build: remove gRPC, openssl, curl from minimal build

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>

CMakeLists.txt

@@ -128,11 +128,13 @@ ExternalProject_Add(
 # yaml-cpp
 include(yaml-cpp)
 
-# OpenSSL
+if(NOT MINIMAL_BUILD)
-include(OpenSSL)
+  # OpenSSL
+  include(OpenSSL)
 
-# libcurl
+  # libcurl
-include(cURL)
+  include(cURL)
+endif()
 
 # LuaJIT
 set(LUAJIT_SRC "${PROJECT_BINARY_DIR}/luajit-prefix/src/luajit/src")
@@ -200,12 +202,12 @@ ExternalProject_Add(
   INSTALL_COMMAND "")
 
 if(NOT MINIMAL_BUILD)
-# civetweb
+  # civetweb
-set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/")
+  set(CIVETWEB_SRC "${PROJECT_BINARY_DIR}/civetweb-prefix/src/civetweb/")
-set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a")
+  set(CIVETWEB_LIB "${CIVETWEB_SRC}/install/lib/libcivetweb.a")
-set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include")
+  set(CIVETWEB_INCLUDE_DIR "${CIVETWEB_SRC}/install/include")
-message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'")
+  message(STATUS "Using bundled civetweb in '${CIVETWEB_SRC}'")
-ExternalProject_Add(
+  ExternalProject_Add(
     civetweb
     URL "https://github.com/civetweb/civetweb/archive/v1.11.tar.gz"
     URL_HASH "SHA256=de7d5e7a2d9551d325898c71e41d437d5f7b51e754b242af897f7be96e713a42"
@@ -219,8 +221,10 @@ endif()
 #string-view-lite
 include(DownloadStringViewLite)
 
-# gRPC
+if(NOT MINIMAL_BUILD)
-include(gRPC)
+  # gRPC
+  include(gRPC)
+endif()
 
 # sysdig
 include(sysdig)

cmake/modules/sysdig.cmake

@@ -27,8 +27,8 @@ file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
 # default below In case you want to test against another sysdig version just pass the variable - ie., `cmake
 # -DSYSDIG_VERSION=dev ..`
 if(NOT SYSDIG_VERSION)
-  set(SYSDIG_VERSION "ae104eb20ff0198a5dcb0c91cc36c86e7c3f25c7")
+  set(SYSDIG_VERSION "build/stripped") # todo(leogr): set the correct version and checksum before merging
-  set(SYSDIG_CHECKSUM "SHA256=43d274e4ce16b0d0e4dd00aab78006c902f36070d1cbb22d12a2685134a2ae51")
+  set(SYSDIG_CHECKSUM "SHA256=653a2e665b3a0ac2cafac07debaa779dc65113f9308f4e4e4ff3d5c9582836d3")
 endif()
 set(PROBE_VERSION "${SYSDIG_VERSION}")
 
@@ -65,5 +65,8 @@ add_dependencies(sinsp tbb b64 luajit)
 set(CREATE_TEST_TARGETS OFF)
 
 if(USE_BUNDLED_DEPS)
-  add_dependencies(scap grpc curl jq)
+  add_dependencies(scap jq)
+  if(NOT MINIMAL_BUILD)
+    add_dependencies(scap curl grpc)
+  endif()
 endif()

userspace/engine/CMakeLists.txt

@@ -27,7 +27,20 @@ if(USE_BUNDLED_DEPS)
   add_dependencies(falco_engine libyaml)
 endif()
 
-target_include_directories(
+if(MINIMAL_BUILD)
+  target_include_directories(
+    falco_engine
+    PUBLIC
+      "${LUAJIT_INCLUDE}"
+      "${NJSON_INCLUDE}"
+      "${TBB_INCLUDE_DIR}"
+      "${STRING_VIEW_LITE_INCLUDE}"
+      "${SYSDIG_SOURCE_DIR}/userspace/libsinsp/third-party/jsoncpp"
+      "${SYSDIG_SOURCE_DIR}/userspace/libscap"
+      "${SYSDIG_SOURCE_DIR}/userspace/libsinsp"
+      "${PROJECT_BINARY_DIR}/userspace/engine")
+else()
+  target_include_directories(
     falco_engine
     PUBLIC
       "${LUAJIT_INCLUDE}"
@@ -39,6 +52,7 @@ target_include_directories(
       "${SYSDIG_SOURCE_DIR}/userspace/libscap"
       "${SYSDIG_SOURCE_DIR}/userspace/libsinsp"
       "${PROJECT_BINARY_DIR}/userspace/engine")
+endif()
 
 target_link_libraries(falco_engine "${FALCO_SINSP_LIBRARY}" "${LPEG_LIB}" "${LYAML_LIB}" "${LIBYAML_LIB}")
 

userspace/falco/CMakeLists.txt

@@ -13,7 +13,8 @@
 
 configure_file("${SYSDIG_SOURCE_DIR}/userspace/sysdig/config_sysdig.h.in" config_sysdig.h)
 
-add_custom_command(
+if(NOT MINIMAL_BUILD)
+  add_custom_command(
     OUTPUT
       ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
       ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.h
@@ -38,6 +39,7 @@ add_custom_command(
     COMMAND ${PROTOC} -I ${CMAKE_CURRENT_SOURCE_DIR} --grpc_out=. --plugin=protoc-gen-grpc=${GRPC_CPP_PLUGIN}
             ${CMAKE_CURRENT_SOURCE_DIR}/outputs.proto
     WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
+endif()
 
 if(MINIMAL_BUILD)
 add_executable(
@@ -48,16 +50,7 @@ add_executable(
   event_drops.cpp
   statsfilewriter.cpp
   falco.cpp
-  "${SYSDIG_SOURCE_DIR}/userspace/sysdig/fields_info.cpp"
+  "${SYSDIG_SOURCE_DIR}/userspace/sysdig/fields_info.cpp")
-  grpc_context.cpp
-  grpc_server_impl.cpp
-  grpc_request_context.cpp
-  grpc_server.cpp
-  ${CMAKE_CURRENT_BINARY_DIR}/version.grpc.pb.cc
-  ${CMAKE_CURRENT_BINARY_DIR}/version.pb.cc
-  ${CMAKE_CURRENT_BINARY_DIR}/outputs.grpc.pb.cc
-  ${CMAKE_CURRENT_BINARY_DIR}/outputs.pb.cc
-  ${CMAKE_CURRENT_BINARY_DIR}/schema.pb.cc)
 else()
   add_executable(
     falco
@@ -98,10 +91,6 @@ if(MINIMAL_BUILD)
       "${PROJECT_BINARY_DIR}/driver/src"
       "${STRING_VIEW_LITE_INCLUDE}"
       "${YAMLCPP_INCLUDE_DIR}"
-      "${OPENSSL_INCLUDE_DIR}"
-      "${GRPC_INCLUDE}"
-      "${GRPCPP_INCLUDE}"
-      "${PROTOBUF_INCLUDE}"
       "${CMAKE_CURRENT_BINARY_DIR}"
       "${DRAIOS_DEPENDENCIES_DIR}/yaml-${DRAIOS_YAML_VERSION}/target/include")
 
@@ -109,12 +98,6 @@ if(MINIMAL_BUILD)
     falco
     falco_engine
     sinsp
-    "${GPR_LIB}"
-    "${GRPC_LIB}"
-    "${GRPCPP_LIB}"
-    "${PROTOBUF_LIB}"
-    "${OPENSSL_LIBRARY_SSL}"
-    "${OPENSSL_LIBRARY_CRYPTO}"
     "${LIBYAML_LIB}"
     "${YAMLCPP_LIB}")
 else()

userspace/falco/falco.cpp

@@ -45,8 +45,8 @@ limitations under the License.
 #include "statsfilewriter.h"
 #ifndef MINIMAL_BUILD
 #include "webserver.h"
-#endif
 #include "grpc_server.h"
+#endif
 #include "banned.h" // This raises a compilation error when certain functions are used
 
 typedef function<void(sinsp* inspector)> open_t;
@@ -106,6 +106,7 @@ static void usage()
 	   "                               Can not be specified with -t.\n"
 	   " -e <events_file>              Read the events from <events_file> (in .scap format for sinsp events, or jsonl for\n"
 	   "                               k8s audit events) instead of tapping into live.\n"
+#ifndef MINIMAL_BUILD
 	   " -k <url>, --k8s-api <url>\n"
 	   "                               Enable Kubernetes support by connecting to the API server specified as argument.\n"
        "                               E.g. \"http://admin:password@127.0.0.1:8080\".\n"
@@ -119,15 +120,18 @@ static void usage()
 	   "                               for this option, it will be interpreted as the name of a file containing bearer token.\n"
 	   "                               Note that the format of this command-line option prohibits use of files whose names contain\n"
 	   "                               ':' or '#' characters in the file name.\n"
+#endif
 	   " -L                            Show the name and description of all rules and exit.\n"
 	   " -l <rule>                     Show the name and description of the rule with name <rule> and exit.\n"
 	   " --list [<source>]             List all defined fields. If <source> is provided, only list those fields for\n"
 	   "                               the source <source>. Current values for <source> are \"syscall\", \"k8s_audit\"\n"
+#ifndef MINIMAL_BUILD
 	   " -m <url[,marathon_url]>, --mesos-api <url[,marathon_url]>\n"
 	   "                               Enable Mesos support by connecting to the API server\n"
 	   "                               specified as argument. E.g. \"http://admin:password@127.0.0.1:5050\".\n"
 	   "                               Marathon url is optional and defaults to Mesos address, port 8080.\n"
 	   "                               The API servers can also be specified via the environment variable FALCO_MESOS_API.\n"
+#endif
 	   " -M <num_seconds>              Stop collecting after <num_seconds> reached.\n"
 	   " -N                            When used with --list, only print field names.\n"
 	   " -o, --option <key>=<val>      Set the value of option <key> to <val>. Overrides values in configuration file.\n"
@@ -433,9 +437,11 @@ int falco_init(int argc, char **argv)
 	bool verbose = false;
 	bool names_only = false;
 	bool all_events = false;
+#ifndef MINIMAL_BUILD
 	string* k8s_api = 0;
 	string* k8s_api_cert = 0;
 	string* mesos_api = 0;
+#endif
 	string output_format = "";
 	uint32_t snaplen = 0;
 	bool replace_container_info = false;
@@ -467,9 +473,9 @@ int falco_init(int argc, char **argv)
 
 #ifndef MINIMAL_BUILD
 	falco_webserver webserver;
-#endif
 	falco::grpc::server grpc_server;
 	std::thread grpc_server_thread;
+#endif
 
 	static struct option long_options[] =
 	{
@@ -536,8 +542,10 @@ int falco_init(int argc, char **argv)
 				break;
 			case 'e':
 				trace_filename = optarg;
+#ifndef MINIMAL_BUILD
 				k8s_api = new string();
 				mesos_api = new string();
+#endif
 				break;
 			case 'F':
 				list_flds = optarg;
@@ -545,21 +553,25 @@ int falco_init(int argc, char **argv)
 			case 'i':
 				print_ignored_events = true;
 				break;
+#ifndef MINIMAL_BUILD
 			case 'k':
 				k8s_api = new string(optarg);
 				break;
 			case 'K':
 				k8s_api_cert = new string(optarg);
 				break;
+#endif
 			case 'L':
 				describe_all_rules = true;
 				break;
 			case 'l':
 				describe_rule = optarg;
 				break;
+#ifndef MINIMAL_BUILD
 			case 'm':
 				mesos_api = new string(optarg);
 				break;
+#endif
 			case 'M':
 				duration_to_tot = atoi(optarg);
 				if(duration_to_tot <= 0)
@@ -1181,6 +1193,7 @@ int falco_init(int argc, char **argv)
 
 		duration = ((double)clock()) / CLOCKS_PER_SEC;
 
+#ifndef MINIMAL_BUILD
 		//
 		// Run k8s, if required
 		//
@@ -1238,7 +1251,6 @@ int falco_init(int argc, char **argv)
 		delete mesos_api;
 		mesos_api = 0;
 
-#ifndef MINIMAL_BUILD
 		if(trace_filename.empty() && config.m_webserver_enabled && !disable_k8s_audit)
 		{
 			std::string ssl_option = (config.m_webserver_ssl_enabled ? " (SSL)" : "");
@@ -1246,7 +1258,6 @@ int falco_init(int argc, char **argv)
 			webserver.init(&config, engine, outputs);
 			webserver.start();
 		}
-#endif
 
 		// gRPC server
 		if(config.m_grpc_enabled)
@@ -1266,6 +1277,7 @@ int falco_init(int argc, char **argv)
 				grpc_server.run();
 			});
 		}
+#endif
 
 		if(!trace_filename.empty() && !trace_is_scap)
 		{
@@ -1321,12 +1333,12 @@ int falco_init(int argc, char **argv)
 		sdropmgr.print_stats();
 #ifndef MINIMAL_BUILD
 		webserver.stop();
-#endif
 		if(grpc_server_thread.joinable())
 		{
 			grpc_server.shutdown();
 			grpc_server_thread.join();
 		}
+#endif
 	}
 	catch(exception &e)
 	{
@@ -1336,12 +1348,12 @@ int falco_init(int argc, char **argv)
 
 #ifndef MINIMAL_BUILD
 		webserver.stop();
-#endif
 		if(grpc_server_thread.joinable())
 		{
 			grpc_server.shutdown();
 			grpc_server_thread.join();
 		}
+#endif
 	}
 
 exit:

userspace/falco/falco_outputs.cpp

@@ -14,7 +14,9 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
+#ifndef MINIMAL_BUILD
 #include <google/protobuf/util/time_util.h>
+#endif
 
 #include "falco_outputs.h"
 
@@ -22,15 +24,19 @@ limitations under the License.
 
 #include "formats.h"
 #include "logger.h"
+#ifndef MINIMAL_BUILD
 #include "falco_outputs_queue.h"
+#endif
 #include "banned.h" // This raises a compilation error when certain functions are used
 
 using namespace std;
 
 const static struct luaL_reg ll_falco_outputs [] =
 {
+#ifndef MINIMAL_BUILD
 	{"handle_http", &falco_outputs::handle_http},
 	{"handle_grpc", &falco_outputs::handle_grpc},
+#endif
 	{NULL, NULL}
 };
 
@@ -259,6 +265,7 @@ void falco_outputs::reopen_outputs()
 	}
 }
 
+#ifndef MINIMAL_BUILD
 int falco_outputs::handle_http(lua_State *ls)
 {
 	CURL *curl = NULL;
@@ -369,3 +376,4 @@ int falco_outputs::handle_grpc(lua_State *ls)
 
 	return 1;
 }
+#endif

userspace/falco/falco_outputs.h

@@ -74,8 +74,10 @@ public:
 
 	void reopen_outputs();
 
+#ifndef MINIMAL_BUILD
 	static int handle_http(lua_State *ls);
 	static int handle_grpc(lua_State *ls);
+#endif
 
 private: