github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-03 07:34:53 +00:00
Code Issues Projects Releases Wiki Activity

build: update build system to support libs cmake modules

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso
2021-04-22 16:54:21 +02:00
committed by poiana
parent e616f79bac
commit bfc0021cdd
12 changed files with 62 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
CMakeLists.txt
View File

@@ -110,6 +110,12 @@ set(CMD_MAKE make)
include(ExternalProject) include(ExternalProject)
# LuaJIT
include(luajit)
# libs
include(falcosecurity-libs)
# jq # jq
include(jq) include(jq)
@@ -125,12 +131,6 @@ ExternalProject_Add(
BUILD_COMMAND "" BUILD_COMMAND ""
INSTALL_COMMAND "") INSTALL_COMMAND "")
# curses
# We pull this in because libsinsp won't build without it
set(CURSES_NEED_NCURSES TRUE)
find_package(Curses REQUIRED)
message(STATUS "Found ncurses: include: ${CURSES_INCLUDE_DIR}, lib: ${CURSES_LIBRARIES}")
# b64 # b64
include(b64) include(b64)
@@ -139,15 +139,12 @@ include(yaml-cpp)
if(NOT MINIMAL_BUILD) if(NOT MINIMAL_BUILD)
# OpenSSL # OpenSSL
include(OpenSSL) include(openssl)
# libcurl # libcurl
include(cURL) include(curl)
endif() endif()
# LuaJIT
include(luajit)
# Lpeg # Lpeg
include(lpeg) include(lpeg)
@@ -158,21 +155,7 @@ include(libyaml)
include(lyaml) include(lyaml)
# One TBB # One TBB
set(TBB_SRC "${PROJECT_BINARY_DIR}/tbb-prefix/src/tbb") include(tbb)
message(STATUS "Using bundled tbb in '${TBB_SRC}'")
set(TBB_INCLUDE_DIR "${TBB_SRC}/include/")
set(TBB_LIB "${TBB_SRC}/build/lib_release/libtbb.a")
ExternalProject_Add(
tbb
URL "https://github.com/oneapi-src/oneTBB/archive/2018_U5.tar.gz"
URL_HASH "SHA256=b8dbab5aea2b70cf07844f86fa413e549e099aa3205b6a04059ca92ead93a372"
CONFIGURE_COMMAND ""
BUILD_COMMAND ${CMD_MAKE} tbb_build_dir=${TBB_SRC}/build tbb_build_prefix=lib extra_inc=big_iron.inc
BUILD_IN_SOURCE 1
BUILD_BYPRODUCTS ${TBB_LIB}
INSTALL_COMMAND "")
if(NOT MINIMAL_BUILD) if(NOT MINIMAL_BUILD)
# civetweb # civetweb
@@ -196,13 +179,13 @@ endif()
include(DownloadStringViewLite) include(DownloadStringViewLite)
if(NOT MINIMAL_BUILD) if(NOT MINIMAL_BUILD)
include(zlib)
include(cares)
include(protobuf)
# gRPC # gRPC
include(gRPC) include(grpc)
endif() endif()
# libs
include(falcosecurity-libs)
# Installation # Installation
install(FILES falco.yaml DESTINATION "${FALCO_ETC_DIR}") install(FILES falco.yaml DESTINATION "${FALCO_ETC_DIR}")

45
cmake/modules/OpenSSL.cmake
View File

@@ -1,45 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
mark_as_advanced(OPENSSL_BINARY)
if(NOT USE_BUNDLED_DEPS)
find_package(OpenSSL REQUIRED)
message(STATUS "Found openssl: include: ${OPENSSL_INCLUDE_DIR}, lib: ${OPENSSL_LIBRARIES}")
find_program(OPENSSL_BINARY openssl)
if(NOT OPENSSL_BINARY)
message(FATAL_ERROR "Couldn't find the openssl command line in PATH")
else()
message(STATUS "Found openssl: binary: ${OPENSSL_BINARY}")
endif()
else()
mark_as_advanced(OPENSSL_BUNDLE_DIR OPENSSL_INSTALL_DIR OPENSSL_INCLUDE_DIR
OPENSSL_LIBRARY_SSL OPENSSL_LIBRARY_CRYPTO)
set(OPENSSL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl")
set(OPENSSL_INSTALL_DIR "${OPENSSL_BUNDLE_DIR}/target")
set(OPENSSL_INCLUDE_DIR "${PROJECT_BINARY_DIR}/openssl-prefix/src/openssl/include")
set(OPENSSL_LIBRARY_SSL "${OPENSSL_INSTALL_DIR}/lib/libssl.a")
set(OPENSSL_LIBRARY_CRYPTO "${OPENSSL_INSTALL_DIR}/lib/libcrypto.a")
set(OPENSSL_BINARY "${OPENSSL_INSTALL_DIR}/bin/openssl")
message(STATUS "Using bundled openssl in '${OPENSSL_BUNDLE_DIR}'")
ExternalProject_Add(
openssl
# START CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
URL "https://github.com/openssl/openssl/archive/OpenSSL_1_0_2n.tar.gz"
URL_HASH "SHA256=4f4bc907caff1fee6ff8593729e5729891adcee412049153a3bb4db7625e8364"
# END CHANGE for CVE-2017-3735, CVE-2017-3731, CVE-2017-3737, CVE-2017-3738, CVE-2017-3736
CONFIGURE_COMMAND ./config no-shared --prefix=${OPENSSL_INSTALL_DIR}
BUILD_COMMAND ${CMD_MAKE}
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${CMD_MAKE} install)
endif()

27
cmake/modules/b64.cmake
View File

@@ -1,27 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
set(B64_SRC "${PROJECT_BINARY_DIR}/b64-prefix/src/b64")
message(STATUS "Using bundled b64 in '${B64_SRC}'")
set(B64_INCLUDE "${B64_SRC}/include")
set(B64_LIB "${B64_SRC}/src/libb64.a")
externalproject_add(
b64
URL "https://github.com/libb64/libb64/archive/ce864b17ea0e24a91e77c7dd3eb2d1ac4175b3f0.tar.gz"
URL_HASH "SHA256=d07173e66f435e5c77dbf81bd9313f8d0e4a3b4edd4105a62f4f8132ba932811"
CONFIGURE_COMMAND ""
BUILD_COMMAND ${CMD_MAKE}
BUILD_IN_SOURCE 1
BUILD_BYPRODUCTS ${B64_LIB}
INSTALL_COMMAND ""
)

76
cmake/modules/cURL.cmake
View File

@@ -1,76 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
if(NOT USE_BUNDLED_DEPS)
find_package(CURL REQUIRED)
message(STATUS "Found CURL: include: ${CURL_INCLUDE_DIR}, lib: ${CURL_LIBRARIES}")
else()
set(CURL_BUNDLE_DIR "${PROJECT_BINARY_DIR}/curl-prefix/src/curl")
set(CURL_INCLUDE_DIR "${CURL_BUNDLE_DIR}/include/")
set(CURL_LIBRARIES "${CURL_BUNDLE_DIR}/lib/.libs/libcurl.a")
set(CURL_SSL_OPTION "--with-ssl=${OPENSSL_INSTALL_DIR}")
message(STATUS "Using bundled curl in '${CURL_BUNDLE_DIR}'")
message(STATUS "Using SSL for curl in '${CURL_SSL_OPTION}'")
externalproject_add(
curl
DEPENDS openssl
# START CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
URL "https://github.com/curl/curl/releases/download/curl-7_61_0/curl-7.61.0.tar.bz2"
URL_HASH "SHA256=5f6f336921cf5b84de56afbd08dfb70adeef2303751ffb3e570c936c6d656c9c"
# END CHANGE for CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-1000007
CONFIGURE_COMMAND
./configure
${CURL_SSL_OPTION}
--disable-shared
--enable-optimize
--disable-curldebug
--disable-rt
--enable-http
--disable-ftp
--disable-file
--disable-ldap
--disable-ldaps
--disable-rtsp
--disable-telnet
--disable-tftp
--disable-pop3
--disable-imap
--disable-smb
--disable-smtp
--disable-gopher
--disable-sspi
--disable-ntlm-wb
--disable-tls-srp
--without-winssl
--without-darwinssl
--without-polarssl
--without-cyassl
--without-nss
--without-axtls
--without-ca-path
--without-ca-bundle
--without-libmetalink
--without-librtmp
--without-winidn
--without-libidn2
--without-libpsl
--without-nghttp2
--without-libssh2
--disable-threaded-resolver
--without-brotli
BUILD_COMMAND ${CMD_MAKE}
BUILD_IN_SOURCE 1
INSTALL_COMMAND "")
endif()

18
cmake/modules/falcosecurity-libs-repo/patch/luajit.patch
View File

@@ -1,7 +1,7 @@
diff --git a/userspace/libsinsp/chisel.cpp b/userspace/libsinsp/chisel.cpp diff --git a/userspace/chisel/chisel.cpp b/userspace/chisel/chisel.cpp
index 0a6e3cf8..0c2e255a 100644 index 0a6e3cf8..0c2e255a 100644
--- a/userspace/libsinsp/chisel.cpp --- a/userspace/chisel/chisel.cpp
+++ b/userspace/libsinsp/chisel.cpp +++ b/userspace/chisel/chisel.cpp
@@ -98,7 +98,7 @@ void lua_stackdump(lua_State *L) @@ -98,7 +98,7 @@ void lua_stackdump(lua_State *L)
// Lua callbacks // Lua callbacks
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
@@ -29,10 +29,10 @@ index 0a6e3cf8..0c2e255a 100644
{ {
{"field", &lua_cbacks::field}, {"field", &lua_cbacks::field},
{"get_num", &lua_cbacks::get_num}, {"get_num", &lua_cbacks::get_num},
diff --git a/userspace/libsinsp/lua_parser.cpp b/userspace/libsinsp/lua_parser.cpp diff --git a/userspace/chisel/lua_parser.cpp b/userspace/chisel/lua_parser.cpp
index 0e26617d..78810d96 100644 index 0e26617d..78810d96 100644
--- a/userspace/libsinsp/lua_parser.cpp --- a/userspace/chisel/lua_parser.cpp
+++ b/userspace/libsinsp/lua_parser.cpp +++ b/userspace/chisel/lua_parser.cpp
@@ -32,7 +32,7 @@ extern "C" { @@ -32,7 +32,7 @@ extern "C" {
#include "lauxlib.h" #include "lauxlib.h"
} }
@@ -42,10 +42,10 @@ index 0e26617d..78810d96 100644
{ {
{"rel_expr", &lua_parser_cbacks::rel_expr}, {"rel_expr", &lua_parser_cbacks::rel_expr},
{"bool_op", &lua_parser_cbacks::bool_op}, {"bool_op", &lua_parser_cbacks::bool_op},
diff --git a/userspace/libsinsp/lua_parser_api.cpp b/userspace/libsinsp/lua_parser_api.cpp diff --git a/userspace/chisel/lua_parser_api.cpp b/userspace/chisel/lua_parser_api.cpp
index c89e9126..c3d8008a 100644 index c89e9126..c3d8008a 100644
--- a/userspace/libsinsp/lua_parser_api.cpp --- a/userspace/chisel/lua_parser_api.cpp
+++ b/userspace/libsinsp/lua_parser_api.cpp +++ b/userspace/chisel/lua_parser_api.cpp
@@ -266,7 +266,7 @@ int lua_parser_cbacks::rel_expr(lua_State *ls) @@ -266,7 +266,7 @@ int lua_parser_cbacks::rel_expr(lua_State *ls)
string err = "Got non-table as in-expression operand\n"; string err = "Got non-table as in-expression operand\n";
throw sinsp_exception("parser API error"); throw sinsp_exception("parser API error");

52
cmake/modules/falcosecurity-libs.cmake
View File

@@ -14,25 +14,15 @@
set(FALCOSECURITY_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/falcosecurity-libs-repo") set(FALCOSECURITY_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/falcosecurity-libs-repo")
set(FALCOSECURITY_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/falcosecurity-libs-repo") set(FALCOSECURITY_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/falcosecurity-libs-repo")
# this needs to be here at the top
if(USE_BUNDLED_DEPS)
# explicitly force this dependency to use the bundled OpenSSL
if(NOT MINIMAL_BUILD)
set(USE_BUNDLED_OPENSSL ON)
endif()
set(USE_BUNDLED_JQ ON)
endif()
file(MAKE_DIRECTORY ${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR}) file(MAKE_DIRECTORY ${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR})
# The falcosecurity/libs git reference (branch name, commit hash, or tag) To update falcosecurity/libs version for the next release, change the # The falcosecurity/libs git reference (branch name, commit hash, or tag) To update falcosecurity/libs version for the next release, change the
# default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake # default below In case you want to test against another falcosecurity/libs version just pass the variable - ie., `cmake
# -DFALCOSECURITY_LIBS_VERSION=dev ..` # -DFALCOSECURITY_LIBS_VERSION=dev ..`
if(NOT FALCOSECURITY_LIBS_VERSION) if(NOT FALCOSECURITY_LIBS_VERSION)
set(FALCOSECURITY_LIBS_VERSION "bf2bc1e2aa21e1ec65c77caf449de77d0487fb79") set(FALCOSECURITY_LIBS_VERSION "build/upgrade-deps")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=3d1a56a322b6f5300ae4ce2cf82b03f30535cbe49f7b1943762596fa13be7050") set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=087837c7d8c4a2756b2f2110e53eb8218c603d8dc8e98155a9d072ed1112502b")
endif() endif()
set(PROBE_VERSION "${FALCOSECURITY_LIBS_VERSION}")
# cd /path/to/build && cmake /path/to/source # cd /path/to/build && cmake /path/to/source
execute_process(COMMAND "${CMAKE_COMMAND}" -DFALCOSECURITY_LIBS_VERSION=${FALCOSECURITY_LIBS_VERSION} -DFALCOSECURITY_LIBS_CHECKSUM=${FALCOSECURITY_LIBS_CHECKSUM} execute_process(COMMAND "${CMAKE_COMMAND}" -DFALCOSECURITY_LIBS_VERSION=${FALCOSECURITY_LIBS_VERSION} -DFALCOSECURITY_LIBS_CHECKSUM=${FALCOSECURITY_LIBS_CHECKSUM}
@@ -46,33 +36,29 @@ execute_process(COMMAND "${CMAKE_COMMAND}" -DFALCOSECURITY_LIBS_VERSION=${FALCOS
execute_process(COMMAND "${CMAKE_COMMAND}" --build . WORKING_DIRECTORY "${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR}") execute_process(COMMAND "${CMAKE_COMMAND}" --build . WORKING_DIRECTORY "${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR}")
set(FALCOSECURITY_LIBS_SOURCE_DIR "${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR}/falcosecurity-libs-prefix/src/falcosecurity-libs") set(FALCOSECURITY_LIBS_SOURCE_DIR "${FALCOSECURITY_LIBS_CMAKE_WORKING_DIR}/falcosecurity-libs-prefix/src/falcosecurity-libs")
# jsoncpp
set(JSONCPP_SRC "${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp")
set(JSONCPP_INCLUDE "${JSONCPP_SRC}")
set(JSONCPP_LIB_SRC "${JSONCPP_SRC}/jsoncpp.cpp")
# Add driver directory
add_subdirectory("${FALCOSECURITY_LIBS_SOURCE_DIR}/driver" "${PROJECT_BINARY_DIR}/driver")
# Add libscap directory
add_definitions(-D_GNU_SOURCE) add_definitions(-D_GNU_SOURCE)
add_definitions(-DHAS_CAPTURE) add_definitions(-DHAS_CAPTURE)
add_definitions(-DNOCURSESUI)
if(MUSL_OPTIMIZED_BUILD) if(MUSL_OPTIMIZED_BUILD)
add_definitions(-DMUSL_OPTIMIZED) add_definitions(-DMUSL_OPTIMIZED)
endif() endif()
add_subdirectory("${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libscap" "${PROJECT_BINARY_DIR}/userspace/libscap")
# Add libsinsp directory set(PROBE_VERSION "${FALCOSECURITY_LIBS_VERSION}")
add_subdirectory("${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp" "${PROJECT_BINARY_DIR}/userspace/libsinsp")
add_dependencies(sinsp tbb b64 luajit) if(NOT LIBSCAP_DIR)
set(LIBSCAP_DIR "${FALCOSECURITY_LIBS_SOURCE_DIR}")
endif()
set(LIBSINSP_DIR "${FALCOSECURITY_LIBS_SOURCE_DIR}")
# explicitly disable the tests of this dependency # explicitly disable the tests of this dependency
set(CREATE_TEST_TARGETS OFF) set(CREATE_TEST_TARGETS OFF CACHE BOOL "")
if(USE_BUNDLED_DEPS) # todo(leogr): although Falco does not actually depend on chisels, we need this for the lua_parser.
add_dependencies(scap jq) # Hopefully, we can switch off this in the future
if(NOT MINIMAL_BUILD) set(WITH_CHISEL ON CACHE BOOL "")
add_dependencies(scap curl grpc)
endif() set(USE_BUNDLED_TBB ON CACHE BOOL "")
endif()
list(APPEND CMAKE_MODULE_PATH "${FALCOSECURITY_LIBS_SOURCE_DIR}/cmake/modules")
include(libscap)
include(libsinsp)

145
cmake/modules/gRPC.cmake
View File

@@ -1,145 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
if(NOT USE_BUNDLED_DEPS)
# zlib
include(FindZLIB)
set(ZLIB_INCLUDE "${ZLIB_INCLUDE_DIRS}")
set(ZLIB_LIB "${ZLIB_LIBRARIES}")
if(ZLIB_INCLUDE AND ZLIB_LIB)
message(STATUS "Found zlib: include: ${ZLIB_INCLUDE}, lib: ${ZLIB_LIB}")
endif()
# c-ares
mark_as_advanced(CARES_INCLUDE CARES_LIB)
find_path(CARES_INCLUDE NAMES ares.h)
find_library(CARES_LIB NAMES libcares.so)
if(CARES_INCLUDE AND CARES_LIB)
message(STATUS "Found c-ares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}")
else()
message(FATAL_ERROR "Couldn't find system c-ares")
endif()
# protobuf
mark_as_advanced(PROTOC PROTOBUF_INCLUDE PROTOBUF_LIB)
find_program(PROTOC NAMES protoc)
find_path(PROTOBUF_INCLUDE NAMES google/protobuf/message.h)
find_library(PROTOBUF_LIB NAMES libprotobuf.so)
if(PROTOC
AND PROTOBUF_INCLUDE
AND PROTOBUF_LIB)
message(STATUS "Found protobuf: compiler: ${PROTOC}, include: ${PROTOBUF_INCLUDE}, lib: ${PROTOBUF_LIB}")
else()
message(FATAL_ERROR "Couldn't find system protobuf")
endif()
# gpr
mark_as_advanced(GPR_LIB)
find_library(GPR_LIB NAMES gpr)
if(GPR_LIB)
message(STATUS "Found gpr lib: ${GPR_LIB}")
else()
message(FATAL_ERROR "Couldn't find system gpr")
endif()
# gRPC todo(fntlnz, leodido): check that gRPC version is greater or equal than 1.8.0
mark_as_advanced(GRPC_INCLUDE GRPC_SRC
GRPC_LIB GRPC_LIBS_ABSOLUTE GRPCPP_LIB GRPC_CPP_PLUGIN)
find_path(GRPCXX_INCLUDE NAMES grpc++/grpc++.h)
if(GRPCXX_INCLUDE)
set(GRPC_INCLUDE ${GRPCXX_INCLUDE})
unset(GRPCXX_INCLUDE CACHE)
else()
find_path(GRPCPP_INCLUDE NAMES grpcpp/grpcpp.h)
set(GRPC_INCLUDE ${GRPCPP_INCLUDE})
unset(GRPCPP_INCLUDE CACHE)
add_definitions(-DGRPC_INCLUDE_IS_GRPCPP=1)
endif()
find_library(GRPC_LIB NAMES grpc)
find_library(GRPCPP_LIB NAMES grpc++)
if(GRPC_INCLUDE
AND GRPC_LIB
AND GRPCPP_LIB)
message(STATUS "Found grpc: include: ${GRPC_INCLUDE}, C lib: ${GRPC_LIB}, C++ lib: ${GRPCPP_LIB}")
else()
message(FATAL_ERROR "Couldn't find system grpc")
endif()
find_program(GRPC_CPP_PLUGIN grpc_cpp_plugin)
if(NOT GRPC_CPP_PLUGIN)
message(FATAL_ERROR "System grpc_cpp_plugin not found")
endif()
else()
find_package(PkgConfig)
if(NOT PKG_CONFIG_FOUND)
message(FATAL_ERROR "pkg-config binary not found")
endif()
message(STATUS "Found pkg-config executable: ${PKG_CONFIG_EXECUTABLE}")
set(GRPC_SRC "${PROJECT_BINARY_DIR}/grpc-prefix/src/grpc")
set(GRPC_INCLUDE "${GRPC_SRC}/include")
set(GRPC_LIBS_ABSOLUTE "${GRPC_SRC}/libs/opt")
set(GRPC_LIB "${GRPC_LIBS_ABSOLUTE}/libgrpc.a")
set(GRPCPP_LIB "${GRPC_LIBS_ABSOLUTE}/libgrpc++.a")
set(GRPC_CPP_PLUGIN "${GRPC_SRC}/bins/opt/grpc_cpp_plugin")
# we tell gRPC to compile protobuf for us because when a gRPC package is not available, like on CentOS, it's very
# likely that protobuf will be very outdated
set(PROTOBUF_INCLUDE "${GRPC_SRC}/third_party/protobuf/src")
set(PROTOC "${PROTOBUF_INCLUDE}/protoc")
set(PROTOBUF_LIB "${GRPC_LIBS_ABSOLUTE}/protobuf/libprotobuf.a")
# we tell gRPC to compile zlib for us because when a gRPC package is not available, like on CentOS, it's very likely
# that zlib will be very outdated
set(ZLIB_INCLUDE "${GRPC_SRC}/third_party/zlib")
set(ZLIB_LIB "${GRPC_LIBS_ABSOLUTE}/libz.a")
# we tell gRPC to compile c-ares for us because when a gRPC package is not available, like on CentOS, it's very likely
# that c-ares will be very outdated
set(CARES_INCLUDE "${GRPC_SRC}/third_party/cares" "${GRPC_SRC}/third_party/cares/cares")
set(CARES_LIB "${GRPC_LIBS_ABSOLUTE}/libares.a")
message(STATUS "Using bundled gRPC in '${GRPC_SRC}'")
message(
STATUS
"Bundled gRPC comes with protobuf: compiler: ${PROTOC}, include: ${PROTOBUF_INCLUDE}, lib: ${PROTOBUF_LIB}")
message(STATUS "Bundled gRPC comes with zlib: include: ${ZLIB_INCLUDE}, lib: ${ZLIB_LIB}}")
message(STATUS "Bundled gRPC comes with cares: include: ${CARES_INCLUDE}, lib: ${CARES_LIB}}")
message(STATUS "Bundled gRPC comes with gRPC C++ plugin: include: ${GRPC_CPP_PLUGIN}")
get_filename_component(PROTOC_DIR ${PROTOC} PATH)
ExternalProject_Add(
grpc
DEPENDS openssl
GIT_REPOSITORY https://github.com/grpc/grpc.git
GIT_TAG v1.32.0
GIT_SUBMODULES "third_party/protobuf third_party/zlib third_party/cares/cares third_party/abseil-cpp third_party/re2"
BUILD_IN_SOURCE 1
BUILD_BYPRODUCTS ${GRPC_LIB} ${GRPCPP_LIB}
INSTALL_COMMAND ""
CONFIGURE_COMMAND ""
BUILD_COMMAND
CFLAGS=-Wno-implicit-fallthrough
HAS_SYSTEM_ZLIB=false
HAS_SYSTEM_PROTOBUF=false
HAS_SYSTEM_CARES=false
HAS_EMBEDDED_OPENSSL_ALPN=false
HAS_SYSTEM_OPENSSL_ALPN=true
PKG_CONFIG_PATH=${OPENSSL_BUNDLE_DIR}
PKG_CONFIG=${PKG_CONFIG_EXECUTABLE}
PATH=${PROTOC_DIR}:$ENV{PATH}
make
static_cxx
static_c
grpc_cpp_plugin)
endif()

54
cmake/modules/jq.cmake
View File

@@ -1,54 +0,0 @@
#
# Copyright (C) 2020 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.
#
mark_as_advanced(JQ_INCLUDE JQ_LIB)
if (NOT USE_BUNDLED_DEPS)
find_path(JQ_INCLUDE jq.h PATH_SUFFIXES jq)
find_library(JQ_LIB NAMES jq)
if (JQ_INCLUDE AND JQ_LIB)
message(STATUS "Found jq: include: ${JQ_INCLUDE}, lib: ${JQ_LIB}")
else ()
message(FATAL_ERROR "Couldn't find system jq")
endif ()
else ()
set(JQ_SRC "${PROJECT_BINARY_DIR}/jq-prefix/src/jq")
message(STATUS "Using bundled jq in '${JQ_SRC}'")
set(JQ_INCLUDE "${JQ_SRC}/target/include")
set(JQ_INSTALL_DIR "${JQ_SRC}/target")
set(JQ_LIB "${JQ_INSTALL_DIR}/lib/libjq.a")
set(ONIGURUMA_LIB "${JQ_INSTALL_DIR}/lib/libonig.a")
message(STATUS "Bundled jq: include: ${JQ_INCLUDE}, lib: ${JQ_LIB}")
# Why we mirror jq here?
#
# In their readme, jq claims that you don't have
# to do autoreconf -fi when downloading a released tarball.
#
# However, they forgot to push the released makefiles
# into their release tarbal.
#
# For this reason, we have to mirror their release after
# doing the configuration ourselves.
#
# This is needed because many distros do not ship the right
# version of autoreconf, making virtually impossible to build Falco on them.
# Read more about it here:
# https://github.com/stedolan/jq/issues/2061#issuecomment-593445920
ExternalProject_Add(
jq
URL "https://download.falco.org/dependencies/jq-1.6.tar.gz"
URL_HASH "SHA256=787518068c35e244334cc79b8e56b60dbab352dff175b7f04a94f662b540bfd9"
CONFIGURE_COMMAND ./configure --disable-maintainer-mode --enable-all-static --disable-dependency-tracking --with-oniguruma=builtin --prefix=${JQ_INSTALL_DIR}
BUILD_COMMAND ${CMD_MAKE} LDFLAGS=-all-static
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${CMD_MAKE} install)
endif ()

3
cmake/modules/luajit.cmake
View File

@@ -11,6 +11,7 @@
# specific language governing permissions and limitations under the License. # specific language governing permissions and limitations under the License.
# #
if(NOT LUAJIT_INCLUDE)
set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src") set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src")
message(STATUS "Using bundled LuaJIT in '${LUAJIT_SRC}'") message(STATUS "Using bundled LuaJIT in '${LUAJIT_SRC}'")
set(LUAJIT_INCLUDE "${LUAJIT_SRC}") set(LUAJIT_INCLUDE "${LUAJIT_SRC}")
@@ -25,3 +26,5 @@ externalproject_add(
BUILD_BYPRODUCTS ${LUAJIT_LIB} BUILD_BYPRODUCTS ${LUAJIT_LIB}
INSTALL_COMMAND "" INSTALL_COMMAND ""
) )
endif()
include_directories("${LUAJIT_INCLUDE}")

10
userspace/engine/CMakeLists.txt
View File

@@ -35,9 +35,8 @@ if(MINIMAL_BUILD)
"${NJSON_INCLUDE}" "${NJSON_INCLUDE}"
"${TBB_INCLUDE_DIR}" "${TBB_INCLUDE_DIR}"
"${STRING_VIEW_LITE_INCLUDE}" "${STRING_VIEW_LITE_INCLUDE}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp" "${LIBSCAP_INCLUDE_DIRS}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libscap" "${LIBSINSP_INCLUDE_DIRS}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp"
"${PROJECT_BINARY_DIR}/userspace/engine") "${PROJECT_BINARY_DIR}/userspace/engine")
else() else()
target_include_directories( target_include_directories(
@@ -48,9 +47,8 @@ else()
"${CURL_INCLUDE_DIR}" "${CURL_INCLUDE_DIR}"
"${TBB_INCLUDE_DIR}" "${TBB_INCLUDE_DIR}"
"${STRING_VIEW_LITE_INCLUDE}" "${STRING_VIEW_LITE_INCLUDE}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp" "${LIBSCAP_INCLUDE_DIRS}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libscap" "${LIBSINSP_INCLUDE_DIRS}"
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp"
"${PROJECT_BINARY_DIR}/userspace/engine") "${PROJECT_BINARY_DIR}/userspace/engine")
endif() endif()

1
userspace/falco/CMakeLists.txt
View File

@@ -25,7 +25,6 @@ set(
event_drops.cpp event_drops.cpp
statsfilewriter.cpp statsfilewriter.cpp
falco.cpp falco.cpp
"${FALCOSECURITY_LIBS_SOURCE_DIR}/userspace/libsinsp/fields_info.cpp"
) )
set( set(

1
userspace/falco/falco.cpp
View File

@@ -36,7 +36,6 @@ limitations under the License.
#include "logger.h" #include "logger.h"
#include "utils.h" #include "utils.h"
#include "chisel.h"
#include "fields_info.h" #include "fields_info.h"
#include "falco_utils.h" #include "falco_utils.h"