@@ -1179,6 +1179,11 @@ dist_patch_DATA = \
%D%/packages/patches/fail2ban-python310-server-action.patch \
%D%/packages/patches/fail2ban-python310-server-actions.patch \
%D%/packages/patches/fail2ban-python310-server-jails.patch \
+ %D%/packages/patches/falcosecurity-libs-install-pman.patch \
+ %D%/packages/patches/falcosecurity-libs-libscap-pc.patch \
+ %D%/packages/patches/falcosecurity-libs-pkg-config.patch \
+ %D%/packages/patches/falcosecurity-libs-shared-library-fix.patch \
+ %D%/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch \
%D%/packages/patches/farstream-gupnp.patch \
%D%/packages/patches/farstream-make.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
@@ -100,6 +100,7 @@
(define-module (gnu packages linux)
#:use-module (gnu packages)
#:use-module (gnu packages acl)
+ #:use-module (gnu packages adns)
#:use-module (gnu packages admin)
#:use-module (gnu packages algebra)
#:use-module (gnu packages apparmor)
@@ -114,10 +115,12 @@ (define-module (gnu packages linux)
#:use-module (gnu packages calendar)
#:use-module (gnu packages check)
#:use-module (gnu packages cpio)
+ #:use-module (gnu packages cpp)
#:use-module (gnu packages crates-io)
#:use-module (gnu packages crypto)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages curl)
#:use-module (gnu packages databases)
#:use-module (gnu packages datastructures)
#:use-module (gnu packages dbm)
@@ -166,11 +169,14 @@ (define-module (gnu packages linux)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
+ #:use-module (gnu packages protobuf)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
#:use-module (gnu packages readline)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages rpc)
#:use-module (gnu packages rrdtool)
#:use-module (gnu packages rsync)
#:use-module (gnu packages samba)
@@ -178,6 +184,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages serialization)
#:use-module (gnu packages slang)
#:use-module (gnu packages sqlite)
+ #:use-module (gnu packages tbb)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages textutils)
#:use-module (gnu packages tls)
@@ -9539,6 +9546,91 @@ (define-public fakechroot
(home-page "https://github.com/dex4er/fakechroot/")
(license license:lgpl2.1+))))
+(define-public falcosecurity-libs
+ (package
+ (name "falcosecurity-libs")
+ (version "0.16.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/falcosecurity/libs/")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1vzymzkfipb3bnjjd9m8ykzj0l94fm8mnpcxfm8mpxz3jbd8xnv9"))
+ (patches
+ (search-patches
+ "falcosecurity-libs-pkg-config.patch"
+ "falcosecurity-libs-install-pman.patch"
+ "falcosecurity-libs-libscap-pc.patch"
+ "falcosecurity-libs-shared-library-fix.patch"
+ "falcosecurity-libs-libsinsp-pkg-config.patch"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags
+ #~(list "-DUSE_BUNDLED_DEPS=OFF"
+ "-DBUILD_DRIVER=OFF"
+ "-DENABLE_DKMS=OFF"
+ "-DBUILD_LIBSCAP_MODERN_BPF=ON"
+ "-DSCAP_FILES_SUITE_ENABLE=OFF" ;attempts to download scap files
+ "-DBUILD_SHARED_LIBS=ON"
+ #$(string-append "-DFALCOSECURITY_LIBS_VERSION=" version))
+ ;; Only the libsinsp test suite is run, as the one for libscap requires
+ ;; elevated privileges.
+ #:test-target "run-unit-test-libsinsp"
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'disable-problematic-tests
+ (lambda _
+ (substitute* "userspace/libsinsp/test/user.ut.cpp"
+ ;; The 'system_lookup' test assumes a root user
+ ;; exists in the build environment.
+ (("TEST_F\\(usergroup_manager_test, system_lookup)")
+ "TEST_F(usergroup_manager_test, DISABLED_system_lookup)"))))
+ (add-after 'install 'delete-src
+ (lambda _
+ (delete-file-recursively
+ (string-append #$output "/src")))))))
+ (native-inputs (list bpftool
+ clang
+ googletest
+ pkg-config
+ valijson)) ;header-only library
+ (inputs
+ (list elfutils
+ libbpf
+ libelf))
+ (propagated-inputs
+ ;; The following inputs are in the 'Requires' field of libscap.pc and
+ ;; libsinp.pc.
+ (list c-ares
+ grpc
+ jsoncpp
+ openssl
+ protobuf
+ uthash ;included in libscap headers
+ zlib
+ ;; These are in the 'Requires.private' field of libscap.pc and
+ ;; libsinp.pc. They are required because the headers are installed
+ ;; to a non-standard directory, and thus need to be found via the
+ ;; 'Cflags' field, which in turn mandates that both the pkg-config
+ ;; modules listed in the 'Requires' and 'Requires.private' be
+ ;; available.
+ curl
+ re2
+ tbb))
+ (home-page "https://github.com/falcosecurity/libs/")
+ (synopsis "libscap and lisbinsp Falco security libraries")
+ (description "The Falco security libraries include @code{libsinsp} and
+@code{libscap}. @code{libscap} manages the data capture process, while
+@code{libsinsp} is a system inspection library that enriches events from
+@code{libscap} with machine state. @code{libsinsp} also performs events
+filtering with rule evaluation through its internal rule engine. These
+libraries are used by the @command{sysdig} command-line utility.")
+ (license license:asl2.0)))
+
(define-public inputattach
(package
(name "inputattach")
new file mode 100644
@@ -0,0 +1,14 @@
+Install the pman library and its header.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libpman/CMakeLists.txt b/userspace/libpman/CMakeLists.txt
+index da92e9f27..4b57365fe 100644
+--- a/userspace/libpman/CMakeLists.txt
++++ b/userspace/libpman/CMakeLists.txt
+@@ -58,3 +58,6 @@ endif()
+ if(USE_BUNDLED_LIBBPF)
+ add_dependencies(pman libbpf)
+ endif()
++
++install(TARGETS pman LIBRARY ARCHIVE FRAMEWORK)
++install(FILES include/libpman.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
new file mode 100644
@@ -0,0 +1,16 @@
+libscap: Guard against install_lib_link_libraries-NOTFOUND.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/cmake/modules/libscap.cmake b/cmake/modules/libscap.cmake
+index 81ad2d28d..8b6b4197e 100644
+--- a/cmake/modules/libscap.cmake
++++ b/cmake/modules/libscap.cmake
+@@ -95,7 +95,7 @@ foreach(libscap_install_lib ${LIBSCAP_INSTALL_LIBS})
+ list(APPEND libscap_link_libraries ${libscap_install_lib})
+ get_target_property(install_lib_link_libraries ${libscap_install_lib} LINK_LIBRARIES)
+ foreach (install_lib_link_library ${install_lib_link_libraries})
+- if (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets)
++ if (${install_lib_link_library} AND (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets))
+ if(${install_lib_link_library} MATCHES "/")
+ # We have a path. Convert it to -L<dir> + -l<lib>.
+ get_filename_component(scap_lib_dir ${install_lib_link_library} DIRECTORY)
new file mode 100644
@@ -0,0 +1,155 @@
+libsinsp: Refine pkg-config file generation.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index a379744f3..1d4b20056 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+@@ -6,5 +6,6 @@ Name: libscap
+ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+-Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
++Requires: zlib
++Libs: -L${libdir} -L{libdir}/@LIBS_PACKAGE_NAME@/libscap @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+ Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
+diff --git a/userspace/libsinsp/CMakeLists.txt b/userspace/libsinsp/CMakeLists.txt
+index 6104603e8..832f86067 100644
+--- a/userspace/libsinsp/CMakeLists.txt
++++ b/userspace/libsinsp/CMakeLists.txt
+@@ -169,13 +169,9 @@ target_link_libraries(sinsp
+ "${RE2_LIB}"
+ )
+
+-set(SINSP_PKGCONFIG_LIBRARIES
+- scap
+- "${ZLIB_LIB}"
+- "${CURL_LIBRARIES}"
+- "${JSONCPP_LIB}"
+- "${RE2_LIB}"
+-)
++set(SINSP_PKGCONFIG_LIBRARIES)
++set(SINSP_PKGCONFIG_REQUIRES jsoncpp)
++set(SINSP_PKGCONFIG_REQUIRES_PRIVATE libcurl re2)
+
+ if(NOT EMSCRIPTEN)
+ target_link_libraries(sinsp
+@@ -184,7 +180,8 @@ if(NOT EMSCRIPTEN)
+ PRIVATE
+ "${TBB_LIB}"
+ )
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${CARES_LIB}")
++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcares)
++ list(APPEND SINSP_PKGCONFIG_REQUIRES_PRIVATE tbb)
+ endif()
+
+ if(USE_BUNDLED_VALIJSON)
+@@ -248,14 +245,12 @@ if(NOT WIN32)
+ "${PROTOBUF_LIB}"
+ "${CARES_LIB}"
+ )
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES
+- "${GRPC_LIBRARIES}"
+- "${GRPCPP_LIB}"
+- "${GRPC_LIB}"
+- "${GPR_LIB}"
+- "${PROTOBUF_LIB}"
+- "${CARES_LIB}"
+- )
++ list(APPEND SINSP_PKGCONFIG_REQUIRES
++ gpr
++ grpc
++ grpc++
++ protobuf
++ libcares)
+
+ if(NOT MUSL_OPTIMIZED_BUILD)
+ target_link_libraries(sinsp INTERFACE rt anl)
+@@ -269,7 +264,7 @@ if(NOT WIN32)
+ endif() # NOT APPLE
+
+ target_link_libraries(sinsp INTERFACE "${OPENSSL_LIBRARIES}")
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${OPENSSL_LIBRARIES}")
++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcrypto libssl)
+
+ target_link_libraries(sinsp INTERFACE dl pthread)
+ list(APPEND SINSP_PKGCONFIG_LIBRARIES dl pthread)
+@@ -306,41 +301,17 @@ if(NOT DEFINED SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR)
+ endif()
+ add_definitions(-DSINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR="${SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR}")
+
+-# Build our pkg-config "Libs:" flags. For now, loop over SINSP_PKGCONFIG_LIBRARIES. If
+-# we ever start using pkg_search_module or pkg_check_modules in cmake/modules
+-# we could add each module to our "Requires:" line instead. We might need to
+-# expand this to use some of the techniques in
+-# https://github.com/curl/curl/blob/curl-7_84_0/CMakeLists.txt#L1539
+-set(SINSP_PKG_CONFIG_LIBS)
+-set(SINSP_PKG_CONFIG_LIBDIRS "")
+-foreach(sinsp_lib ${SINSP_PKGCONFIG_LIBRARIES})
+- if(${sinsp_lib} MATCHES "^-")
+- # We have a flag. Pass it through unchanged.
+- list(APPEND SINSP_PKG_CONFIG_LIBS ${sinsp_lib})
+- elseif(${sinsp_lib} MATCHES "/")
+- # We have a path. Convert it to -L<dir> + -l<lib>.
+- get_filename_component(sinsp_lib_dir ${sinsp_lib} DIRECTORY)
+- list(APPEND SINSP_PKG_CONFIG_LIBDIRS -L${sinsp_lib_dir})
+- get_filename_component(sinsp_lib_base ${sinsp_lib} NAME_WE)
+- string(REGEX REPLACE "^lib" "" sinsp_lib_base ${sinsp_lib_base})
+- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib_base})
+- elseif(${sinsp_lib} STREQUAL "scap")
+- # We require libscap.pc, so skip it.
+- else()
+- # Assume we have a plain library name. Prefix it with "-l".
+- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib})
+- endif()
+-endforeach()
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_LIBRARIES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES_PRIVATE)
+
+-# Build our pkg-config "Cflags:" flags.
+-set(SINSP_PKG_CONFIG_INCLUDES "")
+-foreach(sinsp_include_directory ${LIBSINSP_INCLUDE_DIRS})
+- list(APPEND SINSP_PKG_CONFIG_INCLUDES -I${sinsp_include_directory})
++set(SINSP_LINK_FLAGS)
++foreach(sinsp_link_library ${SINSP_PKGCONFIG_LIBRARIES})
++ list(APPEND SINSP_LINK_FLAGS "-l${sinsp_link_library}")
+ endforeach()
+
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBS "${SINSP_PKG_CONFIG_LIBS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_LIBDIRS)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBDIRS "${SINSP_PKG_CONFIG_LIBDIRS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_INCLUDES)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_INCLUDES "${SINSP_PKG_CONFIG_INCLUDES}")
++string(REPLACE ";" " " LIBSINSP_LINK_FLAGS "${SINSP_LINK_FLAGS}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES "${SINSP_PKGCONFIG_REQUIRES}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES_PRIVATE "${SINSP_PKGCONFIG_REQUIRES_PRIVATE}")
++
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libsinsp.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libsinsp.pc @ONLY)
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index 9292e73ce..f20da76b3 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+@@ -6,6 +6,7 @@ Name: libsinsp
+ Description: lib for System INSPection
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+-Requires: libscap
+-Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@
++Requires: libscap @LIBSINSP_REQUIRES@
++Requires.private: @LIBSINSP_REQUIRES_PRIVATE@
++Libs: -L${libdir} -lsinsp @LIBSINSP_LINK_FLAGS@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
new file mode 100644
@@ -0,0 +1,23 @@
+userspace: Extend CFLAGS of libscap.pc and libsinsp.pc.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index 40b6e96ed..a379744f3 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -7,4 +7,4 @@ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+ Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index c1cc4a1e2..9292e73ce 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -8,4 +8,4 @@ Version: @FALCOSECURITY_LIBS_VERSION@
+
+ Requires: libscap
+ Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp @SINSP_PKG_CONFIG_INCLUDES@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@
new file mode 100644
@@ -0,0 +1,50 @@
+Fix shared library build.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt
+index 80229cc03..70c9ba65b 100644
+--- a/driver/CMakeLists.txt
++++ b/driver/CMakeLists.txt
+@@ -152,6 +152,11 @@ set(DRIVER_SOURCES
+ ppm_consumer.h
+ capture_macro.h
+ socketcall_to_syscall.h
++ syscall_compat_loongarch64.h
++ syscall_compat_ppc64le.h
++ syscall_compat_riscv64.h
++ syscall_compat_s390x.h
++ syscall_compat_x86_64.h
+ syscall_ia32_64_map.c
+ )
+
+diff --git a/test/libscap/CMakeLists.txt b/test/libscap/CMakeLists.txt
+index e88603ebd..fa26ba7ee 100644
+--- a/test/libscap/CMakeLists.txt
++++ b/test/libscap/CMakeLists.txt
+@@ -45,6 +45,7 @@ set(LIBSCAP_TESTS_LIBRARIES
+ "${GTEST_LIB}"
+ "${GTEST_MAIN_LIB}"
+ "${CMAKE_THREAD_LIBS_INIT}"
++ "${PROTOBUF_LIB}"
+ scap
+ )
+
+diff --git a/userspace/libscap/engine/gvisor/CMakeLists.txt b/userspace/libscap/engine/gvisor/CMakeLists.txt
+index 6dfbafb14..875847b5d 100644
+--- a/userspace/libscap/engine/gvisor/CMakeLists.txt
++++ b/userspace/libscap/engine/gvisor/CMakeLists.txt
+@@ -76,6 +76,14 @@ if (BUILD_SHARED_LIBS)
+ add_dependencies(scap_engine_gvisor_o uthash)
+ add_dependencies(scap scap_engine_gvisor_o)
+ target_sources(scap PRIVATE $<TARGET_OBJECTS:scap_engine_gvisor_o>)
++
++ target_include_directories(scap_engine_gvisor_o
++ PRIVATE
++ ${CMAKE_BINARY_DIR}
++ ${CMAKE_CURRENT_BINARY_DIR}
++ ${CMAKE_SOURCE_DIR}
++ ${CMAKE_SOURCE_DIR}/userspace
++ )
+ else()
+ add_library(scap_engine_gvisor
+ ${scap_engine_gvisor_sources}