Merge pull request #220216 from 06kellyjac/tracee (aba88115) · Commits · nix / nixpkgs

nixos/tests/tracee.nix

+8 −4

Original line number	Diff line number	Diff line
		import ./make-test-python.nix ({ pkgs, ... }: {
		name = "tracee-integration";
		meta.maintainers = pkgs.tracee.meta.maintainers;

		nodes = {
		machine = { config, pkgs, ... }: {
		# EventFilters/trace_only_events_from_new_containers and
		@@ -7,11 +9,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
		# require docker/dockerd
		virtualisation.docker.enable = true;

		environment.systemPackages = [
		environment.systemPackages = with pkgs; [
		# required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
		pkgs.which
		which
		# build the go integration tests as a binary
		(pkgs.tracee.overrideAttrs (oa: {
		(tracee.overrideAttrs (oa: {
		pname = oa.pname + "-integration";
		postPatch = oa.postPatch or "" + ''
		# prepare tester.sh (which will be embedded in the test binary)
		@@ -20,10 +22,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
		# fix the test to look at nixos paths for running programs
		substituteInPlace tests/integration/integration_test.go \
		--replace "bin=/usr/bin/" "comm=" \
		--replace "binary=/usr/bin/" "comm=" \
		--replace "/usr/bin/dockerd" "dockerd" \
		--replace "/usr/bin" "/run/current-system/sw/bin"
		'';
		nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ];
		nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ];
		buildPhase = ''
		runHook preBuild
		# just build the static lib we need for the go test binary
		@@ -34,6 +37,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
		runHook postBuild
		'';
		doCheck = false;
		outputs = [ "out" ];
		installPhase = ''
		mkdir -p $out/bin
		mv $GOPATH/tracee-integration $out/bin/

pkgs/tools/security/tracee/default.nix

+15 −18

Original line number	Diff line number	Diff line
		@@ -2,7 +2,7 @@
		, buildGoModule
		, fetchFromGitHub

		, llvmPackages_13
		, clang
		, pkg-config

		, zlib
		@@ -14,20 +14,17 @@
		, tracee
		}:

		let
		inherit (llvmPackages_13) clang;
		in
		buildGoModule rec {
		pname = "tracee";
		version = "0.11.0";
		version = "0.13.0";

		src = fetchFromGitHub {
		owner = "aquasecurity";
		repo = pname;
		rev = "v${version}";
		sha256 = "sha256-fAbii/DEXx9WJpolc7amqF9TQj4oE5x0TCiNOtVasGo=";
		hash = "sha256-55+eyulFbzR2ZzKbTN5sHIickpwXY8eJDDzf6Gzwhsk=";
		};
		vendorSha256 = "sha256-eenhIsiJhPLgwJo2spIGURPkcsec3kO4L5UJ0FWniQc=";
		vendorHash = "sha256-qEubjzYGdiBntPOJw8dR/THcvK2Bml97SXHImIWbDm0=";

		patches = [
		./use-our-libbpf.patch
		@@ -59,15 +56,16 @@ buildGoModule rec {
		# see passthru.tests.integration
		doCheck = false;

		outputs = [ "out" "lib" "share" ];

		installPhase = ''
		runHook preInstall

		mkdir -p $out/{bin,share/tracee}

		mv ./dist/tracee-{ebpf,rules} $out/bin/
		mkdir -p $out/bin $lib/lib/tracee $share/share/tracee

		mv ./dist/rules $out/share/tracee/
		mv ./cmd/tracee-rules/templates $out/share/tracee/
		mv ./dist/tracee $out/bin/
		mv ./dist/tracee.bpf.core.o $lib/lib/tracee/
		mv ./cmd/tracee-rules/templates $share/share/tracee/

		runHook postInstall
		'';
		@@ -76,10 +74,8 @@ buildGoModule rec {
		installCheckPhase = ''
		runHook preInstallCheck

		$out/bin/tracee-ebpf --help
		$out/bin/tracee-ebpf --version \| grep "v${version}"

		$out/bin/tracee-rules --help
		$out/bin/tracee --help
		$out/bin/tracee --version \| grep "v${version}"

		runHook postInstallCheck
		'';
		@@ -89,7 +85,7 @@ buildGoModule rec {
		version = testers.testVersion {
		package = tracee;
		version = "v${version}";
		command = "tracee-ebpf --version";
		command = "tracee --version";
		};
		};

		@@ -111,6 +107,7 @@ buildGoModule rec {
		gpl2Plus
		];
		maintainers = with maintainers; [ jk ];
		platforms = [ "x86_64-linux" ];
		platforms = [ "x86_64-linux" "aarch64-linux" ];
		outputsToInstall = [ "out" "share" ];
		};
		}

pkgs/tools/security/tracee/use-our-libbpf.patch

+5 −86

Original line number	Diff line number	Diff line
		diff --git a/Makefile b/Makefile
		index c72cf63d..e96b7eed 100644
		index d7596a1a..dd7b97b6 100644
		--- a/Makefile
		+++ b/Makefile
		@@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck
		@@ -10,18 +10,7 @@ index c72cf63d..e96b7eed 100644
		LIB_ELF ?= libelf
		LIB_ZLIB ?= zlib

		@@ -172,10 +173,6 @@ env:
		@echo "KERN_BUILD_PATH $(KERN_BUILD_PATH)"
		@echo "KERN_SRC_PATH $(KERN_SRC_PATH)"
		@echo ---------------------------------------
		- @echo "LIBBPF_CFLAGS $(LIBBPF_CFLAGS)"
		- @echo "LIBBPF_LDLAGS $(LIBBPF_LDFLAGS)"
		- @echo "LIBBPF_SRC $(LIBBPF_SRC)"
		- @echo ---------------------------------------
		@echo "STATIC $(STATIC)"
		@echo ---------------------------------------
		@echo "BPF_VCPU $(BPF_VCPU)"
		@@ -274,8 +271,6 @@ OUTPUT_DIR = ./dist
		@@ -279,8 +280,6 @@ OUTPUT_DIR = ./dist
		$(OUTPUT_DIR):
		#
		@$(CMD_MKDIR) -p $@
		@@ -30,61 +19,7 @@ index c72cf63d..e96b7eed 100644

		#
		# embedded btfhub
		@@ -286,37 +281,6 @@ $(OUTPUT_DIR)/btfhub:
		@$(CMD_MKDIR) -p $@
		@$(CMD_TOUCH) $@/.place-holder # needed for embed.FS

		-#
		-# libbpf
		-#
		-
		-LIBBPF_CFLAGS = "-fPIC"
		-LIBBPF_LDLAGS =
		-LIBBPF_SRC = ./3rdparty/libbpf/src
		-
		-$(OUTPUT_DIR)/libbpf/libbpf.a: \
		- $(LIBBPF_SRC) \
		- $(wildcard $(LIBBPF_SRC)/*.[ch]) \
		- \| .checkver_$(CMD_CLANG) $(OUTPUT_DIR)
		-#
		- CC="$(CMD_CLANG)" \
		- CFLAGS="$(LIBBPF_CFLAGS)" \
		- LD_FLAGS="$(LIBBPF_LDFLAGS)" \
		- $(MAKE) \
		- -C $(LIBBPF_SRC) \
		- BUILD_STATIC_ONLY=1 \
		- DESTDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/) \
		- OBJDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/obj) \
		- INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \
		- install install_uapi_headers
		-
		-$(LIBBPF_SRC): \
		- \| .check_$(CMD_GIT)
		-#
		-ifeq ($(wildcard $@), )
		- @$(CMD_GIT) submodule update --init --recursive
		-endif
		-
		#
		# non co-re ebpf
		#
		@@ -333,7 +297,6 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION))
		bpf-nocore: $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o

		$(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
		- $(OUTPUT_DIR)/libbpf/libbpf.a \
		$(TRACEE_EBPF_OBJ_SRC)
		#
		MAKEFLAGS="--no-print-directory"
		@@ -351,7 +314,6 @@ $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
		-I $(KERN_SRC_PATH)/include/uapi \
		-I $(KERN_BUILD_PATH)/include/generated \
		-I $(KERN_BUILD_PATH)/include/generated/uapi \
		- -I $(OUTPUT_DIR)/libbpf \
		-I ./3rdparty/include \
		-Wunused \
		-Wall \
		@@ -412,7 +374,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
		@@ -418,7 +417,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
		bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o

		$(OUTPUT_DIR)/tracee.bpf.core.o: \
		@@ -92,15 +27,7 @@ index c72cf63d..e96b7eed 100644
		$(TRACEE_EBPF_OBJ_SRC) \
		$(TRACEE_EBPF_OBJ_CORE_HEADERS)
		#
		@@ -421,7 +382,6 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \
		-D__BPF_TRACING__ \
		-DCORE \
		-I./pkg/ebpf/c/ \
		- -I$(OUTPUT_DIR)/libbpf/ \
		-I ./3rdparty/include \
		-target bpf \
		-O2 -g \
		@@ -447,8 +407,8 @@ ifeq ($(STATIC), 1)
		@@ -453,8 +451,8 @@ ifeq ($(STATIC), 1)
		GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo
		endif

		@@ -111,7 +38,7 @@ index c72cf63d..e96b7eed 100644

		GO_ENV_EBPF =
		GO_ENV_EBPF += GOOS=linux
		@@ -468,6 +428,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
		@@ -474,6 +472,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
		$(TRACEE_EBPF_SRC) \
		./embedded-ebpf.go \
		\| .checkver_$(CMD_GO) \
		@@ -119,11 +46,3 @@ index c72cf63d..e96b7eed 100644
		.checklib_$(LIB_ELF) \
		.checklib_$(LIB_ZLIB) \
		btfhub
		@@ -658,7 +619,6 @@ test-rules: \
		.PHONY: test-upstream-libbpfgo
		test-upstream-libbpfgo: \
		.checkver_$(CMD_GO) \
		- $(OUTPUT_DIR)/libbpf/libbpf.a
		#
		./tests/libbpfgo.sh $(GO_ENV_EBPF)

pkgs/top-level/all-packages.nix

+3 −1

Original line number	Diff line number	Diff line
		@@ -12944,7 +12944,9 @@ with pkgs;

		tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; };

		tracee = callPackage ../tools/security/tracee { };
		tracee = callPackage ../tools/security/tracee {
		clang = clang_14;
		};

		tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };