Merge pull request #286147 from gangaram-tii/pr/tetragon

tetragon: init at 0.11.0
2024-02-06 15:29:05 +01:00 · 2024-02-06 15:29:05 +01:00 · cb0959b17f
commit cb0959b17f
parent 42a5ad919f 507aa326d5
2 changed files with 75 additions and 0 deletions
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@ -6684,6 +6684,12 @@
    githubId = 293586;
    name = "Adam Gamble";
  };
+  gangaram = {
+    email = "Ganga.Ram@tii.ae";
+    github = "gangaram-tii";
+    githubId = 131853076;
+    name = "Ganga Ram";
+  };
  garaiza-93 = {
    email = "araizagustavo93@gmail.com";
    github = "garaiza-93";
--- a/pkgs/by-name/te/tetragon/package.nix
+++ b/pkgs/by-name/te/tetragon/package.nix
@ -0,0 +1,69 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, pkg-config
+, go
+, llvm_16
+, clang_16
+, bash
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "tetragon";
+  version = "0.11.0";
+
+  src = fetchFromGitHub {
+    owner = "cilium";
+    repo = "tetragon";
+    rev = "refs/tags/v${finalAttrs.version}";
+    sha256 = "sha256-KOR5MMRnhrlcMPqRjzjSJXvitiZQ8/tlxEnBiQG2x/Q=";
+  };
+
+  buildInputs = [
+    clang_16
+    go
+    llvm_16
+    pkg-config
+  ];
+
+  env.NIX_CFLAGS_COMPILE = "-fno-stack-protector -Qunused-arguments";
+
+  buildPhase = ''
+    runHook preBuild
+    export HOME=$TMP
+    export LOCAL_CLANG=1
+    export LOCAL_CLANG_FORMAT=1
+    make tetragon
+    make tetragon-operator
+    make tetra
+    make tetragon-bpf
+    runHook postBuild
+  '';
+
+  postPatch = ''
+    substituteInPlace bpf/Makefile --replace '/bin/bash' '${lib.getExe bash}'
+    substituteInPlace pkg/defaults/defaults.go --replace '/var/lib/tetragon/' $out/lib/tetragon/bpf/
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/lib/tetragon $out/lib/tetragon/tetragon.tp.d/
+    sed -i "s+/usr/local/+$out/+g" install/linux-tarball/usr/local/lib/tetragon/tetragon.conf.d/bpf-lib
+    cp -n -r install/linux-tarball/usr/local/lib/tetragon/tetragon.conf.d/ $out/lib/tetragon/
+    cp -n -r ./bpf/objs $out/lib/tetragon/bpf
+    install -m755 -D ./tetra $out/bin/tetra
+    install -m755 -D ./tetragon $out/bin/tetragon
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description      = "Real-time, eBPF-based Security Observability and Runtime Enforcement tool";
+    homepage         = "https://github.com/cilium/tetragon";
+    license          = licenses.asl20;
+    mainProgram      = "tetragon";
+    maintainers      = with maintainers; [ gangaram ];
+    platforms        = platforms.linux;
+    sourceProvenance = with sourceTypes; [ fromSource ];
+  };
+})
+