Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

new(ci): use zig compiler instead of relying on centos7. #3307

Merged
merged 2 commits into from
Oct 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 5 additions & 36 deletions .github/workflows/reusable_build_packages.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,59 +52,30 @@ jobs:
retention-days: 1

build-packages:
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
# See https://github.com/actions/runner/issues/409#issuecomment-1158849936
runs-on: ${{ (inputs.arch == 'aarch64' && 'actuated-arm64-8cpu-16gb') || 'ubuntu-latest' }}
needs: [build-modern-bpf-skeleton]
container: centos:7
steps:
# Always install deps before invoking checkout action, to properly perform a full clone.
- name: Fix mirrors to use vault.centos.org
run: |
sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo

- name: Install scl repos
run: |
yum -y install centos-release-scl

- name: Fix new mirrors to use vault.centos.org
run: |
sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sed -i s/^#.*baseurl=http/baseurl=https/g /etc/yum.repos.d/*.repo
sed -i s/^mirrorlist=http/#mirrorlist=https/g /etc/yum.repos.d/*.repo

- name: Fix arm64 scl repos to use correct mirror
if: inputs.arch == 'aarch64'
run: |
sed -i 's/vault.centos.org\/centos/vault.centos.org\/altarch/g' /etc/yum.repos.d/CentOS-SCLo-scl*.repo

- name: Install build deps
run: |
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++
source /opt/rh/devtoolset-9/enable
yum install -y wget git make m4 rpm-build elfutils-libelf-devel perl-IPC-Cmd devtoolset-9-libasan-devel devtoolset-9-libubsan-devel
sudo apt update && sudo apt install -y --no-install-recommends ca-certificates cmake curl wget build-essential git pkg-config autoconf automake libtool libelf-dev m4 rpm

- name: Checkout
# It is not possible to upgrade the checkout action to versions >= v4.0.0 because of incompatibilities with centos 7's libc.
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0

- name: Download skeleton
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: bpf_probe_${{ inputs.arch }}.skel.h
path: /tmp

- name: Install updated cmake
run: |
curl -L https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz \
| tar --directory=/usr --strip-components=1 -xzp
- name: Install zig
if: inputs.sanitizers == false
uses: falcosecurity/libs/.github/actions/install-zig@master

- name: Prepare project
run: |
source /opt/rh/devtoolset-9/enable
cmake -B build -S . \
-DCMAKE_BUILD_TYPE=${{ inputs.build_type }} \
-DUSE_BUNDLED_DEPS=On \
Expand All @@ -117,12 +88,10 @@ jobs:

- name: Build project
run: |
source /opt/rh/devtoolset-9/enable
cmake --build build --target falco -j6

- name: Build packages
run: |
source /opt/rh/devtoolset-9/enable
cmake --build build --target package

- name: Upload Falco tar.gz package
Expand Down
4 changes: 2 additions & 2 deletions cmake/modules/driver.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@ else()
# FALCOSECURITY_LIBS_VERSION. In case you want to test against another driver version (or
# branch, or commit) just pass the variable - ie., `cmake -DDRIVER_VERSION=dev ..`
if(NOT DRIVER_VERSION)
set(DRIVER_VERSION "7.3.0+driver")
set(DRIVER_VERSION "aeb87935dcdd6b3bffb50302269353f2468f612c")
set(DRIVER_CHECKSUM
"SHA256=8f572d9a83feda635a3fa53b859d61e37af127c241e35068aadee3bc50d212c0"
"SHA256=fc2f18ed2f9e4bdcb93f32eee326a813a3614af50b82d30a7ccf96ac2a7cfbf0"
)
endif()

Expand Down
5 changes: 2 additions & 3 deletions cmake/modules/falcosecurity-libs.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@ else()
# version (or branch, or commit) just pass the variable - ie., `cmake
# -DFALCOSECURITY_LIBS_VERSION=dev ..`
if(NOT FALCOSECURITY_LIBS_VERSION)
set(FALCOSECURITY_LIBS_VERSION "0.18.1")
set(FALCOSECURITY_LIBS_VERSION "aeb87935dcdd6b3bffb50302269353f2468f612c")
set(FALCOSECURITY_LIBS_CHECKSUM
"SHA256=1812e8236c4cb51d3fe5dd066d71be99f25da7ed22d8feeeebeed09bdc26325f"
"SHA256=fc2f18ed2f9e4bdcb93f32eee326a813a3614af50b82d30a7ccf96ac2a7cfbf0"
)
endif()

Expand Down Expand Up @@ -73,7 +73,6 @@ set(LIBS_PACKAGE_NAME "falcosecurity")

if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_definitions(-D_GNU_SOURCE)
add_definitions(-DHAS_CAPTURE)
endif()

if(MUSL_OPTIMIZED_BUILD)
Expand Down
2 changes: 1 addition & 1 deletion userspace/engine/rule_loader.h
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ class result : public falco::load_result {
const context& ctx);

void set_schema_validation_status(const std::vector<std::string>& status);
std::string schema_validation();
std::string schema_validation() override;

protected:
const std::string& as_summary_string();
Expand Down
4 changes: 3 additions & 1 deletion userspace/falco/stats_writer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -360,7 +360,9 @@ void stats_writer::collector::get_metrics_output_fields_wrapper(
output_fields["evt.hostname"] =
machine_info->hostname; /* Explicitly add hostname to log msg in case hostname rule
output field is disabled. */
output_fields["falco.host_boot_ts"] = machine_info->boot_ts_epoch;
// This line generates a SIGTRAP in zig debug builds if the casting is removed.
// It seems caused by the pragma pack for the scap_machine_info structure.
output_fields["falco.host_boot_ts"] = (uint64_t)machine_info->boot_ts_epoch;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As weird as it seems, this stupid cast fixed a SIGTRAP generated on debug builds by zig.
If i removed the pragma pack from the scap_machine_info struct, the issue went away. Most probably this is just a bug somewhere in how zig/clang compile the sources.

output_fields["falco.host_num_cpus"] = machine_info->num_cpus;
}
output_fields["falco.outputs_queue_num_drops"] =
Expand Down
Loading