cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #220216 from 06kellyjac/tracee

Browse source 
tracee: 0.11.0 -> 0.13.0
This commit is contained in:
Sandro 2023-04-05 14:22:50 +02:00 committed by GitHub
commit aba8811574
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 31 additions and 109 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/tests/tracee.nix
View file

@ -1,5 +1,7 @@
import ./make-test-python.nix ({ pkgs, ... }: { import ./make-test-python.nix ({ pkgs, ... }: {
name = "tracee-integration"; name = "tracee-integration";
meta.maintainers = pkgs.tracee.meta.maintainers;
nodes = { nodes = {
machine = { config, pkgs, ... }: { machine = { config, pkgs, ... }: {
# EventFilters/trace_only_events_from_new_containers and # EventFilters/trace_only_events_from_new_containers and
@ -7,11 +9,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
# require docker/dockerd # require docker/dockerd
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
environment.systemPackages = [ environment.systemPackages = with pkgs; [
# required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
pkgs.which which
# build the go integration tests as a binary # build the go integration tests as a binary
(pkgs.tracee.overrideAttrs (oa: { (tracee.overrideAttrs (oa: {
pname = oa.pname + "-integration"; pname = oa.pname + "-integration";
postPatch = oa.postPatch or "" + '' postPatch = oa.postPatch or "" + ''
# prepare tester.sh (which will be embedded in the test binary) # prepare tester.sh (which will be embedded in the test binary)
@ -20,10 +22,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
# fix the test to look at nixos paths for running programs # fix the test to look at nixos paths for running programs
substituteInPlace tests/integration/integration_test.go \ substituteInPlace tests/integration/integration_test.go \
--replace "bin=/usr/bin/" "comm=" \ --replace "bin=/usr/bin/" "comm=" \
--replace "binary=/usr/bin/" "comm=" \
--replace "/usr/bin/dockerd" "dockerd" \ --replace "/usr/bin/dockerd" "dockerd" \
--replace "/usr/bin" "/run/current-system/sw/bin" --replace "/usr/bin" "/run/current-system/sw/bin"
''; '';
nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ]; nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ];
buildPhase = '' buildPhase = ''
runHook preBuild runHook preBuild
# just build the static lib we need for the go test binary # just build the static lib we need for the go test binary
@ -34,6 +37,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
runHook postBuild runHook postBuild
''; '';
doCheck = false; doCheck = false;
outputs = [ "out" ];
installPhase = '' installPhase = ''
mkdir -p $out/bin mkdir -p $out/bin
mv $GOPATH/tracee-integration $out/bin/ mv $GOPATH/tracee-integration $out/bin/

33
pkgs/tools/security/tracee/default.nix
View file

@ -2,7 +2,7 @@
, buildGoModule , buildGoModule
, fetchFromGitHub , fetchFromGitHub
, llvmPackages_13 , clang
, pkg-config , pkg-config
, zlib , zlib
@ -14,20 +14,17 @@
, tracee , tracee
}: }:
let
inherit (llvmPackages_13) clang;
in
buildGoModule rec { buildGoModule rec {
pname = "tracee"; pname = "tracee";
version = "0.11.0"; version = "0.13.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "aquasecurity"; owner = "aquasecurity";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-fAbii/DEXx9WJpolc7amqF9TQj4oE5x0TCiNOtVasGo="; hash = "sha256-55+eyulFbzR2ZzKbTN5sHIickpwXY8eJDDzf6Gzwhsk=";
}; };
vendorSha256 = "sha256-eenhIsiJhPLgwJo2spIGURPkcsec3kO4L5UJ0FWniQc="; vendorHash = "sha256-qEubjzYGdiBntPOJw8dR/THcvK2Bml97SXHImIWbDm0=";
patches = [ patches = [
./use-our-libbpf.patch ./use-our-libbpf.patch
@ -59,15 +56,16 @@ buildGoModule rec {
# see passthru.tests.integration # see passthru.tests.integration
doCheck = false; doCheck = false;
outputs = [ "out" "lib" "share" ];
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
mkdir -p $out/{bin,share/tracee} mkdir -p $out/bin $lib/lib/tracee $share/share/tracee
mv ./dist/tracee-{ebpf,rules} $out/bin/ mv ./dist/tracee $out/bin/
mv ./dist/tracee.bpf.core.o $lib/lib/tracee/
mv ./dist/rules $out/share/tracee/ mv ./cmd/tracee-rules/templates $share/share/tracee/
mv ./cmd/tracee-rules/templates $out/share/tracee/
runHook postInstall runHook postInstall
''; '';
@ -76,10 +74,8 @@ buildGoModule rec {
installCheckPhase = '' installCheckPhase = ''
runHook preInstallCheck runHook preInstallCheck
$out/bin/tracee-ebpf --help $out/bin/tracee --help
$out/bin/tracee-ebpf --version | grep "v${version}" $out/bin/tracee --version | grep "v${version}"
$out/bin/tracee-rules --help
runHook postInstallCheck runHook postInstallCheck
''; '';
@ -89,7 +85,7 @@ buildGoModule rec {
version = testers.testVersion { version = testers.testVersion {
package = tracee; package = tracee;
version = "v${version}"; version = "v${version}";
command = "tracee-ebpf --version"; command = "tracee --version";
}; };
}; };
@ -111,6 +107,7 @@ buildGoModule rec {
gpl2Plus gpl2Plus
]; ];
maintainers = with maintainers; [ jk ]; maintainers = with maintainers; [ jk ];
platforms = [ "x86_64-linux" ]; platforms = [ "x86_64-linux" "aarch64-linux" ];
outputsToInstall = [ "out" "share" ];
}; };
} }

91
pkgs/tools/security/tracee/use-our-libbpf.patch
View file

@ -1,5 +1,5 @@
diff --git a/Makefile b/Makefile diff --git a/Makefile b/Makefile
index c72cf63d..e96b7eed 100644 index d7596a1a..dd7b97b6 100644
--- a/Makefile --- a/Makefile
+++ b/Makefile +++ b/Makefile
@@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck @@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck
@ -10,18 +10,7 @@ index c72cf63d..e96b7eed 100644
LIB_ELF ?= libelf LIB_ELF ?= libelf
LIB_ZLIB ?= zlib LIB_ZLIB ?= zlib
@@ -172,10 +173,6 @@ env: @@ -279,8 +280,6 @@ OUTPUT_DIR = ./dist
@echo "KERN_BUILD_PATH $(KERN_BUILD_PATH)"
@echo "KERN_SRC_PATH $(KERN_SRC_PATH)"
@echo ---------------------------------------
- @echo "LIBBPF_CFLAGS $(LIBBPF_CFLAGS)"
- @echo "LIBBPF_LDLAGS $(LIBBPF_LDFLAGS)"
- @echo "LIBBPF_SRC $(LIBBPF_SRC)"
- @echo ---------------------------------------
@echo "STATIC $(STATIC)"
@echo ---------------------------------------
@echo "BPF_VCPU $(BPF_VCPU)"
@@ -274,8 +271,6 @@ OUTPUT_DIR = ./dist
$(OUTPUT_DIR): $(OUTPUT_DIR):
# #
@$(CMD_MKDIR) -p $@ @$(CMD_MKDIR) -p $@
@ -30,61 +19,7 @@ index c72cf63d..e96b7eed 100644
# #
# embedded btfhub # embedded btfhub
@@ -286,37 +281,6 @@ $(OUTPUT_DIR)/btfhub: @@ -418,7 +417,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
@$(CMD_MKDIR) -p $@
@$(CMD_TOUCH) $@/.place-holder # needed for embed.FS
-#
-# libbpf
-#
-
-LIBBPF_CFLAGS = "-fPIC"
-LIBBPF_LDLAGS =
-LIBBPF_SRC = ./3rdparty/libbpf/src
-
-$(OUTPUT_DIR)/libbpf/libbpf.a: \
- $(LIBBPF_SRC) \
- $(wildcard $(LIBBPF_SRC)/*.[ch]) \
- | .checkver_$(CMD_CLANG) $(OUTPUT_DIR)
-#
- CC="$(CMD_CLANG)" \
- CFLAGS="$(LIBBPF_CFLAGS)" \
- LD_FLAGS="$(LIBBPF_LDFLAGS)" \
- $(MAKE) \
- -C $(LIBBPF_SRC) \
- BUILD_STATIC_ONLY=1 \
- DESTDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/) \
- OBJDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/obj) \
- INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \
- install install_uapi_headers
-
-$(LIBBPF_SRC): \
- | .check_$(CMD_GIT)
-#
-ifeq ($(wildcard $@), )
- @$(CMD_GIT) submodule update --init --recursive
-endif
-
#
# non co-re ebpf
#
@@ -333,7 +297,6 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION))
bpf-nocore: $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o
$(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
- $(OUTPUT_DIR)/libbpf/libbpf.a \
$(TRACEE_EBPF_OBJ_SRC)
#
MAKEFLAGS="--no-print-directory"
@@ -351,7 +314,6 @@ $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
-I $(KERN_SRC_PATH)/include/uapi \
-I $(KERN_BUILD_PATH)/include/generated \
-I $(KERN_BUILD_PATH)/include/generated/uapi \
- -I $(OUTPUT_DIR)/libbpf \
-I ./3rdparty/include \
-Wunused \
-Wall \
@@ -412,7 +374,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o
$(OUTPUT_DIR)/tracee.bpf.core.o: \ $(OUTPUT_DIR)/tracee.bpf.core.o: \
@ -92,15 +27,7 @@ index c72cf63d..e96b7eed 100644
$(TRACEE_EBPF_OBJ_SRC) \ $(TRACEE_EBPF_OBJ_SRC) \
$(TRACEE_EBPF_OBJ_CORE_HEADERS) $(TRACEE_EBPF_OBJ_CORE_HEADERS)
# #
@@ -421,7 +382,6 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \ @@ -453,8 +451,8 @@ ifeq ($(STATIC), 1)
-D__BPF_TRACING__ \
-DCORE \
-I./pkg/ebpf/c/ \
- -I$(OUTPUT_DIR)/libbpf/ \
-I ./3rdparty/include \
-target bpf \
-O2 -g \
@@ -447,8 +407,8 @@ ifeq ($(STATIC), 1)
GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo
endif endif
@ -111,7 +38,7 @@ index c72cf63d..e96b7eed 100644
GO_ENV_EBPF = GO_ENV_EBPF =
GO_ENV_EBPF += GOOS=linux GO_ENV_EBPF += GOOS=linux
@@ -468,6 +428,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \ @@ -474,6 +472,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
$(TRACEE_EBPF_SRC) \ $(TRACEE_EBPF_SRC) \
./embedded-ebpf.go \ ./embedded-ebpf.go \
| .checkver_$(CMD_GO) \ | .checkver_$(CMD_GO) \
@ -119,11 +46,3 @@ index c72cf63d..e96b7eed 100644
.checklib_$(LIB_ELF) \ .checklib_$(LIB_ELF) \
.checklib_$(LIB_ZLIB) \ .checklib_$(LIB_ZLIB) \
btfhub btfhub
@@ -658,7 +619,6 @@ test-rules: \
.PHONY: test-upstream-libbpfgo
test-upstream-libbpfgo: \
.checkver_$(CMD_GO) \
- $(OUTPUT_DIR)/libbpf/libbpf.a
#
./tests/libbpfgo.sh $(GO_ENV_EBPF)

4
pkgs/top-level/all-packages.nix
View file

@ -12944,7 +12944,9 @@ with pkgs;
tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; }; tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; };
tracee = callPackage ../tools/security/tracee { }; tracee = callPackage ../tools/security/tracee {
clang = clang_14;
};
tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { }; tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };