github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-29 11:13:19 +00:00
Code Issues Projects Releases Wiki Activity

Support multiple URLs for DRIVERS_REPO environment variable (comma separated)

Browse Source 
Signed-off-by: Ian Robertson <ian.robertson@wpengine.com>
This commit is contained in:
Ian Robertson 2022-08-16 15:16:14 -05:00 committed by poiana
parent c40a216434
commit 8872f256f6
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
scripts/falco-driver-loader
View File

@ -235,7 +235,7 @@ load_kernel_module_download() {
get_target_id get_target_id
local FALCO_KERNEL_MODULE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko" local FALCO_KERNEL_MODULE_FILENAME="${DRIVER_NAME}_${TARGET_ID}_${KERNEL_RELEASE}_${KERNEL_VERSION}.ko"
local URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${ARCH}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g) local URL=$(echo "${1}/${DRIVER_VERSION}/${ARCH}/${FALCO_KERNEL_MODULE_FILENAME}" | sed s/+/%2B/g)
echo "* Trying to download a prebuilt ${DRIVER_NAME} module from ${URL}" echo "* Trying to download a prebuilt ${DRIVER_NAME} module from ${URL}"
if curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then if curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${FALCO_KERNEL_MODULE_FILENAME}" "${URL}"; then
@ -367,7 +367,10 @@ load_kernel_module() {
fi fi
if [ -n "$ENABLE_DOWNLOAD" ]; then if [ -n "$ENABLE_DOWNLOAD" ]; then
load_kernel_module_download IFS=", " read -r -a urls <<< "${DRIVERS_REPO}"
for url in "${urls[@]}"; do
load_kernel_module_download $url
done
fi fi
if [ -n "$ENABLE_COMPILE" ]; then if [ -n "$ENABLE_COMPILE" ]; then
@ -502,14 +505,15 @@ load_bpf_probe_compile() {
load_bpf_probe_download() { load_bpf_probe_download() {
local URL local URL
URL=$(echo "${DRIVERS_REPO}/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" | sed s/+/%2B/g) URL=$(echo "${1}/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" | sed s/+/%2B/g)
echo "* Trying to download a prebuilt eBPF probe from ${URL}" echo "* Trying to download a prebuilt eBPF probe from ${URL}"
if ! curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" "${URL}"; then if ! curl -L --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" -o "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" "${URL}"; then
>&2 echo "Unable to find a prebuilt ${DRIVER_NAME} eBPF probe" >&2 echo "Unable to find a prebuilt ${DRIVER_NAME} eBPF probe"
return return 1
fi fi
return 0
} }
load_bpf_probe() { load_bpf_probe() {
@ -529,7 +533,13 @@ load_bpf_probe() {
if [ -f "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" ]; then if [ -f "${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" ]; then
echo "* Skipping download, eBPF probe is already present in ${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}" echo "* Skipping download, eBPF probe is already present in ${HOME}/.falco/${DRIVER_VERSION}/${ARCH}/${BPF_PROBE_FILENAME}"
else else
load_bpf_probe_download IFS=", " read -r -a urls <<< "${DRIVERS_REPO}"
for url in "${urls[@]}"; do
load_bpf_probe_download $url
if [ $? -eq 0 ]; then
break
fi
done
fi fi
fi fi
@ -570,7 +580,7 @@ print_usage() {
echo " --source-only skip execution and allow sourcing in another script" echo " --source-only skip execution and allow sourcing in another script"
echo "" echo ""
echo "Environment variables:" echo "Environment variables:"
echo " DRIVERS_REPO specify a different URL where to look for prebuilt Falco drivers" echo " DRIVERS_REPO specify different URL(s) where to look for prebuilt Falco drivers (comma separated)"
echo " DRIVER_NAME specify a different name for the driver" echo " DRIVER_NAME specify a different name for the driver"
echo " DRIVER_INSECURE_DOWNLOAD whether you want to allow insecure downloads or not" echo " DRIVER_INSECURE_DOWNLOAD whether you want to allow insecure downloads or not"
echo "" echo ""