-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide infrastructure to migrate legacy analyzers to Spicy inside the Zeek tree. #2651
Conversation
a5e8e2f
to
be93d57
Compare
Hey - I've tried to build branch locally and am running into an issue:
This seems like it should be something local, but I did the recursive submodule update and otherwise usual build.l
|
Okay: I've had an existing installation in That seems slightly surprising (when compared to |
Ack, I'll look into that. |
c774ad8
to
9d0ab62
Compare
This is ready, but I'll start the merge process with the subprojects and will file a few individual PRs there to get their pieces in place first. Once that's all in, I'll turn the main Zeek PR to ready for review. |
a58509c
to
4b3f93c
Compare
This is ready for review. |
Before going into the details I wanted to check whether it supports all the use cases we wanted (not all tested in CI). We need to be able to build against an externally installed Spicy (shared or static) and/or against a different version of the plugin, configured with The migration of the Finger analyzer looks okay to me, but CI for that currently hinges on us never making the different sanitizer CI jobs use Spicy (they are currently |
Mostly FWIW: I could see us removing The
I don't think there's actual infra, but I might be missing a bit what you're referring to. |
Arne:
Agree with that.
Actually, I'd prefer for that to go, too. We have such a proliferation of Zeek/Spicy/Plugin versions and ways to install them, it's hard to keep that all working in all combinations. In particular, having one extern but the other not, feels like we could skip. We do have
|
Benjamin:
Yep, I noticed that too: looks like we should have a dedicated (non-sanitizer) CI run with |
Hmm, cringing a bit, but if it pains you too much I'll adapt or use more ccache magic. Other thought is that bundling dependencies isn't great for distributions (some packaging guidelines suggest to submit upstream patches to allow for external dependencies), but we're probably far from that and Zeek/Spicy are rather closely coupled so that whatever a distribution ships may not actually work with the latest Zeek version anyway (or analyzers). As of spicy-plugin: There's another thought to go even further: In the scenario that one passes Sorry for all the text, I'll try to look, run this tomorrow 🤞 |
I gave it a cursory glance and it all looks ok to me. My only question is whether we have a plan to deprecate/eventually remove the "legacy" version of the analyzer. Given that we're always building with spicy by default, how long should we expect the old version to live on? Along those same lines, should there be some sort of warning during configure if there are in-tree spicy plugins, but you've disabled spicy? |
Ok, let's do this: For now, I'll try to get the options back to working so that we don't need to make this call right now; I think I see what broken them. But longer term, we probably still want to think about what combinations we want to keep supporting. |
Something to talk about, but my take is that at some point we should stop supporting running without Spicy at all (i.e., remove
Sure, I'll add something. |
Updated this with (1) supporting external Spicy/plugin versions again (tested in all combinations on macOS), and (2) add warnings about legacy/missing analyzers without Spicy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the Spicy and CMake side this looks okay to me, only left trivial issues.
testing/btest/scripts/base/frameworks/logging/field-extension-invalid.zeek
Outdated
Show resolved
Hide resolved
c150fec
to
0ab0ac0
Compare
I'd agree with removing |
Is that even with |
0ab0ac0
to
e20cef6
Compare
e20cef6
to
d9d3518
Compare
As initial examples, this branch ports the Syslog and Finger analyzers over. We leave the old analyzers in place for now and activate them iff we compile without any Spicy. Needs `zeek-spicy-infra` branches in `spicy/`, `spicy-plugin/`, `CMake/`, and `zeek/zeek-testing-private`. Note that the analyzer events remain associated with the Spicy plugin for now: that's where they will show up with `-NN`, and also inside the Zeekygen documentation. We switch CMake over to linking the runtime library into the plugin, vs. at the top-level through object libraries.
This should work now. It affects only the toolchain libraries `libhilti`/`libspicy`. the runtime libraries `libhilti-rt` and `libspicy-rt` are always built static (but they are small). Zeek itself doesn't link against the toolchain anymore now anyways, but a number of the Spicy tools do. Note, we have an issue with Broker I believe: it looks like it always overrides BUILD_SHARED_LIBS to `OFF` Addresses #2675.
d9d3518
to
2512fd1
Compare
As initial examples, this branch ports the Syslog and Finger analyzers
over. We leave the old analyzers in place for now and activate them
iff we compile without any Spicy.
Needs
zeek-spicy-infra
branches in zeek/spicy#1333, zeek/spicy-plugin#155, zeek/cmake#57, and https://github.com/zeek/zeek-testing-private/pull/11.