From c46dbc7f111e6f2ab39ac6cc61d7867c39ae28c6 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Wed, 26 Aug 2020 11:10:44 +0200 Subject: [PATCH] build: remove gRPC, openssl, curl from minimal build Signed-off-by: Leonardo Grasso --- CMakeLists.txt | 44 ++++++++++--------- cmake/modules/sysdig.cmake | 9 ++-- userspace/engine/CMakeLists.txt | 38 +++++++++++----- userspace/falco/CMakeLists.txt | 73 ++++++++++++------------------- userspace/falco/falco.cpp | 24 +++++++--- userspace/falco/falco_outputs.cpp | 8 ++++ userspace/falco/falco_outputs.h | 2 + 7 files changed, 112 insertions(+), 86 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f40c8f5a..7f82d456 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -128,11 +128,13 @@ ExternalProject_Add( # yaml-cpp include(yaml-cpp) -# OpenSSL -include(OpenSSL) +if(NOT MINIMAL_BUILD) + # OpenSSL + include(OpenSSL) -# libcurl -include(cURL) + # libcurl + include(cURL) +endif() # LuaJIT set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src") @@ -200,27 +202,29 @@ ExternalProject_Add( INSTALL_COMMAND "") if(NOT MINIMAL_BUILD) -# civetweb -set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/") -set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a") -set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include") -message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'") -ExternalProject_Add( - civetweb - URL "https://github.com/civetweb/civetweb/archive/v1.11.tar.gz" - URL_HASH "SHA256=de7d5e7a2d9551d325898c71e41d437d5f7b51e754b242af897f7be96e713a42" - CONFIGURE_COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/lib - COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/include - BUILD_IN_SOURCE 1 - BUILD_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" WITH_CPP=1 - INSTALL_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" install-lib install-headers PREFIX=${CIVETWEB_SRC}/install "WITH_CPP=1") + # civetweb + set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/") + set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a") + set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include") + message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'") + ExternalProject_Add( + civetweb + URL "https://github.com/civetweb/civetweb/archive/v1.11.tar.gz" + URL_HASH "SHA256=de7d5e7a2d9551d325898c71e41d437d5f7b51e754b242af897f7be96e713a42" + CONFIGURE_COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/lib + COMMAND ${CMAKE_COMMAND} -E make_directory ${CIVETWEB_SRC}/install/include + BUILD_IN_SOURCE 1 + BUILD_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" WITH_CPP=1 + INSTALL_COMMAND ${CMD_MAKE} COPT="-DNO_FILES" install-lib install-headers PREFIX=${CIVETWEB_SRC}/install "WITH_CPP=1") endif() #string-view-lite include(DownloadStringViewLite) -# gRPC -include(gRPC) +if(NOT MINIMAL_BUILD) + # gRPC + include(gRPC) +endif() # sysdig include(sysdig) diff --git a/cmake/modules/sysdig.cmake b/cmake/modules/sysdig.cmake index cfb53645..3d850a5b 100644 --- a/cmake/modules/sysdig.cmake +++ b/cmake/modules/sysdig.cmake @@ -27,8 +27,8 @@ file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR}) # default below In case you want to test against another sysdig version just pass the variable - ie., `cmake # -DSYSDIG_VERSION=dev ..` if(NOT SYSDIG_VERSION) - set(SYSDIG_VERSION "ae104eb20ff0198a5dcb0c91cc36c86e7c3f25c7") - set(SYSDIG_CHECKSUM "SHA256=43d274e4ce16b0d0e4dd00aab78006c902f36070d1cbb22d12a2685134a2ae51") + set(SYSDIG_VERSION "build/stripped") # todo(leogr): set the correct version and checksum before merging + set(SYSDIG_CHECKSUM "SHA256=653a2e665b3a0ac2cafac07debaa779dc65113f9308f4e4e4ff3d5c9582836d3") endif() set(PROBE_VERSION "${SYSDIG_VERSION}") @@ -65,5 +65,8 @@ add_dependencies(sinsp tbb b64 luajit) set(CREATE_TEST_TARGETS OFF) if(USE_BUNDLED_DEPS) - add_dependencies(scap grpc curl jq) + add_dependencies(scap jq) + if(NOT MINIMAL_BUILD) + add_dependencies(scap curl grpc) + endif() endif() diff --git a/userspace/engine/CMakeLists.txt b/userspace/engine/CMakeLists.txt index 25ff6d2a..ba4a431d 100644 --- a/userspace/engine/CMakeLists.txt +++ b/userspace/engine/CMakeLists.txt @@ -27,18 +27,32 @@ if(USE_BUNDLED_DEPS) add_dependencies(falco_engine libyaml) endif() -target_include_directories( - falco_engine - PUBLIC - "${LUAJIT_INCLUDE}" - "${NJSON_INCLUDE}" - "${CURL_INCLUDE_DIR}" - "${TBB_INCLUDE_DIR}" - "${STRING_VIEW_LITE_INCLUDE}" - "${SYSDIG_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp" - "${SYSDIG_SOURCE_DIR}/userspace/libscap" - "${SYSDIG_SOURCE_DIR}/userspace/libsinsp" - "${PROJECT_BINARY_DIR}/userspace/engine") +if(MINIMAL_BUILD) + target_include_directories( + falco_engine + PUBLIC + "${LUAJIT_INCLUDE}" + "${NJSON_INCLUDE}" + "${TBB_INCLUDE_DIR}" + "${STRING_VIEW_LITE_INCLUDE}" + "${SYSDIG_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp" + "${SYSDIG_SOURCE_DIR}/userspace/libscap" + "${SYSDIG_SOURCE_DIR}/userspace/libsinsp" + "${PROJECT_BINARY_DIR}/userspace/engine") +else() + target_include_directories( + falco_engine + PUBLIC + "${LUAJIT_INCLUDE}" + "${NJSON_INCLUDE}" + "${CURL_INCLUDE_DIR}" + "${TBB_INCLUDE_DIR}" + "${STRING_VIEW_LITE_INCLUDE}" + "${SYSDIG_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp" + "${SYSDIG_SOURCE_DIR}/userspace/libscap" + "${SYSDIG_SOURCE_DIR}/userspace/libsinsp" + "${PROJECT_BINARY_DIR}/userspace/engine") +endif() target_link_libraries(falco_engine "${FALCO_SINSP_LIBRARY}" "${LPEG_LIB}" "${LYAML_LIB}" "${LIBYAML_LIB}") diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt index f52fd2aa..162820b4 100644 --- a/userspace/falco/CMakeLists.txt +++ b/userspace/falco/CMakeLists.txt @@ -13,31 +13,33 @@ configure_file("${SYSDIG_SOURCE_DIR}/userspace/sysdig/config_sysdig.h.in" config_sysdig.h) -add_custom_command( - OUTPUT - ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.h - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h - COMMENT "Generate gRPC API" - # Falco gRPC Version API - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} - ${CMAKE_CURRENT_SOURCE_DIR}/version.proto - # Falco gRPC Outputs API - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto - ${CMAKE_CURRENT_SOURCE_DIR}/schema.proto - COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} - ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto - WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) +if(NOT MINIMAL_BUILD) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc + ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h + ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc + ${CMAKE_CURRENT_BINARY_DIR}/version.pb.h + ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc + ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.h + ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc + ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.h + ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc + ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.h + COMMENT "Generate gRPC API" + # Falco gRPC Version API + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/version.proto + COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/version.proto + COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} + ${CMAKE_CURRENT_SOURCE_DIR}/version.proto + # Falco gRPC Outputs API + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto + COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --cpp_out=. ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto + ${CMAKE_CURRENT_SOURCE_DIR}/schema.proto + COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN} + ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto + WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}) +endif() if(MINIMAL_BUILD) add_executable( @@ -48,16 +50,7 @@ add_executable( event_drops.cpp statsfilewriter.cpp falco.cpp - "${SYSDIG_SOURCE_DIR}/userspace/sysdig/fields_info.cpp" - grpc_context.cpp - grpc_server_impl.cpp - grpc_request_context.cpp - grpc_server.cpp - ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc - ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc) + "${SYSDIG_SOURCE_DIR}/userspace/sysdig/fields_info.cpp") else() add_executable( falco @@ -98,10 +91,6 @@ if(MINIMAL_BUILD) "${PROJECT_BINARY_DIR}/driver/src" "${STRING_VIEW_LITE_INCLUDE}" "${YAMLCPP_INCLUDE_DIR}" - "${OPENSSL_INCLUDE_DIR}" - "${GRPC_INCLUDE}" - "${GRPCPP_INCLUDE}" - "${PROTOBUF_INCLUDE}" "${CMAKE_CURRENT_BINARY_DIR}" "${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include") @@ -109,12 +98,6 @@ if(MINIMAL_BUILD) falco falco_engine sinsp - "${GPR_LIB}" - "${GRPC_LIB}" - "${GRPCPP_LIB}" - "${PROTOBUF_LIB}" - "${OPENSSL_LIBRARY_SSL}" - "${OPENSSL_LIBRARY_CRYPTO}" "${LIBYAML_LIB}" "${YAMLCPP_LIB}") else() diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp index c73b0da7..7e160867 100644 --- a/userspace/falco/falco.cpp +++ b/userspace/falco/falco.cpp @@ -45,8 +45,8 @@ limitations under the License. #include "statsfilewriter.h" #ifndef MINIMAL_BUILD #include "webserver.h" -#endif #include "grpc_server.h" +#endif #include "banned.h" // This raises a compilation error when certain functions are used typedef function open_t; @@ -106,6 +106,7 @@ static void usage() " Can not be specified with -t.\n" " -e Read the events from (in .scap format for sinsp events, or jsonl for\n" " k8s audit events) instead of tapping into live.\n" +#ifndef MINIMAL_BUILD " -k , --k8s-api \n" " Enable Kubernetes support by connecting to the API server specified as argument.\n" " E.g. \"http://admin:password@127.0.0.1:8080\".\n" @@ -119,15 +120,18 @@ static void usage() " for this option, it will be interpreted as the name of a file containing bearer token.\n" " Note that the format of this command-line option prohibits use of files whose names contain\n" " ':' or '#' characters in the file name.\n" +#endif " -L Show the name and description of all rules and exit.\n" " -l Show the name and description of the rule with name and exit.\n" " --list [] List all defined fields. If is provided, only list those fields for\n" " the source . Current values for are \"syscall\", \"k8s_audit\"\n" +#ifndef MINIMAL_BUILD " -m , --mesos-api \n" " Enable Mesos support by connecting to the API server\n" " specified as argument. E.g. \"http://admin:password@127.0.0.1:5050\".\n" " Marathon url is optional and defaults to Mesos address, port 8080.\n" " The API servers can also be specified via the environment variable FALCO_MESOS_API.\n" +#endif " -M Stop collecting after reached.\n" " -N When used with --list, only print field names.\n" " -o, --option = Set the value of option to . Overrides values in configuration file.\n" @@ -433,9 +437,11 @@ int falco_init(int argc, char **argv) bool verbose = false; bool names_only = false; bool all_events = false; +#ifndef MINIMAL_BUILD string* k8s_api = 0; string* k8s_api_cert = 0; string* mesos_api = 0; +#endif string output_format = ""; uint32_t snaplen = 0; bool replace_container_info = false; @@ -467,9 +473,9 @@ int falco_init(int argc, char **argv) #ifndef MINIMAL_BUILD falco_webserver webserver; -#endif falco::grpc::server grpc_server; std::thread grpc_server_thread; +#endif static struct option long_options[] = { @@ -536,8 +542,10 @@ int falco_init(int argc, char **argv) break; case 'e': trace_filename = optarg; +#ifndef MINIMAL_BUILD k8s_api = new string(); mesos_api = new string(); +#endif break; case 'F': list_flds = optarg; @@ -545,21 +553,25 @@ int falco_init(int argc, char **argv) case 'i': print_ignored_events = true; break; +#ifndef MINIMAL_BUILD case 'k': k8s_api = new string(optarg); break; case 'K': k8s_api_cert = new string(optarg); break; +#endif case 'L': describe_all_rules = true; break; case 'l': describe_rule = optarg; break; +#ifndef MINIMAL_BUILD case 'm': mesos_api = new string(optarg); break; +#endif case 'M': duration_to_tot = atoi(optarg); if(duration_to_tot <= 0) @@ -1181,6 +1193,7 @@ int falco_init(int argc, char **argv) duration = ((double)clock()) / CLOCKS_PER_SEC; +#ifndef MINIMAL_BUILD // // Run k8s, if required // @@ -1238,7 +1251,6 @@ int falco_init(int argc, char **argv) delete mesos_api; mesos_api = 0; -#ifndef MINIMAL_BUILD if(trace_filename.empty() && config.m_webserver_enabled && !disable_k8s_audit) { std::string ssl_option = (config.m_webserver_ssl_enabled ? " (SSL)" : ""); @@ -1246,7 +1258,6 @@ int falco_init(int argc, char **argv) webserver.init(&config, engine, outputs); webserver.start(); } -#endif // gRPC server if(config.m_grpc_enabled) @@ -1266,6 +1277,7 @@ int falco_init(int argc, char **argv) grpc_server.run(); }); } +#endif if(!trace_filename.empty() && !trace_is_scap) { @@ -1321,12 +1333,12 @@ int falco_init(int argc, char **argv) sdropmgr.print_stats(); #ifndef MINIMAL_BUILD webserver.stop(); -#endif if(grpc_server_thread.joinable()) { grpc_server.shutdown(); grpc_server_thread.join(); } +#endif } catch(exception &e) { @@ -1336,12 +1348,12 @@ int falco_init(int argc, char **argv) #ifndef MINIMAL_BUILD webserver.stop(); -#endif if(grpc_server_thread.joinable()) { grpc_server.shutdown(); grpc_server_thread.join(); } +#endif } exit: diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 450d0c9e..fddc6902 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -14,7 +14,9 @@ See the License for the specific language governing permissions and limitations under the License. */ +#ifndef MINIMAL_BUILD #include +#endif #include "falco_outputs.h" @@ -22,15 +24,19 @@ limitations under the License. #include "formats.h" #include "logger.h" +#ifndef MINIMAL_BUILD #include "falco_outputs_queue.h" +#endif #include "banned.h" // This raises a compilation error when certain functions are used using namespace std; const static struct luaL_reg ll_falco_outputs [] = { +#ifndef MINIMAL_BUILD {"handle_http", &falco_outputs::handle_http}, {"handle_grpc", &falco_outputs::handle_grpc}, +#endif {NULL, NULL} }; @@ -259,6 +265,7 @@ void falco_outputs::reopen_outputs() } } +#ifndef MINIMAL_BUILD int falco_outputs::handle_http(lua_State *ls) { CURL *curl = NULL; @@ -369,3 +376,4 @@ int falco_outputs::handle_grpc(lua_State *ls) return 1; } +#endif diff --git a/userspace/falco/falco_outputs.h b/userspace/falco/falco_outputs.h index 8f2007b8..8fc6ce1a 100644 --- a/userspace/falco/falco_outputs.h +++ b/userspace/falco/falco_outputs.h @@ -74,8 +74,10 @@ public: void reopen_outputs(); +#ifndef MINIMAL_BUILD static int handle_http(lua_State *ls); static int handle_grpc(lua_State *ls); +#endif private: