fix(proposals): specify correct stable falco version

Updated the stable Falco version from 0.43.0 to 0.42.1 in the deprecation policy section.

Signed-off-by: Leonardo Di Giovanna <41296180+ekoops@users.noreply.github.com>

.github/workflows/reusable_build_packages.yaml

@@ -344,6 +344,44 @@ jobs:
           path: |
             ${{ github.workspace }}/build/falco-${{ inputs.version }}-wasm.tar.gz
 
+  build-win32-package:
+    if: ${{ inputs.arch == 'x86_64' }}
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          fetch-depth: 0
+
+      - name: Install NSIS
+        run: choco install nsis -y
+
+      # NOTE: Backslash doesn't work as line continuation on Windows.
+      - name: Prepare project
+        run: |
+          cmake -B build -S . -DCMAKE_BUILD_TYPE=Release -DMINIMAL_BUILD=On -DUSE_BUNDLED_DEPS=On -DBUILD_FALCO_UNIT_TESTS=On -DFALCO_VERSION=${{ inputs.version }}
+
+      - name: Build project
+        run: |
+          cmake --build build --target package --config Release
+
+      - name: Run unit Tests
+        run: |
+          build/unit_tests/Release/falco_unit_tests.exe
+
+      - name: Upload Falco win32 installer
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: falco-installer-Release-win32.exe
+          path: build/falco-*.exe
+
+      - name: Upload Falco win32 package
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: falco-Release-win32.exe
+          path: |
+            ${{ github.workspace }}/build/userspace/falco/Release/falco.exe
+
   build-macos-package:
     if: ${{ inputs.arch == 'x86_64' }}
     runs-on: macos-latest

.github/workflows/reusable_publish_packages.yaml

@@ -82,6 +82,11 @@ jobs:
           GPG_KEY: ${{ secrets.GPG_KEY }}
         run: printenv GPG_KEY | gpg --import -
 
+      - name: Sign rpms
+        run: |
+          rpmsign --define '_gpg_name Falcosecurity Package Signing' --addsign /tmp/falco-build-rpm/falco-*.rpm
+          rpm -qp --qf '%|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none)}|}|\n' /tmp/falco-build-rpm/falco-*.rpm
+
       - name: Publish wasm
         run: |
           ./scripts/publish-wasm -f /tmp/falco-wasm/falco-${{ inputs.version }}-wasm.tar.gz

CMakeLists.txt

@@ -288,12 +288,6 @@ if(NOT WIN32
    AND NOT MUSL_OPTIMIZED_BUILD
 )
 	include(falcoctl)
-	set(CONTAINER_VERSION "0.6.1")
-	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
-		set(CONTAINER_HASH "008989992ed1f31b3ffb94ba6b64ca5a8e2f91611a10c9d6213c5c0a499d0679")
-	else() # arm64
-		set(CONTAINER_HASH "f90a700b4c2b411b23e7cc461b61a316b242994aad853c3e6baf12481fb6f6c9")
-	endif()
 	include(container_plugin)
 
 	# Generate a binary_dir/falco.yaml that automatically enables the plugin to be used for local

cmake/modules/CompilerFlags.cmake

@@ -23,7 +23,6 @@ endif()
 string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE)
 if(CMAKE_BUILD_TYPE STREQUAL "debug")
 	set(KBUILD_FLAGS "${FALCO_EXTRA_DEBUG_FLAGS} ${FALCO_EXTRA_FEATURE_FLAGS}")
-	add_definitions(-DBUILD_TYPE_DEBUG)
 elseif(CMAKE_BUILD_TYPE STREQUAL "relwithdebinfo")
 	set(KBUILD_FLAGS "${FALCO_EXTRA_FEATURE_FLAGS}")
 	add_definitions(-DBUILD_TYPE_RELWITHDEBINFO)

cmake/modules/driver.cmake

@@ -35,9 +35,9 @@ else()
 	# FALCOSECURITY_LIBS_VERSION. In case you want to test against another driver version (or
 	# branch, or commit) just pass the variable - ie., `cmake -DDRIVER_VERSION=dev ..`
 	if(NOT DRIVER_VERSION)
-		set(DRIVER_VERSION "9.1.0+driver")
+		set(DRIVER_VERSION "9e6a8ccd4e4f5796f45ad486decd00b4996129b7")
 		set(DRIVER_CHECKSUM
-			"SHA256=14cba5b610bf48cd0a0a94b1156ed86bfb552c7ed24b68b1028360fa3af18cbb"
+			"SHA256=87902814e29718529094b89ff2a3ddbd4ee7aa77da824d4acbaad0d863e04ce9"
 		)
 	endif()
 

cmake/modules/falcoctl.cmake

@@ -20,16 +20,16 @@ option(ADD_FALCOCTL_DEPENDENCY "Add falcoctl dependency while building falco" ON
 if(ADD_FALCOCTL_DEPENDENCY)
 	string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)
 
-	set(FALCOCTL_VERSION "0.12.2")
+	set(FALCOCTL_VERSION "0.11.4")
 
 	message(STATUS "Building with falcoctl: ${FALCOCTL_VERSION}")
 
 	if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
 		set(FALCOCTL_SYSTEM_PROC_GO "amd64")
-		set(FALCOCTL_HASH "7e0e232aa73825383d3382b3af8a38466289a768f9c1c7f25bd7e11a3ed6980a")
+		set(FALCOCTL_HASH "8015cadcb4328abcbf140c3ca88031cd46426f7f3279d2802f0937ab1e41d66c")
 	else() # aarch64
 		set(FALCOCTL_SYSTEM_PROC_GO "arm64")
-		set(FALCOCTL_HASH "9b7dd75189f997da6423bcdb5dfe68840f20c56f95d30d323d26d0c4bd75a8e3")
+		set(FALCOCTL_HASH "246874f1168abb7a8463509c6191ede460e5a2b8a39058ef5c4a17b67cb86c85")
 	endif()
 
 	ExternalProject_Add(

cmake/modules/falcosecurity-libs.cmake

@@ -42,9 +42,9 @@ else()
 	# version (or branch, or commit) just pass the variable - ie., `cmake
 	# -DFALCOSECURITY_LIBS_VERSION=dev ..`
 	if(NOT FALCOSECURITY_LIBS_VERSION)
-		set(FALCOSECURITY_LIBS_VERSION "0.23.1")
+		set(FALCOSECURITY_LIBS_VERSION "9e6a8ccd4e4f5796f45ad486decd00b4996129b7")
 		set(FALCOSECURITY_LIBS_CHECKSUM
-			"SHA256=38c580626b072ed24518e8285a629923c8c4c6d6794b91b3b93474db7fd85cf7"
+			"SHA256=87902814e29718529094b89ff2a3ddbd4ee7aa77da824d4acbaad0d863e04ce9"
 		)
 	endif()
 

docker/driver-loader-buster/Dockerfile

@@ -17,12 +17,11 @@ LABEL usage="docker run -i -t --privileged -v /root/.falco:/root/.falco -v /proc
 ARG TARGETARCH
 
 ARG VERSION_BUCKET=deb
-ARG HOST_ROOT=/host
-ARG HOME=/root
-ENV FALCO_VERSION="${FALCO_VERSION}" \
-    VERSION_BUCKET="${VERSION_BUCKET}" \
-    HOST_ROOT="${HOST_ROOT}" \
-    HOME="${HOME}"
+ENV VERSION_BUCKET=${VERSION_BUCKET}
+
+ENV FALCO_VERSION=${FALCO_VERSION}
+ENV HOST_ROOT=/host
+ENV HOME=/root
 
 RUN cp /etc/skel/.bashrc /root && cp /etc/skel/.profile /root
 
@@ -137,6 +136,6 @@ RUN curl -L -o binutils_2.30-22_${TARGETARCH}.deb https://download.falco.org/dep
 	&& dpkg -i *binutils*.deb \
 	&& rm -f *binutils*.deb
 
-COPY docker/driver-loader-buster/docker-entrypoint.sh /
+COPY ./docker/driver-loader-buster/docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]

docker/falco-debian/Dockerfile

@@ -15,15 +15,14 @@ LABEL org.opencontainers.image.authors='The Falco Authors https://falco.org' \
 LABEL usage="docker run -i -t --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /proc:/host/proc:ro -v /etc:/host/etc:ro falcosecurity/falco:latest-debian"
 
 ARG VERSION_BUCKET=deb
-ARG HOST_ROOT=/host
-ARG HOME=/root
 
-ENV FALCO_VERSION="${FALCO_VERSION}" \
-    VERSION_BUCKET="${VERSION_BUCKET}" \
-    HOST_ROOT="${HOST_ROOT}" \
-    HOME="${HOME}"
+ENV FALCO_VERSION=${FALCO_VERSION}
+ENV VERSION_BUCKET=${VERSION_BUCKET}
 
-RUN apt-get -y update && apt-get -y install curl jq ca-certificates gnupg2 \
+ENV HOST_ROOT=/host
+ENV HOME=/root
+
+RUN apt-get -y update && apt-get -y install ca-certificates curl jq ca-certificates gnupg2 \
 	&& apt clean -y && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /
@@ -36,6 +35,6 @@ RUN curl -s https://falco.org/repo/falcosecurity-packages.asc | apt-key add - \
 	&& rm -rf /var/lib/apt/lists/*
 
 # Change the falco config within the container to enable ISO 8601 output.
-ADD config/falco.iso8601_timeformat.yaml /etc/falco/config.d/
+ADD ./config/falco.iso8601_timeformat.yaml /etc/falco/config.d/
 
 CMD ["/usr/bin/falco"]

docker/falco/Dockerfile

@@ -16,26 +16,22 @@ LABEL usage="docker run -i -t --privileged -v /var/run/docker.sock:/host/var/run
 # NOTE: for the "least privileged" use case, please refer to the official documentation
 
 ARG VERSION_BUCKET=bin
-ARG HOST_ROOT=/host
-ARG HOME=/root
 
-ENV FALCO_VERSION="${FALCO_VERSION}" \
-    VERSION_BUCKET="${VERSION_BUCKET}" \
-    HOST_ROOT="${HOST_ROOT}" \
-    HOME="${HOME}"
+ENV FALCO_VERSION=${FALCO_VERSION}
+ENV VERSION_BUCKET=${VERSION_BUCKET}
+ENV HOST_ROOT=/host
+ENV HOME=/root
 
 RUN apk update && apk add curl ca-certificates jq libstdc++
 
 WORKDIR /
 
-RUN ARCH=$(uname -m) && \
-    FALCO_VERSION_URLENCODED=$(echo -n "${FALCO_VERSION}" | jq -sRr @uri) && \
-    echo "Downloading Falco ${FALCO_VERSION} for ${ARCH}" && \
+RUN FALCO_VERSION_URLENCODED=$(echo -n ${FALCO_VERSION}|jq -sRr @uri) && \
     curl -L -o falco.tar.gz \
-    https://download.falco.org/packages/${VERSION_BUCKET}/${ARCH}/falco-${FALCO_VERSION_URLENCODED}-${ARCH}.tar.gz && \
+    https://download.falco.org/packages/${VERSION_BUCKET}/$(uname -m)/falco-${FALCO_VERSION_URLENCODED}-$(uname -m).tar.gz && \
     tar -xvf falco.tar.gz && \
     rm -f falco.tar.gz && \
-    mv falco-${FALCO_VERSION}-${ARCH} falco && \
+    mv falco-${FALCO_VERSION}-$(uname -m) falco && \
     rm -rf /falco/usr/src/falco-* && \
     cp -r /falco/* / && \
     rm -rf /falco && \
@@ -43,6 +39,6 @@ RUN ARCH=$(uname -m) && \
 
 
 # Change the falco config within the container to enable ISO 8601 output.
-ADD config/falco.iso8601_timeformat.yaml /etc/falco/config.d/
+ADD ./config/falco.iso8601_timeformat.yaml /etc/falco/config.d/
 
 CMD ["/usr/bin/falco"]

falco.yaml

@@ -70,9 +70,9 @@
 #     file_output [Stable]
 #     http_output [Stable]
 #     program_output [Stable]
-#     grpc_output [Deprecated]
+#     grpc_output [Stable]
 # Falco exposed services
-#     grpc [Deprecated]
+#     grpc [Stable]
 #     webserver [Stable]
 # Falco logging / alerting / metrics related to software functioning (basic)
 #     log_stderr [Stable]
@@ -282,14 +282,12 @@ rules_files:
 #
 # -- Falco supports different engines to generate events.
 # Choose the appropriate engine kind based on your system's configuration and requirements.
-# DEPRECATION NOTICE: the Legacy eBPF probe and the gVisor engine are currently deprecated. Consider using other
-# engines.
 #
 # Available engines:
 # - `kmod`: Kernel Module
-# - `ebpf`: Legacy eBPF probe (deprecated)
+# - `ebpf`: Legacy eBPF probe
 # - `modern_ebpf`: Modern eBPF (CO-RE eBPF probe)
-# - `gvisor`: gVisor sandbox (deprecated)
+# - `gvisor`: gVisor sandbox
 # - `replay`: Replay a scap trace file
 # - `nodriver`: No driver is injected into the system.
 #   This is useful to debug and to run plugins with 'syscall' source.
@@ -440,8 +438,7 @@ engine:
   kmod:
     buf_size_preset: 4
     drop_failed_exit: false
-  # -- Engine-specific configuration for Legacy eBPF (ebpf) engine. DEPRECATION NOTICE: the Legacy eBPF engine is
-  # deprecated.
+  # -- Engine-specific configuration for Legacy eBPF (ebpf) engine.
   ebpf:
     # -- Path to the elf file to load.
     probe: ${HOME}/.falco/falco-bpf.o
@@ -456,7 +453,7 @@ engine:
   replay:
     # -- Path to the capture file to replay (eg: /path/to/file.scap)
     capture_file: ""
-  # -- Engine-specific configuration for gVisor (gvisor) engine. DEPRECATION NOTICE: the gVisor engine is deprecated.
+  # -- Engine-specific configuration for gVisor (gvisor) engine.
   gvisor:
     # -- A Falco-compatible configuration file can be generated with
     # '--gvisor-generate-config' and utilized for both runsc and Falco.
@@ -801,7 +798,7 @@ append_output:
 # Falco outputs channels #
 ##########################
 
-# Falco supports various output channels, such as syslog, stdout, file, gRPC (deprecated),
+# Falco supports various output channels, such as syslog, stdout, file, gRPC,
 # webhook, and more. You can enable or disable these channels as needed to
 # control where Falco alerts and log messages are directed. This flexibility
 # allows seamless integration with your preferred logging and alerting systems.
@@ -897,14 +894,14 @@ program_output:
   # -- The program to execute.
   program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
 
-# [Deprecated] `grpc_output`
+# [Stable] `grpc_output`
 #
-# -- Use gRPC as an output service. DEPRECATION NOTICE: The gRPC output is deprecated. Consider using other outputs.
+# -- Use gRPC as an output service.
 #
 # gRPC is a modern and high-performance framework for remote procedure calls
 # (RPC). It utilizes protocol buffers for efficient data serialization. The gRPC
 # output in Falco provides a modern and efficient way to integrate with other
-# systems. By default, the setting is turned off. Enabling this option stores
+# systems. By default the setting is turned off. Enabling this option stores
 # output events in memory until they are consumed by a gRPC client. Ensure that
 # you have a consumer for the output events or leave it disabled.
 grpc_output:
@@ -915,10 +912,7 @@ grpc_output:
 # Falco exposed services #
 ##########################
 
-# [Deprecated] `grpc`
-#
-# -- A gRPC server (needed by the gRPC output). DEPRECATION NOTICE: The gRPC server is deprecated as a consequence of
-# the gRPC output deprecation.
+# [Stable] `grpc`
 #
 # Falco provides support for running a gRPC server using two main binding types:
 # 1. Over the network with mandatory mutual TLS authentication (mTLS), which

proposals/20251215-legacy-bpf-grpc-output-gvisor-engine-deprecation.md

@@ -102,7 +102,7 @@ The deprecation of these components introduces user-facing changes that must be
 deprecation policy for "non-backward compatible user-facing changes" (see
 [20231220-features-adoption-and-deprecation.md#deprecation-policy](./20231220-features-adoption-and-deprecation.md#deprecation-policy)).
 
-All components are stable, and given that the current stable Falco version is `0.43.0` (ante `1.0.0`), the minimum
+All components are stable, and given that the current stable Falco version is `0.42.1` (ante `1.0.0`), the minimum
 deprecation period length is 1 release: this means that components cannot be removed before Falco `0.44.0`.
 
 At high level, the action plan is to inform users, during the deprecation period, about the deprecation: this is

scripts/debian/postinst.in

@@ -60,7 +60,7 @@ if [ "$1" = "configure" ]; then
                     1 "Manual configuration (no unit is started)" \
                     2 "Automatic selection" \
                     3 "Kmod" \
-                    4 "eBPF (deprecated)" \
+                    4 "eBPF" \
                     5 "Modern eBPF" \
                     2>&1 >/dev/tty)
         fi

scripts/publish-rpm

@@ -14,16 +14,6 @@ check_program() {
   fi
 }
 
-# Sign RPM packages with embedded GPG signature using rpmsign
-#
-# $@: paths of RPM files to sign.
-rpmsign_packages() {
-    echo "Signing RPM packages with rpmsign..."
-    rpmsign --define '_gpg_name Falcosecurity Package Signing' --resign "$@"
-    echo "Verifying RPM signatures..."
-    rpm -qp --qf '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}: %|DSAHEADER?{%{DSAHEADER:pgpsig}}:{%|RSAHEADER?{%{RSAHEADER:pgpsig}}:{(none)}|}|\n' "$@"
-}
-
 # Updates the signature of a RPM package in the local repository
 #
 # $1: path of the repository.
@@ -137,8 +127,6 @@ fi
 check_program createrepo
 check_program gpg
 check_program aws
-check_program rpmsign
-check_program rpm
 
 # settings
 s3_bucket_repo="s3://falco-distribution/packages/${repo}"
@@ -152,32 +140,19 @@ aws s3 cp ${s3_bucket_repo} ${tmp_repo_path} --recursive
 
 # update signatures for all existing packages
 if [ "${sign_all}" ]; then
-  # collect all RPM files
-  rpm_files=()
   for file in ${tmp_repo_path}/*; do
-    if [ -f "$file" ] && [[ $file == *.rpm ]]; then
-      rpm_files+=("$file")
+    if [ -f "$file" ]; then # exclude directories, symlinks, etc...
+      if [[ ! $file == *.asc ]]; then # exclude signature files
+        package=$(basename -- ${file})
+        echo "Signing ${package}..."
+        sign_rpm ${tmp_repo_path} ${file}
+
+        echo "Syncing ${package}.asc to ${s3_bucket_repo}..."
+        aws s3 cp ${tmp_repo_path}/${package}.asc ${s3_bucket_repo}/${package}.asc --acl public-read
+      fi
     fi
   done
-
-  # sign all RPM packages with embedded GPG signature
-  if [ ${#rpm_files[@]} -gt 0 ]; then
-    rpmsign_packages "${rpm_files[@]}"
-  fi
-
-  # create detached signatures and upload
-  for file in "${rpm_files[@]}"; do
-    package=$(basename -- ${file})
-    echo "Creating detached signature for ${package}..."
-    sign_rpm ${tmp_repo_path} ${file}
-
-    echo "Syncing ${package} and ${package}.asc to ${s3_bucket_repo}..."
-    aws s3 cp ${tmp_repo_path}/${package} ${s3_bucket_repo}/${package} --acl public-read
-    aws s3 cp ${tmp_repo_path}/${package}.asc ${s3_bucket_repo}/${package}.asc --acl public-read
-  done
-  aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DIST_ID} --paths ${cloudfront_path}/*.rpm
   aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_DIST_ID} --paths ${cloudfront_path}/*.asc
-  update_repo ${tmp_repo_path}
   sign_repo ${tmp_repo_path}
 fi
 
@@ -186,9 +161,8 @@ if [[ ${repo} == "rpm-dev" ]]; then
   reduce_dir_size ${tmp_repo_path} 10 rpm
 fi
 
-# sign and add new packages to the repo
+# update the repo by adding new packages
 if ! [ ${#files[@]} -eq 0 ]; then
-  rpmsign_packages "${files[@]}"
   for file in "${files[@]}"; do
     echo "Adding ${file}..."
     add_rpm ${tmp_repo_path} ${file}

scripts/rpm/postinstall.in

@@ -59,7 +59,7 @@ if [ $1 -ge 1 ]; then
                     1 "Manual configuration (no unit is started)" \
                     2 "Automatic selection" \
                     3 "Kmod" \
-                    4 "eBPF (deprecated)" \
+                    4 "eBPF" \
                     5 "Modern eBPF" \
                     2>&1 >/dev/tty)
         fi

userspace/engine/rule_loader.h

@@ -215,8 +215,7 @@ struct deprecated_field_warning : warning {
 	        df(df) {}
 
 	std::string as_string() const override {
-		return warning::as_string() + ": field '" + falco::load_result::deprecated_field_str(df) +
-		       "'";
+		return warning::as_string() + ": field '" + falco::load_result::deprecated_field_str(df);
 	};
 	std::string description() const override {
 		return warning::description() + ": " + falco::load_result::deprecated_field_desc(df);

userspace/falco/app/actions/load_config.cpp

@@ -78,14 +78,14 @@ falco::app::run_result falco::app::actions::load_config(const falco::app::state&
 falco::app::run_result falco::app::actions::require_config_file(const falco::app::state& s) {
 #ifndef __EMSCRIPTEN__
 	if(s.options.conf_filename.empty()) {
-#ifdef BUILD_TYPE_DEBUG
+#ifndef BUILD_TYPE_RELEASE
 		return run_result::fatal(std::string("You must create a config file at ") +
 		                         FALCO_SOURCE_CONF_FILE + ", " + FALCO_INSTALL_CONF_FILE +
 		                         " or by passing -c");
-#else
+#else   // BUILD_TYPE_RELEASE
 		return run_result::fatal(std::string("You must create a config file at ") +
 		                         FALCO_INSTALL_CONF_FILE + " or by passing -c");
-#endif
+#endif  // BUILD_TYPE_RELEASE
 	}
 #endif  // __EMSCRIPTEN__
 	return run_result::ok();

userspace/falco/app/actions/print_generated_gvisor_config.cpp

@@ -17,7 +17,6 @@ limitations under the License.
 
 #include "config_falco.h"
 #include "actions.h"
-#include "logger.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;
@@ -27,10 +26,6 @@ falco::app::run_result falco::app::actions::print_generated_gvisor_config(falco:
 		return run_result::ok();
 	}
 
-	falco_logger::log(falco_logger::level::WARNING,
-	                  "Using feature for deprecated gVisor engine. Please consider switching to "
-	                  "another engine.");
-
 	sinsp i;
 	std::string gvisor_config =
 	        i.generate_gvisor_config(s.options.gvisor_generate_config_with_socket);

userspace/falco/app/options.cpp

@@ -51,7 +51,7 @@ bool options::parse(int argc, char **argv, std::string &errstr) {
 			return false;
 		}
 	} else {
-#ifdef BUILD_TYPE_DEBUG
+#ifndef BUILD_TYPE_RELEASE
 		conf_stream.open(FALCO_SOURCE_CONF_FILE);
 		if(conf_stream.is_open()) {
 			conf_filename = FALCO_SOURCE_CONF_FILE;
@@ -93,7 +93,7 @@ void options::define(cxxopts::Options& opts)
 {
 	opts.add_options()
 		("h,help",                   "Print this help list and exit.", cxxopts::value(help)->default_value("false"))
-#ifndef BUILD_TYPE_DEBUG
+#ifdef BUILD_TYPE_RELEASE
 		("c",                        "Configuration file. If not specified uses " FALCO_INSTALL_CONF_FILE ".", cxxopts::value(conf_filename), "<path>")
 #else
 		("c",                        "Configuration file. If not specified tries " FALCO_SOURCE_CONF_FILE ", " FALCO_INSTALL_CONF_FILE ".", cxxopts::value(conf_filename), "<path>")
@@ -104,7 +104,7 @@ void options::define(cxxopts::Options& opts)
 		("dry-run",                  "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false"))
 		("enable-source",            "Enable a specific <event_source>. By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "<event_source>")
 #ifdef HAS_GVISOR
-		("gvisor-generate-config",   "DEPRECATED: Generate a configuration file that can be used for gVisor and exit.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "<socket_path>")
+		("gvisor-generate-config",   "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value<std::string>(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "<socket_path>")
 #endif
 		("i",                        "Print those events that are ignored by default for performance reasons and exit.", cxxopts::value(print_ignored_events)->default_value("false"))
 		("L",                        "Show the name and description of all rules and exit. If json_output is set to true, it prints details about all rules, macros, and lists in JSON format.", cxxopts::value(describe_all_rules)->default_value("false"))
@@ -117,7 +117,7 @@ void options::define(cxxopts::Options& opts)
 		("N",                        "Only print field names when used in conjunction with the --list option. It has no effect when used with other options.", cxxopts::value(names_only)->default_value("false"))
 		("o,option",                 "Set the value of option <opt> to <val>. Overrides values in the configuration file. <opt> can be identified using its location in the configuration file using dot notation. Elements of list entries can be accessed via square brackets [].\n    E.g. base.id = val\n         base.subvalue.subvalue2 = val\n         base.list[1]=val", cxxopts::value(cmdline_config_options), "<opt>=<val>")
 		("plugin-info",              "Print info for the plugin specified by <plugin_name> and exit.\nThis includes all descriptive information like name and author, along with the\nschema format for the init configuration and a list of suggested open parameters.\n<plugin_name> can be the plugin's name or its configured 'library_path'.", cxxopts::value(print_plugin_info), "<plugin_name>")
-		("p,print",                  "DEPRECATED: use -o append_output... instead. Print additional information in the rule's output.\nUse -pc or -pcontainer to append container details to syscall events.\nUse -pk or -pkubernetes to add both container and Kubernetes details to syscall events.\nThe details will be directly appended to the rule's output.\nAlternatively, use -p <output_format> for a custom format. In this case, the given <output_format> will be appended to the rule's output without any replacement to all events, including plugin events.", cxxopts::value(print_additional), "<output_format>")
+		("p,print",                  "DEPRECATED: use -o append_output... instead. Print additional information in the rule's output.\nUse -pc or -pcontainer to append container details to syscall events.\nUse -pk or -pkubernetes to add both container and Kubernetes details to syscall events.\nIf using gVisor, choose -pcg or -pkg variants (or -pcontainer-gvisor and -pkubernetes-gvisor, respectively).\nThe details will be directly appended to the rule's output.\nAlternatively, use -p <output_format> for a custom format. In this case, the given <output_format> will be appended to the rule's output without any replacement to all events, including plugin events.", cxxopts::value(print_additional), "<output_format>")
 		("P,pidfile",                "Write PID to specified <pid_file> path. By default, no PID file is created.", cxxopts::value(pidfilename)->default_value(""), "<pid_file>")
 		("r",                        "Rules file or directory to be loaded. This option can be passed multiple times. Falco defaults to the values in the configuration file when this option is not specified. Only files with .yml or .yaml extension are considered.", cxxopts::value<std::vector<std::string>>(), "<rules_file>")
 		("support",                  "Print support information, including version, rules files used, loaded configuration, etc., and exit. The output is in JSON format.", cxxopts::value(print_support)->default_value("false"))

userspace/falco/configuration.cpp

@@ -254,12 +254,6 @@ void falco_configuration::load_engine_config(const std::string &config_name) {
 		                       driver_mode_str + "' is not a valid kind.");
 	}
 
-	if(m_engine_mode == engine_kind_t::EBPF || m_engine_mode == engine_kind_t::GVISOR) {
-		falco_logger::log(falco_logger::level::WARNING,
-		                  "Using deprecated engine '" + driver_mode_str +
-		                          "'. Please consider switching to another engine.");
-	}
-
 	switch(m_engine_mode) {
 	case engine_kind_t::KMOD:
 		m_kmod.m_buf_size_preset = m_config.get_scalar<int16_t>("engine.kmod.buf_size_preset",
@@ -479,11 +473,6 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 	}
 
 	m_grpc_enabled = m_config.get_scalar<bool>("grpc.enabled", false);
-	if(m_grpc_enabled) {
-		falco_logger::log(falco_logger::level::WARNING,
-		                  "Using deprecated gRPC server (deprecated as consequence of gRPC output "
-		                  "deprecation).");
-	}
 	m_grpc_bind_address = m_config.get_scalar<std::string>("grpc.bind_address", "0.0.0.0:5060");
 	m_grpc_threadiness = m_config.get_scalar<uint32_t>("grpc.threadiness", 0);
 	if(m_grpc_threadiness == 0) {
@@ -499,13 +488,8 @@ void falco_configuration::load_yaml(const std::string &config_name) {
 
 	falco::outputs::config grpc_output;
 	grpc_output.name = "grpc";
-	const auto grpc_output_enabled = m_config.get_scalar<bool>("grpc_output.enabled", true);
-	if(grpc_output_enabled) {
-		falco_logger::log(falco_logger::level::WARNING,
-		                  "Using deprecated gRPC output. Please consider using other outputs.");
-	}
 	// gRPC output is enabled only if gRPC server is enabled too
-	if(grpc_output_enabled && m_grpc_enabled) {
+	if(m_config.get_scalar<bool>("grpc_output.enabled", true) && m_grpc_enabled) {
 		m_outputs.push_back(grpc_output);
 	}
 

userspace/falco/outputs_program.cpp

@@ -16,22 +16,12 @@ limitations under the License.
 */
 
 #include "outputs_program.h"
-#include "logger.h"
 #include <stdio.h>
-#include <cerrno>
-#include <cstring>
 
 void falco::outputs::output_program::open_pfile() {
 	if(m_pfile == nullptr) {
 		m_pfile = popen(m_oc.options["program"].c_str(), "w");
 
-		if(m_pfile == nullptr) {
-			falco_logger::log(falco_logger::level::ERR,
-			                  "Failed to open program output: " + m_oc.options["program"] +
-			                          " (error: " + std::string(std::strerror(errno)) + ")");
-			return;
-		}
-
 		if(!m_buffered) {
 			setvbuf(m_pfile, NULL, _IONBF, 0);
 		}
@@ -41,9 +31,7 @@ void falco::outputs::output_program::open_pfile() {
 void falco::outputs::output_program::output(const message *msg) {
 	open_pfile();
 
-	if(m_pfile != nullptr) {
-		fprintf(m_pfile, "%s\n", msg->msg.c_str());
-	}
+	fprintf(m_pfile, "%s\n", msg->msg.c_str());
 
 	if(m_oc.options["keep_alive"] != "true") {
 		cleanup();

userspace/falco/outputs_program.h

@@ -32,7 +32,7 @@ class output_program : public abstract_output {
 private:
 	void open_pfile();
 
-	FILE *m_pfile = nullptr;
+	FILE *m_pfile;
 };
 
 }  // namespace outputs