chore(cmake): bump falcoctl dependency version to 0.12.2

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

cmake/modules/CompilerFlags.cmake

@@ -23,6 +23,7 @@ endif()
 string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE)
 if(CMAKE_BUILD_TYPE STREQUAL "debug")
 	set(KBUILD_FLAGS "${FALCO_EXTRA_DEBUG_FLAGS} ${FALCO_EXTRA_FEATURE_FLAGS}")
+	add_definitions(-DBUILD_TYPE_DEBUG)
 elseif(CMAKE_BUILD_TYPE STREQUAL "relwithdebinfo")
 	set(KBUILD_FLAGS "${FALCO_EXTRA_FEATURE_FLAGS}")
 	add_definitions(-DBUILD_TYPE_RELWITHDEBINFO)

cmake/modules/falcoctl.cmake

@@ -20,16 +20,16 @@ option(ADD_FALCOCTL_DEPENDENCY "Add falcoctl dependency while building falco" ON
 if(ADD_FALCOCTL_DEPENDENCY)
 	string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)
 
-	set(FALCOCTL_VERSION "0.12.1")
+	set(FALCOCTL_VERSION "0.12.2")
 
 	message(STATUS "Building with falcoctl: ${FALCOCTL_VERSION}")
 
 	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
 		set(FALCOCTL_SYSTEM_PROC_GO "amd64")
-		set(FALCOCTL_HASH "dca157ce150dff084479cfcebf2b4cee455a7d2c6473e189f3b159c74251f982")
+		set(FALCOCTL_HASH "7e0e232aa73825383d3382b3af8a38466289a768f9c1c7f25bd7e11a3ed6980a")
 	else() # aarch64
 		set(FALCOCTL_SYSTEM_PROC_GO "arm64")
-		set(FALCOCTL_HASH "580833ecb0776ede67096ae2ac621ab78761454fdee7bffdeeed0889a45f24bd")
+		set(FALCOCTL_HASH "9b7dd75189f997da6423bcdb5dfe68840f20c56f95d30d323d26d0c4bd75a8e3")
 	endif()
 
 	ExternalProject_Add(

scripts/debian/postinst.in

@@ -60,7 +60,7 @@ if [ "$1" = "configure" ]; then
                     1 "Manual configuration (no unit is started)" \
                     2 "Automatic selection" \
                     3 "Kmod" \
-                    4 "eBPF" \
+                    4 "eBPF (deprecated)" \
                     5 "Modern eBPF" \
                     2>&1 >/dev/tty)
         fi

scripts/rpm/postinstall.in

@@ -59,7 +59,7 @@ if [ $1 -ge 1 ]; then
                     1 "Manual configuration (no unit is started)" \
                     2 "Automatic selection" \
                     3 "Kmod" \
-                    4 "eBPF" \
+                    4 "eBPF (deprecated)" \
                     5 "Modern eBPF" \
                     2>&1 >/dev/tty)
         fi

userspace/falco/app/actions/load_config.cpp

@@ -78,14 +78,14 @@ falco::app::run_result falco::app::actions::load_config(const falco::app::state&
 falco::app::run_result falco::app::actions::require_config_file(const falco::app::state& s) {
 #ifndef __EMSCRIPTEN__
 	if(s.options.conf_filename.empty()) {
-#ifndef BUILD_TYPE_RELEASE
+#ifdef BUILD_TYPE_DEBUG
 		return run_result::fatal(std::string("You must create a config file at ") +
 		                         FALCO_SOURCE_CONF_FILE + ", " + FALCO_INSTALL_CONF_FILE +
 		                         " or by passing -c");
-#else   // BUILD_TYPE_RELEASE
+#else
 		return run_result::fatal(std::string("You must create a config file at ") +
 		                         FALCO_INSTALL_CONF_FILE + " or by passing -c");
-#endif  // BUILD_TYPE_RELEASE
+#endif
 	}
 #endif  // __EMSCRIPTEN__
 	return run_result::ok();

userspace/falco/app/actions/print_generated_gvisor_config.cpp

@@ -17,6 +17,7 @@ limitations under the License.
 
 #include "config_falco.h"
 #include "actions.h"
+#include "logger.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;
@@ -26,6 +27,10 @@ falco::app::run_result falco::app::actions::print_generated_gvisor_config(falco:
 		return run_result::ok();
 	}
 
+	falco_logger::log(falco_logger::level::WARNING,
+	                  "Using feature for deprecated gVisor engine. Please consider switching to "
+	                  "another engine.");
+
 	sinsp i;
 	std::string gvisor_config =
 	        i.generate_gvisor_config(s.options.gvisor_generate_config_with_socket);

userspace/falco/app/options.cpp

@@ -51,7 +51,7 @@ bool options::parse(int argc, char **argv, std::string &errstr) {
 			return false;
 		}
 	} else {
-#ifndef BUILD_TYPE_RELEASE
+#ifdef BUILD_TYPE_DEBUG
 		conf_stream.open(FALCO_SOURCE_CONF_FILE);
 		if(conf_stream.is_open()) {
 			conf_filename = FALCO_SOURCE_CONF_FILE;
@@ -93,7 +93,7 @@ void options::define(cxxopts::Options& opts)
 {
 	opts.add_options()
 		("h,help",                   "Print this help list and exit.", cxxopts::value(help)->default_value("false"))
-#ifdef BUILD_TYPE_RELEASE
+#ifndef BUILD_TYPE_DEBUG
 		("c",                        "Configuration file. If not specified uses " FALCO_INSTALL_CONF_FILE ".", cxxopts::value(conf_filename), "<path>")
 #else
 		("c",                        "Configuration file. If not specified tries " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ".", cxxopts::value(conf_filename), "<path>")
@@ -104,7 +104,7 @@ void options::define(cxxopts::Options& opts)
 		("dry-run",                  "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("enable-source",            "Enable a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "<event_source>")
 #ifdef HAS_GVISOR
-		("gvisor-generate-config",   "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "<socket_path>")
+		("gvisor-generate-config",   "DEPRECATED: Generate a configuration file that can be used for gVisor and exit.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "<socket_path>")
 #endif
 		("i",                        "Print those events that are ignored by default for performance reasons and exit.", cxxopts::value(print_ignored_events)->default_value("false"))
 		("L",                        "Show the name and description of all rules and exit. If json_output is set to true, it prints details about all rules, macros, and lists in JSON format.", cxxopts::value(describe_all_rules)->default_value("false"))
@@ -117,7 +117,7 @@ void options::define(cxxopts::Options& opts)
 		("N",                        "Only print field names when used in conjunction with the --list option. It has no effect when used with other options.", cxxopts::value(names_only)->default_value("false"))
 		("o,option",                 "Set the value of option <opt> to <val>. Overrides values in the configuration file. <opt> can be identified using its location in the configuration file using dot notation. Elements of list entries can be accessed via square brackets [].\n    E.g. base.id = val\n         base.subvalue.subvalue2 = val\n         base.list[1]=val", cxxopts::value(cmdline_config_options), "<opt>=<val>")
 		("plugin-info",              "Print info for the plugin specified by <plugin_name> and exit.\nThis includes all descriptive information like name and author, along with the\nschema format for the init configuration and a list of suggested open parameters.\n<plugin_name> can be the plugin's name or its configured 'library_path'.", cxxopts::value(print_plugin_info), "<plugin_name>")
-		("p,print",                  "DEPRECATED: use -o append_output... instead. Print additional information in the rule's output.\nUse -pc or -pcontainer to append container details to syscall events.\nUse -pk or -pkubernetes to add both container and Kubernetes details to syscall events.\nIf using gVisor, choose -pcg or -pkg variants (or -pcontainer-gvisor and -pkubernetes-gvisor, respectively).\nThe details will be directly appended to the rule's output.\nAlternatively, use -p <output_format> for a custom format. In this case, the given <output_format> will be appended to the rule's output without any replacement to all events, including plugin events.", cxxopts::value(print_additional), "<output_format>")
+		("p,print",                  "DEPRECATED: use -o append_output... instead. Print additional information in the rule's output.\nUse -pc or -pcontainer to append container details to syscall events.\nUse -pk or -pkubernetes to add both container and Kubernetes details to syscall events.\nThe details will be directly appended to the rule's output.\nAlternatively, use -p <output_format> for a custom format. In this case, the given <output_format> will be appended to the rule's output without any replacement to all events, including plugin events.", cxxopts::value(print_additional), "<output_format>")
 		("P,pidfile",                "Write PID to specified <pid_file> path. By default, no PID file is created.", cxxopts::value(pidfilename)->default_value(""), "<pid_file>")
 		("r",                        "Rules file or directory to be loaded. This option can be passed multiple times. Falco defaults to the values in the configuration file when this option is not specified. Only files with .yml or .yaml extension are considered.", cxxopts::value<std::vector<std::string>>(), "<rules_file>")
 		("support",                  "Print support information, including version, rules files used, loaded configuration, etc., and exit. The output is in JSON format.", cxxopts::value(print_support)->default_value("false"))