From b6078ce1be156453844f651613837ad4fe3a9a8f Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 12 Oct 2022 15:43:38 +0200 Subject: [PATCH] new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf). Manage it via a bash dialog interface. Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install. Signed-off-by: Federico Di Pierro --- cmake/modules/CPackConfig.cmake | 4 +- scripts/debian/postinst.in | 82 ++++++++++++++++++++------------- scripts/debian/postrm.in | 3 ++ scripts/debian/prerm.in | 1 + scripts/rpm/postinstall.in | 64 ++++++++++++++++--------- scripts/rpm/postuninstall.in | 2 + scripts/rpm/preuninstall.in | 2 + 7 files changed, 103 insertions(+), 55 deletions(-) diff --git a/cmake/modules/CPackConfig.cmake b/cmake/modules/CPackConfig.cmake index 794274cd..6e46f668 100644 --- a/cmake/modules/CPackConfig.cmake +++ b/cmake/modules/CPackConfig.cmake @@ -51,7 +51,7 @@ if(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64") set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "arm64") endif() set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "https://www.falco.org") -set(CPACK_DEBIAN_PACKAGE_DEPENDS "dkms (>= 2.1.0.0)") +set(CPACK_DEBIAN_PACKAGE_DEPENDS "dialog") set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA "${CMAKE_BINARY_DIR}/scripts/debian/postinst;${CMAKE_BINARY_DIR}/scripts/debian/prerm;${CMAKE_BINARY_DIR}/scripts/debian/postrm;${PROJECT_SOURCE_DIR}/cmake/cpack/debian/conffiles" ) @@ -59,7 +59,7 @@ set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA set(CPACK_RPM_PACKAGE_LICENSE "Apache v2.0") set(CPACK_RPM_PACKAGE_ARCHITECTURE, "amd64") set(CPACK_RPM_PACKAGE_URL "https://www.falco.org") -set(CPACK_RPM_PACKAGE_REQUIRES "dkms, kernel-devel, systemd") +set(CPACK_RPM_PACKAGE_REQUIRES "dialog, kernel-devel, systemd") set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/postinstall") set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/preuninstall") set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/postuninstall") diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 9e2de714..c344a43b 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -21,24 +21,37 @@ DKMS_PACKAGE_NAME="@PACKAGE_NAME@" DKMS_VERSION="@DRIVER_VERSION@" NAME="@PACKAGE_NAME@" -postinst_found=0 +chosen_driver="kmod" case "$1" in configure) - for DKMS_POSTINST in /usr/lib/dkms/common.postinst /usr/share/$DKMS_PACKAGE_NAME/postinst; do - if [ -f $DKMS_POSTINST ]; then - $DKMS_POSTINST $DKMS_PACKAGE_NAME $DKMS_VERSION /usr/share/$DKMS_PACKAGE_NAME "" $2 - postinst_found=1 - break - fi - done - if [ "$postinst_found" -eq 0 ]; then - echo "ERROR: DKMS version is too old and $DKMS_PACKAGE_NAME was not" - echo "built with legacy DKMS support." - echo "You must either rebuild $DKMS_PACKAGE_NAME with legacy postinst" - echo "support or upgrade DKMS to a more current version." - exit 1 - fi + if [ -x /usr/bin/dialog ]; then + CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco driver" --menu "Choose one of the following options:" 15 40 4 \ + 1 "Kmod" \ + 2 "eBPF" \ + 3 "Don't start" \ + 2>&1 >/dev/tty) + clear + case $CHOICE in + 1) + chosen_driver="kmod" + ;; + 2) + chosen_driver="ebpf" + ;; + 3) + chosen_driver= + ;; + esac + fi + case "$chosen_driver" in + "kmod") + falco-driver-loader module + ;; + "ebpf") + falco-driver-loader bpf + ;; + esac ;; esac @@ -47,28 +60,33 @@ esac if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # This will only remove masks created by d-s-h on package removal. - deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true + deb-systemd-helper unmask "falco@kmod.target" >/dev/null || true + deb-systemd-helper unmask "falco@ebpf.target" >/dev/null || true # was-enabled defaults to true, so new installations run enable. - if deb-systemd-helper --quiet was-enabled 'falco@kmod.target'; then - # Enables the unit on first installation, creates new - # symlinks on upgrades if the unit file has changed. - deb-systemd-helper enable 'falco@kmod.target' >/dev/null || true - else - # Update the statefile to add new symlinks (if any), which need to be - # cleaned up on purge. Also remove old symlinks. - deb-systemd-helper update-state 'falco@kmod.target' >/dev/null || true + if [ -n "$chosen_driver" ]; then + if deb-systemd-helper --quiet was-enabled "falco@$chosen_driver.target"; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper enable "falco@$chosen_driver.target" >/dev/null || true + else + # Update the statefile to add new symlinks (if any), which need to be + # cleaned up on purge. Also remove old symlinks. + deb-systemd-helper update-state "falco@$chosen_driver.target" >/dev/null || true + fi fi fi if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then - if [ -d /run/systemd/system ]; then - systemctl --system daemon-reload >/dev/null || true - if [ -n "$2" ]; then - _dh_action=restart - else - _dh_action=start - fi - deb-systemd-invoke $_dh_action 'falco@kmod.target' >/dev/null || true + if [ -d /run/systemd/system ]; then + systemctl --system daemon-reload >/dev/null || true + if [ -n "$chosen_driver" ]; then + if [ -n "$2" ]; then + _dh_action=restart + else + _dh_action=start fi + deb-systemd-invoke $_dh_action "falco@$chosen_driver.target" >/dev/null || true + fi + fi fi diff --git a/scripts/debian/postrm.in b/scripts/debian/postrm.in index d90627c2..ca4b3677 100755 --- a/scripts/debian/postrm.in +++ b/scripts/debian/postrm.in @@ -28,6 +28,7 @@ fi if [ "$1" = "remove" ]; then if [ -x "/usr/bin/deb-systemd-helper" ]; then deb-systemd-helper mask 'falco@kmod.target' >/dev/null || true + deb-systemd-helper mask 'falco@ebpf.target' >/dev/null || true fi fi @@ -35,5 +36,7 @@ if [ "$1" = "purge" ]; then if [ -x "/usr/bin/deb-systemd-helper" ]; then deb-systemd-helper purge 'falco@kmod.target' >/dev/null || true deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true + deb-systemd-helper purge 'falco@ebpf.target' >/dev/null || true + deb-systemd-helper unmask 'falco@ebpf.target' >/dev/null || true fi fi diff --git a/scripts/debian/prerm.in b/scripts/debian/prerm.in index 791abdde..e9f7b9fd 100755 --- a/scripts/debian/prerm.in +++ b/scripts/debian/prerm.in @@ -23,6 +23,7 @@ set -e if [ -d /run/systemd/system ] && [ "$1" = remove ]; then deb-systemd-invoke stop 'falco@kmod.target' >/dev/null || true + deb-systemd-invoke stop 'falco@ebpf.target' >/dev/null || true fi case "$1" in diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 3bb225a6..a15648bb 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -17,19 +17,36 @@ set -e mod_version="@DRIVER_VERSION@" -dkms add -m falco -v $mod_version --rpm_safe_upgrade -if [ `uname -r | grep -c "BOOT"` -eq 0 ] && [ -e /lib/modules/`uname -r`/build/include ]; then - dkms build -m falco -v $mod_version - dkms install --force -m falco -v $mod_version -elif [ `uname -r | grep -c "BOOT"` -gt 0 ]; then - echo -e "" - echo -e "Module build for the currently running kernel was skipped since you" - echo -e "are running a BOOT variant of the kernel." -else - echo -e "" - echo -e "Module build for the currently running kernel was skipped since the" - echo -e "kernel source for this kernel does not seem to be installed." + +chosen_driver="kmod" + +if [ -x /usr/bin/dialog ]; then + CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco driver" --menu "Choose one of the following options:" 15 40 4 \ + 1 "Kmod" \ + 2 "eBPF" \ + 3 "Don't start" \ + 2>&1 >/dev/tty) + clear + case $CHOICE in + 1) + chosen_driver="kmod" + ;; + 2) + chosen_driver="ebpf" + ;; + 3) + chosen_driver= + ;; + esac fi +case "$chosen_driver" in + "kmod") + falco-driver-loader module + ;; + "ebpf") + falco-driver-loader bpf + ;; +esac # validate rpm macros by `rpm -qp --scripts ` # RPM scriptlets: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd @@ -38,19 +55,22 @@ fi # systemd_post macro expands to # if postinst: # `systemd-update-helper install-system-units ` -%systemd_post 'falco@kmod.target' +%systemd_post "falco@$chosen_driver.target" # post install mirrored from .deb if [ $1 -eq 1 ]; then # This will only remove masks created on package removal. - /usr/bin/systemctl --system unmask 'falco@kmod.target' >/dev/null || true + /usr/bin/systemctl --system unmask "falco@kmod.target" >/dev/null || true + /usr/bin/systemctl --system unmask "falco@ebpf.target" >/dev/null || true - # enable falco on installation - # note: DEB postinstall script checks for changed symlinks - /usr/bin/systemctl --system enable 'falco@kmod.target' >/dev/null || true + if [ -n "$chosen_driver" ]; then + # enable falco on installation + # note: DEB postinstall script checks for changed symlinks + /usr/bin/systemctl --system enable "falco@$chosen_driver.target" >/dev/null || true - # start falco on installation - /usr/bin/systemctl --system start 'falco@kmod.target' >/dev/null || true + # start falco on installation + /usr/bin/systemctl --system start "falco@$chosen_driver.target" >/dev/null || true + fi fi # post upgrade mirrored from .deb @@ -58,7 +78,9 @@ if [ $1 -gt 1 ]; then if [ -d /run/systemd/system ]; then /usr/bin/systemctl --system daemon-reload >/dev/null || true - # restart falco on upgrade if service is already running - /usr/bin/systemctl --system condrestart 'falco@kmod.target' >/dev/null || true + if [ -n "$chosen_driver" ]; then + # restart falco on upgrade if service is already running + /usr/bin/systemctl --system condrestart "falco@$chosen_driver.target" >/dev/null || true + fi fi fi diff --git a/scripts/rpm/postuninstall.in b/scripts/rpm/postuninstall.in index 2542fe1e..22a8f05f 100755 --- a/scripts/rpm/postuninstall.in +++ b/scripts/rpm/postuninstall.in @@ -21,6 +21,7 @@ set -e if [ -d /run/systemd/system ] && [ "$1" = 0 ]; then /usr/bin/systemctl --system daemon-reload >/dev/null || true /usr/bin/systemctl --system mask 'falco@kmod.target' >/dev/null || true + /usr/bin/systemctl --system mask 'falco@ebpf.target' >/dev/null || true fi # validate rpm macros by `rpm -qp --scripts ` @@ -31,3 +32,4 @@ fi # if package upgrade, not uninstall: # `systemd-update-helper mark-restart-system-units ` %systemd_postun_with_restart 'falco@kmod.target' +%systemd_postun_with_restart 'falco@ebpf.target' diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index bb3eda94..f4ae0c60 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -21,6 +21,7 @@ set -e if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then # stop falco service before uninstall /usr/bin/systemctl --system stop 'falco@kmod.target' >/dev/null || true + /usr/bin/systemctl --system stop 'falco@ebpf.target' >/dev/null || true fi /usr/bin/falco-driver-loader --clean @@ -33,3 +34,4 @@ fi # if preuninstall: # `systemd-update-helper remove-system-units ` %systemd_preun 'falco@kmod.target' +%systemd_preun 'falco@ebpf.target' \ No newline at end of file