@@ -2076,6 +2076,7 @@ dist_patch_DATA = \
%D%/packages/patches/slim-login.patch \
%D%/packages/patches/slim-display.patch \
%D%/packages/patches/stex-copy-from-immutable-store.patch \
+ %D%/packages/patches/sysdig-shared-falcosecurity-libs.patch \
%D%/packages/patches/syslinux-gcc10.patch \
%D%/packages/patches/syslinux-strip-gnu-property.patch \
%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
@@ -114,6 +114,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages c)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cpp)
#:use-module (gnu packages crates-graphics)
#:use-module (gnu packages crates-io)
#:use-module (gnu packages crates-windows)
@@ -5722,6 +5723,63 @@ (define-public seatd
that require it.")
(license license:expat)))
+(define-public sysdig
+ ;; Use the latest commit for now, as the latest 0.36.1 release does not yet
+ ;; support the falcosecurity-libs 0.16 API.
+ (let ((commit "598ad292b659425e475e5814d9e92c3c29188480")
+ (revision "0"))
+ (package
+ (name "sysdig")
+ (version (git-version "0.36.1" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/draios/sysdig")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0yyins3rb286dfibadfwwp2gwmdj7fsz3pdkpdvx05yvdqfkqds7"))
+ (patches
+ (search-patches "sysdig-shared-falcosecurity-libs.patch"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:tests? #f ;no test suite
+ #:configure-flags
+ #~(list "-DUSE_BUNDLED_DEPS=OFF"
+ ;; Already built and part of falcosecurity-libs, but
+ ;; needed for the 'HAS_MODERN_BPF' define.
+ "-DBUILD_SYSDIG_MODERN_BPF=ON"
+ #$(string-append "-DSYSDIG_VERSION=" version))))
+ (native-inputs (list pkg-config))
+ (inputs
+ (list falcosecurity-libs
+ luajit
+ ncurses
+ nlohmann-json
+ yaml-cpp
+ zlib))
+ (home-page "https://github.com/draios/sysdig")
+ (synopsis "System exploration and troubleshooting tool")
+ (description "Sysdig is a simple tool for deep system visibility, with
+native support for containers. It combines features of multiple system
+administration tools such as the @command{strace}, @command{tcpdump},
+@command{htop}, @command{iftop} and @command{lsof} into a single interface.
+The novel architecture of the tool means that the performance impact of the
+tracing on the system is very light, compared to the likes of
+@command{strace}. The @command{sysdig} command has an interface similar to
+@command{strace}, while the @command{csysdig} command is better suited for
+interactive used, and has a user interface similar to @command{htop}.
+
+If you use Guix System, the kernel Linux has @acronym{BPF, Berkeley Packet
+Filter} support, and you should launch this tool using the @samp{--modern-bpf}
+argument of the @command{sysdig} or @command{csysdig} commands. The following
+Bash alias can be added to your @file{~/.bash_profile} file:
+
+sysdig=sysdig --modern-bpf alias cysdig=csysdig --modern-bpf
+") ;XXX no @example Texinfo support
+ (license license:asl2.0))))
+
(define-public fail2ban
(package
(name "fail2ban")
new file mode 100644
@@ -0,0 +1,71 @@
+Upstream status: https://github.com/draios/sysdig/pull/2093
+
+diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
+index 7cee8a3c4..dd59c1b32 100644
+--- a/cmake/modules/falcosecurity-libs.cmake
++++ b/cmake/modules/falcosecurity-libs.cmake
+@@ -16,6 +16,19 @@
+ # limitations under the License.
+ #
+
++option(USE_BUNDLED_FALCOSECURITY_LIBS "Enable building of the bundled falcosecurity libraries" ${USE_BUNDLED_DEPS})
++
++if(NOT USE_BUNDLED_FALCOSECURITY_LIBS)
++ find_package(PkgConfig REQUIRED)
++ pkg_check_modules(LIBSINSP REQUIRED IMPORTED_TARGET libsinsp)
++ message(STATUS "Found libsinsp:
++ include: ${LIBSINSP_INCLUDE_DIRS}
++ lib: ${LIBSINSP_LIBRARIES}
++ cflags: ${LIBSINSP_CFLAGS}")
++ return()
++endif()
++
++# else(): using bundled falcosecurity libs
+ set(FALCOSECURITY_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/falcosecurity-libs-repo")
+ set(FALCOSECURITY_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/falcosecurity-libs-repo")
+
+diff --git a/userspace/sysdig/CMakeLists.txt b/userspace/sysdig/CMakeLists.txt
+index 60f8072ad..86edfc91c 100644
+--- a/userspace/sysdig/CMakeLists.txt
++++ b/userspace/sysdig/CMakeLists.txt
+@@ -20,7 +20,6 @@ if(NOT WIN32)
+ include(ncurses)
+ endif() # NOT WIN32
+
+-include(zlib)
+ include(luajit)
+
+ include_directories("${PROJECT_BINARY_DIR}/userspace/sinspui")
+@@ -108,7 +107,7 @@ if(NOT WIN32)
+ include_directories(${PROJECT_BINARY_DIR}/driver/src)
+
+ target_link_libraries(sysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+
+@@ -117,7 +116,7 @@ if(NOT WIN32)
+ endif()
+
+ target_link_libraries(csysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${CURSES_LIBRARIES}"
+ "${YAMLCPP_LIB}")
+@@ -140,12 +139,12 @@ else()
+ add_definitions(-DNOCURSESUI)
+
+ target_link_libraries(sysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+
+ target_link_libraries(csysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+