new(scripts): allow rpm/deb users to decide at configure time which driver to use (kmod or ebpf).

Manage it via a bash dialog interface. Moreover, use falco-driver-loader instead of dkms to build bpf/kmod after package install. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
2025-07-14 23:14:41 +00:00 · 2022-10-12 15:43:38 +02:00 · 2022-10-12 15:43:38 +02:00 · b6078ce1be
commit b6078ce1be
parent 06fe9e6985
7 changed files with 103 additions and 55 deletions
--- a/cmake/modules/CPackConfig.cmake
+++ b/cmake/modules/CPackConfig.cmake
@ -51,7 +51,7 @@ if(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
  set(CPACK_DEBIAN_PACKAGE_ARCHITECTURE "arm64")
 endif()
 set(CPACK_DEBIAN_PACKAGE_HOMEPAGE "https://www.falco.org")
-set(CPACK_DEBIAN_PACKAGE_DEPENDS "dkms (>= 2.1.0.0)")
+set(CPACK_DEBIAN_PACKAGE_DEPENDS "dialog")
 set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA
    "${CMAKE_BINARY_DIR}/scripts/debian/postinst;${CMAKE_BINARY_DIR}/scripts/debian/prerm;${CMAKE_BINARY_DIR}/scripts/debian/postrm;${PROJECT_SOURCE_DIR}/cmake/cpack/debian/conffiles"
 )
@ -59,7 +59,7 @@ set(CPACK_DEBIAN_PACKAGE_CONTROL_EXTRA
 set(CPACK_RPM_PACKAGE_LICENSE "Apache v2.0")
 set(CPACK_RPM_PACKAGE_ARCHITECTURE, "amd64")
 set(CPACK_RPM_PACKAGE_URL "https://www.falco.org")
-set(CPACK_RPM_PACKAGE_REQUIRES "dkms, kernel-devel, systemd")
+set(CPACK_RPM_PACKAGE_REQUIRES "dialog, kernel-devel, systemd")
 set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/postinstall")
 set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/preuninstall")
 set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE "${CMAKE_BINARY_DIR}/scripts/rpm/postuninstall")
--- a/scripts/debian/postinst.in
+++ b/scripts/debian/postinst.in
@ -21,24 +21,37 @@ DKMS_PACKAGE_NAME="@PACKAGE_NAME@"
 DKMS_VERSION="@DRIVER_VERSION@"
 NAME="@PACKAGE_NAME@"
-postinst_found=0
+chosen_driver="kmod"
 case "$1" in
 	configure)
-		for DKMS_POSTINST in /usr/lib/dkms/common.postinst /usr/share/$DKMS_PACKAGE_NAME/postinst; do
+	    if [ -x /usr/bin/dialog ]; then
-			if [ -f $DKMS_POSTINST ]; then
+	        CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco driver" --menu "Choose one of the following options:" 15 40 4 \
-				$DKMS_POSTINST $DKMS_PACKAGE_NAME $DKMS_VERSION /usr/share/$DKMS_PACKAGE_NAME "" $2
+                1 "Kmod" \
-				postinst_found=1
+                2 "eBPF" \
-				break
+                3 "Don't start" \
-			fi
+                2>&1 >/dev/tty)
-		done
+            clear
-		if [ "$postinst_found" -eq 0 ]; then
+            case $CHOICE in
-			echo "ERROR: DKMS version is too old and $DKMS_PACKAGE_NAME was not"
+                1)
-			echo "built with legacy DKMS support."
+                    chosen_driver="kmod"
-			echo "You must either rebuild $DKMS_PACKAGE_NAME with legacy postinst"
+                    ;;
-			echo "support or upgrade DKMS to a more current version."
+                2)
-			exit 1
+                    chosen_driver="ebpf"
-		fi
+                    ;;
                3)
                    chosen_driver=
                    ;;
            esac
        fi
        case "$chosen_driver" in
          "kmod")
            falco-driver-loader module
            ;;
          "ebpf")
            falco-driver-loader bpf
            ;;
        esac
 	;;
 esac
@ -47,28 +60,33 @@ esac
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
        # This will only remove masks created by d-s-h on package removal.
-        deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true
+        deb-systemd-helper unmask "falco@kmod.target" >/dev/null || true
        deb-systemd-helper unmask "falco@ebpf.target" >/dev/null || true
        # was-enabled defaults to true, so new installations run enable.
-        if deb-systemd-helper --quiet was-enabled 'falco@kmod.target'; then
+        if [ -n "$chosen_driver" ]; then
-                # Enables the unit on first installation, creates new
+            if deb-systemd-helper --quiet was-enabled "falco@$chosen_driver.target"; then
-                # symlinks on upgrades if the unit file has changed.
+                    # Enables the unit on first installation, creates new
-                deb-systemd-helper enable 'falco@kmod.target' >/dev/null || true
+                    # symlinks on upgrades if the unit file has changed.
-        else
+                    deb-systemd-helper enable "falco@$chosen_driver.target" >/dev/null || true
-                # Update the statefile to add new symlinks (if any), which need to be
+            else
-                # cleaned up on purge. Also remove old symlinks.
+                    # Update the statefile to add new symlinks (if any), which need to be
-                deb-systemd-helper update-state 'falco@kmod.target' >/dev/null || true
+                    # cleaned up on purge. Also remove old symlinks.
                    deb-systemd-helper update-state "falco@$chosen_driver.target" >/dev/null || true
            fi
        fi
 fi
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
-        if [ -d /run/systemd/system ]; then
+    if [ -d /run/systemd/system ]; then
-                systemctl --system daemon-reload >/dev/null || true
+      systemctl --system daemon-reload >/dev/null || true
-                if [ -n "$2" ]; then
+      if [ -n "$chosen_driver" ]; then
-                        _dh_action=restart
+        if [ -n "$2" ]; then
-                else
+          _dh_action=restart
-                        _dh_action=start
+        else
-                fi
+          _dh_action=start
                deb-systemd-invoke $_dh_action 'falco@kmod.target' >/dev/null || true
        fi
        deb-systemd-invoke $_dh_action "falco@$chosen_driver.target" >/dev/null || true
      fi
    fi
 fi
--- a/scripts/debian/postrm.in
+++ b/scripts/debian/postrm.in
@ -28,6 +28,7 @@ fi
 if [ "$1" = "remove" ]; then
        if [ -x "/usr/bin/deb-systemd-helper" ]; then
                deb-systemd-helper mask 'falco@kmod.target' >/dev/null || true
                deb-systemd-helper mask 'falco@ebpf.target' >/dev/null || true
        fi
 fi
@ -35,5 +36,7 @@ if [ "$1" = "purge" ]; then
        if [ -x "/usr/bin/deb-systemd-helper" ]; then
                deb-systemd-helper purge 'falco@kmod.target' >/dev/null || true
                deb-systemd-helper unmask 'falco@kmod.target' >/dev/null || true
                deb-systemd-helper purge 'falco@ebpf.target' >/dev/null || true
                deb-systemd-helper unmask 'falco@ebpf.target' >/dev/null || true
        fi
 fi
--- a/scripts/debian/prerm.in
+++ b/scripts/debian/prerm.in
@ -23,6 +23,7 @@ set -e
 if [ -d /run/systemd/system ] && [ "$1" = remove ]; then
        deb-systemd-invoke stop 'falco@kmod.target' >/dev/null || true
        deb-systemd-invoke stop 'falco@ebpf.target' >/dev/null || true
 fi
 case "$1" in
--- a/scripts/rpm/postinstall.in
+++ b/scripts/rpm/postinstall.in
@ -17,19 +17,36 @@
 set -e
 mod_version="@DRIVER_VERSION@"
-dkms add -m falco -v $mod_version --rpm_safe_upgrade
+
-if [ `uname -r | grep -c "BOOT"` -eq 0 ] && [ -e /lib/modules/`uname -r`/build/include ]; then
+chosen_driver="kmod"
-	dkms build -m falco -v $mod_version
+
-	dkms install --force -m falco -v $mod_version
+if [ -x /usr/bin/dialog ]; then
-elif [ `uname -r | grep -c "BOOT"` -gt 0 ]; then
+	  CHOICE=$(dialog --clear --backtitle "Choose your preferred driver" --title "Falco driver" --menu "Choose one of the following options:" 15 40 4 \
-	echo -e ""
+          1 "Kmod" \
-	echo -e "Module build for the currently running kernel was skipped since you"
+          2 "eBPF" \
-	echo -e "are running a BOOT variant of the kernel."
+          3 "Don't start" \
-else
+          2>&1 >/dev/tty)
-	echo -e ""
+      clear
-	echo -e "Module build for the currently running kernel was skipped since the"
+      case $CHOICE in
-	echo -e "kernel source for this kernel does not seem to be installed."
+           1)
                chosen_driver="kmod"
                ;;
           2)
                chosen_driver="ebpf"
                ;;
           3)
                chosen_driver=
                ;;
      esac
 fi
 case "$chosen_driver" in
  "kmod")
    falco-driver-loader module
    ;;
  "ebpf")
    falco-driver-loader bpf
    ;;
 esac
 # validate rpm macros by `rpm -qp --scripts <rpm>`
 # RPM scriptlets: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_systemd
@ -38,19 +55,22 @@ fi
 # systemd_post macro expands to
 # if postinst:
 #   `systemd-update-helper install-system-units <service>`
-%systemd_post 'falco@kmod.target'
+%systemd_post "falco@$chosen_driver.target"
 # post install mirrored from .deb
 if [ $1 -eq 1 ]; then
        # This will only remove masks created on package removal.
-        /usr/bin/systemctl --system unmask 'falco@kmod.target' >/dev/null || true
+        /usr/bin/systemctl --system unmask "falco@kmod.target" >/dev/null || true
        /usr/bin/systemctl --system unmask "falco@ebpf.target" >/dev/null || true
-        # enable falco on installation
+        if [ -n "$chosen_driver" ]; then
-        # note: DEB postinstall script checks for changed symlinks
+            # enable falco on installation
-        /usr/bin/systemctl --system enable 'falco@kmod.target' >/dev/null || true
+            # note: DEB postinstall script checks for changed symlinks
            /usr/bin/systemctl --system enable "falco@$chosen_driver.target" >/dev/null || true
-        # start falco on installation
+            # start falco on installation
-        /usr/bin/systemctl --system start 'falco@kmod.target' >/dev/null || true
+            /usr/bin/systemctl --system start "falco@$chosen_driver.target" >/dev/null || true
        fi
 fi
 # post upgrade mirrored from .deb
@ -58,7 +78,9 @@ if [ $1 -gt 1 ]; then
    if [ -d /run/systemd/system ]; then
        /usr/bin/systemctl --system daemon-reload >/dev/null || true
-        # restart falco on upgrade if service is already running
+        if [ -n "$chosen_driver" ]; then
-        /usr/bin/systemctl --system condrestart 'falco@kmod.target' >/dev/null || true
+            # restart falco on upgrade if service is already running
            /usr/bin/systemctl --system condrestart "falco@$chosen_driver.target" >/dev/null || true
        fi
    fi
 fi
--- a/scripts/rpm/postuninstall.in
+++ b/scripts/rpm/postuninstall.in
@ -21,6 +21,7 @@ set -e
 if [ -d /run/systemd/system ] && [ "$1" = 0 ]; then
        /usr/bin/systemctl --system daemon-reload >/dev/null || true
        /usr/bin/systemctl --system mask 'falco@kmod.target' >/dev/null || true
        /usr/bin/systemctl --system mask 'falco@ebpf.target' >/dev/null || true
 fi
 # validate rpm macros by `rpm -qp --scripts <rpm>`
@ -31,3 +32,4 @@ fi
 # if package upgrade, not uninstall:
 #   `systemd-update-helper mark-restart-system-units <service>`
 %systemd_postun_with_restart 'falco@kmod.target'
 %systemd_postun_with_restart 'falco@ebpf.target'
--- a/scripts/rpm/preuninstall.in
+++ b/scripts/rpm/preuninstall.in
@ -21,6 +21,7 @@ set -e
 if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then
        # stop falco service before uninstall
        /usr/bin/systemctl --system stop 'falco@kmod.target' >/dev/null || true
        /usr/bin/systemctl --system stop 'falco@ebpf.target' >/dev/null || true
 fi
 /usr/bin/falco-driver-loader --clean
@ -33,3 +34,4 @@ fi
 # if preuninstall:
 #  `systemd-update-helper remove-system-units <service>`
 %systemd_preun 'falco@kmod.target'
 %systemd_preun 'falco@ebpf.target'