Skip to content

Commit

Permalink
Adds falco and falco-driver-loader 0.39.0 and falcoctl 0.10.0 rocks (#14
Browse files Browse the repository at this point in the history 
)

Note that the Dockerfiles are identical to the previous versions. Thus, the
rockfiles are also the same.

Falco 0.39.0 comes with falcoctl 0.10.0, which is why we're building
that version as well.

Added the new versions into the sanity and integration tests.
  • Loading branch information
@claudiubelu
claudiubelu authored Oct 6, 2024
1 parent e4eb6f3 commit 7dbffa5
Show file tree
Hide file tree
Showing 8 changed files with 389 additions and 7 deletions.
13 changes: 13 additions & 0 deletions falco-driver-loader/0.39.0/pebble-entrypoint.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
diff --git a/docker/driver-loader/docker-entrypoint.sh b/docker/driver-loader/docker-entrypoint.sh
index 52df15f3..1eea148c 100755
--- a/docker/driver-loader/docker-entrypoint.sh
+++ b/docker/driver-loader/docker-entrypoint.sh
@@ -17,6 +17,8 @@
# limitations under the License.
#

+# Pebble doesn't like it when the process ends too suddenly.
+trap "sleep 1.1" EXIT

print_usage() {
echo ""
143 changes: 143 additions & 0 deletions falco-driver-loader/0.39.0/rockcraft.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
# Copyright 2024 Canonical, Ltd.
# See LICENSE file for licensing details

# Based on the Falco 0.39.0 rockcraft.yaml file.
name: falco-driver-loader
summary: falco-driver-loader rock
description: |
A rock containing the Falco driver loader.
Falco is a cloud native runtime security tool for Linux operating systems. It is designed
to detect and alert on abnormal behavior and potential security threats in real-time.
This rock closely resembles the Falco rock of the same version, the only difference being
the entrypoint and entrypoint script.
license: Apache-2.0
version: 0.39.0

base: [email protected]
build-base: [email protected]

platforms:
amd64:
arm64:

environment:
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16
VERSION_BUCKET: deb
FALCO_VERSION: 0.39.0
HOST_ROOT: /host
HOME: /root

# Services to be loaded by the Pebble entrypoint.
services:
entrypoint:
summary: "entrypoint service"
override: replace
startup: enabled
command: "/docker-entrypoint.sh [ --help ]"
on-success: shutdown
on-failure: shutdown

entrypoint-service: entrypoint

parts:
build-falco:
plugin: nil
source: https://github.com/falcosecurity/falco
source-type: git
source-tag: $CRAFT_PROJECT_VERSION
source-depth: 1
build-packages:
# https://falco.org/docs/developer-guide/source/
- git
- cmake
- clang
- build-essential
- linux-tools-common
- linux-tools-generic
- libelf-dev
- llvm
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
# this version of gcc. Thus, we're building with gcc 12.
# xref: https://github.com/apache/arrow/issues/36969
- gcc-12
- g++-12
stage-packages:
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42
- bc
- bison
- ca-certificates
- clang
- curl
- dkms
- dwarves
- flex
- gcc
- gcc-11
- gnupg2
- jq
- libc6-dev
- libelf-dev
- libssl-dev
- llvm
- make
- netcat-openbsd
- patchelf
- xz-utils
- zstd
build-environment:
- GOOS: linux
- GOARCH: $CRAFT_ARCH_BUILD_FOR
- HOST_ROOT: /host
override-build: |
# Installing additional packages here because of the $(uname -r) part. We need that for
# build idempotency, so we can build locally *and* in the CI.
# linux-tools and linux-cloud-tools are required for building BPF (for x86_64).
if [ "$(uname -m)" == "x86_64" ]; then
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r)
else
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools
fi
# https://falco.org/docs/developer-guide/source/
mkdir -p build
pushd build
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
# this version of gcc. Thus, we're building with gcc 12.
# xref: https://github.com/apache/arrow/issues/36969
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12
# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105
cmake -S .. \
-DUSE_BUNDLED_DEPS=On \
-DBUILD_BPF=On \
-DFALCO_ETC_DIR=/etc/falco \
-DBUILD_DRIVER=Off \
-DCREATE_TEST_TARGETS=Off
make falco -j6
# Generate the .deb file.
# make package will also generate the .tar.gz amd .rpm files, which we do not need,
# so we call cpack ourselves.
# make package depends on the preinstall target.
make preinstall
cpack --config ./CPackConfig.cmake -G DEB
popd
# Unpack the .deb into the install directory.
dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/
# Change the falco config within the container to enable ISO 8601 output.
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52
sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61
mkdir -p ${CRAFT_PART_INSTALL}/lib
ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules
# The entrypoint script is different from the falco image.
# We do however need to apply a patch for Pebble's sake (it doesn't like it when
# processes end too suddenly)..
git apply -v $CRAFT_PROJECT_DIR/pebble-entrypoint.patch
cp docker/driver-loader/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/
136 changes: 136 additions & 0 deletions falco/0.39.0/rockcraft.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
# Copyright 2024 Canonical, Ltd.
# See LICENSE file for licensing details

# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile
name: falco
summary: Falco rock
description: |
A rock containing Falco.
Falco is a cloud native runtime security tool for Linux operating systems. It is designed
to detect and alert on abnormal behavior and potential security threats in real-time.
license: Apache-2.0
version: 0.39.0

base: [email protected]
build-base: [email protected]

platforms:
amd64:
arm64:

environment:
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16
VERSION_BUCKET: deb
FALCO_VERSION: 0.39.0
HOST_ROOT: /host
HOME: /root

# Services to be loaded by the Pebble entrypoint.
services:
falco:
summary: "falco service"
override: replace
startup: enabled
command: "/docker-entrypoint.sh /usr/bin/falco [ --help ]"
on-success: shutdown
on-failure: shutdown

entrypoint-service: falco

parts:
build-falco:
plugin: nil
source: https://github.com/falcosecurity/falco
source-type: git
source-tag: $CRAFT_PROJECT_VERSION
source-depth: 1
build-packages:
# https://falco.org/docs/developer-guide/source/
- git
- cmake
- clang
- build-essential
- linux-tools-common
- linux-tools-generic
- libelf-dev
- llvm
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
# this version of gcc. Thus, we're building with gcc 12.
# xref: https://github.com/apache/arrow/issues/36969
- gcc-12
- g++-12
stage-packages:
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42
- bc
- bison
- ca-certificates
- clang
- curl
- dkms
- dwarves
- flex
- gcc
- gcc-11
- gnupg2
- jq
- libc6-dev
- libelf-dev
- libssl-dev
- llvm
- make
- netcat-openbsd
- patchelf
- xz-utils
- zstd
build-environment:
- GOOS: linux
- GOARCH: $CRAFT_ARCH_BUILD_FOR
- HOST_ROOT: /host
override-build: |
# Installing additional packages here because of the $(uname -r) part. We need that for
# build idempotency, so we can build locally *and* in the CI.
# linux-tools and linux-cloud-tools are required for building BPF (for x86_64).
if [ "$(uname -m)" == "x86_64" ]; then
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r)
else
apt install -y linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools
fi
# https://falco.org/docs/developer-guide/source/
mkdir -p build
pushd build
# On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
# this version of gcc. Thus, we're building with gcc 12.
# xref: https://github.com/apache/arrow/issues/36969
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12
# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105
cmake -S .. \
-DUSE_BUNDLED_DEPS=On \
-DBUILD_BPF=On \
-DFALCO_ETC_DIR=/etc/falco \
-DBUILD_DRIVER=Off \
-DCREATE_TEST_TARGETS=Off
make falco -j6
# Generate the .deb file.
# make package will also generate the .tar.gz amd .rpm files, which we do not need,
# so we call cpack ourselves.
# make package depends on the preinstall target.
make preinstall
cpack --config ./CPackConfig.cmake -G DEB
popd
# Unpack the .deb into the install directory.
dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/
# Change the falco config within the container to enable ISO 8601 output.
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52
sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml
# https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61
mkdir -p ${CRAFT_PART_INSTALL}/lib
ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules
cp docker/falco/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/
9 changes: 9 additions & 0 deletions falcoctl/0.10.0/falcoctl-entrypoint.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/bash

# Required to prevent Pebble from considering the service to have
# exited too quickly to be worth restarting or respecting the
# "on-failure: shutdown" directive and thus hanging indefinitely:
# https://github.com/canonical/pebble/issues/240#issuecomment-1599722443
sleep 1.1

/usr/bin/falcoctl $@
67 changes: 67 additions & 0 deletions falcoctl/0.10.0/rockcraft.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Copyright 2024 Canonical, Ltd.
# See LICENSE file for licensing details

# Based on: https://github.com/falcosecurity/falcoctl/blob/v0.10.0/build/Dockerfile
name: falcoctl
summary: falcoctl rock
description: |
A rock containing falcoctl.
falcoctl is the official CLI tool for working with Falco and its ecosystem components.
license: Apache-2.0
version: 0.10.0

base: [email protected]
build-base: [email protected]
run-user: _daemon_

platforms:
amd64:
arm64:

environment:
APP_VERSION: 0.10.0

# Services to be loaded by the Pebble entrypoint.
services:
falcoctl:
summary: "falcoctl service"
override: replace
startup: enabled
command: "/falcoctl-entrypoint.sh [ --help ]"
on-success: shutdown
on-failure: shutdown

entrypoint-service: falcoctl

parts:
build-falcoctl:
plugin: go
source: https://github.com/falcosecurity/falcoctl
source-type: git
source-tag: v${CRAFT_PROJECT_VERSION}
source-depth: 1
stage-packages:
# Required by falcoctl in order to verify certificates.
- ca-certificates
build-snaps:
- go/1.23/stable
build-environment:
- CGO_ENABLED: 0
- GOOS: linux
- GOARCH: $CRAFT_ARCH_BUILD_FOR
- VERSION: $CRAFT_PROJECT_VERSION
- PROJECT: github.com/falcosecurity/falcoctl
- LDFLAGS: -X $PROJECT/cmd/version.semVersion=$VERSION -X $PROJECT/cmd/version.buildDate="\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\"" -s -w
override-build: |
mkdir -p ${CRAFT_PART_INSTALL}/usr/bin/
go mod download
go build -o ${CRAFT_PART_INSTALL}/usr/bin/ -ldflags "${LDFLAGS}" .
add-falcoctl-entrypoint:
plugin: nil
override-build: |
# Running falcoctl directly may finish sooner than 1 second, which means Pebble will just
# hang around and not finish, which is undesirable for an init container.
# We're setting this as the entrypoint, which will just pass the arguments to falcoctl + 1.1s sleep.
cp $CRAFT_PROJECT_DIR/falcoctl-entrypoint.sh ${CRAFT_PART_INSTALL}/
Loading

0 comments on commit 7dbffa5

Please sign in to comment.