new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf).

Manage it via a bash dialog interface. Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-09-01 14:47:00 +00:00 · 2022-10-12 15:43:38 +02:00
parent 06fe9e6985
commit b6078ce1be
7 changed files with 103 additions and 55 deletions
--- a/scripts/rpm/postinstall.in
+++ b/scripts/rpm/postinstall.in
@@ -17,19 +17,36 @@
 set -e

 mod_version="@DRIVER_VERSION@"
-dkms add -m falco -v $mod_version --rpm_safe_upgrade
-if [ `uname -r | grep -c "BOOT"` -eq 0 ] && [ -e /lib/modules/`uname -r`/build/include ]; then
-	dkms build -m falco -v $mod_version
-	dkms install --force -m falco -v $mod_version
-elif [ `uname -r | grep -c "BOOT"` -gt 0 ]; then
-	echo -e ""
-	echo -e "Module build for the currently running kernel was skipped since you"
-	echo -e "are running a BOOT variant of the kernel."
-else
-	echo -e ""
-	echo -e "Module build for the currently running kernel was skipped since the"
-	echo -e "kernel source for this kernel does not seem to be installed."
+
+chosen_driver="kmod"
+
+if [ -x /usr/bin/dialog ]; then
+	  CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco driver" --menu "Choose one of the following options:" 15 40 4 \
+          1 "Kmod" \
+          2 "eBPF" \
+          3 "Don't start" \
+          2>&1 >/dev/tty)
+      clear
+      case $CHOICE in
+           1)
+                chosen_driver="kmod"
+                ;;
+           2)
+                chosen_driver="ebpf"
+                ;;
+           3)
+                chosen_driver=
+                ;;
+      esac
 fi
+case "$chosen_driver" in
+  "kmod")
+    falco-driver-loader module
+    ;;
+  "ebpf")
+    falco-driver-loader bpf
+    ;;
+esac

 # validate rpm macros by `rpm -qp --scripts <rpm>`
 # RPM scriptlets: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
@@ -38,19 +55,22 @@ fi
 # systemd_post macro expands to
 # if postinst:
 #   `systemd-update-helper install-system-units <service>`
-%systemd_post 'falco@kmod.target'
+%systemd_post "falco@$chosen_driver.target"

 # post install mirrored from .deb
 if [ $1 -eq 1 ]; then
        # This will only remove masks created on package removal.
-        /usr/bin/systemctl --system unmask 'falco@kmod.target' >/dev/null || true
+        /usr/bin/systemctl --system unmask "falco@kmod.target" >/dev/null || true
+        /usr/bin/systemctl --system unmask "falco@ebpf.target" >/dev/null || true

-        # enable falco on installation
-        # note: DEB postinstall script checks for changed symlinks
-        /usr/bin/systemctl --system enable 'falco@kmod.target' >/dev/null || true
+        if [ -n "$chosen_driver" ]; then
+            # enable falco on installation
+            # note: DEB postinstall script checks for changed symlinks
+            /usr/bin/systemctl --system enable "falco@$chosen_driver.target" >/dev/null || true

-        # start falco on installation
-        /usr/bin/systemctl --system start 'falco@kmod.target' >/dev/null || true
+            # start falco on installation
+            /usr/bin/systemctl --system start "falco@$chosen_driver.target" >/dev/null || true
+        fi
 fi

 # post upgrade mirrored from .deb
@@ -58,7 +78,9 @@ if [ $1 -gt 1 ]; then
    if [ -d /run/systemd/system ]; then
        /usr/bin/systemctl --system daemon-reload >/dev/null || true

-        # restart falco on upgrade if service is already running
-        /usr/bin/systemctl --system condrestart 'falco@kmod.target' >/dev/null || true
+        if [ -n "$chosen_driver" ]; then
+            # restart falco on upgrade if service is already running
+            /usr/bin/systemctl --system condrestart "falco@$chosen_driver.target" >/dev/null || true
+        fi
    fi
 fi