COMMAND ${CMD_MAKE} install-lib install-headers PREFIX=${CIVETWEB_SRC}/install WITH_CPP=1) -endif() - -option(USE_BUNDLED_CARES "Enable building of the bundled c-ares" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_CARES) - find_path(CARES_INCLUDE NAMES cares/ares.h) - find_library(CARES_LIB NAMES libcares.a) - if(CARES_INCLUDE AND CARES_LIB) - message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}") - else() - message(FATAL_ERROR "Couldn't find system c-ares") - endif() -else() - set(CARES_SRC "${PROJECT_BINARY_DIR}/c-ares-prefix/src/c-ares") - message(STATUS "Using bundled c-ares in '${CARES_SRC}'") - set(CARES_INCLUDE "${CARES_SRC}/target/include") - set(CARES_LIB "${CARES_SRC}/target/lib/libcares.a") - ExternalProject_Add(c-ares - URL "https://download.sysdig.com/dependencies/c-ares-1.13.0.tar.gz" - URL_MD5 "d2e010b43537794d8bedfb562ae6bba2" - CONFIGURE_COMMAND ./configure --prefix=${CARES_SRC}/target - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - BUILD_BYPRODUCTS ${CARES_INCLUDE} ${CARES_LIB} - INSTALL_COMMAND ${CMD_MAKE} install) -endif() - -option(USE_BUNDLED_PROTOBUF "Enable building of the bundled protobuf" ${USE_BUNDLED_DEPS}) -if(NOT USE_BUNDLED_PROTOBUF) - find_program(PROTOC NAMES protoc) - find_path(PROTOBUF_INCLUDE NAMES google/protobuf/message.h) - find_library(PROTOBUF_LIB NAMES libprotobuf.a) - if(PROTOC AND PROTOBUF_INCLUDE AND PROTOBUF_LIB) - message(STATUS "Found protobuf: compiler: ${PROTOC}, include: ${PROTOBUF_INCLUDE}, lib: ${PROTOBUF_LIB}") - else() - message(FATAL_ERROR "Couldn't find system protobuf") - endif() -else() - set(PROTOBUF_SRC "${PROJECT_BINARY_DIR}/protobuf-prefix/src/protobuf") - message(STATUS "Using bundled protobuf in '${PROTOBUF_SRC}'") - set(PROTOC "${PROTOBUF_SRC}/target/bin/protoc") - set(PROTOBUF_INCLUDE "${PROTOBUF_SRC}/target/include") - set(PROTOBUF_LIB "${PROTOBUF_SRC}/target/lib/libprotobuf.a") - ExternalProject_Add(protobuf - DEPENDS openssl zlib - URL "https://github.com/protocolbuffers/protobuf/releases/download/v3.8.0/protobuf-cpp-3.8.0.tar.gz" - URL_MD5 "9054bb5571905a28b3ae787d1d6cf8de" - # TODO what if using system zlib? - CONFIGURE_COMMAND /usr/bin/env CPPFLAGS=-I${ZLIB_INCLUDE} LDFLAGS=-L${ZLIB_SRC} ./configure --with-zlib --prefix=${PROTOBUF_SRC}/target - BUILD_COMMAND ${CMD_MAKE} - BUILD_IN_SOURCE 1 - BUILD_BYPRODUCTS ${PROTOC} ${PROTOBUF_INCLUDE} ${PROTOBUF_LIB} - # TODO s390x support - INSTALL_COMMAND make install) -endif() - - option(USE_BUNDLED_GRPC "Enable building of the bundled grpc" ${USE_BUNDLED_DEPS}) - if(NOT USE_BUNDLED_GRPC) - find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h) - if(GRPCXX_INCLUDE) - set(GRPC_INCLUDE ${GRPCXX_INCLUDE}) - else() - find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h) - set(GRPC_INCLUDE ${GRPCPP_INCLUDE}) - add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1) - endif() - find_library(GRPC_LIB NAMES grpc) - find_library(GRPCPP_LIB NAMES grpc++) - if(GRPC_INCLUDE AND GRPC_LIB AND GRPCPP_LIB) - message(STATUS "Found grpc: include: ${GRPC_INCLUDE}, C lib: ${GRPC_LIB}, C++ lib: ${GRPCPP_LIB}") - else() - message(FATAL_ERROR "Couldn't find system grpc") - endif() - find_program(GRPC_CPP_PLUGIN grpc_cpp_plugin) - if(NOT GRPC_CPP_PLUGIN) - message(FATAL_ERROR "System grpc_cpp_plugin not found") - endif() - else() - find_package(PkgConfig) - if(NOT PKG_CONFIG_FOUND) - message(FATAL_ERROR "pkg-config binary not found") - endif() - message(STATUS "Found pkg-config executable: ${PKG_CONFIG_EXECUTABLE}") - set(GRPC_SRC "${PROJECT_BINARY_DIR}/grpc-prefix/src/grpc") - message(STATUS "Using bundled grpc in '${GRPC_SRC}'") - set(GRPC_INCLUDE "${GRPC_SRC}/include") - set(GRPC_LIB "${GRPC_SRC}/libs/opt/libgrpc.a") - set(GRPCPP_LIB "${GRPC_SRC}/libs/opt/libgrpc++.a") - set(GRPC_CPP_PLUGIN "${GRPC_SRC}/bins/opt/grpc_cpp_plugin") - - get_filename_component(PROTOC_DIR ${PROTOC} PATH) - - ExternalProject_Add(grpc - DEPENDS protobuf zlib c-ares openssl - URL "https://github.com/grpc/grpc/archive/v1.25.0.tar.gz" - URL_MD5 "3a875f7b3f0e3bdd3a603500bcef3d41" - CONFIGURE_COMMAND "" - # TODO what if using system openssl, protobuf or cares? - BUILD_COMMAND CFLAGS=-Wno-implicit-fallthrough HAS_SYSTEM_ZLIB=false LDFLAGS=-static PATH=${PROTOC_DIR}:$ENV{PATH} PKG_CONFIG_PATH=${OPENSSL_BUNDLE_DIR}:${PROTOBUF_SRC}:${CARES_SRC} PKG_CONFIG=${PKG_CONFIG_EXECUTABLE} make grpc_cpp_plugin static_cxx static_c - BUILD_IN_SOURCE 1 - BUILD_BYPRODUCTS ${GRPC_LIB} ${GRPCPP_LIB} - # TODO s390x support - # TODO what if using system zlib - PATCH_COMMAND rm -rf third_party/zlib && ln -s ${ZLIB_SRC} third_party/zlib && patch -p1 < ${PROJECT_SOURCE_DIR}/cmake/patch/grpc-1.25.0-Makefile.patch - INSTALL_COMMAND "") - endif() - -install(FILES falco.yaml - DESTINATION "${FALCO_ETC_DIR}") - -if(FALCO_COVERAGE) - if (NOT (("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU") OR ("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang"))) - message(FATAL_ERROR "FALCO_COVERAGE requires GCC or Clang.") - endif() - - message(STATUS "Building with coverage information") - add_compile_options(-g --coverage) - set(CMAKE_SHARED_LINKER_FLAGS "--coverage ${CMAKE_SHARED_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "--coverage ${CMAKE_EXE_LINKER_FLAGS}") -endif() - - +set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/") +set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a") +set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include") +message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'") +ExternalProject_Add( + civetweb + URL "https://github.com/civetweb/civetweb/archive/v1.11.tar.gz" + URL_MD5 "b6d2175650a27924bccb747cbe084cd4" + CONFIGURE_COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/lib + COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/include + BUILD_IN_SOURCE 1 + BUILD_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" WITH_CPP=1 + INSTALL_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" install-lib install-headers PREFIX=${CIVETWEB_SRC}/install "WITH_CPP=1") + +# gRPC +include(gRPC) + +# sysdig +include(sysdig) + +# Installation +install(FILES falco.yaml DESTINATION "${FALCO_ETC_DIR}") + +include(Coverage) + +# Tests add_subdirectory(test) + +# Rules add_subdirectory(rules) + +# Dockerfiles add_subdirectory(docker) -if(CMAKE_SYSTEM_NAME MATCHES "Linux") - add_subdirectory("${SYSDIG_DIR}/driver" "${PROJECT_BINARY_DIR}/driver") - include(FindMakedev) -endif() -add_subdirectory("${SYSDIG_DIR}/userspace/libscap" "${PROJECT_BINARY_DIR}/userspace/libscap") -add_subdirectory("${SYSDIG_DIR}/userspace/libsinsp" "${PROJECT_BINARY_DIR}/userspace/libsinsp") +# Clang format +# add_custom_target(format COMMAND clang-format --style=file -i $ COMMENT "Formatting ..." VERBATIM) +# Shared build variables set(FALCO_SINSP_LIBRARY sinsp) set(FALCO_SHARE_DIR share/falco) set(FALCO_ABSOLUTE_SHARE_DIR "${CMAKE_INSTALL_PREFIX}/${FALCO_SHARE_DIR}") set(FALCO_BIN_DIR bin) + add_subdirectory(scripts) add_subdirectory(userspace/engine) add_subdirectory(userspace/falco) add_subdirectory(tests) -set(CPACK_PACKAGE_NAME "${PACKAGE_NAME}") -set(CPACK_PACKAGE_VENDOR "Cloud Native Computing Foundation (CNCF) cncf.io.") -set(CPACK_PACKAGE_CONTACT "opensource@sysdig.com") -set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Falco - Container Native Runtime Security") -set(CPACK_PACKAGE_DESCRIPTION_FILE "${PROJECT_SOURCE_DIR}/scripts/description.txt") -set(CPACK_PACKAGE_VERSION "${FALCO_VERSION}") -set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CMAKE_SYSTEM_PROCESSOR}") -set(CPACK_PROJECT_CONFIG_FILE "${PROJECT_SOURCE_DIR}/CMakeCPackOptions.cmake") -set(CPACK_STRIP_FILES "ON") -set(CPACK_PACKAGE_RELOCATABLE "OFF") - -set(CPACK_GENERATOR DEB RPM TGZ) - -set(CPACK_DEBIAN_PACKAGE_SECTION "utils") -set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "amd64") -set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "https://www.falco.org") -set(CPACK_DEBIAN_PACKAGE_DEPENDS "dkms (>= 2.1.0.0)") -set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_BINARY_DIR}/scripts/debian/postinst;${CMAKE_BINARY_DIR}/scripts/debian/prerm;${PROJECT_SOURCE_DIR}/scripts/debian/postrm;${PROJECT_SOURCE_DIR}/cpack/debian/conffiles") - -set(CPACK_RPM_PACKAGE_LICENSE "Apache v2.0") -set(CPACK_RPM_PACKAGE_URL "https://www.falco.org") -set(CPACK_RPM_PACKAGE_REQUIRES "dkms, gcc, make, kernel-devel, perl") -set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/postinstall") -set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/preuninstall") -set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/postuninstall") -set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION /usr/src /usr/share/man /usr/share/man/man8 /etc /usr /usr/bin /usr/share /etc/rc.d /etc/rc.d/init.d) -set(CPACK_RPM_PACKAGE_RELOCATABLE "OFF") - -include(CPack) +# Packages configuration +include(CPackConfig) diff --git a/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake similarity index 57% rename from CMakeCPackOptions.cmake rename to cmake/cpack/CMakeCPackOptions.cmake index f10ff198496..5d50761d73e 100644 --- a/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -1,19 +1,3 @@ -# -# Copyright (C) 2019 The Falco Authors. -# -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# if(CPACK_GENERATOR MATCHES "DEB") list(APPEND CPACK_INSTALL_COMMANDS "mkdir -p _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/etc/init.d/") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/debian/falco _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/etc/init.d") diff --git a/cpack/debian/conffiles b/cmake/cpack/debian/conffiles similarity index 100% rename from cpack/debian/conffiles rename to cmake/cpack/debian/conffiles diff --git a/cmake/modules/CPackConfig.cmake b/cmake/modules/CPackConfig.cmake new file mode 100644 index 00000000000..78d3cf8a5ee --- /dev/null +++ b/cmake/modules/CPackConfig.cmake @@ -0,0 +1,40 @@ +set(CPACK_PACKAGE_NAME "${PACKAGE_NAME}") +set(CPACK_PACKAGE_VENDOR "Cloud Native Computing Foundation (CNCF) cncf.io.") +set(CPACK_PACKAGE_CONTACT "opensource@sysdig.com") # todo: change this once we've got @falco.org addresses +set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Falco - Container Native Runtime Security") +set(CPACK_PACKAGE_DESCRIPTION_FILE "${PROJECT_SOURCE_DIR}/scripts/description.txt") +set(CPACK_PACKAGE_VERSION "${FALCO_VERSION}") +set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_NAME}-${CPACK_PACKAGE_VERSION}-${CMAKE_SYSTEM_PROCESSOR}") +set(CPACK_PROJECT_CONFIG_FILE "${PROJECT_SOURCE_DIR}/cmake/cpack/CMakeCPackOptions.cmake") +set(CPACK_STRIP_FILES "ON") +set(CPACK_PACKAGE_RELOCATABLE "OFF") + +set(CPACK_GENERATOR DEB RPM TGZ) + +set(CPACK_DEBIAN_PACKAGE_SECTION "utils") +set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "amd64") +set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "https://www.falco.org") +set(CPACK_DEBIAN_PACKAGE_DEPENDS "dkms (>= 2.1.0.0), libyaml-0-2") +set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA + "${CMAKE_BINARY_DIR}/scripts/debian/postinst;${CMAKE_BINARY_DIR}/scripts/debian/prerm;${PROJECT_SOURCE_DIR}/scripts/debian/postrm;${PROJECT_SOURCE_DIR}/cmake/cpack/debian/conffiles" +) + +set(CPACK_RPM_PACKAGE_LICENSE "Apache v2.0") +set(CPACK_RPM_PACKAGE_URL "https://www.falco.org") +set(CPACK_RPM_PACKAGE_REQUIRES "dkms, gcc, make, kernel-devel, perl") +set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/postinstall") +set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/preuninstall") +set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE "${PROJECT_SOURCE_DIR}/scripts/rpm/postuninstall") +set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION + /usr/src + /usr/share/man + /usr/share/man/man8 + /etc + /usr + /usr/bin + /usr/share + /etc/rc.d + /etc/rc.d/init.d) +set(CPACK_RPM_PACKAGE_RELOCATABLE "OFF") + +include(CPack) diff --git a/cmake/modules/Catch.cmake b/cmake/modules/Catch.cmake index 486e323318c..6737791a5f4 100644 --- a/cmake/modules/Catch.cmake +++ b/cmake/modules/Catch.cmake @@ -1,5 +1,5 @@ -# Distributed under the OSI-approved BSD 3-Clause License. See accompanying -# file Copyright.txt or https://cmake.org/licensing for details. +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying file Copyright.txt or +# https://cmake.org/licensing for details. #[=======================================================================[.rst: Catch @@ -92,15 +92,10 @@ same as the Catch name; see also ``TEST_PREFIX`` and ``TEST_SUFFIX``. #]=======================================================================] -#------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------ function(catch_discover_tests TARGET) - cmake_parse_arguments( - "" - "" - "TEST_PREFIX;TEST_SUFFIX;WORKING_DIRECTORY;TEST_LIST" - "TEST_SPEC;EXTRA_ARGS;PROPERTIES" - ${ARGN} - ) + cmake_parse_arguments("" "" "TEST_PREFIX;TEST_SUFFIX;WORKING_DIRECTORY;TEST_LIST" "TEST_SPEC;EXTRA_ARGS;PROPERTIES" + ${ARGN}) if(NOT _WORKING_DIRECTORY) set(_WORKING_DIRECTORY "${CMAKE_CURRENT_BINARY_DIR}") @@ -109,67 +104,56 @@ function(catch_discover_tests TARGET) set(_TEST_LIST ${TARGET}_TESTS) endif() - ## Generate a unique name based on the extra arguments + # Generate a unique name based on the extra arguments string(SHA1 args_hash "${_TEST_SPEC} ${_EXTRA_ARGS}") string(SUBSTRING ${args_hash} 0 7 args_hash) # Define rule to generate test list for aforementioned test executable set(ctest_include_file "${CMAKE_CURRENT_BINARY_DIR}/${TARGET}_include-${args_hash}.cmake") set(ctest_tests_file "${CMAKE_CURRENT_BINARY_DIR}/${TARGET}_tests-${args_hash}.cmake") - get_property(crosscompiling_emulator + get_property( + crosscompiling_emulator TARGET ${TARGET} - PROPERTY CROSSCOMPILING_EMULATOR - ) + PROPERTY CROSSCOMPILING_EMULATOR) add_custom_command( - TARGET ${TARGET} POST_BUILD + TARGET ${TARGET} + POST_BUILD BYPRODUCTS "${ctest_tests_file}" - COMMAND "${CMAKE_COMMAND}" - -D "TEST_TARGET=${TARGET}" - -D "TEST_EXECUTABLE=$" - -D "TEST_EXECUTOR=${crosscompiling_emulator}" - -D "TEST_WORKING_DIR=${_WORKING_DIRECTORY}" - -D "TEST_SPEC=${_TEST_SPEC}" - -D "TEST_EXTRA_ARGS=${_EXTRA_ARGS}" - -D "TEST_PROPERTIES=${_PROPERTIES}" - -D "TEST_PREFIX=${_TEST_PREFIX}" - -D "TEST_SUFFIX=${_TEST_SUFFIX}" - -D "TEST_LIST=${_TEST_LIST}" - -D "CTEST_FILE=${ctest_tests_file}" - -P "${_CATCH_DISCOVER_TESTS_SCRIPT}" - VERBATIM - ) - - file(WRITE "${ctest_include_file}" - "if(EXISTS \"${ctest_tests_file}\")\n" - " include(\"${ctest_tests_file}\")\n" - "else()\n" - " add_test(${TARGET}_NOT_BUILT-${args_hash} ${TARGET}_NOT_BUILT-${args_hash})\n" - "endif()\n" - ) - - if(NOT ${CMAKE_VERSION} VERSION_LESS "3.10.0") + COMMAND + "${CMAKE_COMMAND}" -D "TEST_TARGET=${TARGET}" -D "TEST_EXECUTABLE=$" -D + "TEST_EXECUTOR=${crosscompiling_emulator}" -D "TEST_WORKING_DIR=${_WORKING_DIRECTORY}" -D + "TEST_SPEC=${_TEST_SPEC}" -D "TEST_EXTRA_ARGS=${_EXTRA_ARGS}" -D "TEST_PROPERTIES=${_PROPERTIES}" -D + "TEST_PREFIX=${_TEST_PREFIX}" -D "TEST_SUFFIX=${_TEST_SUFFIX}" -D "TEST_LIST=${_TEST_LIST}" -D + "CTEST_FILE=${ctest_tests_file}" -P "${_CATCH_DISCOVER_TESTS_SCRIPT}" + VERBATIM) + + file( + WRITE "${ctest_include_file}" + "if(EXISTS \"${ctest_tests_file}\")\n" " include(\"${ctest_tests_file}\")\n" "else()\n" + " add_test(${TARGET}_NOT_BUILT-${args_hash} ${TARGET}_NOT_BUILT-${args_hash})\n" "endif()\n") + + if(NOT ${CMAKE_VERSION} VERSION_LESS "3.10.0") # Add discovered tests to directory TEST_INCLUDE_FILES - set_property(DIRECTORY - APPEND PROPERTY TEST_INCLUDE_FILES "${ctest_include_file}" - ) + set_property( + DIRECTORY + APPEND + PROPERTY TEST_INCLUDE_FILES "${ctest_include_file}") else() # Add discovered tests as directory TEST_INCLUDE_FILE if possible - get_property(test_include_file_set DIRECTORY PROPERTY TEST_INCLUDE_FILE SET) - if (NOT ${test_include_file_set}) - set_property(DIRECTORY - PROPERTY TEST_INCLUDE_FILE "${ctest_include_file}" - ) + get_property( + test_include_file_set + DIRECTORY + PROPERTY TEST_INCLUDE_FILE + SET) + if(NOT ${test_include_file_set}) + set_property(DIRECTORY PROPERTY TEST_INCLUDE_FILE "${ctest_include_file}") else() - message(FATAL_ERROR - "Cannot set more than one TEST_INCLUDE_FILE" - ) + message(FATAL_ERROR "Cannot set more than one TEST_INCLUDE_FILE") endif() endif() endfunction() -############################################################################### +# ###################################################################################################################### -set(_CATCH_DISCOVER_TESTS_SCRIPT - ${CMAKE_CURRENT_LIST_DIR}/CatchAddTests.cmake -) +set(_CATCH_DISCOVER_TESTS_SCRIPT ${CMAKE_CURRENT_LIST_DIR}/CatchAddTests.cmake) diff --git a/cmake/modules/CatchAddTests.cmake b/cmake/modules/CatchAddTests.cmake index 2220ce3ac6b..3d08bc626ab 100644 --- a/cmake/modules/CatchAddTests.cmake +++ b/cmake/modules/CatchAddTests.cmake @@ -1,5 +1,5 @@ -# Distributed under the OSI-approved BSD 3-Clause License. See accompanying -# file Copyright.txt or https://cmake.org/licensing for details. +# Distributed under the OSI-approved BSD 3-Clause License. See accompanying file Copyright.txt or +# https://cmake.org/licensing for details. set(prefix "${TEST_PREFIX}") set(suffix "${TEST_SUFFIX}") @@ -19,31 +19,25 @@ function(add_command NAME) set(_args "${_args} ${_arg}") endif() endforeach() - set(script "${script}${NAME}(${_args})\n" PARENT_SCOPE) + set(script + "${script}${NAME}(${_args})\n" + PARENT_SCOPE) endfunction() # Run test executable to get list of available tests if(NOT EXISTS "${TEST_EXECUTABLE}") - message(FATAL_ERROR - "Specified test executable '${TEST_EXECUTABLE}' does not exist" - ) + message(FATAL_ERROR "Specified test executable '${TEST_EXECUTABLE}' does not exist") endif() execute_process( COMMAND ${TEST_EXECUTOR} "${TEST_EXECUTABLE}" ${spec} --list-test-names-only OUTPUT_VARIABLE output - RESULT_VARIABLE result -) + RESULT_VARIABLE result) # Catch --list-test-names-only reports the number of tests, so 0 is... surprising if(${result} EQUAL 0) - message(WARNING - "Test executable '${TEST_EXECUTABLE}' contains no tests!\n" - ) + message(WARNING "Test executable '${TEST_EXECUTABLE}' contains no tests!\n") elseif(${result} LESS 0) - message(FATAL_ERROR - "Error running test executable '${TEST_EXECUTABLE}':\n" - " Result: ${result}\n" - " Output: ${output}\n" - ) + message(FATAL_ERROR "Error running test executable '${TEST_EXECUTABLE}':\n" " Result: ${result}\n" + " Output: ${output}\n") endif() string(REPLACE "\n" ";" output "${output}") @@ -54,24 +48,13 @@ foreach(line ${output}) # use escape commas to handle properly test cases with commans inside the name string(REPLACE "," "\\," test_name ${test}) # ...and add to script - add_command(add_test - "${prefix}${test}${suffix}" - ${TEST_EXECUTOR} - "${TEST_EXECUTABLE}" - "${test_name}" - ${extra_args} - ) - add_command(set_tests_properties - "${prefix}${test}${suffix}" - PROPERTIES - WORKING_DIRECTORY "${TEST_WORKING_DIR}" - ${properties} - ) + add_command(add_test "${prefix}${test}${suffix}" ${TEST_EXECUTOR} "${TEST_EXECUTABLE}" "${test_name}" ${extra_args}) + add_command(set_tests_properties "${prefix}${test}${suffix}" PROPERTIES WORKING_DIRECTORY "${TEST_WORKING_DIR}" + ${properties}) list(APPEND tests "${prefix}${test}${suffix}") endforeach() -# Create a list of all discovered tests, which users may use to e.g. set -# properties on the tests +# Create a list of all discovered tests, which users may use to e.g. set properties on the tests add_command(set ${TEST_LIST} ${tests}) # Write CTest script diff --git a/cmake/modules/Coverage.cmake b/cmake/modules/Coverage.cmake new file mode 100644 index 00000000000..0c34bcfb9d3 --- /dev/null +++ b/cmake/modules/Coverage.cmake @@ -0,0 +1,25 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +# Tests coverage +option(FALCO_COVERAGE "Build test suite with coverage information" OFF) +if(FALCO_COVERAGE) + if(NOT (("${CMAKE_CXX_COMPILER_ID}" MATCHES "GNU") OR ("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang"))) + message(FATAL_ERROR "FALCO_COVERAGE requires GCC or Clang.") + endif() + + message(STATUS "Building with coverage information") + add_compile_options(-g --coverage) + set(CMAKE_SHARED_LINKER_FLAGS "--coverage ${CMAKE_SHARED_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "--coverage ${CMAKE_EXE_LINKER_FLAGS}") +endif() diff --git a/cmake/modules/DownloadCatch.cmake b/cmake/modules/DownloadCatch.cmake index 2495f3b977b..0ae2282aa1b 100644 --- a/cmake/modules/DownloadCatch.cmake +++ b/cmake/modules/DownloadCatch.cmake @@ -1,28 +1,21 @@ # # Copyright (C) 2019 The Falco Authors. # -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. # include(ExternalProject) set(CATCH2_INCLUDE ${CMAKE_BINARY_DIR}/catch2-prefix/include) -set(CATCH_EXTERNAL_URL - URL - https://github.com/catchorg/catch2/archive/v2.9.1.tar.gz - URL_HASH - MD5=4980778888fed635bf191d8a86f9f89c) +set(CATCH_EXTERNAL_URL URL https://github.com/catchorg/catch2/archive/v2.9.1.tar.gz URL_HASH + MD5=4980778888fed635bf191d8a86f9f89c) ExternalProject_Add( catch2 @@ -30,9 +23,5 @@ ExternalProject_Add( ${CATCH_EXTERNAL_URL} CONFIGURE_COMMAND "" BUILD_COMMAND "" - INSTALL_COMMAND - ${CMAKE_COMMAND} - -E - copy - ${CMAKE_BINARY_DIR}/catch2-prefix/src/catch2/single_include/catch2/catch.hpp - ${CATCH2_INCLUDE}/catch.hpp) + INSTALL_COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/catch2-prefix/src/catch2/single_include/catch2/catch.hpp + ${CATCH2_INCLUDE}/catch.hpp) diff --git a/cmake/modules/DownloadFakeIt.cmake b/cmake/modules/DownloadFakeIt.cmake index 962bc55f9dc..695a53a5b21 100644 --- a/cmake/modules/DownloadFakeIt.cmake +++ b/cmake/modules/DownloadFakeIt.cmake @@ -1,28 +1,21 @@ # # Copyright (C) 2019 The Falco Authors. # -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may not -# use this file except in compliance with the License. You may obtain a copy of -# the License at +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations under -# the License. +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. # include(ExternalProject) set(FAKEIT_INCLUDE ${CMAKE_BINARY_DIR}/fakeit-prefix/include) -set(FAKEIT_EXTERNAL_URL - URL - https://github.com/eranpeer/fakeit/archive/2.0.5.tar.gz - URL_HASH - MD5=d3d21b909cebaea5b780af5500bf384e) +set(FAKEIT_EXTERNAL_URL URL https://github.com/eranpeer/fakeit/archive/2.0.5.tar.gz URL_HASH + MD5=d3d21b909cebaea5b780af5500bf384e) ExternalProject_Add( fakeit-external @@ -31,8 +24,5 @@ ExternalProject_Add( CONFIGURE_COMMAND "" BUILD_COMMAND "" INSTALL_COMMAND - ${CMAKE_COMMAND} - -E - copy - ${CMAKE_BINARY_DIR}/fakeit-prefix/src/fakeit-external/single_header/catch/fakeit.hpp + ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/fakeit-prefix/src/fakeit-external/single_header/catch/fakeit.hpp ${FAKEIT_INCLUDE}/fakeit.hpp) diff --git a/cmake/modules/FindMakedev.cmake b/cmake/modules/FindMakedev.cmake new file mode 100644 index 00000000000..6790a9d052d --- /dev/null +++ b/cmake/modules/FindMakedev.cmake @@ -0,0 +1,31 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +# This module is used to understand where the makedev function is defined in the glibc in use. see 'man 3 makedev' +# Usage: In your CMakeLists.txt include(FindMakedev) +# +# In your source code: +# +# #if HAVE_SYS_MKDEV_H #include #endif #ifdef HAVE_SYS_SYSMACROS_H #include #endif +# +include(${CMAKE_ROOT}/Modules/CheckIncludeFile.cmake) + +check_include_file("sys/mkdev.h" HAVE_SYS_MKDEV_H) +check_include_file("sys/sysmacros.h" HAVE_SYS_SYSMACROS_H) + +if(HAVE_SYS_MKDEV_H) + add_definitions(-DHAVE_SYS_MKDEV_H) +endif() +if(HAVE_SYS_SYSMACROS_H) + add_definitions(-DHAVE_SYS_SYSMACROS_H) +endif() diff --git a/cmake/modules/GetGitRevisionDescription.cmake b/cmake/modules/GetGitRevisionDescription.cmake index 16dc136ed53..ce4ee1ab616 100644 --- a/cmake/modules/GetGitRevisionDescription.cmake +++ b/cmake/modules/GetGitRevisionDescription.cmake @@ -1,168 +1,168 @@ -# - Returns a version string from Git +# * Returns a version string from Git # -# These functions force a re-configure on each git commit so that you can -# trust the values of the variables in your build system. +# These functions force a re-configure on each git commit so that you can trust the values of the variables in your +# build system. # -# get_git_head_revision( [ ...]) +# get_git_head_revision( [ ...]) # # Returns the refspec and sha hash of the current head revision # -# git_describe( [ ...]) +# git_describe( [ ...]) # -# Returns the results of git describe on the source tree, and adjusting -# the output so that it tests false if an error occurs. +# Returns the results of git describe on the source tree, and adjusting the output so that it tests false if an error +# occurs. # -# git_get_exact_tag( [ ...]) +# git_get_exact_tag( [ ...]) # -# Returns the results of git describe --exact-match on the source tree, -# and adjusting the output so that it tests false if there was no exact -# matching tag. +# Returns the results of git describe --exact-match on the source tree, and adjusting the output so that it tests false +# if there was no exact matching tag. # -# git_local_changes() +# git_local_changes() # -# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes. -# Uses the return code of "git diff-index --quiet HEAD --". -# Does not regard untracked files. +# Returns either "CLEAN" or "DIRTY" with respect to uncommitted changes. Uses the return code of "git diff-index --quiet +# HEAD --". Does not regard untracked files. # # Requires CMake 2.6 or newer (uses the 'function' command) # -# Original Author: -# 2009-2010 Ryan Pavlik -# http://academic.cleardefinition.com +# Original Author: 2009-2010 Ryan Pavlik http://academic.cleardefinition.com # Iowa State University HCI Graduate Program/VRAC # -# Copyright Iowa State University 2009-2010. -# Distributed under the Boost Software License, Version 1.0. -# (See accompanying file LICENSE_1_0.txt or copy at -# http://www.boost.org/LICENSE_1_0.txt) +# Copyright Iowa State University 2009-2010. Distributed under the Boost Software License, Version 1.0. (See +# accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) if(__get_git_revision_description) - return() + return() endif() set(__get_git_revision_description YES) -# We must run the following at "include" time, not at function call time, -# to find the path to this module rather than the path to a calling list file +# We must run the following at "include" time, not at function call time, to find the path to this module rather than +# the path to a calling list file get_filename_component(_gitdescmoddir ${CMAKE_CURRENT_LIST_FILE} PATH) function(get_git_head_revision _refspecvar _hashvar) - set(GIT_PARENT_DIR "${CMAKE_CURRENT_SOURCE_DIR}") - set(GIT_DIR "${GIT_PARENT_DIR}/.git") - while(NOT EXISTS "${GIT_DIR}") # .git dir not found, search parent directories - set(GIT_PREVIOUS_PARENT "${GIT_PARENT_DIR}") - get_filename_component(GIT_PARENT_DIR ${GIT_PARENT_DIR} PATH) - if(GIT_PARENT_DIR STREQUAL GIT_PREVIOUS_PARENT) - # We have reached the root directory, we are not in git - set(${_refspecvar} "GITDIR-NOTFOUND" PARENT_SCOPE) - set(${_hashvar} "GITDIR-NOTFOUND" PARENT_SCOPE) - return() - endif() - set(GIT_DIR "${GIT_PARENT_DIR}/.git") - endwhile() - # check if this is a submodule - if(NOT IS_DIRECTORY ${GIT_DIR}) - file(READ ${GIT_DIR} submodule) - string(REGEX REPLACE "gitdir: (.*)\n$" "\\1" GIT_DIR_RELATIVE ${submodule}) - get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH) - get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE} ABSOLUTE) - endif() - set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data") - if(NOT EXISTS "${GIT_DATA}") - file(MAKE_DIRECTORY "${GIT_DATA}") - endif() + set(GIT_PARENT_DIR "${CMAKE_CURRENT_SOURCE_DIR}") + set(GIT_DIR "${GIT_PARENT_DIR}/.git") + while(NOT EXISTS "${GIT_DIR}") # .git dir not found, search parent directories + set(GIT_PREVIOUS_PARENT "${GIT_PARENT_DIR}") + get_filename_component(GIT_PARENT_DIR ${GIT_PARENT_DIR} PATH) + if(GIT_PARENT_DIR STREQUAL GIT_PREVIOUS_PARENT) + # We have reached the root directory, we are not in git + set(${_refspecvar} + "GITDIR-NOTFOUND" + PARENT_SCOPE) + set(${_hashvar} + "GITDIR-NOTFOUND" + PARENT_SCOPE) + return() + endif() + set(GIT_DIR "${GIT_PARENT_DIR}/.git") + endwhile() + # check if this is a submodule + if(NOT IS_DIRECTORY ${GIT_DIR}) + file(READ ${GIT_DIR} submodule) + string(REGEX REPLACE "gitdir: (.*)\n$" "\\1" GIT_DIR_RELATIVE ${submodule}) + get_filename_component(SUBMODULE_DIR ${GIT_DIR} PATH) + get_filename_component(GIT_DIR ${SUBMODULE_DIR}/${GIT_DIR_RELATIVE} ABSOLUTE) + endif() + set(GIT_DATA "${CMAKE_CURRENT_BINARY_DIR}/CMakeFiles/git-data") + if(NOT EXISTS "${GIT_DATA}") + file(MAKE_DIRECTORY "${GIT_DATA}") + endif() - if(NOT EXISTS "${GIT_DIR}/HEAD") - return() - endif() - set(HEAD_FILE "${GIT_DATA}/HEAD") - configure_file("${GIT_DIR}/HEAD" "${HEAD_FILE}" COPYONLY) + if(NOT EXISTS "${GIT_DIR}/HEAD") + return() + endif() + set(HEAD_FILE "${GIT_DATA}/HEAD") + configure_file("${GIT_DIR}/HEAD" "${HEAD_FILE}" COPYONLY) - configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in" - "${GIT_DATA}/grabRef.cmake" - @ONLY) - include("${GIT_DATA}/grabRef.cmake") + configure_file("${_gitdescmoddir}/GetGitRevisionDescription.cmake.in" "${GIT_DATA}/grabRef.cmake" @ONLY) + include("${GIT_DATA}/grabRef.cmake") - set(${_refspecvar} "${HEAD_REF}" PARENT_SCOPE) - set(${_hashvar} "${HEAD_HASH}" PARENT_SCOPE) + set(${_refspecvar} + "${HEAD_REF}" + PARENT_SCOPE) + set(${_hashvar} + "${HEAD_HASH}" + PARENT_SCOPE) endfunction() function(git_describe _var) - if(NOT GIT_FOUND) - find_package(Git QUIET) - endif() - get_git_head_revision(refspec hash) - if(NOT GIT_FOUND) - set(${_var} "GIT-NOTFOUND" PARENT_SCOPE) - return() - endif() - if(NOT hash) - set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE) - return() - endif() + if(NOT GIT_FOUND) + find_package(Git QUIET) + endif() + get_git_head_revision(refspec hash) + if(NOT GIT_FOUND) + set(${_var} + "GIT-NOTFOUND" + PARENT_SCOPE) + return() + endif() + if(NOT hash) + set(${_var} + "HEAD-HASH-NOTFOUND" + PARENT_SCOPE) + return() + endif() - # TODO sanitize - #if((${ARGN}" MATCHES "&&") OR - # (ARGN MATCHES "||") OR - # (ARGN MATCHES "\\;")) - # message("Please report the following error to the project!") - # message(FATAL_ERROR "Looks like someone's doing something nefarious with git_describe! Passed arguments ${ARGN}") - #endif() + # TODO sanitize if((${ARGN}" MATCHES "&&") OR (ARGN MATCHES "||") OR (ARGN MATCHES "\\;")) message("Please report the + # following error to the project!") message(FATAL_ERROR "Looks like someone's doing something nefarious with + # git_describe! Passed arguments ${ARGN}") endif() - # message(STATUS "Arguments to execute_process: ${ARGN}") + # message(STATUS "Arguments to execute_process: ${ARGN}") - execute_process(COMMAND - "${GIT_EXECUTABLE}" - describe - ${hash} - ${ARGN} - WORKING_DIRECTORY - "${CMAKE_CURRENT_SOURCE_DIR}" - RESULT_VARIABLE - res - OUTPUT_VARIABLE - out - ERROR_QUIET - OUTPUT_STRIP_TRAILING_WHITESPACE) - if(NOT res EQUAL 0) - set(out "${out}-${res}-NOTFOUND") - endif() + execute_process( + COMMAND "${GIT_EXECUTABLE}" describe ${hash} ${ARGN} + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + RESULT_VARIABLE res + OUTPUT_VARIABLE out + ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE) + if(NOT res EQUAL 0) + set(out "${out}-${res}-NOTFOUND") + endif() - set(${_var} "${out}" PARENT_SCOPE) + set(${_var} + "${out}" + PARENT_SCOPE) endfunction() function(git_get_exact_tag _var) - git_describe(out --exact-match ${ARGN}) - set(${_var} "${out}" PARENT_SCOPE) + git_describe(out --exact-match ${ARGN}) + set(${_var} + "${out}" + PARENT_SCOPE) endfunction() function(git_local_changes _var) - if(NOT GIT_FOUND) - find_package(Git QUIET) - endif() - get_git_head_revision(refspec hash) - if(NOT GIT_FOUND) - set(${_var} "GIT-NOTFOUND" PARENT_SCOPE) - return() - endif() - if(NOT hash) - set(${_var} "HEAD-HASH-NOTFOUND" PARENT_SCOPE) - return() - endif() + if(NOT GIT_FOUND) + find_package(Git QUIET) + endif() + get_git_head_revision(refspec hash) + if(NOT GIT_FOUND) + set(${_var} + "GIT-NOTFOUND" + PARENT_SCOPE) + return() + endif() + if(NOT hash) + set(${_var} + "HEAD-HASH-NOTFOUND" + PARENT_SCOPE) + return() + endif() - execute_process(COMMAND - "${GIT_EXECUTABLE}" - diff-index --quiet HEAD -- - WORKING_DIRECTORY - "${CMAKE_CURRENT_SOURCE_DIR}" - RESULT_VARIABLE - res - OUTPUT_VARIABLE - out - ERROR_QUIET - OUTPUT_STRIP_TRAILING_WHITESPACE) - if(res EQUAL 0) - set(${_var} "CLEAN" PARENT_SCOPE) - else() - set(${_var} "DIRTY" PARENT_SCOPE) - endif() -endfunction() \ No newline at end of file + execute_process( + COMMAND "${GIT_EXECUTABLE}" diff-index --quiet HEAD -- + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + RESULT_VARIABLE res + OUTPUT_VARIABLE out + ERROR_QUIET OUTPUT_STRIP_TRAILING_WHITESPACE) + if(res EQUAL 0) + set(${_var} + "CLEAN" + PARENT_SCOPE) + else() + set(${_var} + "DIRTY" + PARENT_SCOPE) + endif() +endfunction() diff --git a/cmake/modules/cURL.cmake b/cmake/modules/cURL.cmake new file mode 100644 index 00000000000..a7a7807b263 --- /dev/null +++ b/cmake/modules/cURL.cmake @@ -0,0 +1,73 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +if(NOT USE_BUNDLED_DEPS) + find_package(CURL REQUIRED) + message(STATUS "Found CURL: include: ${CURL_INCLUDE_DIR}, lib: ${CURL_LIBRARIES}") +else() + set(CURL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/curl-prefix/src/curl") + set(CURL_INCLUDE_DIR "${CURL_BUNDLE_DIR}/include/") + set(CURL_LIBRARIES "${CURL_BUNDLE_DIR}/lib/.libs/libcurl.a") + set(CURL_SSL_OPTION "--with-ssl") + message(STATUS "Using bundled curl in '${CURL_BUNDLE_DIR}'") + + ExternalProject_Add( + curl + # START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007 + URL "https://s3.amazonaws.com/download.draios.com/dependencies/curl-7.61.0.tar.bz2" + URL_MD5 "31d0a9f48dc796a7db351898a1e5058a" + # END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007 + CONFIGURE_COMMAND + ./configure + ${CURL_SSL_OPTION} + --disable-shared + --enable-optimize + --disable-curldebug + --disable-rt + --enable-http + --disable-ftp + --disable-file + --disable-ldap + --disable-ldaps + --disable-rtsp + --disable-telnet + --disable-tftp + --disable-pop3 + --disable-imap + --disable-smb + --disable-smtp + --disable-gopher + --disable-sspi + --disable-ntlm-wb + --disable-tls-srp + --without-winssl + --without-darwinssl + --without-polarssl + --without-cyassl + --without-nss + --without-axtls + --without-ca-path + --without-ca-bundle + --without-libmetalink + --without-librtmp + --without-winidn + --without-libidn2 + --without-libpsl + --without-nghttp2 + --without-libssh2 + --disable-threaded-resolver + --without-brotli + BUILD_COMMAND ${CMD_MAKE} + BUILD_IN_SOURCE 1 + INSTALL_COMMAND "") +endif() diff --git a/cmake/modules/gRPC.cmake b/cmake/modules/gRPC.cmake new file mode 100644 index 00000000000..7b1bd871dde --- /dev/null +++ b/cmake/modules/gRPC.cmake @@ -0,0 +1,114 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +if(NOT USE_BUNDLED_DEPS) + # zlib + include(FindZLIB) + set(ZLIB_INCLUDE "${ZLIB_INCLUDE_DIRS}") + set(ZLIB_LIB "${ZLIB_LIBRARIES}") + + if(ZLIB_INCLUDE AND ZLIB_LIB) + message(STATUS "Found zlib: include: ${ZLIB_INCLUDE}, lib: ${ZLIB_LIB}") + endif() + + # c-ares + find_path(CARES_INCLUDE NAMES ares.h) + find_library(CARES_LIB NAMES libcares.so) + if(CARES_INCLUDE AND CARES_LIB) + message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}") + else() + message(FATAL_ERROR "Couldn't find system c-ares") + endif() + + # protobuf + find_program(PROTOC NAMES protoc) + find_path(PROTOBUF_INCLUDE NAMES google/protobuf/message.h) + find_library(PROTOBUF_LIB NAMES libprotobuf.so) + if(PROTOC + AND PROTOBUF_INCLUDE + AND PROTOBUF_LIB) + message(STATUS "Found protobuf: compiler: ${PROTOC}, include: ${PROTOBUF_INCLUDE}, lib: ${PROTOBUF_LIB}") + else() + message(FATAL_ERROR "Couldn't find system protobuf") + endif() + + # gRPC todo(fntlnz, leodido): check that gRPC version is greater or equal than 1.8.0 + find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h) + if(GRPCXX_INCLUDE) + set(GRPC_INCLUDE ${GRPCXX_INCLUDE}) + else() + find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h) + set(GRPC_INCLUDE ${GRPCPP_INCLUDE}) + add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1) + endif() + find_library(GRPC_LIB NAMES grpc) + find_library(GRPCPP_LIB NAMES grpc++) + if(GRPC_INCLUDE + AND GRPC_LIB + AND GRPCPP_LIB) + message(STATUS "Found grpc: include: ${GRPC_INCLUDE}, C lib: ${GRPC_LIB}, C++ lib: ${GRPCPP_LIB}") + else() + message(FATAL_ERROR "Couldn't find system grpc") + endif() + find_program(GRPC_CPP_PLUGIN grpc_cpp_plugin) + if(NOT GRPC_CPP_PLUGIN) + message(FATAL_ERROR "System grpc_cpp_plugin not found") + endif() + +else() + set(GRPC_SRC "${PROJECT_BINARY_DIR}/grpc-prefix/src/grpc") + set(GRPC_INCLUDE "${GRPC_SRC}/include") + set(GRPC_LIBS_ABSOLUTE "${GRPC_SRC}/libs/opt") + set(GRPC_LIB "${GRPC_LIBS_ABSOLUTE}/libgrpc.a") + set(GRPCPP_LIB "${GRPC_LIBS_ABSOLUTE}/libgrpc++.a") + set(GRPC_CPP_PLUGIN "${GRPC_SRC}/bins/opt/grpc_cpp_plugin") + + # we tell gRPC to compile protobuf for us because when a gRPC package is not available, like on CentOS, it's very + # likely that protobuf will be very outdated + set(PROTOBUF_INCLUDE "${GRPC_SRC}/third_party/protobuf/src") + set(PROTOC "${PROTOBUF_INCLUDE}/protoc") + set(PROTOBUF_LIB "${GRPC_LIBS_ABSOLUTE}/protobuf/libprotobuf.a") + # we tell gRPC to compile zlib for us because when a gRPC package is not available, like on CentOS, it's very likely + # that zlib will be very outdated + set(ZLIB_INCLUDE "${GRPC_SRC}/third_party/zlib") + set(ZLIB_LIB "${GRPC_LIBS_ABSOLUTE}/libz.a") + + message(STATUS "Using bundled gRPC in '${GRPC_SRC}'") + message( + STATUS + "Bundled gRPC comes with ---> protobuf: compiler: ${PROTOC}, include: ${PROTOBUF_INCLUDE}, lib: ${PROTOBUF_LIB}") + message(STATUS "Bundled gRPC comes with ---> zlib: include: ${ZLIB_INCLUDE}, lib: ${ZLIB_LIB}}") + message(STATUS "Bundled gRPC comes with ---> gRPC cpp plugin: include: ${GRPC_CPP_PLUGIN}") + + get_filename_component(PROTOC_DIR ${PROTOC} PATH) + + ExternalProject_Add( + grpc + GIT_REPOSITORY https://github.com/grpc/grpc.git + GIT_TAG v1.26.0 + GIT_SUBMODULES "third_party/protobuf third_party/zlib third_party/cares/cares" + BUILD_IN_SOURCE 1 + BUILD_BYPRODUCTS ${GRPC_LIB} ${GRPCPP_LIB} + INSTALL_COMMAND "" + CONFIGURE_COMMAND "" + BUILD_COMMAND + CFLAGS=-Wno-implicit-fallthrough + HAS_SYSTEM_ZLIB=false + HAS_SYSTEM_PROTOBUF=false + HAS_SYSTEM_CARES=false + PATH=${PROTOC_DIR}:$ENV{PATH} + make + static_cxx + static_c + grpc_cpp_plugin) +endif() diff --git a/cmake/modules/jq.cmake b/cmake/modules/jq.cmake new file mode 100644 index 00000000000..a3ee56d90c8 --- /dev/null +++ b/cmake/modules/jq.cmake @@ -0,0 +1,35 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# +if(NOT USE_BUNDLED_DEPS) + find_path(JQ_INCLUDE jq.h PATH_SUFFIXES jq) + find_library(JQ_LIB NAMES jq) + if(JQ_INCLUDE AND JQ_LIB) + message(STATUS "Found jq: include: ${JQ_INCLUDE}, lib: ${JQ_LIB}") + else() + message(FATAL_ERROR "Couldn't find system jq") + endif() +else() + set(JQ_SRC "${PROJECT_BINARY_DIR}/jq-prefix/src/jq") + message(STATUS "Using bundled jq in '${JQ_SRC}'") + set(JQ_INCLUDE "${JQ_SRC}") + set(JQ_LIB "${JQ_SRC}/.libs/libjq.a") + ExternalProject_Add( + jq + URL "https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz" + URL_MD5 "0933532b086bd8b6a41c1b162b1731f9" + CONFIGURE_COMMAND ./configure --disable-maintainer-mode --enable-all-static --disable-dependency-tracking + BUILD_COMMAND ${CMD_MAKE} LDFLAGS=-all-static + BUILD_IN_SOURCE 1 + PATCH_COMMAND curl -L https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.patch | patch + INSTALL_COMMAND "") +endif() diff --git a/cmake/modules/sysdig-repo/CMakeLists.txt b/cmake/modules/sysdig-repo/CMakeLists.txt new file mode 100644 index 00000000000..bfa0c49ee9f --- /dev/null +++ b/cmake/modules/sysdig-repo/CMakeLists.txt @@ -0,0 +1,35 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# +cmake_minimum_required(VERSION 3.5.1) + +project(sysdig-repo NONE) + +include(ExternalProject) + +# The sysdig git reference (branch name, commit hash, or tag) + +# set(SYSDIG_VERSION falco/${FALCO_VERSION_MAJOR}.${FALCO_VERSION_MINOR}.${FALCO_VERSION_PATCH}") + +# todo(leodido, fntlnz) > use this line above when FALCO_VERSION variable is ok (PR 872) +if(NOT SYSDIG_VERSION) + set(SYSDIG_VERSION "dev") +endif() + +ExternalProject_Add( + sysdig + URL "https://github.com/draios/sysdig/archive/${SYSDIG_VERSION}.tar.gz" + # URL_HASH SHA256=bd09607aa8beb863db07e695863f7dc543e2d39e7153005759d26a340ff66fa5 + CONFIGURE_COMMAND "" + BUILD_COMMAND "" + INSTALL_COMMAND "" + TEST_COMMAND "") diff --git a/cmake/modules/sysdig.cmake b/cmake/modules/sysdig.cmake new file mode 100644 index 00000000000..43fb131dc7e --- /dev/null +++ b/cmake/modules/sysdig.cmake @@ -0,0 +1,48 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# + +set(SYSDIG_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/sysdig-repo") +set(SYSDIG_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/sysdig-repo") + +file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR}) +# cd /path/to/build && cmake /path/to/source +execute_process(COMMAND "${CMAKE_COMMAND}" ${SYSDIG_CMAKE_SOURCE_DIR} WORKING_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR}) + +# todo(leodido, fntlnz) > use the following one when CMake version will be >= 3.13 + +# execute_process(COMMAND "${CMAKE_COMMAND}" -B ${SYSDIG_CMAKE_WORKING_DIR} WORKING_DIRECTORY +# "${SYSDIG_CMAKE_SOURCE_DIR}") + +execute_process(COMMAND "${CMAKE_COMMAND}" --build . WORKING_DIRECTORY "${SYSDIG_CMAKE_WORKING_DIR}") +set(SYSDIG_SOURCE_DIR "${SYSDIG_CMAKE_WORKING_DIR}/sysdig-prefix/src/sysdig") + +# jsoncpp +set(JSONCPP_SRC "${SYSDIG_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp") +set(JSONCPP_INCLUDE "${JSONCPP_SRC}") +set(JSONCPP_LIB_SRC "${JSONCPP_SRC}/jsoncpp.cpp") + +# Add driver directory +add_subdirectory("${SYSDIG_SOURCE_DIR}/driver" "${PROJECT_BINARY_DIR}/driver") + +# Add libscap directory +add_definitions(-D_GNU_SOURCE) +add_definitions(-DHAS_CAPTURE) +add_subdirectory("${SYSDIG_SOURCE_DIR}/userspace/libscap" "${PROJECT_BINARY_DIR}/userspace/libscap") + +# Add libsinsp directory +add_subdirectory("${SYSDIG_SOURCE_DIR}/userspace/libsinsp" "${PROJECT_BINARY_DIR}/userspace/libsinsp") +add_dependencies(sinsp tbb b64 luajit) + +if(USE_BUNDLED_DEPS) + add_dependencies(scap grpc curl jq) +endif() diff --git a/cmake/modules/yaml-cpp.cmake b/cmake/modules/yaml-cpp.cmake new file mode 100644 index 00000000000..50326b1a6eb --- /dev/null +++ b/cmake/modules/yaml-cpp.cmake @@ -0,0 +1,32 @@ +# +# Copyright (C) 2019 The Falco Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the +# specific language governing permissions and limitations under the License. +# +if(NOT USE_BUNDLED_DEPS) + find_path(YAMLCPP_INCLUDE_DIR NAMES yaml-cpp/yaml.h) + find_library(YAMLCPP_LIB NAMES yaml-cpp) + if(YAMLCPP_INCLUDE_DIR AND YAMLCPP_LIB) + message(STATUS "Found yamlcpp: include: ${YAMLCPP_INCLUDE_DIR}, lib: ${YAMLCPP_LIB}") + else() + message(FATAL_ERROR "Couldn't find system yamlcpp") + endif() +else() + set(YAMLCPP_SRC "${PROJECT_BINARY_DIR}/yamlcpp-prefix/src/yamlcpp") + message(STATUS "Using bundled yaml-cpp in '${YAMLCPP_SRC}'") + set(YAMLCPP_LIB "${YAMLCPP_SRC}/libyaml-cpp.a") + set(YAMLCPP_INCLUDE_DIR "${YAMLCPP_SRC}/include") + ExternalProject_Add( + yamlcpp + URL "https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.2.tar.gz" + URL_MD5 "5b943e9af0060d0811148b037449ef82" + BUILD_IN_SOURCE 1 + INSTALL_COMMAND "") +endif() diff --git a/cmake/patch/grpc-1.25.0-Makefile.patch b/cmake/patch/grpc-1.25.0-Makefile.patch deleted file mode 100644 index ba541dc6093..00000000000 --- a/cmake/patch/grpc-1.25.0-Makefile.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/Makefile b/Makefile -index 8fd7044dd9..428da4c6c5 100644 ---- a/Makefile -+++ b/Makefile -@@ -852,6 +852,7 @@ ifneq ($(LDFLAGS_PROTOBUF_PKG_CONFIG),) - LDFLAGS_PROTOBUF_PKG_CONFIG += $(shell $(PKG_CONFIG) --libs-only-L protobuf | sed s/L/Wl,-rpath,/) - endif - endif -+LDFLAGS := $(LDFLAGS_PROTOBUF_PKG_CONFIG) $(LDFLAGS) - else - PC_LIBS_GRPCXX = -lprotobuf - endif -diff --git a/templates/Makefile.template b/templates/Makefile.template -index 8063bd4771..eac629d1c7 100644 ---- a/templates/Makefile.template -+++ b/templates/Makefile.template -@@ -749,6 +749,7 @@ - LDFLAGS_PROTOBUF_PKG_CONFIG += $(shell $(PKG_CONFIG) --libs-only-L protobuf | sed s/L/Wl,-rpath,/) - endif - endif -+ LDFLAGS := $(LDFLAGS_PROTOBUF_PKG_CONFIG) $(LDFLAGS) - else - PC_LIBS_GRPCXX = -lprotobuf - endif diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile index e67fc8420da..c4e78cb7b79 100644 --- a/docker/builder/Dockerfile +++ b/docker/builder/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:7 +FROM centos:8 LABEL name="falcosecurity/falco-builder" LABEL usage="docker run -v $PWD/..:/source -v $PWD/build:/build falcosecurity/falco-builder cmake" @@ -18,32 +18,12 @@ ENV BUILD_WARNINGS_AS_ERRORS=${BUILD_WARNINGS_AS_ERRORS} ENV MAKE_JOBS=${MAKE_JOBS} ENV FALCO_VERSION=${FALCO_VERSION} -ARG DOCKER_VERSION=1.11.0 -ARG CMAKE_VERSION=3.5.0 - -RUN yum -y install centos-release-scl && \ - INSTALL_PKGS="devtoolset-7-gcc devtoolset-7-gcc-c++ devtoolset-7-toolchain devtoolset-7-libstdc++-devel devtoolset-7-elfutils-libelf-devel llvm-toolset-7 glibc-static autoconf automake libtool createrepo expect git which libcurl-devel zlib-devel rpm-build" && \ - yum -y install --setopt=tsflags=nodocs $INSTALL_PKGS && \ - rpm -V $INSTALL_PKGS - -RUN source scl_source enable devtoolset-7 llvm-toolset-7 && \ - cd /tmp && \ - curl -L https://github.com/kitware/cmake/releases/download/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.tar.gz | tar xz; \ - cd cmake-${CMAKE_VERSION} && \ - ./bootstrap --system-curl && \ - make -j${MAKE_JOBS} && \ - make install && \ - rm -rf /tmp/cmake-${CMAKE_VERSION} - -# fixme: deps needs a fix into CMakeLists.txt -RUN yum -y install libyaml-devel && yum clean all -y +RUN dnf update -y +RUN dnf install 'dnf-command(config-manager)' -y +RUN dnf config-manager --set-enabled PowerTools -y +RUN dnf install -y gcc gcc-c++ clang llvm git make which libcurl-devel zlib-devel rpm-build libyaml-devel openssl-devel cmake ncurses-devel c-ares-devel autoconf automake libtool createrepo expect which glibc-static libstdc++-static elfutils-libelf-devel -y COPY ./root / -# DTS -ENV BASH_ENV=/usr/bin/scl_enable \ - ENV=/usr/bin/scl_enable \ - PROMPT_COMMAND=". /usr/bin/scl_enable" - ENTRYPOINT ["entrypoint"] CMD ["usage"] diff --git a/docker/builder/root/usr/bin/entrypoint b/docker/builder/root/usr/bin/entrypoint index 17ab050900a..f930ecdacbb 100755 --- a/docker/builder/root/usr/bin/entrypoint +++ b/docker/builder/root/usr/bin/entrypoint @@ -21,11 +21,7 @@ esac case "$CMD" in "cmake") - # Check that source directory contains Falco and sysdig - if [ ! -d "$SOURCE_DIR/sysdig" ]; then - echo "Missing sysdig source." >&2 - exit 1 - fi + # Check that source directory contains Falco if [ ! -d "$SOURCE_DIR/falco" ]; then echo "Missing falco source." >&2 exit 1 @@ -42,6 +38,8 @@ case "$CMD" in -DBUILD_WARNINGS_AS_ERRORS="$BUILD_WARNINGS_AS_ERRORS" \ -DFALCO_VERSION="$FALCO_VERSION" \ -DDRAIOS_DEBUG_FLAGS="$DRAIOS_DEBUG_FLAGS" \ + -DUSE_BUNDLED_DEPS=ON \ + -DUSE_BUNDLED_OPENSSL=OFF \ "$SOURCE_DIR/falco" exit "$(printf '%d\n' $?)" ;; diff --git a/docker/builder/root/usr/bin/scl_enable b/docker/builder/root/usr/bin/scl_enable deleted file mode 100755 index d196c3d5353..00000000000 --- a/docker/builder/root/usr/bin/scl_enable +++ /dev/null @@ -1,6 +0,0 @@ -# IMPORTANT: Do not add more content to this file unless you know what you are doing. -# This file is sourced everytime the shell session is opened. -# -# This will make scl collection binaries work out of box. -unset BASH_ENV PROMPT_COMMAND ENV -source scl_source enable devtoolset-7 llvm-toolset-7 diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile index d5936707ab6..0b334b546ab 100644 --- a/docker/local/Dockerfile +++ b/docker/local/Dockerfile @@ -28,6 +28,7 @@ RUN apt-get update \ jq \ libc6-dev \ libelf-dev \ + libyaml-0-2 \ llvm-7 \ netcat \ xz-utils \ diff --git a/docker/tester/Dockerfile b/docker/tester/Dockerfile index 284209533f7..7d64c85f94d 100644 --- a/docker/tester/Dockerfile +++ b/docker/tester/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:28 +FROM fedora:31 LABEL name="falcosecurity/falco-tester" LABEL usage="docker run -v /boot:/boot:ro -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/..:/source -v $PWD/build:/build -e FALCO_VERSION= --name falcosecurity/falco-tester test" @@ -7,10 +7,12 @@ LABEL maintainer="opensource@sysdig.com" ENV FALCO_VERSION= ENV BUILD_TYPE=release -RUN curl https://avocado-project.org/data/repos/avocado-fedora.repo -o /etc/yum.repos.d/avocado.repo && \ - dnf install -y docker findutils jq unzip python2-avocado python2-avocado-plugins-varianter-yaml-to-mux && dnf clean all +RUN dnf install -y python2-pip python2 docker findutils jq unzip && dnf clean all +ENV PATH="/root/.local/bin/:${PATH}" +RUN pip2 install --user avocado-framework==69.0 +RUN pip2 install --user avocado-framework-plugin-varianter-yaml-to-mux==69.0 COPY ./root / ENTRYPOINT ["entrypoint"] -CMD ["usage"] \ No newline at end of file +CMD ["usage"] diff --git a/docker/tester/root/usr/bin/entrypoint b/docker/tester/root/usr/bin/entrypoint index daab479cb13..ad3cfb24ddc 100755 --- a/docker/tester/root/usr/bin/entrypoint +++ b/docker/tester/root/usr/bin/entrypoint @@ -24,7 +24,11 @@ case "$CMD" in exit 1 fi if [ -z "$FALCO_VERSION" ]; then - echo "Missing Falco version." >&2 + echo "Automatically figuring out Falco version." + FALCO_VERSION=$($BUILD_DIR/$BUILD_TYPE/userspace/falco/falco --version | cut -d' ' -f3 | tr -d '\r') + fi + if [ -z "$FALCO_VERSION" ]; then + echo "Falco version cannot be guessed, please provide it with the FALCO_VERSION environment variable." >&2 exit 1 fi PACKAGE="$BUILD_DIR/$BUILD_TYPE/falco-$FALCO_VERSION-x86_64.deb" @@ -45,7 +49,7 @@ case "$CMD" in fi echo "Running regression tests ..." cd $SOURCE_DIR/falco/test - bash run_regression_tests.sh $BUILD_DIR/$BUILD_TYPE + ./run_regression_tests.sh $BUILD_DIR/$BUILD_TYPE docker rmi "$DOCKER_IMAGE_NAME" || true ;; "bash") @@ -54,4 +58,4 @@ case "$CMD" in "usage") exec "$CMD" "$@" ;; -esac \ No newline at end of file +esac diff --git a/docker/tester/root/usr/bin/usage b/docker/tester/root/usr/bin/usage index 96527ad056c..c3d0c448b42 100755 --- a/docker/tester/root/usr/bin/usage +++ b/docker/tester/root/usr/bin/usage @@ -1,9 +1,9 @@ #!/usr/bin/env bash -pythonversion=$(python -c 'import sys; version=sys.version_info[:3]; print("{0}.{1}.{2}".format(*version))') -pipversion=$(pip --version | cut -d' ' -f 1,2,5,6) +pythonversion=$(python2 -c 'import sys; version=sys.version_info[:3]; print("{0}.{1}.{2}".format(*version))') +pipversion=$(pip2 --version | cut -d' ' -f 1,2,5,6) dockerversion=$(docker --version) -avocadoversion=$(pip show avocado-framework | grep Version) +avocadoversion=$(pip2 show avocado-framework | grep Version) avocadoversion=${avocadoversion#"Version: "} cat < /dev/null 2>&1; then echo "No openssl command at ${OPENSSL}"