From ec18417a0aa7611cd3b707e3f715a1ddd021fa59 Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Wed, 13 Mar 2024 11:24:23 +0100 Subject: [PATCH] new(pkg,cmd): refactored builder script logic. Builder script has been split in 3 different scripts: * download libs * download headers * build This way, we can reuse `download libs` script among all of them. Moreover, it is useful to have a download headers script that is invokeable by itself, because it has the logic to download and extract headers for a given distro. Finally, fixed a couple of things with local builder: * redirect stderr to stdout so that we catch errors too while building * pre initialize envMap to an empty map, instead of nil * manage KERNELDIR env var, if set, while building with dkms The last point allows for consumer to pass `KERNELDIR` inside `envMap` local builder processor argument to customize the build. Signed-off-by: Federico Di Pierro --- cmd/local.go | 2 +- pkg/driverbuilder/builder/aliyunlinux.go | 13 ++- pkg/driverbuilder/builder/almalinux.go | 13 ++- pkg/driverbuilder/builder/amazonlinux.go | 9 +- pkg/driverbuilder/builder/archlinux.go | 11 +- pkg/driverbuilder/builder/bottlerocket.go | 3 +- pkg/driverbuilder/builder/builders.go | 104 ++++++++++++++---- pkg/driverbuilder/builder/centos.go | 11 +- pkg/driverbuilder/builder/debian.go | 9 +- pkg/driverbuilder/builder/fedora.go | 11 +- pkg/driverbuilder/builder/flatcar.go | 13 ++- pkg/driverbuilder/builder/local.go | 23 ++-- pkg/driverbuilder/builder/minikube.go | 3 +- pkg/driverbuilder/builder/opensuse.go | 13 ++- pkg/driverbuilder/builder/oracle.go | 13 ++- pkg/driverbuilder/builder/photon.go | 13 ++- pkg/driverbuilder/builder/redhat.go | 15 ++- pkg/driverbuilder/builder/rocky.go | 13 ++- pkg/driverbuilder/builder/sles.go | 15 ++- pkg/driverbuilder/builder/talos.go | 3 +- pkg/driverbuilder/builder/templates/alinux.sh | 21 +--- .../builder/templates/alinux_kernel.sh | 35 ++++++ .../builder/templates/almalinux.sh | 21 +--- .../builder/templates/almalinux_kernel.sh | 35 ++++++ .../builder/templates/amazonlinux.sh | 24 +--- .../builder/templates/amazonlinux_kernel.sh | 38 +++++++ .../builder/templates/archlinux.sh | 21 +--- .../builder/templates/archlinux_kernel.sh | 35 ++++++ pkg/driverbuilder/builder/templates/centos.sh | 21 +--- .../builder/templates/centos_kernel.sh | 35 ++++++ pkg/driverbuilder/builder/templates/debian.sh | 29 +---- .../builder/templates/debian_kernel.sh | 37 +++++++ pkg/driverbuilder/builder/templates/fedora.sh | 21 +--- .../builder/templates/fedora_kernel.sh | 35 ++++++ .../builder/templates/flatcar.sh | 28 +---- .../builder/templates/flatcar_kernel.sh | 42 +++++++ .../builder/templates/libs_download.sh | 33 ++++++ pkg/driverbuilder/builder/templates/local.sh | 23 ++-- .../builder/templates/opensuse.sh | 23 +--- .../builder/templates/opensuse_kernel.sh | 37 +++++++ pkg/driverbuilder/builder/templates/oracle.sh | 21 +--- .../builder/templates/oracle_kernel.sh | 35 ++++++ .../builder/templates/photonos.sh | 24 +--- .../builder/templates/photonos_kernel.sh | 38 +++++++ pkg/driverbuilder/builder/templates/redhat.sh | 23 +--- .../builder/templates/redhat_kernel.sh | 37 +++++++ pkg/driverbuilder/builder/templates/rocky.sh | 21 +--- .../builder/templates/rocky_kernel.sh | 35 ++++++ pkg/driverbuilder/builder/templates/sles.sh | 25 +---- .../builder/templates/sles_kernel.sh | 38 +++++++ pkg/driverbuilder/builder/templates/ubuntu.sh | 24 +--- .../builder/templates/ubuntu_kernel.sh | 37 +++++++ .../builder/templates/vanilla.sh | 36 +----- .../builder/templates/vanilla_kernel.sh | 50 +++++++++ pkg/driverbuilder/builder/ubuntu.go | 11 +- pkg/driverbuilder/builder/vanilla.go | 11 +- pkg/driverbuilder/docker.go | 29 ++++- pkg/driverbuilder/kubernetes.go | 23 +++- pkg/driverbuilder/local.go | 21 +++- 59 files changed, 968 insertions(+), 475 deletions(-) create mode 100644 pkg/driverbuilder/builder/templates/alinux_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/almalinux_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/amazonlinux_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/archlinux_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/centos_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/debian_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/fedora_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/flatcar_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/libs_download.sh create mode 100644 pkg/driverbuilder/builder/templates/opensuse_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/oracle_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/photonos_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/redhat_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/rocky_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/sles_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/ubuntu_kernel.sh create mode 100644 pkg/driverbuilder/builder/templates/vanilla_kernel.sh diff --git a/cmd/local.go b/cmd/local.go index 4835a15e..536e8836 100644 --- a/cmd/local.go +++ b/cmd/local.go @@ -72,7 +72,7 @@ func NewLocalCmd(rootCommand *RootCmd, rootOpts *RootOptions, rootFlags *pflag.F }) flagSet.BoolVar(&opts.useDKMS, "dkms", false, "Enforce usage of DKMS to build the kernel module.") flagSet.StringVar(&opts.srcDir, "src-dir", "", "Enforce usage of local source dir to build drivers.") - flagSet.StringToStringVar(&opts.envMap, "env", nil, "Env variables to be enforced during the driver build.") + flagSet.StringToStringVar(&opts.envMap, "env", make(map[string]string), "Env variables to be enforced during the driver build.") localCmd.PersistentFlags().AddFlagSet(flagSet) return localCmd } diff --git a/pkg/driverbuilder/builder/aliyunlinux.go b/pkg/driverbuilder/builder/aliyunlinux.go index 98fc4602..220304a6 100644 --- a/pkg/driverbuilder/builder/aliyunlinux.go +++ b/pkg/driverbuilder/builder/aliyunlinux.go @@ -21,6 +21,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/alinux_kernel.sh +var alinuxKernelTemplate string + //go:embed templates/alinux.sh var alinuxTemplate string @@ -32,7 +35,6 @@ func init() { } type alinuxTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -43,6 +45,10 @@ func (c *alinux) Name() string { return TargetTypeAlinux.String() } +func (c *alinux) TemplateKernelUrlsScript() string { + return alinuxKernelTemplate +} + func (c *alinux) TemplateScript() string { return alinuxTemplate } @@ -51,10 +57,9 @@ func (c *alinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchAlinuxKernelURLS(kr), nil } -func (c *alinux) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *alinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return alinuxTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/almalinux.go b/pkg/driverbuilder/builder/almalinux.go index cca875ef..c3cf11d0 100644 --- a/pkg/driverbuilder/builder/almalinux.go +++ b/pkg/driverbuilder/builder/almalinux.go @@ -21,6 +21,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/almalinux_kernel.sh +var almaKernelTemplate string + //go:embed templates/almalinux.sh var almaTemplate string @@ -32,7 +35,6 @@ func init() { } type almaTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -44,6 +46,10 @@ func (c *alma) Name() string { return TargetTypeAlma.String() } +func (c *alma) TemplateKernelUrlsScript() string { + return almaKernelTemplate +} + func (c *alma) TemplateScript() string { return almaTemplate } @@ -52,10 +58,9 @@ func (c *alma) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchAlmaKernelURLS(kr), nil } -func (c *alma) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *alma) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return almaTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/amazonlinux.go b/pkg/driverbuilder/builder/amazonlinux.go index 39f518cc..44ce3c17 100644 --- a/pkg/driverbuilder/builder/amazonlinux.go +++ b/pkg/driverbuilder/builder/amazonlinux.go @@ -35,6 +35,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/amazonlinux_kernel.sh +var amazonlinuxKernelTemplate string + //go:embed templates/amazonlinux.sh var amazonlinuxTemplate string @@ -80,7 +83,6 @@ func init() { } type amazonlinuxTemplateData struct { - commonTemplateData KernelDownloadURLs []string } @@ -88,6 +90,8 @@ func (a *amazonlinux) Name() string { return TargetTypeAmazonLinux.String() } +func (a *amazonlinux) TemplateKernelUrlsScript() string { return amazonlinuxKernelTemplate } + func (a *amazonlinux) TemplateScript() string { return amazonlinuxTemplate } @@ -96,9 +100,8 @@ func (a *amazonlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchAmazonLinuxPackagesURLs(a, kr) } -func (a *amazonlinux) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (a *amazonlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return amazonlinuxTemplateData{ - commonTemplateData: c.toTemplateData(a, kr), KernelDownloadURLs: urls, } } diff --git a/pkg/driverbuilder/builder/archlinux.go b/pkg/driverbuilder/builder/archlinux.go index 6efaff67..2ec5e1af 100644 --- a/pkg/driverbuilder/builder/archlinux.go +++ b/pkg/driverbuilder/builder/archlinux.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/archlinux_kernel.sh +var archlinuxKernelTemplate string + //go:embed templates/archlinux.sh var archlinuxTemplate string @@ -37,7 +40,6 @@ type archlinux struct { } type archlinuxTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -45,6 +47,8 @@ func (c *archlinux) Name() string { return TargetTypeArchlinux.String() } +func (c *archlinux) TemplateKernelUrlsScript() string { return archlinuxKernelTemplate } + func (c *archlinux) TemplateScript() string { return archlinuxTemplate } @@ -140,9 +144,8 @@ func (c *archlinux) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return urls, nil } -func (c *archlinux) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *archlinux) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return archlinuxTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/bottlerocket.go b/pkg/driverbuilder/builder/bottlerocket.go index 26dad6ae..e5043274 100644 --- a/pkg/driverbuilder/builder/bottlerocket.go +++ b/pkg/driverbuilder/builder/bottlerocket.go @@ -35,9 +35,8 @@ func (b *bottlerocket) Name() string { return TargetTypeBottlerocket.String() } -func (b *bottlerocket) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (b *bottlerocket) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { return vanillaTemplateData{ - commonTemplateData: c.toTemplateData(b, kr), KernelDownloadURL: urls[0], KernelLocalVersion: kr.FullExtraversion, } diff --git a/pkg/driverbuilder/builder/builders.go b/pkg/driverbuilder/builder/builders.go index 36a24cb2..e1d75339 100644 --- a/pkg/driverbuilder/builder/builders.go +++ b/pkg/driverbuilder/builder/builders.go @@ -16,6 +16,7 @@ package builder import ( "bytes" + _ "embed" "errors" "fmt" "log/slog" @@ -51,6 +52,9 @@ const ( sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h` ) +//go:embed templates/libs_download.sh +var libsDownloadTemplate string + var HeadersNotFoundErr = errors.New("kernel headers not found") // Config contains all the configurations needed to build the kernel module or the eBPF probe. @@ -70,33 +74,67 @@ func (c Config) ToProbeFullPath() string { } type commonTemplateData struct { - DriverBuildDir string - ModuleDownloadURL string - ModuleDriverName string - ModuleFullPath string - BuildModule bool - BuildProbe bool - GCCVersion string - CmakeCmd string + DriverBuildDir string + ModuleDriverName string + ModuleFullPath string + BuildModule bool + BuildProbe bool + GCCVersion string + CmakeCmd string } // Builder represents a builder capable of generating a script for a driverkit target. type Builder interface { Name() string + TemplateKernelUrlsScript() string TemplateScript() string URLs(kr kernelrelease.KernelRelease) ([]string, error) - TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed + KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} // error return type is managed } -// MinimumURLsBuilder is an optional interface +// MinimumURLsBuilder is an optional interface implemented by builders // to specify minimum number of requested headers urls type MinimumURLsBuilder interface { MinimumURLs() int } -func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) { - t := template.New(b.Name()) - parsed, err := t.Parse(b.TemplateScript()) +// TemplateDataSpecifier is an optional interface implemented by builders +// to specify a custom template data instead of the default one. +type TemplateDataSpecifier interface { + TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} +} + +type libsDownloadTemplateData struct { + DriverBuildDir string + ModuleDownloadURL string +} + +// LibsDownloadScript returns the script that downloads and configures libs repo at requested commit/tag +func LibsDownloadScript(c Config) (string, error) { + t := template.New("download-libs") + parsed, err := t.Parse(libsDownloadTemplate) + if err != nil { + return "", err + } + + td := libsDownloadTemplateData{ + DriverBuildDir: DriverDirectory, + ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion), + } + + buf := bytes.NewBuffer(nil) + err = parsed.Execute(buf, td) + if err != nil { + return "", err + } + + return buf.String(), nil +} + +// KernelDownloadScript returns the script that will download and extract kernel headers +func KernelDownloadScript(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) { + t := template.New("download-kernel") + parsed, err := t.Parse(b.TemplateKernelUrlsScript()) if err != nil { return "", err } @@ -129,7 +167,7 @@ func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) return "", fmt.Errorf("not enough headers packages found; expected %d, found %d", minimumURLs, len(urls)) } - td := b.TemplateData(c, kr, urls) + td := b.KernelTemplateData(kr, urls) if tdErr, ok := td.(error); ok { return "", tdErr } @@ -139,6 +177,31 @@ func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) if err != nil { return "", err } + + return buf.String(), nil +} + +// Script retrieves the actually drivers building script +func Script(b Builder, c Config, kr kernelrelease.KernelRelease) (string, error) { + t := template.New(b.Name()) + parsed, err := t.Parse(b.TemplateScript()) + if err != nil { + return "", err + } + + var td interface{} + if bb, ok := b.(TemplateDataSpecifier); ok { + td = bb.TemplateData(c, kr) + } else { + td = c.toTemplateData(b, kr) + } + + buf := bytes.NewBuffer(nil) + err = parsed.Execute(buf, td) + if err != nil { + return "", err + } + return buf.String(), nil } @@ -305,13 +368,12 @@ func Targets() []string { func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) commonTemplateData { c.setGCCVersion(b, kr) return commonTemplateData{ - DriverBuildDir: DriverDirectory, - ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion), - ModuleDriverName: c.DriverName, - ModuleFullPath: c.ToDriverFullPath(), - BuildModule: len(c.ModuleFilePath) > 0, - BuildProbe: len(c.ProbeFilePath) > 0, - GCCVersion: c.GCCVersion, + DriverBuildDir: DriverDirectory, + ModuleDriverName: c.DriverName, + ModuleFullPath: c.ToDriverFullPath(), + BuildModule: len(c.ModuleFilePath) > 0, + BuildProbe: len(c.ProbeFilePath) > 0, + GCCVersion: c.GCCVersion, CmakeCmd: fmt.Sprintf(cmakeCmdFmt, c.DriverName, c.DriverName, diff --git a/pkg/driverbuilder/builder/centos.go b/pkg/driverbuilder/builder/centos.go index a615d21d..8888cec0 100644 --- a/pkg/driverbuilder/builder/centos.go +++ b/pkg/driverbuilder/builder/centos.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/centos_kernel.sh +var centosKernelTemplate string + //go:embed templates/centos.sh var centosTemplate string @@ -37,7 +40,6 @@ type centos struct { } type centosTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -45,6 +47,8 @@ func (c *centos) Name() string { return TargetTypeCentos.String() } +func (c *centos) TemplateKernelUrlsScript() string { return centosKernelTemplate } + func (c *centos) TemplateScript() string { return centosTemplate } @@ -176,10 +180,9 @@ func (c *centos) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return urls, nil } -func (c *centos) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *centos) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return centosTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/debian.go b/pkg/driverbuilder/builder/debian.go index 57adf016..a634a4eb 100644 --- a/pkg/driverbuilder/builder/debian.go +++ b/pkg/driverbuilder/builder/debian.go @@ -25,6 +25,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/debian_kernel.sh +var debianKernelTemplate string + //go:embed templates/debian.sh var debianTemplate string @@ -42,7 +45,6 @@ func init() { } type debianTemplateData struct { - commonTemplateData KernelDownloadURLS []string KernelLocalVersion string KernelHeadersPattern string @@ -56,6 +58,8 @@ func (v *debian) Name() string { return TargetTypeDebian.String() } +func (v *debian) TemplateKernelUrlsScript() string { return debianKernelTemplate } + func (v *debian) TemplateScript() string { return debianTemplate } @@ -64,7 +68,7 @@ func (v *debian) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchDebianKernelURLs(kr) } -func (v *debian) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (v *debian) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { var KernelHeadersPattern string if strings.HasSuffix(kr.Extraversion, "pve") { KernelHeadersPattern = "linux-headers-*pve" @@ -75,7 +79,6 @@ func (v *debian) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []s } return debianTemplateData{ - commonTemplateData: c.toTemplateData(v, kr), KernelDownloadURLS: urls, KernelLocalVersion: kr.FullExtraversion, KernelHeadersPattern: KernelHeadersPattern, diff --git a/pkg/driverbuilder/builder/fedora.go b/pkg/driverbuilder/builder/fedora.go index e6510263..a8d6983c 100644 --- a/pkg/driverbuilder/builder/fedora.go +++ b/pkg/driverbuilder/builder/fedora.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/fedora_kernel.sh +var fedoraKernelTemplate string + //go:embed templates/fedora.sh var fedoraTemplate string @@ -37,7 +40,6 @@ type fedora struct { } type fedoraTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -45,6 +47,8 @@ func (c *fedora) Name() string { return TargetTypeFedora.String() } +func (c *fedora) TemplateKernelUrlsScript() string { return fedoraKernelTemplate } + func (c *fedora) TemplateScript() string { return fedoraTemplate } @@ -87,9 +91,8 @@ func (c *fedora) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return urls, nil } -func (c *fedora) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *fedora) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return fedoraTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/flatcar.go b/pkg/driverbuilder/builder/flatcar.go index 9f24e189..393cca41 100644 --- a/pkg/driverbuilder/builder/flatcar.go +++ b/pkg/driverbuilder/builder/flatcar.go @@ -25,6 +25,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/flatcar_kernel.sh +var flatcarKernelTemplate string + //go:embed templates/flatcar.sh var flatcarTemplate string @@ -36,7 +39,6 @@ func init() { } type flatcarTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -49,6 +51,10 @@ func (f *flatcar) Name() string { return TargetTypeFlatcar.String() } +func (f *flatcar) TemplateKernelUrlsScript() string { + return flatcarKernelTemplate +} + func (f *flatcar) TemplateScript() string { return flatcarTemplate } @@ -60,7 +66,7 @@ func (f *flatcar) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchFlatcarKernelURLS(f.info.KernelVersion), nil } -func (f *flatcar) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (f *flatcar) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { // This happens when `kernelurls` option is passed, // therefore URLs() method is not called. if f.info == nil { @@ -70,8 +76,7 @@ func (f *flatcar) TemplateData(c Config, kr kernelrelease.KernelRelease, urls [] } return flatcarTemplateData{ - commonTemplateData: c.toTemplateData(f, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/local.go b/pkg/driverbuilder/builder/local.go index 95d7e0ab..9d8ac77b 100644 --- a/pkg/driverbuilder/builder/local.go +++ b/pkg/driverbuilder/builder/local.go @@ -24,6 +24,10 @@ func (l *LocalBuilder) Name() string { return "local" } +func (l *LocalBuilder) TemplateKernelUrlsScript() string { + panic("cannot be called on local builder") +} + func (l *LocalBuilder) TemplateScript() string { return localTemplate } @@ -45,16 +49,19 @@ type localTemplateData struct { KernelRelease string } -func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} { +func (l *LocalBuilder) KernelTemplateData(_ kernelrelease.KernelRelease, _ []string) interface{} { + panic("cannot be called on local builder") +} + +func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease) interface{} { return localTemplateData{ commonTemplateData: commonTemplateData{ - DriverBuildDir: l.GetDriverBuildDir(), - ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion), - ModuleDriverName: c.DriverName, - ModuleFullPath: l.GetModuleFullPath(c, kr), - BuildModule: len(c.ModuleFilePath) > 0, - BuildProbe: len(c.ProbeFilePath) > 0, - GCCVersion: l.GccPath, + DriverBuildDir: l.GetDriverBuildDir(), + ModuleDriverName: c.DriverName, + ModuleFullPath: l.GetModuleFullPath(c, kr), + BuildModule: len(c.ModuleFilePath) > 0, + BuildProbe: len(c.ProbeFilePath) > 0, + GCCVersion: l.GccPath, CmakeCmd: fmt.Sprintf(cmakeCmdFmt, c.DriverName, c.DriverName, diff --git a/pkg/driverbuilder/builder/minikube.go b/pkg/driverbuilder/builder/minikube.go index 2a8c9f75..e2455c63 100644 --- a/pkg/driverbuilder/builder/minikube.go +++ b/pkg/driverbuilder/builder/minikube.go @@ -36,9 +36,8 @@ func (m *minikube) Name() string { return TargetTypeMinikube.String() } -func (m *minikube) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (m *minikube) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { return vanillaTemplateData{ - commonTemplateData: c.toTemplateData(m, kr), KernelDownloadURL: urls[0], KernelLocalVersion: kr.FullExtraversion, } diff --git a/pkg/driverbuilder/builder/opensuse.go b/pkg/driverbuilder/builder/opensuse.go index ad7de11b..dc4efb4e 100644 --- a/pkg/driverbuilder/builder/opensuse.go +++ b/pkg/driverbuilder/builder/opensuse.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/opensuse_kernel.sh +var opensuseKernelTemplate string + //go:embed templates/opensuse.sh var opensuseTemplate string @@ -44,7 +47,7 @@ var baseURLs []string = []string{ } // all known releases - will need to expand as more are added -var releases []string = []string{ +var releases = []string{ // openSUSE leap "43.2", "15.0", @@ -69,7 +72,6 @@ type opensuse struct { } type opensuseTemplateData struct { - commonTemplateData KernelDownloadURLs []string } @@ -81,6 +83,10 @@ func (o *opensuse) Name() string { return TargetTypeOpenSUSE.String() } +func (o *opensuse) TemplateKernelUrlsScript() string { + return opensuseKernelTemplate +} + func (o *opensuse) TemplateScript() string { return opensuseTemplate } @@ -259,9 +265,8 @@ func validateURLs(urls []string, kernelDefaultDevelPattern string, kernelDevelNo } -func (o *opensuse) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (o *opensuse) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return opensuseTemplateData{ - commonTemplateData: cfg.toTemplateData(o, kr), KernelDownloadURLs: urls, } } diff --git a/pkg/driverbuilder/builder/oracle.go b/pkg/driverbuilder/builder/oracle.go index fefa5a95..90f67840 100644 --- a/pkg/driverbuilder/builder/oracle.go +++ b/pkg/driverbuilder/builder/oracle.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/oracle_kernel.sh +var oracleKernelTemplate string + //go:embed templates/oracle.sh var oracleTemplate string @@ -37,7 +40,6 @@ type oracle struct { } type oracleTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -45,6 +47,10 @@ func (c *oracle) Name() string { return TargetTypeoracle.String() } +func (c *oracle) TemplateKernelUrlsScript() string { + return oracleKernelTemplate +} + func (c *oracle) TemplateScript() string { return oracleTemplate } @@ -119,9 +125,8 @@ func (c *oracle) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return urls, nil } -func (c *oracle) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *oracle) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return oracleTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/photon.go b/pkg/driverbuilder/builder/photon.go index 5e89ea27..ce6dda31 100644 --- a/pkg/driverbuilder/builder/photon.go +++ b/pkg/driverbuilder/builder/photon.go @@ -24,6 +24,9 @@ import ( // TargetTypePhoton identifies the Photon target. const TargetTypePhoton Type = "photon" +//go:embed templates/photonos_kernel.sh +var photonKernelTemplate string + //go:embed templates/photonos.sh var photonTemplate string @@ -36,7 +39,6 @@ type photon struct { } type photonTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -44,6 +46,10 @@ func (p *photon) Name() string { return TargetTypePhoton.String() } +func (p *photon) TemplateKernelUrlsScript() string { + return photonKernelTemplate +} + func (p *photon) TemplateScript() string { return photonTemplate } @@ -52,10 +58,9 @@ func (p *photon) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchPhotonKernelURLS(kr), nil } -func (p *photon) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (p *photon) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return photonTemplateData{ - commonTemplateData: cfg.toTemplateData(p, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/redhat.go b/pkg/driverbuilder/builder/redhat.go index 058c92e8..300f2ed6 100644 --- a/pkg/driverbuilder/builder/redhat.go +++ b/pkg/driverbuilder/builder/redhat.go @@ -20,6 +20,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/redhat_kernel.sh +var redhatKernelTemplate string + //go:embed templates/redhat.sh var redhatTemplate string @@ -35,7 +38,6 @@ func init() { } type redhatTemplateData struct { - commonTemplateData KernelPackage string } @@ -43,11 +45,15 @@ func (v *redhat) Name() string { return TargetTypeRedhat.String() } +func (v *redhat) TemplateKernelUrlsScript() string { + return redhatKernelTemplate +} + func (v *redhat) TemplateScript() string { return redhatTemplate } -func (v *redhat) URLs(kr kernelrelease.KernelRelease) ([]string, error) { +func (v *redhat) URLs(_ kernelrelease.KernelRelease) ([]string, error) { return nil, nil } @@ -56,9 +62,8 @@ func (v *redhat) MinimumURLs() int { return 0 } -func (v *redhat) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} { +func (v *redhat) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} { return redhatTemplateData{ - commonTemplateData: c.toTemplateData(v, kr), - KernelPackage: kr.Fullversion + kr.FullExtraversion, + KernelPackage: kr.Fullversion + kr.FullExtraversion, } } diff --git a/pkg/driverbuilder/builder/rocky.go b/pkg/driverbuilder/builder/rocky.go index b554fd1b..f418091e 100644 --- a/pkg/driverbuilder/builder/rocky.go +++ b/pkg/driverbuilder/builder/rocky.go @@ -21,6 +21,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/rocky_kernel.sh +var rockyKernelTemplate string + //go:embed templates/rocky.sh var rockyTemplate string @@ -32,7 +35,6 @@ func init() { } type rockyTemplateData struct { - commonTemplateData KernelDownloadURL string } @@ -44,6 +46,10 @@ func (c *rocky) Name() string { return TargetTypeRocky.String() } +func (c *rocky) TemplateKernelUrlsScript() string { + return rockyKernelTemplate +} + func (c *rocky) TemplateScript() string { return rockyTemplate } @@ -52,10 +58,9 @@ func (c *rocky) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return fetchRockyKernelURLS(kr), nil } -func (c *rocky) TemplateData(cfg Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (c *rocky) KernelTemplateData(_ kernelrelease.KernelRelease, urls []string) interface{} { return rockyTemplateData{ - commonTemplateData: cfg.toTemplateData(c, kr), - KernelDownloadURL: urls[0], + KernelDownloadURL: urls[0], } } diff --git a/pkg/driverbuilder/builder/sles.go b/pkg/driverbuilder/builder/sles.go index 8c3ec4ea..f1c4b234 100644 --- a/pkg/driverbuilder/builder/sles.go +++ b/pkg/driverbuilder/builder/sles.go @@ -20,6 +20,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/sles_kernel.sh +var slesKernelTemplate string + //go:embed templates/sles.sh var slesTemplate string @@ -35,7 +38,6 @@ func init() { } type slesTemplateData struct { - commonTemplateData KernelPackage string } @@ -43,11 +45,15 @@ func (v *sles) Name() string { return TargetTypeSLES.String() } +func (v *sles) TemplateKernelUrlsScript() string { + return slesKernelTemplate +} + func (v *sles) TemplateScript() string { return slesTemplate } -func (v *sles) URLs(kr kernelrelease.KernelRelease) ([]string, error) { +func (v *sles) URLs(_ kernelrelease.KernelRelease) ([]string, error) { return nil, nil } @@ -56,10 +62,9 @@ func (v *sles) MinimumURLs() int { return 0 } -func (v *sles) TemplateData(c Config, kr kernelrelease.KernelRelease, _ []string) interface{} { +func (v *sles) KernelTemplateData(kr kernelrelease.KernelRelease, _ []string) interface{} { return slesTemplateData{ - commonTemplateData: c.toTemplateData(v, kr), - KernelPackage: kr.Fullversion + kr.FullExtraversion, + KernelPackage: kr.Fullversion + kr.FullExtraversion, } } diff --git a/pkg/driverbuilder/builder/talos.go b/pkg/driverbuilder/builder/talos.go index 32df8033..7ba512d9 100644 --- a/pkg/driverbuilder/builder/talos.go +++ b/pkg/driverbuilder/builder/talos.go @@ -35,9 +35,8 @@ func (b *talos) Name() string { return TargetTypeTalos.String() } -func (b *talos) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (b *talos) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { return vanillaTemplateData{ - commonTemplateData: c.toTemplateData(b, kr), KernelDownloadURL: urls[0], KernelLocalVersion: kr.FullExtraversion, } diff --git a/pkg/driverbuilder/builder/templates/alinux.sh b/pkg/driverbuilder/builder/templates/alinux.sh index 07b84717..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/alinux.sh +++ b/pkg/driverbuilder/builder/templates/alinux.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/alinux_kernel.sh b/pkg/driverbuilder/builder/templates/alinux_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/alinux_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/almalinux.sh b/pkg/driverbuilder/builder/templates/almalinux.sh index 07b84717..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/almalinux.sh +++ b/pkg/driverbuilder/builder/templates/almalinux.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/almalinux_kernel.sh b/pkg/driverbuilder/builder/templates/almalinux_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/almalinux_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/amazonlinux.sh b/pkg/driverbuilder/builder/templates/amazonlinux.sh index 13818b87..4997a47d 100644 --- a/pkg/driverbuilder/builder/templates/amazonlinux.sh +++ b/pkg/driverbuilder/builder/templates/amazonlinux.sh @@ -22,33 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -{{ range $url := .KernelDownloadURLs }} -curl --silent -o kernel.rpm -SL {{ $url }} -rpm2cpio kernel.rpm | cpio --extract --make-directories -rm -rf kernel.rpm -{{ end }} -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel LD=/usr/bin/ld.bfd CROSS_COMPILE="" driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE="" driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -56,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/amazonlinux_kernel.sh b/pkg/driverbuilder/builder/templates/amazonlinux_kernel.sh new file mode 100644 index 00000000..e6524acc --- /dev/null +++ b/pkg/driverbuilder/builder/templates/amazonlinux_kernel.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +{{ range $url := .KernelDownloadURLs }} +curl --silent -o kernel.rpm -SL {{ $url }} +rpm2cpio kernel.rpm | cpio --extract --make-directories +rm -rf kernel.rpm +{{ end }} +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/archlinux.sh b/pkg/driverbuilder/builder/templates/archlinux.sh index 90c53e1c..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/archlinux.sh +++ b/pkg/driverbuilder/builder/templates/archlinux.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }} -tar -xf kernel-devel.pkg.tar.xz -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/lib/modules/*/build/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/archlinux_kernel.sh b/pkg/driverbuilder/builder/templates/archlinux_kernel.sh new file mode 100644 index 00000000..a44182d6 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/archlinux_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.pkg.tar.xz -SL {{ .KernelDownloadURL }} +tar -xf kernel-devel.pkg.tar.xz +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/lib/modules/*/build/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/centos.sh b/pkg/driverbuilder/builder/templates/centos.sh index ed85ad52..e620a82a 100644 --- a/pkg/driverbuilder/builder/templates/centos.sh +++ b/pkg/driverbuilder/builder/templates/centos.sh @@ -22,23 +22,6 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} sed -i 's/$(MAKE) -C $(KERNELDIR)/$(MAKE) KCFLAGS="-Wno-incompatible-pointer-types" -C $(KERNELDIR)/g' driver/Makefile.in mkdir -p build && cd build @@ -46,7 +29,7 @@ mkdir -p build && cd build {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,6 +37,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/centos_kernel.sh b/pkg/driverbuilder/builder/templates/centos_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/centos_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/debian.sh b/pkg/driverbuilder/builder/templates/debian.sh index 4f9fc06d..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/debian.sh +++ b/pkg/driverbuilder/builder/templates/debian.sh @@ -22,38 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -{{ range $url := .KernelDownloadURLS }} -curl --silent -o kernel.deb -SL {{ $url }} -ar x kernel.deb -tar -xf data.tar.xz -{{ end }} - -cd /tmp/kernel-download/ - -cp -r usr/* /usr -cp -r lib/* /lib - -cd /usr/src -sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -61,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=$sourcedir bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/debian_kernel.sh b/pkg/driverbuilder/builder/templates/debian_kernel.sh new file mode 100644 index 00000000..bc3b35f1 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/debian_kernel.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +{{ range $url := .KernelDownloadURLS }} +curl --silent -o kernel.deb -SL {{ $url }} +ar x kernel.deb +tar -xf data.tar.xz +{{ end }} +cd usr/src/ +sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) + +# exit value +echo $sourcedir diff --git a/pkg/driverbuilder/builder/templates/fedora.sh b/pkg/driverbuilder/builder/templates/fedora.sh index 07b84717..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/fedora.sh +++ b/pkg/driverbuilder/builder/templates/fedora.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/fedora_kernel.sh b/pkg/driverbuilder/builder/templates/fedora_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/fedora_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/flatcar.sh b/pkg/driverbuilder/builder/templates/flatcar.sh index a9c8edf6..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/flatcar.sh +++ b/pkg/driverbuilder/builder/templates/flatcar.sh @@ -22,37 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv /tmp/kernel-download/*/* /tmp/kernel - -# Prepare the kernel -cd /tmp/kernel -cp /driverkit/kernel.config /tmp/kernel.config - -sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile -make KCONFIG_CONFIG=/tmp/kernel.config oldconfig -make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -60,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/flatcar_kernel.sh b/pkg/driverbuilder/builder/templates/flatcar_kernel.sh new file mode 100644 index 00000000..3b3a7718 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/flatcar_kernel.sh @@ -0,0 +1,42 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv /tmp/kernel-download/*/* /tmp/kernel + +# Prepare the kernel +cd /tmp/kernel +cp /driverkit/kernel.config /tmp/kernel.config + +sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile +make KCONFIG_CONFIG=/tmp/kernel.config oldconfig +make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/libs_download.sh b/pkg/driverbuilder/builder/templates/libs_download.sh new file mode 100644 index 00000000..ce864636 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/libs_download.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +rm -Rf {{ .DriverBuildDir }} +mkdir {{ .DriverBuildDir }} +rm -Rf /tmp/module-download +mkdir -p /tmp/module-download + +curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download +mv /tmp/module-download/*/* {{ .DriverBuildDir }} + +rm -Rf /tmp/module-download \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/local.sh b/pkg/driverbuilder/builder/templates/local.sh index f23b10a1..c148cf49 100644 --- a/pkg/driverbuilder/builder/templates/local.sh +++ b/pkg/driverbuilder/builder/templates/local.sh @@ -20,18 +20,7 @@ # looking for it in a bunch of ways. Convenient when running Falco inside # a container or in other weird environments. # -set -xeuo pipefail - -{{ if .DownloadSrc }} -echo "* Downloading driver sources" -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} -{{ end }} +set -xeo pipefail {{ if or .BuildProbe (and .BuildModule (not .UseDKMS)) }} cd {{ .DriverBuildDir }} @@ -50,7 +39,11 @@ echo "* Building kmod with DKMS" echo "#!/usr/bin/env bash" > "/tmp/falco-dkms-make" echo "make CC={{ .GCCVersion }} \$@" >> "/tmp/falco-dkms-make" chmod +x "/tmp/falco-dkms-make" -dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}" +if [[ -n "${KERNELDIR}" ]]; then + dkms install --kernelsourcedir ${KERNELDIR} --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}" +else + dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName }}" -v "{{ .DriverVersion }}" -k "{{ .KernelRelease }}" +fi rm -Rf "/tmp/falco-dkms-make" {{ else }} echo "* Building kmod" @@ -85,6 +78,4 @@ cd bpf make ls -l probe.o {{ end }} -{{ end }} - -rm -Rf /tmp/module-download \ No newline at end of file +{{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/opensuse.sh b/pkg/driverbuilder/builder/templates/opensuse.sh index fd3de39c..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/opensuse.sh +++ b/pkg/driverbuilder/builder/templates/opensuse.sh @@ -22,32 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -{{range $url := .KernelDownloadURLs}} -curl --silent -o kernel-devel.rpm -SL {{ $url }} -# cpio will warn *extremely verbose* when trying to duplicate over the same directory - redirect stderr to null -rpm2cpio kernel-devel.rpm | cpio --quiet --extract --make-directories 2> /dev/null -{{end}} -cd /tmp/kernel-download/usr/src -sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -55,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=$sourcedir bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/opensuse_kernel.sh b/pkg/driverbuilder/builder/templates/opensuse_kernel.sh new file mode 100644 index 00000000..05752ca0 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/opensuse_kernel.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +{{range $url := .KernelDownloadURLs}} +curl --silent -o kernel-devel.rpm -SL {{ $url }} +# cpio will warn *extremely verbose* when trying to duplicate over the same directory - redirect stderr to null +rpm2cpio kernel-devel.rpm | cpio --quiet --extract --make-directories 2> /dev/null +{{end}} +cd /tmp/kernel-download/usr/src +sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" + +# exit value +echo $sourcedir \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/oracle.sh b/pkg/driverbuilder/builder/templates/oracle.sh index 07b84717..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/oracle.sh +++ b/pkg/driverbuilder/builder/templates/oracle.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/oracle_kernel.sh b/pkg/driverbuilder/builder/templates/oracle_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/oracle_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/photonos.sh b/pkg/driverbuilder/builder/templates/photonos.sh index f83d4209..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/photonos.sh +++ b/pkg/driverbuilder/builder/templates/photonos.sh @@ -22,33 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -# eg: linux-aws-headers-$kernelrelease -# eg: linux-headers-$kernelrelease-rt -# eg: linux-headers-$kernelrelease -mv usr/src/linux-*headers-*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -56,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/photonos_kernel.sh b/pkg/driverbuilder/builder/templates/photonos_kernel.sh new file mode 100644 index 00000000..f3433833 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/photonos_kernel.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +# eg: linux-aws-headers-$kernelrelease +# eg: linux-headers-$kernelrelease-rt +# eg: linux-headers-$kernelrelease +mv usr/src/linux-*headers-*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/redhat.sh b/pkg/driverbuilder/builder/templates/redhat.sh index dbbfc06b..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/redhat.sh +++ b/pkg/driverbuilder/builder/templates/redhat.sh @@ -22,32 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -rm -Rf /tmp/kernel-download -mkdir /tmp/kernel-download -cd /tmp/kernel-download -yum install -y --downloadonly --downloaddir=/tmp/kernel-download kernel-devel-0:{{ .KernelPackage }} -rpm2cpio kernel-devel-{{ .KernelPackage }}.rpm | cpio --extract --make-directories - -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -55,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/redhat_kernel.sh b/pkg/driverbuilder/builder/templates/redhat_kernel.sh new file mode 100644 index 00000000..68eb804a --- /dev/null +++ b/pkg/driverbuilder/builder/templates/redhat_kernel.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +rm -Rf /tmp/kernel-download +mkdir /tmp/kernel-download +cd /tmp/kernel-download +yum install -y --downloadonly --downloaddir=/tmp/kernel-download kernel-devel-0:{{ .KernelPackage }} +rpm2cpio kernel-devel-{{ .KernelPackage }}.rpm | cpio --extract --make-directories + +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/rocky.sh b/pkg/driverbuilder/builder/templates/rocky.sh index 07b84717..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/rocky.sh +++ b/pkg/driverbuilder/builder/templates/rocky.sh @@ -22,30 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} -rpm2cpio kernel-devel.rpm | cpio --extract --make-directories -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv usr/src/kernels/*/* /tmp/kernel - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -53,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/rocky_kernel.sh b/pkg/driverbuilder/builder/templates/rocky_kernel.sh new file mode 100644 index 00000000..db4b2fac --- /dev/null +++ b/pkg/driverbuilder/builder/templates/rocky_kernel.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +curl --silent -o kernel-devel.rpm -SL {{ .KernelDownloadURL }} +rpm2cpio kernel-devel.rpm | cpio --extract --make-directories +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv usr/src/kernels/*/* /tmp/kernel + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/sles.sh b/pkg/driverbuilder/builder/templates/sles.sh index af289efe..75208d2a 100644 --- a/pkg/driverbuilder/builder/templates/sles.sh +++ b/pkg/driverbuilder/builder/templates/sles.sh @@ -22,34 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -rm -Rf /tmp/kernel-download -mkdir /tmp/kernel-download -cd /tmp/kernel-download -zypper --non-interactive install --download-only kernel-default-devel={{ .KernelPackage }} kernel-devel={{ .KernelPackage }} -mv -v $(find /var/cache/zypp/packages -name kernel*.rpm) /tmp/kernel-download -for rpm in /tmp/kernel-download/*.rpm -do - rpm2cpio $rpm | cpio --extract --make-directories -done - -sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -57,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=$sourcedir bpf +make bpf ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/sles_kernel.sh b/pkg/driverbuilder/builder/templates/sles_kernel.sh new file mode 100644 index 00000000..145dee68 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/sles_kernel.sh @@ -0,0 +1,38 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +rm -Rf /tmp/kernel-download +mkdir /tmp/kernel-download +cd /tmp/kernel-download +zypper --non-interactive install --download-only kernel-default-devel={{ .KernelPackage }} kernel-devel={{ .KernelPackage }} +mv -v $(find /var/cache/zypp/packages -name kernel*.rpm) /tmp/kernel-download +for rpm in /tmp/kernel-download/*.rpm +do + rpm2cpio $rpm | cpio --extract --make-directories +done +sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" + +# exit value +echo $sourcedir diff --git a/pkg/driverbuilder/builder/templates/ubuntu.sh b/pkg/driverbuilder/builder/templates/ubuntu.sh index 25de46bd..a8730570 100644 --- a/pkg/driverbuilder/builder/templates/ubuntu.sh +++ b/pkg/driverbuilder/builder/templates/ubuntu.sh @@ -22,33 +22,13 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -mkdir /tmp/kernel-download -cd /tmp/kernel-download -{{range $url := .KernelDownloadURLS}} -curl --silent -o kernel.deb -SL {{ $url }} -ar x kernel.deb -tar -xf data.tar.* -{{end}} - -cd /tmp/kernel-download/usr/src/ -sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) - cd {{ .DriverBuildDir }} mkdir -p build && cd build {{ .CmakeCmd }} {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -56,6 +36,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=$sourcedir bpf +make bpf ls -l driver/bpf/probe.o {{ end }} diff --git a/pkg/driverbuilder/builder/templates/ubuntu_kernel.sh b/pkg/driverbuilder/builder/templates/ubuntu_kernel.sh new file mode 100644 index 00000000..60eb4238 --- /dev/null +++ b/pkg/driverbuilder/builder/templates/ubuntu_kernel.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +mkdir /tmp/kernel-download +cd /tmp/kernel-download +{{range $url := .KernelDownloadURLS}} +curl --silent -o kernel.deb -SL {{ $url }} +ar x kernel.deb +tar -xf data.tar.* +{{end}} +cd /tmp/kernel-download/usr/src/ +sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) + +# exit value +echo $sourcedir \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/vanilla.sh b/pkg/driverbuilder/builder/templates/vanilla.sh index 64085553..acd7896c 100644 --- a/pkg/driverbuilder/builder/templates/vanilla.sh +++ b/pkg/driverbuilder/builder/templates/vanilla.sh @@ -22,38 +22,6 @@ # set -xeuo pipefail -rm -Rf {{ .DriverBuildDir }} -mkdir {{ .DriverBuildDir }} -rm -Rf /tmp/module-download -mkdir -p /tmp/module-download - -curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/* {{ .DriverBuildDir }} - -# Fetch the kernel -cd /tmp -mkdir /tmp/kernel-download -{{ if .IsTarGz }} -curl --silent -SL {{ .KernelDownloadURL }} | tar -zxf - -C /tmp/kernel-download -{{ else }} -curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download -{{ end }} -rm -Rf /tmp/kernel -mkdir -p /tmp/kernel -mv /tmp/kernel-download/*/* /tmp/kernel - -# Prepare the kernel -cd /tmp/kernel -cp /driverkit/kernel.config /tmp/kernel.config - -{{ if .KernelLocalVersion}} -sed -i 's/^CONFIG_LOCALVERSION=.*$/CONFIG_LOCALVERSION="{{ .KernelLocalVersion }}"/' /tmp/kernel.config -{{ end }} - -make KCONFIG_CONFIG=/tmp/kernel.config oldconfig -make KCONFIG_CONFIG=/tmp/kernel.config prepare -make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare - export KBUILD_MODPOST_WARN=1 cd {{ .DriverBuildDir }} @@ -62,7 +30,7 @@ mkdir -p build && cd build {{ if .BuildModule }} # Build the module -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver +make CC=/usr/bin/gcc-{{ .GCCVersion }} driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -70,6 +38,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -make KERNELDIR=/tmp/kernel bpf +make bpf ls -l driver/bpf/probe.o {{ end }} diff --git a/pkg/driverbuilder/builder/templates/vanilla_kernel.sh b/pkg/driverbuilder/builder/templates/vanilla_kernel.sh new file mode 100644 index 00000000..ce1d824c --- /dev/null +++ b/pkg/driverbuilder/builder/templates/vanilla_kernel.sh @@ -0,0 +1,50 @@ +#!/bin/bash +# SPDX-License-Identifier: Apache-2.0 +# +# Copyright (C) 2023 The Falco Authors. +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# Simple script that desperately tries to load the kernel instrumentation by +# looking for it in a bunch of ways. Convenient when running Falco inside +# a container or in other weird environments. +# +set -xeuo pipefail + +# Fetch the kernel +cd /tmp +mkdir /tmp/kernel-download +{{ if .IsTarGz }} +curl --silent -SL {{ .KernelDownloadURL }} | tar -zxf - -C /tmp/kernel-download +{{ else }} +curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download +{{ end }} +rm -Rf /tmp/kernel +mkdir -p /tmp/kernel +mv /tmp/kernel-download/*/* /tmp/kernel + +# Prepare the kernel +cd /tmp/kernel +cp /driverkit/kernel.config /tmp/kernel.config + +{{ if .KernelLocalVersion}} +sed -i 's/^CONFIG_LOCALVERSION=.*$/CONFIG_LOCALVERSION="{{ .KernelLocalVersion }}"/' /tmp/kernel.config +{{ end }} + +make KCONFIG_CONFIG=/tmp/kernel.config oldconfig +make KCONFIG_CONFIG=/tmp/kernel.config prepare +make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare + +# exit value +echo /tmp/kernel \ No newline at end of file diff --git a/pkg/driverbuilder/builder/ubuntu.go b/pkg/driverbuilder/builder/ubuntu.go index e1aa103c..9d3bf49b 100644 --- a/pkg/driverbuilder/builder/ubuntu.go +++ b/pkg/driverbuilder/builder/ubuntu.go @@ -23,6 +23,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/ubuntu_kernel.sh +var ubuntuKernelTemplate string + //go:embed templates/ubuntu.sh var ubuntuTemplate string @@ -34,7 +37,6 @@ const TargetTypeUbuntu Type = "ubuntu" const ubuntuRequiredURLs = 2 type ubuntuTemplateData struct { - commonTemplateData KernelDownloadURLS []string KernelLocalVersion string KernelHeadersPattern string @@ -51,6 +53,10 @@ func (v *ubuntu) Name() string { return TargetTypeUbuntu.String() } +func (v *ubuntu) TemplateKernelUrlsScript() string { + return ubuntuKernelTemplate +} + func (v *ubuntu) TemplateScript() string { return ubuntuTemplate } @@ -63,7 +69,7 @@ func (v *ubuntu) MinimumURLs() int { return ubuntuRequiredURLs } -func (v *ubuntu) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (v *ubuntu) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { // parse the flavor out of the kernelrelease extraversion _, flavor := parseUbuntuExtraVersion(kr.Extraversion) @@ -79,7 +85,6 @@ func (v *ubuntu) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []s } return ubuntuTemplateData{ - commonTemplateData: c.toTemplateData(v, kr), KernelDownloadURLS: urls, KernelLocalVersion: kr.FullExtraversion, KernelHeadersPattern: headersPattern, diff --git a/pkg/driverbuilder/builder/vanilla.go b/pkg/driverbuilder/builder/vanilla.go index b0e499b6..44e8c04b 100644 --- a/pkg/driverbuilder/builder/vanilla.go +++ b/pkg/driverbuilder/builder/vanilla.go @@ -22,6 +22,9 @@ import ( "github.com/falcosecurity/driverkit/pkg/kernelrelease" ) +//go:embed templates/vanilla_kernel.sh +var vanillaKernelTemplate string + //go:embed templates/vanilla.sh var vanillaTemplate string @@ -37,7 +40,6 @@ func init() { } type vanillaTemplateData struct { - commonTemplateData KernelDownloadURL string KernelLocalVersion string IsTarGz bool @@ -47,6 +49,10 @@ func (v *vanilla) Name() string { return TargetTypeVanilla.String() } +func (v *vanilla) TemplateKernelUrlsScript() string { + return vanillaKernelTemplate +} + func (v *vanilla) TemplateScript() string { return vanillaTemplate } @@ -55,9 +61,8 @@ func (v *vanilla) URLs(kr kernelrelease.KernelRelease) ([]string, error) { return []string{fetchVanillaKernelURLFromKernelVersion(kr)}, nil } -func (v *vanilla) TemplateData(c Config, kr kernelrelease.KernelRelease, urls []string) interface{} { +func (v *vanilla) KernelTemplateData(kr kernelrelease.KernelRelease, urls []string) interface{} { return vanillaTemplateData{ - commonTemplateData: c.toTemplateData(v, kr), KernelDownloadURL: urls[0], KernelLocalVersion: kr.FullExtraversion, IsTarGz: strings.HasSuffix(urls[0], ".tar.gz"), // Since RC have a tar.gz format, we need to inform the build script diff --git a/pkg/driverbuilder/docker.go b/pkg/driverbuilder/docker.go index 280a4bf6..6263bfb5 100644 --- a/pkg/driverbuilder/docker.go +++ b/pkg/driverbuilder/docker.go @@ -140,6 +140,16 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { } c := b.ToConfig() + libsDownloadScript, err := builder.LibsDownloadScript(c) + if err != nil { + return err + } + + kernelDownloadScript, err := builder.KernelDownloadScript(v, c, kr) + if err != nil { + return err + } + // Generate the build script from the builder driverkitScript, err := builder.Script(v, c, kr) if err != nil { @@ -218,13 +228,28 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { } }() - err = cli.ContainerStart(ctx, cdata.ID, types.ContainerStartOptions{}) + err = cli.ContainerStart(ctx, cdata.ID, container.StartOptions{}) if err != nil { return err } + runCmd := + ` +#!/bin/bash + +chmod +x /driverkit/download-libs.sh +chmod +x /driverkit/download-headers.sh +chmod +x /driverkit/driverkit.sh + +/driverkit/download-libs.sh +KERNELDIR=$(/driverkit/download-headers.sh) /driverkit/driverkit.sh +` + files := []dockerCopyFile{ + {"/driverkit/download-libs.sh", libsDownloadScript}, + {"/driverkit/download-headers.sh", kernelDownloadScript}, {"/driverkit/driverkit.sh", driverkitScript}, + {"/driverkit/cmd.sh", runCmd}, {"/driverkit/kernel.config", string(configDecoded)}, } @@ -260,7 +285,7 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { Cmd: []string{ "/bin/bash", "-l", - "/driverkit/driverkit.sh", + "/driverkit/cmd.sh", }, }) diff --git a/pkg/driverbuilder/kubernetes.go b/pkg/driverbuilder/kubernetes.go index eec739a5..64f6d41b 100644 --- a/pkg/driverbuilder/kubernetes.go +++ b/pkg/driverbuilder/kubernetes.go @@ -96,6 +96,16 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { c := b.ToConfig() + libsDownloadScript, err := builder.LibsDownloadScript(c) + if err != nil { + return err + } + + kernelDownloadScript, err := builder.KernelDownloadScript(v, c, kr) + if err != nil { + return err + } + // generate the build script from the builder res, err := builder.Script(v, c, kr) if err != nil { @@ -117,7 +127,8 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { buildCmd := []string{ "/bin/bash", - "/driverkit/driverkit.sh", + "-l", + "/driverkit/download-libs.sh && KERNELDIR=$(/driverkit/download-headers.sh) /driverkit/driverkit.sh", } commonMeta := metav1.ObjectMeta{ @@ -136,10 +147,12 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { cm := &corev1.ConfigMap{ ObjectMeta: commonMeta, Data: map[string]string{ - "driverkit.sh": res, - "kernel.config": string(configDecoded), - "downloader.sh": waitForLockAndCat, - "unlock.sh": deleteLock, + "download-libs.sh": libsDownloadScript, + "download-headers.sh": kernelDownloadScript, + "driverkit.sh": res, + "kernel.config": string(configDecoded), + "downloader.sh": waitForLockAndCat, + "unlock.sh": deleteLock, }, } // Construct environment variable array of corev1.EnvVar diff --git a/pkg/driverbuilder/local.go b/pkg/driverbuilder/local.go index 56619353..d36f675b 100644 --- a/pkg/driverbuilder/local.go +++ b/pkg/driverbuilder/local.go @@ -38,7 +38,7 @@ func (lbp *LocalBuildProcessor) String() string { func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { slog.Debug("doing a new local build") - + // We don't want to download headers kr := b.KernelReleaseFromBuildConfig() @@ -86,6 +86,19 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { // Fetch paths were kmod and probe will be built srcModulePath := vv.GetModuleFullPath(c, kr) srcProbePath := vv.GetProbeFullPath(c) + + if len(lbp.srcDir) == 0 { + // Download src! + libsDownloadScript, err := builder.LibsDownloadScript(c) + if err != nil { + return err + } + _, err = exec.Command("/bin/bash", "-c", libsDownloadScript).CombinedOutput() + if err != nil { + return err + } + } + for _, gcc := range gccs { vv.GccPath = gcc @@ -102,10 +115,12 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { for key, val := range lbp.envMap { cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", key, val)) } + stdout, err := cmd.StdoutPipe() + cmd.Stderr = cmd.Stdout // redirect stderr to stdout so that we catch it if err != nil { - slog.Warn("Failed to pipe output. Trying without piping.", "err", err) - _, err = cmd.Output() + slog.Warn("Failed to pipe stdout. Trying without piping.", "err", err) + _, err = cmd.CombinedOutput() } else { defer stdout.Close() err = cmd.Start()