Add BTF support to kernel, sysdig and dependents, zstd-compressed modules

  • Open
  • quality assurance status badge
Details
One participant
  • Maxim Cournoyer
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 15 May 18:51 +0200
[PATCH 01/14] gnu: grpc: Modernize.
(address . guix-patches@gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
7cf609dcf83c85b6897c9fb9af46ce8a854a15c8.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/rpc.scm (grpc) [arguments]: Use gexps. Delete trailing #t.
[native-inputs]: Remove labels.
* gnu/packages/rpc.scm (grpc-1.16.1) [arguments]: Use gexps.

Change-Id: I0e89d246cc62a293274a32344108a7249f343257
---

gnu/packages/rpc.scm | 118 +++++++++++++++++++++----------------------
1 file changed, 58 insertions(+), 60 deletions(-)

Toggle diff (149 lines)
diff --git a/gnu/packages/rpc.scm b/gnu/packages/rpc.scm
index a88c79f8b9..d067d978c5 100644
--- a/gnu/packages/rpc.scm
+++ b/gnu/packages/rpc.scm
@@ -5,7 +5,7 @@
;;; Copyright © 2020 Brett Gilio <brettg@gnu.org>
;;; Copyright © 2021 Greg Hogan <code@greghogan.com>
;;; Copyright © 2021 Tobias Geerinckx-Rice <me@tobias.gr>
-;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2022, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -65,55 +65,53 @@ (define-public grpc
"1fs407hnlnm0b8sncjwys9rc7ia5nb7wxrpx39nq3pzzfs1lv3vq"))))
(build-system cmake-build-system)
(arguments
- `(#:tests? #f ; no test target
- #:configure-flags
- (list "-DgRPC_ZLIB_PROVIDER=package"
- "-DgRPC_ABSL_PROVIDER=package"
- "-DgRPC_CARES_PROVIDER=package"
- "-DgRPC_SSL_PROVIDER=package"
- "-DgRPC_PROTOBUF_PROVIDER=package"
- "-DgRPC_RE2_PROVIDER=package"
- (string-append "-DCMAKE_INSTALL_PREFIX="
- (assoc-ref %outputs "out"))
- "-DCMAKE_INSTALL_LIBDIR=lib"
- (string-append "-DCMAKE_INSTALL_RPATH="
- (assoc-ref %outputs "out") "/lib")
- "-DCMAKE_VERBOSE_MAKEFILE=ON")
- #:phases
- (modify-phases %standard-phases
- (add-before 'configure 'configure-shared
- (lambda* (#:key (configure-flags '()) #:allow-other-keys)
- (mkdir "../build-shared")
- (with-directory-excursion "../build-shared"
- (apply invoke
- "cmake" "../source"
- "-DBUILD_SHARED_LIBS=ON"
- configure-flags)
- (apply invoke "make"
- `("-j" ,(number->string (parallel-job-count)))))))
- (add-after 'install 'install-shared-libraries
- (lambda _
- (with-directory-excursion "../build-shared"
- (invoke "make" "install"))))
- (add-before 'strip 'move-static-libs
- (lambda* (#:key outputs #:allow-other-keys)
- (let ((out (assoc-ref outputs "out"))
- (static (assoc-ref outputs "static")))
- (mkdir-p (string-append static "/lib"))
- (with-directory-excursion
- (string-append out "/lib")
- (for-each
+ (list
+ #:tests? #f ; no test target
+ #:configure-flags
+ #~(list "-DgRPC_ZLIB_PROVIDER=package"
+ "-DgRPC_ABSL_PROVIDER=package"
+ "-DgRPC_CARES_PROVIDER=package"
+ "-DgRPC_SSL_PROVIDER=package"
+ "-DgRPC_PROTOBUF_PROVIDER=package"
+ "-DgRPC_RE2_PROVIDER=package"
+ (string-append "-DCMAKE_INSTALL_PREFIX=" #$output)
+ "-DCMAKE_INSTALL_LIBDIR=lib"
+ (string-append "-DCMAKE_INSTALL_RPATH=" #$output "/lib")
+ "-DCMAKE_VERBOSE_MAKEFILE=ON")
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-before 'configure 'configure-shared
+ (lambda* (#:key configure-flags #:allow-other-keys)
+ (mkdir "../build-shared")
+ (with-directory-excursion "../build-shared"
+ (apply invoke "cmake" "../source"
+ "-DBUILD_SHARED_LIBS=ON"
+ configure-flags)
+ (apply invoke "make"
+ (list "-j" (number->string (parallel-job-count)))))))
+ (add-after 'install 'install-shared-libraries
+ (lambda _
+ (with-directory-excursion "../build-shared"
+ (invoke "make" "install"))))
+ (add-before 'strip 'move-static-libs
+ (lambda _
+ (let ((static #$output:static))
+ (mkdir-p (string-append static "/lib"))
+ (with-directory-excursion (string-append #$output "/lib")
+ (for-each
(lambda (file)
- (rename-file file
- (string-append static "/lib/" file)))
- (find-files "." "\\.a$"))))
- #t)))))
- (inputs
- (list abseil-cpp-cxxstd11 c-ares/cmake openssl re2 zlib))
+ (rename-file file (string-append static "/lib/" file)))
+ (find-files "." "\\.a$")))))))))
(native-inputs
- `(("pkg-config" ,pkg-config)
- ("protobuf" ,protobuf)
- ("python" ,python-wrapper)))
+ (list pkg-config
+ protobuf
+ python-wrapper))
+ (inputs
+ (list abseil-cpp-cxxstd11
+ c-ares/cmake
+ openssl
+ re2
+ zlib))
(home-page "https://grpc.io")
(synopsis "High performance universal RPC framework")
(description "gRPC is a modern high performance @dfn{Remote Procedure Call}
@@ -159,18 +157,18 @@ (define-public grpc-1.16.1
(arguments
(substitute-keyword-arguments (package-arguments grpc)
((#:phases phases)
- `(modify-phases ,phases
- ;; Note: This would be nicer as a snippet, but that creates a tarball
- ;; instead of a checkout and breaks assumptions made by the builder.
- (add-after 'unpack 'rename-gettid
- (lambda _
- ;; Rename custom gettid() syscall wrapper to avoid conflict
- ;; with gettid() from glibc 2.30.
- (substitute* '("src/core/lib/gpr/log_linux.cc"
- "src/core/lib/gpr/log_posix.cc"
- "src/core/lib/iomgr/ev_epollex_linux.cc")
- (("gettid\\(")
- "sys_gettid("))))))))
+ #~(modify-phases #$phases
+ ;; Note: This would be nicer as a snippet, but that creates a tarball
+ ;; instead of a checkout and breaks assumptions made by the builder.
+ (add-after 'unpack 'rename-gettid
+ (lambda _
+ ;; Rename custom gettid() syscall wrapper to avoid conflict
+ ;; with gettid() from glibc 2.30.
+ (substitute* '("src/core/lib/gpr/log_linux.cc"
+ "src/core/lib/gpr/log_posix.cc"
+ "src/core/lib/iomgr/ev_epollex_linux.cc")
+ (("gettid\\(")
+ "sys_gettid("))))))))
(inputs
(modify-inputs (package-inputs grpc)
(replace "abseil-cpp" abseil-cpp-20200923.3)))

base-commit: 029f2e970d5d14dda2dc89a4a3cc17de573ff90c
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 02/14] gnu: grpc: Propagate abseil-cpp-cxxstd11.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
9667eb578569fbd744103f55e7b6275f3e34bc61.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/rpc.scm (grpc) [native-inputs]: Move abseil-cpp-cxxstd11 to...
[propagated-inputs]: ... here.

Change-Id: I5bceefa762494423c0bc40b559bcf243ecdf85d8
---

gnu/packages/rpc.scm | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)

Toggle diff (23 lines)
diff --git a/gnu/packages/rpc.scm b/gnu/packages/rpc.scm
index d067d978c5..b70214fa79 100644
--- a/gnu/packages/rpc.scm
+++ b/gnu/packages/rpc.scm
@@ -107,11 +107,14 @@ (define-public grpc
protobuf
python-wrapper))
(inputs
- (list abseil-cpp-cxxstd11
- c-ares/cmake
+ (list c-ares/cmake
openssl
re2
zlib))
+ (propagated-inputs
+ ;; Abseil libraries are in the 'Requires' field of the various gRPC
+ ;; pkg-config files.
+ (list abseil-cpp-cxxstd11))
(home-page "https://grpc.io")
(synopsis "High performance universal RPC framework")
(description "gRPC is a modern high performance @dfn{Remote Procedure Call}
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 03/14] gnu: Add valijson.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
bcd9d5621e1d29372b6a76267b133094761f7691.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/serialization.scm (valijson): New variable.

Change-Id: I604a0ecdd5ffaa256db4053b77e760d549881f33
---

gnu/packages/serialization.scm | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/packages/serialization.scm b/gnu/packages/serialization.scm
index 331fae80cf..23959ebc4f 100644
--- a/gnu/packages/serialization.scm
+++ b/gnu/packages/serialization.scm
@@ -15,7 +15,7 @@
;;; Copyright © 2023 Alexey Abramov <levenson@mmer.org>
;;; Copyright © 2023 Sharlatan Hellseher <sharlatanus@gmail.com>
;;; Copyright © 2023 Vinicius Monego <monego@posteo.net>
-;;; Copyright © 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2023, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2023 Zheng Junjie <873216071@qq.com>
;;; Copyright © 2024 Paul A. Patience <paul@apatience.com>
;;; Copyright © 2024 Arun Isaac <arunisaac@systemreboot.net>
@@ -936,3 +936,27 @@ (define-public python-feather-format
(description "This package provides a Python wrapper library to the
Apache Arrow-based Feather binary columnar serialization data frame format.")
(license license:asl2.0)))
+
+(define-public valijson
+ (package
+ (name "valijson")
+ (version "1.0.2")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/tristanpenman/valijson")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1ai6bj6mxd12mpvf1xwlad2vic5lsqy44adilp17wa7dq275vwf2"))))
+ (build-system cmake-build-system)
+ ;; The test suite is disabled as it requires Boost, Qt 5, Poco as well as
+ ;; other bundled libraries.
+ (arguments (list #:tests? #f))
+ (home-page "https://github.com/tristanpenman/valijson")
+ (synopsis "JSON schema validation C++ header-only library")
+ (description "Valijson is a header-only JSON Schema validation library for
+C++11. It provides a simple validation API that allows loading JSON Schemas,
+and validate documents loaded by one of several supported parser libraries.")
+ (license license:bsd-2)))
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 04/14] gnu: libbpf: Use gexps.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
dc37fba74f58a05428027b1e8d4d6666a220ab7d.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/linux.scm (libbpf) [arguments]: Use gexps.

Change-Id: I5529cda3b316a24b48f4a33bfd685695614350bb
---

gnu/packages/linux.scm | 32 ++++++++++++++------------------
1 file changed, 14 insertions(+), 18 deletions(-)

Toggle diff (52 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 8a849d146a..dea203a692 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9795,31 +9795,27 @@ (define-public libbpf
(base32
"1zzpkk4x3f20483dzw43b3ml03d63vvkmqf4j8y3b61b67wm59bm"))))
(build-system gnu-build-system)
- (native-inputs
- (list pkg-config))
- (propagated-inputs
- ;; In Requires.private of libbpf.pc.
- (list elfutils zlib))
(arguments
- `(#:tests? #f ; no tests
- #:make-flags
- (list
- (string-append "PREFIX=" (assoc-ref %outputs "out"))
- (string-append "LIBDIR=$(PREFIX)/lib")
- (string-append "CC=" ,(cc-for-target)))
- #:phases
- (modify-phases %standard-phases
- (delete 'configure)
- (add-before 'build 'pre-build
- (lambda _
- (chdir "src"))))))
+ (list
+ #:tests? #f ;self-tests run in QEMU
+ #:make-flags
+ #~(list (string-append "PREFIX=" #$output)
+ (string-append "LIBDIR=$(PREFIX)/lib")
+ (string-append "CC=" #$(cc-for-target)))
+ #:phases #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'pre-build
+ (lambda _
+ (chdir "src"))))))
+ (native-inputs (list pkg-config))
+ (propagated-inputs (list elfutils zlib)) ;in Requires.private of libbpf.pc
(home-page "https://github.com/libbpf/libbpf")
(synopsis "BPF CO-RE (Compile Once – Run Everywhere)")
(description
"Libbpf supports building BPF CO-RE-enabled applications, which, in
contrast to BCC, do not require the Clang/LLVM runtime or linux kernel
headers.")
- (license `(,license:lgpl2.1 ,license:bsd-2))))
+ (license (list license:lgpl2.1 license:bsd-2))))
(define-public bcc
(package
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 05/14] gnu: libbpf: Update to 1.4.1.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
f46596f3fac08e47708b4691f9fefcb3133bfc04.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/linux.scm (libbpf): Update to 1.4.1.
[phases] {install-linux-bpf-headers}: New phase.
[native-inputs]: Add linux-libre-headers-6.8.

Change-Id: I969a017b0ed52c1a611b3fe0d90d5b8703d35e73
---

gnu/packages/linux.scm | 41 +++++++++++++++++++++++++++++++++--------
1 file changed, 33 insertions(+), 8 deletions(-)

Toggle diff (68 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index dea203a692..cb348276e3 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -9783,7 +9783,7 @@ (define-public cachefilesd
(define-public libbpf
(package
(name "libbpf")
- (version "0.8.1")
+ (version "1.4.1")
(source
(origin
(method git-fetch)
@@ -9793,7 +9793,7 @@ (define-public libbpf
(file-name (git-file-name name version))
(sha256
(base32
- "1zzpkk4x3f20483dzw43b3ml03d63vvkmqf4j8y3b61b67wm59bm"))))
+ "1d0bx4bmn80nkdh0dqjfwq6j37is3qwl49cjvx4yxb4vrxq3x05x"))))
(build-system gnu-build-system)
(arguments
(list
@@ -9802,12 +9802,37 @@ (define-public libbpf
#~(list (string-append "PREFIX=" #$output)
(string-append "LIBDIR=$(PREFIX)/lib")
(string-append "CC=" #$(cc-for-target)))
- #:phases #~(modify-phases %standard-phases
- (delete 'configure)
- (add-before 'build 'pre-build
- (lambda _
- (chdir "src"))))))
- (native-inputs (list pkg-config))
+ #:phases
+ #~(modify-phases %standard-phases
+ (delete 'configure)
+ (add-before 'build 'pre-build
+ (lambda _
+ (chdir "src")))
+ (add-after 'install 'install-linux-bpf-headers
+ ;; Workaround users such as 'dwarves' requiring btf_enum64
+ ;; definition from the kernel Linux >= 6 headers (see:
+ ;; https://github.com/acmel/dwarves/issues/49).
+ ;; TODO: Remove once our 'linux-libre-headers' package is
+ ;; upgraded to a >= 6 release.
+ (lambda _
+ (let ((linux-libre-headers #$(this-package-native-input
+ "linux-libre-headers")))
+ (for-each (lambda (f)
+ (install-file (string-append linux-libre-headers
+ "/include/" f)
+ (string-append #$output "/include/"
+ (dirname f))))
+ ;; This list contains btf.h and its transitive
+ ;; dependencies.
+ (list "asm/posix_types.h"
+ "asm/types.h"
+ "asm-generic/types.h"
+ "asm-generic/int-ll64.h"
+ "linux/btf.h"
+ "linux/posix_types.h"
+ "linux/stddef.h"
+ "linux/types.h"))))))))
+ (native-inputs (list linux-libre-headers-6.8 pkg-config))
(propagated-inputs (list elfutils zlib)) ;in Requires.private of libbpf.pc
(home-page "https://github.com/libbpf/libbpf")
(synopsis "BPF CO-RE (Compile Once – Run Everywhere)")
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 06/14] gnu: Add falcosecurity-libs.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
c355c58a393bc03a971a0661e138b583eaeff834.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/linux.scm (falcosecurity-libs): New variable.
* gnu/packages/patches/falcosecurity-libs-install-pman.patch
* gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
* gnu/packages/patches/falcosecurity-libs-pkg-config.patch
* gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch
* gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.

Change-Id: I0cb15e6a25256598678fc20eb298ad947d699ef4
---

gnu/local.mk | 5 +
gnu/packages/linux.scm | 92 +++++++++++
.../falcosecurity-libs-install-pman.patch | 14 ++
.../falcosecurity-libs-libscap-pc.patch | 16 ++
...lcosecurity-libs-libsinsp-pkg-config.patch | 155 ++++++++++++++++++
.../falcosecurity-libs-pkg-config.patch | 23 +++
...alcosecurity-libs-shared-library-fix.patch | 50 ++++++
7 files changed, 355 insertions(+)
create mode 100644 gnu/packages/patches/falcosecurity-libs-install-pman.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-pkg-config.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch

Toggle diff (438 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 7f43f57f57..bb7dfa0b12 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1179,6 +1179,11 @@ dist_patch_DATA = \
%D%/packages/patches/fail2ban-python310-server-action.patch \
%D%/packages/patches/fail2ban-python310-server-actions.patch \
%D%/packages/patches/fail2ban-python310-server-jails.patch \
+ %D%/packages/patches/falcosecurity-libs-install-pman.patch \
+ %D%/packages/patches/falcosecurity-libs-libscap-pc.patch \
+ %D%/packages/patches/falcosecurity-libs-pkg-config.patch \
+ %D%/packages/patches/falcosecurity-libs-shared-library-fix.patch \
+ %D%/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch \
%D%/packages/patches/farstream-gupnp.patch \
%D%/packages/patches/farstream-make.patch \
%D%/packages/patches/fastcap-mulGlobal.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index cb348276e3..a51ce5c27a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -100,6 +100,7 @@
(define-module (gnu packages linux)
#:use-module (gnu packages)
#:use-module (gnu packages acl)
+ #:use-module (gnu packages adns)
#:use-module (gnu packages admin)
#:use-module (gnu packages algebra)
#:use-module (gnu packages apparmor)
@@ -114,10 +115,12 @@ (define-module (gnu packages linux)
#:use-module (gnu packages calendar)
#:use-module (gnu packages check)
#:use-module (gnu packages cpio)
+ #:use-module (gnu packages cpp)
#:use-module (gnu packages crates-io)
#:use-module (gnu packages crypto)
#:use-module (gnu packages cryptsetup)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages curl)
#:use-module (gnu packages databases)
#:use-module (gnu packages datastructures)
#:use-module (gnu packages dbm)
@@ -166,11 +169,14 @@ (define-module (gnu packages linux)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages polkit)
#:use-module (gnu packages popt)
+ #:use-module (gnu packages protobuf)
#:use-module (gnu packages pulseaudio)
#:use-module (gnu packages python)
#:use-module (gnu packages python-xyz)
#:use-module (gnu packages qt)
#:use-module (gnu packages readline)
+ #:use-module (gnu packages regex)
+ #:use-module (gnu packages rpc)
#:use-module (gnu packages rrdtool)
#:use-module (gnu packages rsync)
#:use-module (gnu packages samba)
@@ -178,6 +184,7 @@ (define-module (gnu packages linux)
#:use-module (gnu packages serialization)
#:use-module (gnu packages slang)
#:use-module (gnu packages sqlite)
+ #:use-module (gnu packages tbb)
#:use-module (gnu packages texinfo)
#:use-module (gnu packages textutils)
#:use-module (gnu packages tls)
@@ -9539,6 +9546,91 @@ (define-public fakechroot
(home-page "https://github.com/dex4er/fakechroot/")
(license license:lgpl2.1+))))
+(define-public falcosecurity-libs
+ (package
+ (name "falcosecurity-libs")
+ (version "0.16.0")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/falcosecurity/libs/")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1vzymzkfipb3bnjjd9m8ykzj0l94fm8mnpcxfm8mpxz3jbd8xnv9"))
+ (patches
+ (search-patches
+ "falcosecurity-libs-pkg-config.patch"
+ "falcosecurity-libs-install-pman.patch"
+ "falcosecurity-libs-libscap-pc.patch"
+ "falcosecurity-libs-shared-library-fix.patch"
+ "falcosecurity-libs-libsinsp-pkg-config.patch"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list
+ #:configure-flags
+ #~(list "-DUSE_BUNDLED_DEPS=OFF"
+ "-DBUILD_DRIVER=OFF"
+ "-DENABLE_DKMS=OFF"
+ "-DBUILD_LIBSCAP_MODERN_BPF=ON"
+ "-DSCAP_FILES_SUITE_ENABLE=OFF" ;attempts to download scap files
+ "-DBUILD_SHARED_LIBS=ON"
+ #$(string-append "-DFALCOSECURITY_LIBS_VERSION=" version))
+ ;; Only the libsinsp test suite is run, as the one for libscap requires
+ ;; elevated privileges.
+ #:test-target "run-unit-test-libsinsp"
+ #:phases
+ #~(modify-phases %standard-phases
+ (add-after 'unpack 'disable-problematic-tests
+ (lambda _
+ (substitute* "userspace/libsinsp/test/user.ut.cpp"
+ ;; The 'system_lookup' test assumes a root user
+ ;; exists in the build environment.
+ (("TEST_F\\(usergroup_manager_test, system_lookup)")
+ "TEST_F(usergroup_manager_test, DISABLED_system_lookup)"))))
+ (add-after 'install 'delete-src
+ (lambda _
+ (delete-file-recursively
+ (string-append #$output "/src")))))))
+ (native-inputs (list bpftool
+ clang
+ googletest
+ pkg-config
+ valijson)) ;header-only library
+ (inputs
+ (list elfutils
+ libbpf
+ libelf))
+ (propagated-inputs
+ ;; The following inputs are in the 'Requires' field of libscap.pc and
+ ;; libsinp.pc.
+ (list c-ares
+ grpc
+ jsoncpp
+ openssl
+ protobuf
+ uthash ;included in libscap headers
+ zlib
+ ;; These are in the 'Requires.private' field of libscap.pc and
+ ;; libsinp.pc. They are required because the headers are installed
+ ;; to a non-standard directory, and thus need to be found via the
+ ;; 'Cflags' field, which in turn mandates that both the pkg-config
+ ;; modules listed in the 'Requires' and 'Requires.private' be
+ ;; available.
+ curl
+ re2
+ tbb))
+ (home-page "https://github.com/falcosecurity/libs/")
+ (synopsis "libscap and lisbinsp Falco security libraries")
+ (description "The Falco security libraries include @code{libsinsp} and
+@code{libscap}. @code{libscap} manages the data capture process, while
+@code{libsinsp} is a system inspection library that enriches events from
+@code{libscap} with machine state. @code{libsinsp} also performs events
+filtering with rule evaluation through its internal rule engine. These
+libraries are used by the @command{sysdig} command-line utility.")
+ (license license:asl2.0)))
+
(define-public inputattach
(package
(name "inputattach")
diff --git a/gnu/packages/patches/falcosecurity-libs-install-pman.patch b/gnu/packages/patches/falcosecurity-libs-install-pman.patch
new file mode 100644
index 0000000000..38dcc0c4b8
--- /dev/null
+++ b/gnu/packages/patches/falcosecurity-libs-install-pman.patch
@@ -0,0 +1,14 @@
+Install the pman library and its header.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libpman/CMakeLists.txt b/userspace/libpman/CMakeLists.txt
+index da92e9f27..4b57365fe 100644
+--- a/userspace/libpman/CMakeLists.txt
++++ b/userspace/libpman/CMakeLists.txt
+@@ -58,3 +58,6 @@ endif()
+ if(USE_BUNDLED_LIBBPF)
+ add_dependencies(pman libbpf)
+ endif()
++
++install(TARGETS pman LIBRARY ARCHIVE FRAMEWORK)
++install(FILES include/libpman.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
diff --git a/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch b/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
new file mode 100644
index 0000000000..ff650942ff
--- /dev/null
+++ b/gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
@@ -0,0 +1,16 @@
+libscap: Guard against install_lib_link_libraries-NOTFOUND.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/cmake/modules/libscap.cmake b/cmake/modules/libscap.cmake
+index 81ad2d28d..8b6b4197e 100644
+--- a/cmake/modules/libscap.cmake
++++ b/cmake/modules/libscap.cmake
+@@ -95,7 +95,7 @@ foreach(libscap_install_lib ${LIBSCAP_INSTALL_LIBS})
+ list(APPEND libscap_link_libraries ${libscap_install_lib})
+ get_target_property(install_lib_link_libraries ${libscap_install_lib} LINK_LIBRARIES)
+ foreach (install_lib_link_library ${install_lib_link_libraries})
+- if (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets)
++ if (${install_lib_link_library} AND (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets))
+ if(${install_lib_link_library} MATCHES "/")
+ # We have a path. Convert it to -L<dir> + -l<lib>.
+ get_filename_component(scap_lib_dir ${install_lib_link_library} DIRECTORY)
diff --git a/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch b/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch
new file mode 100644
index 0000000000..347e0ac90d
--- /dev/null
+++ b/gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch
@@ -0,0 +1,155 @@
+libsinsp: Refine pkg-config file generation.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index a379744f3..1d4b20056 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+@@ -6,5 +6,6 @@ Name: libscap
+ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+-Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
++Requires: zlib
++Libs: -L${libdir} -L{libdir}/@LIBS_PACKAGE_NAME@/libscap @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+ Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
+diff --git a/userspace/libsinsp/CMakeLists.txt b/userspace/libsinsp/CMakeLists.txt
+index 6104603e8..832f86067 100644
+--- a/userspace/libsinsp/CMakeLists.txt
++++ b/userspace/libsinsp/CMakeLists.txt
+@@ -169,13 +169,9 @@ target_link_libraries(sinsp
+ "${RE2_LIB}"
+ )
+
+-set(SINSP_PKGCONFIG_LIBRARIES
+- scap
+- "${ZLIB_LIB}"
+- "${CURL_LIBRARIES}"
+- "${JSONCPP_LIB}"
+- "${RE2_LIB}"
+-)
++set(SINSP_PKGCONFIG_LIBRARIES)
++set(SINSP_PKGCONFIG_REQUIRES jsoncpp)
++set(SINSP_PKGCONFIG_REQUIRES_PRIVATE libcurl re2)
+
+ if(NOT EMSCRIPTEN)
+ target_link_libraries(sinsp
+@@ -184,7 +180,8 @@ if(NOT EMSCRIPTEN)
+ PRIVATE
+ "${TBB_LIB}"
+ )
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${CARES_LIB}")
++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcares)
++ list(APPEND SINSP_PKGCONFIG_REQUIRES_PRIVATE tbb)
+ endif()
+
+ if(USE_BUNDLED_VALIJSON)
+@@ -248,14 +245,12 @@ if(NOT WIN32)
+ "${PROTOBUF_LIB}"
+ "${CARES_LIB}"
+ )
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES
+- "${GRPC_LIBRARIES}"
+- "${GRPCPP_LIB}"
+- "${GRPC_LIB}"
+- "${GPR_LIB}"
+- "${PROTOBUF_LIB}"
+- "${CARES_LIB}"
+- )
++ list(APPEND SINSP_PKGCONFIG_REQUIRES
++ gpr
++ grpc
++ grpc++
++ protobuf
++ libcares)
+
+ if(NOT MUSL_OPTIMIZED_BUILD)
+ target_link_libraries(sinsp INTERFACE rt anl)
+@@ -269,7 +264,7 @@ if(NOT WIN32)
+ endif() # NOT APPLE
+
+ target_link_libraries(sinsp INTERFACE "${OPENSSL_LIBRARIES}")
+- list(APPEND SINSP_PKGCONFIG_LIBRARIES "${OPENSSL_LIBRARIES}")
++ list(APPEND SINSP_PKGCONFIG_REQUIRES libcrypto libssl)
+
+ target_link_libraries(sinsp INTERFACE dl pthread)
+ list(APPEND SINSP_PKGCONFIG_LIBRARIES dl pthread)
+@@ -306,41 +301,17 @@ if(NOT DEFINED SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR)
+ endif()
+ add_definitions(-DSINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR="${SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR}")
+
+-# Build our pkg-config "Libs:" flags. For now, loop over SINSP_PKGCONFIG_LIBRARIES. If
+-# we ever start using pkg_search_module or pkg_check_modules in cmake/modules
+-# we could add each module to our "Requires:" line instead. We might need to
+-# expand this to use some of the techniques in
+-# https://github.com/curl/curl/blob/curl-7_84_0/CMakeLists.txt#L1539
+-set(SINSP_PKG_CONFIG_LIBS)
+-set(SINSP_PKG_CONFIG_LIBDIRS "")
+-foreach(sinsp_lib ${SINSP_PKGCONFIG_LIBRARIES})
+- if(${sinsp_lib} MATCHES "^-")
+- # We have a flag. Pass it through unchanged.
+- list(APPEND SINSP_PKG_CONFIG_LIBS ${sinsp_lib})
+- elseif(${sinsp_lib} MATCHES "/")
+- # We have a path. Convert it to -L<dir> + -l<lib>.
+- get_filename_component(sinsp_lib_dir ${sinsp_lib} DIRECTORY)
+- list(APPEND SINSP_PKG_CONFIG_LIBDIRS -L${sinsp_lib_dir})
+- get_filename_component(sinsp_lib_base ${sinsp_lib} NAME_WE)
+- string(REGEX REPLACE "^lib" "" sinsp_lib_base ${sinsp_lib_base})
+- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib_base})
+- elseif(${sinsp_lib} STREQUAL "scap")
+- # We require libscap.pc, so skip it.
+- else()
+- # Assume we have a plain library name. Prefix it with "-l".
+- list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib})
+- endif()
+-endforeach()
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_LIBRARIES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES_PRIVATE)
+
+-# Build our pkg-config "Cflags:" flags.
+-set(SINSP_PKG_CONFIG_INCLUDES "")
+-foreach(sinsp_include_directory ${LIBSINSP_INCLUDE_DIRS})
+- list(APPEND SINSP_PKG_CONFIG_INCLUDES -I${sinsp_include_directory})
++set(SINSP_LINK_FLAGS)
++foreach(sinsp_link_library ${SINSP_PKGCONFIG_LIBRARIES})
++ list(APPEND SINSP_LINK_FLAGS "-l${sinsp_link_library}")
+ endforeach()
+
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBS "${SINSP_PKG_CONFIG_LIBS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_LIBDIRS)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBDIRS "${SINSP_PKG_CONFIG_LIBDIRS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_INCLUDES)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_INCLUDES "${SINSP_PKG_CONFIG_INCLUDES}")
++string(REPLACE ";" " " LIBSINSP_LINK_FLAGS "${SINSP_LINK_FLAGS}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES "${SINSP_PKGCONFIG_REQUIRES}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES_PRIVATE "${SINSP_PKGCONFIG_REQUIRES_PRIVATE}")
++
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libsinsp.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libsinsp.pc @ONLY)
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index 9292e73ce..f20da76b3 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+
+@@ -6,6 +6,7 @@ Name: libsinsp
+ Description: lib for System INSPection
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+-Requires: libscap
+-Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@
++Requires: libscap @LIBSINSP_REQUIRES@
++Requires.private: @LIBSINSP_REQUIRES_PRIVATE@
++Libs: -L${libdir} -lsinsp @LIBSINSP_LINK_FLAGS@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
diff --git a/gnu/packages/patches/falcosecurity-libs-pkg-config.patch b/gnu/packages/patches/falcosecurity-libs-pkg-config.patch
new file mode 100644
index 0000000000..9ddfdfffde
--- /dev/null
+++ b/gnu/packages/patches/falcosecurity-libs-pkg-config.patch
@@ -0,0 +1,23 @@
+userspace: Extend CFLAGS of libscap.pc and libsinsp.pc.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index 40b6e96ed..a379744f3 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -7,4 +7,4 @@ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+
+ Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index c1cc4a1e2..9292e73ce 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -8,4 +8,4 @@ Version: @FALCOSECURITY_LIBS_VERSION@
+
+ Requires: libscap
+ Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp @SINSP_PKG_CONFIG_INCLUDES@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@
diff --git a/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch b/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch
new file mode 100644
index 0000000000..3334a89516
--- /dev/null
+++ b/gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch
@@ -0,0 +1,50 @@
+Fix shared library build.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt
+index 80229cc03..70c9ba65b 100644
+--- a/driver/CMakeLists.txt
++++ b/driver/CMakeLists.txt
+@@ -152,6 +152,11 @@ set(DRIVER_SOURCES
+ ppm_consumer.h
+ capture_macro.h
+ socketcall_to_syscall.h
++ syscall_compat_loongarch64.h
++ syscall_compat_ppc64le.h
++ syscall_compat_riscv64.h
++ syscall_compat_s390x.h
++ syscall_compat_x86_64.h
+ syscall_ia32_64_map.c
+ )
+
+diff --git a/test/libscap/CMakeLists.txt b/test/libscap/CMakeLists.txt
+index e88603ebd..fa26ba7ee 100644
+--- a/test/libscap/CMakeLists.txt
++++ b/test/libscap/CMakeLists.txt
+@@ -45,6 +45,7 @@ set(LIBSCAP_TESTS_LIBRARIES
+ "${GTEST_LIB}"
+ "${GTEST_MAIN_LIB}"
+ "${CMAKE_THREAD_LIBS_INIT}"
++ "${PROTOBUF_LIB}"
+ scap
+ )
+
+diff --git a/userspace/libscap/engine/gvisor/CMakeLists.txt b/userspace/libscap/engine/gvisor/CMakeLists.txt
+index 6dfbafb14..875847b5d 100644
+--- a/userspace/libscap/engine/gvisor/CMakeLists.txt
++++ b/userspace/libscap/engine/gvisor/CMakeLists.txt
+@@ -76,6 +76,14 @@ if (BUILD_SHARED_LIBS)
+ add_dependencies(scap_engine_gvisor_o uthash)
+ add_dependencies(scap scap_engine_gvisor_o)
+ target_sources(scap PRIVATE $<TARGET_OBJECTS:scap_engine_gvisor_o>)
++
++ target_include_directories(scap_engine_gvisor_o
++ PRIVATE
++ ${CMAKE_BINARY_DIR}
++ ${C
This message was truncated. Download the full message here.
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 07/14] gnu: Add sysdig.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
60acdbbfc5a30227d034368905fb8567c917156b.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/admin.scm (sysdig): New variable.
* gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

Change-Id: I02b64db7a548e17ea83beb1ea27db87d29e99cf1
---

gnu/local.mk | 1 +
gnu/packages/admin.scm | 58 +++++++++++++++
.../sysdig-shared-falcosecurity-libs.patch | 71 +++++++++++++++++++
3 files changed, 130 insertions(+)
create mode 100644 gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch

Toggle diff (167 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index bb7dfa0b12..81960e1c9b 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -2076,6 +2076,7 @@ dist_patch_DATA = \
%D%/packages/patches/slim-login.patch \
%D%/packages/patches/slim-display.patch \
%D%/packages/patches/stex-copy-from-immutable-store.patch \
+ %D%/packages/patches/sysdig-shared-falcosecurity-libs.patch \
%D%/packages/patches/syslinux-gcc10.patch \
%D%/packages/patches/syslinux-strip-gnu-property.patch \
%D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch \
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 22a2c12244..c36e41cbce 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -114,6 +114,7 @@ (define-module (gnu packages admin)
#:use-module (gnu packages c)
#:use-module (gnu packages check)
#:use-module (gnu packages compression)
+ #:use-module (gnu packages cpp)
#:use-module (gnu packages crates-graphics)
#:use-module (gnu packages crates-io)
#:use-module (gnu packages crates-windows)
@@ -5722,6 +5723,63 @@ (define-public seatd
that require it.")
(license license:expat)))
+(define-public sysdig
+ ;; Use the latest commit for now, as the latest 0.36.1 release does not yet
+ ;; support the falcosecurity-libs 0.16 API.
+ (let ((commit "598ad292b659425e475e5814d9e92c3c29188480")
+ (revision "0"))
+ (package
+ (name "sysdig")
+ (version (git-version "0.36.1" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/draios/sysdig")
+ (commit commit)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0yyins3rb286dfibadfwwp2gwmdj7fsz3pdkpdvx05yvdqfkqds7"))
+ (patches
+ (search-patches "sysdig-shared-falcosecurity-libs.patch"))))
+ (build-system cmake-build-system)
+ (arguments
+ (list #:tests? #f ;no test suite
+ #:configure-flags
+ #~(list "-DUSE_BUNDLED_DEPS=OFF"
+ ;; Already built and part of falcosecurity-libs, but
+ ;; needed for the 'HAS_MODERN_BPF' define.
+ "-DBUILD_SYSDIG_MODERN_BPF=ON"
+ #$(string-append "-DSYSDIG_VERSION=" version))))
+ (native-inputs (list pkg-config))
+ (inputs
+ (list falcosecurity-libs
+ luajit
+ ncurses
+ nlohmann-json
+ yaml-cpp
+ zlib))
+ (home-page "https://github.com/draios/sysdig")
+ (synopsis "System exploration and troubleshooting tool")
+ (description "Sysdig is a simple tool for deep system visibility, with
+native support for containers. It combines features of multiple system
+administration tools such as the @command{strace}, @command{tcpdump},
+@command{htop}, @command{iftop} and @command{lsof} into a single interface.
+The novel architecture of the tool means that the performance impact of the
+tracing on the system is very light, compared to the likes of
+@command{strace}. The @command{sysdig} command has an interface similar to
+@command{strace}, while the @command{csysdig} command is better suited for
+interactive used, and has a user interface similar to @command{htop}.
+
+If you use Guix System, the kernel Linux has @acronym{BPF, Berkeley Packet
+Filter} support, and you should launch this tool using the @samp{--modern-bpf}
+argument of the @command{sysdig} or @command{csysdig} commands. The following
+Bash alias can be added to your @file{~/.bash_profile} file:
+
+sysdig=sysdig --modern-bpf alias cysdig=csysdig --modern-bpf
+") ;XXX no @example Texinfo support
+ (license license:asl2.0))))
+
(define-public fail2ban
(package
(name "fail2ban")
diff --git a/gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch b/gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch
new file mode 100644
index 0000000000..aaa3417f18
--- /dev/null
+++ b/gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch
@@ -0,0 +1,71 @@
+Upstream status: https://github.com/draios/sysdig/pull/2093
+
+diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
+index 7cee8a3c4..dd59c1b32 100644
+--- a/cmake/modules/falcosecurity-libs.cmake
++++ b/cmake/modules/falcosecurity-libs.cmake
+@@ -16,6 +16,19 @@
+ # limitations under the License.
+ #
+
++option(USE_BUNDLED_FALCOSECURITY_LIBS "Enable building of the bundled falcosecurity libraries" ${USE_BUNDLED_DEPS})
++
++if(NOT USE_BUNDLED_FALCOSECURITY_LIBS)
++ find_package(PkgConfig REQUIRED)
++ pkg_check_modules(LIBSINSP REQUIRED IMPORTED_TARGET libsinsp)
++ message(STATUS "Found libsinsp:
++ include: ${LIBSINSP_INCLUDE_DIRS}
++ lib: ${LIBSINSP_LIBRARIES}
++ cflags: ${LIBSINSP_CFLAGS}")
++ return()
++endif()
++
++# else(): using bundled falcosecurity libs
+ set(FALCOSECURITY_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/falcosecurity-libs-repo")
+ set(FALCOSECURITY_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/falcosecurity-libs-repo")
+
+diff --git a/userspace/sysdig/CMakeLists.txt b/userspace/sysdig/CMakeLists.txt
+index 60f8072ad..86edfc91c 100644
+--- a/userspace/sysdig/CMakeLists.txt
++++ b/userspace/sysdig/CMakeLists.txt
+@@ -20,7 +20,6 @@ if(NOT WIN32)
+ include(ncurses)
+ endif() # NOT WIN32
+
+-include(zlib)
+ include(luajit)
+
+ include_directories("${PROJECT_BINARY_DIR}/userspace/sinspui")
+@@ -108,7 +107,7 @@ if(NOT WIN32)
+ include_directories(${PROJECT_BINARY_DIR}/driver/src)
+
+ target_link_libraries(sysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+
+@@ -117,7 +116,7 @@ if(NOT WIN32)
+ endif()
+
+ target_link_libraries(csysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${CURSES_LIBRARIES}"
+ "${YAMLCPP_LIB}")
+@@ -140,12 +139,12 @@ else()
+ add_definitions(-DNOCURSESUI)
+
+ target_link_libraries(sysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+
+ target_link_libraries(csysdig
+- sinsp
++ $<IF:$<BOOL:${USE_BUNDLED_FALCOSECURITY_LIBS}>,sinsp,PkgConfig::LIBSINSP>
+ "${LUAJIT_LIB}"
+ "${YAMLCPP_LIB}")
+
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 08/14] gnu: Add dwarves.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
da7c12a106cad1c90bfc5cbc60e944683437d533.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/linux.scm (dwarves): New variable.

Change-Id: Ib2452868eae76bea95060a70e568dfb6e84b2a75
---

gnu/local.mk | 1 +
gnu/packages/linux.scm | 48 +++++++++++++++++++
.../dwarves-threading-reproducibility.patch | 23 +++++++++
3 files changed, 72 insertions(+)
create mode 100644 gnu/packages/patches/dwarves-threading-reproducibility.patch

Toggle diff (102 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index 81960e1c9b..1531da2f87 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1123,6 +1123,7 @@ dist_patch_DATA = \
%D%/packages/patches/dune-istl-fix-solver-playground.patch \
%D%/packages/patches/durden-shadow-arcan.patch \
%D%/packages/patches/dvd+rw-tools-add-include.patch \
+ %D%/packages/patches/dwarves-threading-reproducibility.patch \
%D%/packages/patches/dynaconf-unvendor-deps.patch \
%D%/packages/patches/dyninst-fix-glibc-compatibility.patch \
%D%/packages/patches/efivar-211.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index a51ce5c27a..5119e7f575 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -2376,6 +2376,54 @@ (define-public dislocker
partitions. Write functionality is also provided but check the README.")
(license license:gpl2+)))
+(define-public dwarves
+ (package
+ (name "dwarves")
+ (version "1.26")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/acmel/dwarves")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0xfq0r3whc3dk922ss8i5vwyfcqhgc95dy27mm69j5niy7i5kzrd"))
+ (patches
+ (search-patches "dwarves-threading-reproducibility.patch"))))
+ (build-system cmake-build-system)
+ (arguments (list #:configure-flags #~(list "-D__LIB=lib"
+ "-DLIBBPF_EMBEDDED=OFF")
+ #:tests? #f)) ;no test suite
+ (native-inputs (list pkg-config))
+ (inputs (list libbpf))
+ (home-page "https://github.com/acmel/dwarves")
+ (synopsis "Debugging information processing library and utilities")
+ (description "Dwarves is a set of tools that use the debugging information
+inserted in ELF binaries by compilers such as GCC, used by well known
+debuggers such as GDB.
+
+Utilities in the Dwarves suite include @command{pahole}, that can be used to
+find alignment holes in structures and classes in languages such as C, C++,
+but not limited to these. These tools can also be used to encode and read the
+BTF type information format used with the kernel Linux @code{bpf} syscall.
+
+The @command{codiff} command can be used to compare the effects changes in
+source code generate on the resulting binaries.
+
+The @command{pfunct} command can be used to find all sorts of information
+about functions, inlines, decisions made by the compiler about inlining, etc.
+
+The @command{pahole} command can be used to use all this type information to
+pretty print raw data according to command line directions.
+
+Headers can have its data format described from debugging info and offsets from
+it can be used to further format a number of records.
+
+Finally, the @command{btfdiff} command can be used to compare the output of
+pahole from BTF and DWARF, to make sure they produce the same results. ")
+ (license license:gpl2+)))
+
(define-public fbset
(package
(name "fbset")
diff --git a/gnu/packages/patches/dwarves-threading-reproducibility.patch b/gnu/packages/patches/dwarves-threading-reproducibility.patch
new file mode 100644
index 0000000000..8771ca6b0d
--- /dev/null
+++ b/gnu/packages/patches/dwarves-threading-reproducibility.patch
@@ -0,0 +1,23 @@
+Retrieved from nixpkgs.
+
+This causes pahole to use '-j1' (single thread) when SOURCE_DATE_EPOCH
+is set, to ensure it produces reproducible output.
+
+diff --git a/pahole.c b/pahole.c
+index 6fc4ed6..a4e306f 100644
+--- a/pahole.c
++++ b/pahole.c
+@@ -1687,8 +1687,11 @@ static error_t pahole__options_parser(int key, char *arg,
+ class_name = arg; break;
+ case 'j':
+ #if _ELFUTILS_PREREQ(0, 178)
+- conf_load.nr_jobs = arg ? atoi(arg) :
+- sysconf(_SC_NPROCESSORS_ONLN) * 1.1;
++ // Force single thread if reproducibility is desirable.
++ if (!getenv("SOURCE_DATE_EPOCH")) {
++ conf_load.nr_jobs = arg ? atoi(arg) :
++ sysconf(_SC_NPROCESSORS_ONLN) * 1.1;
++ }
+ #else
+ fputs("pahole: Multithreading requires elfutils >= 0.178. Continuing with a single thread...\n", stderr);
+ #endif
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 09/14] gnu: make-linux-libre*: Set KBUILD_BUILD_VERSION for reproducibility.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
c34fecf7f53be45a69e1b92ca158731cf7e418e7.1715791830.git.maxim.cournoyer@gmail.com
* gnu/packages/linux.scm (make-linux-libre*) [phases] {set-environment}: Set
KBUILD_BUILD_VERSION to 1.

Change-Id: I6c2e561605a13c757a4eb4d1c59343ba26464067
---

gnu/packages/linux.scm | 1 +
1 file changed, 1 insertion(+)

Toggle diff (14 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5119e7f575..5386a263cd 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -996,6 +996,7 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
(setenv "KBUILD_BUILD_TIMESTAMP" (getenv "SOURCE_DATE_EPOCH"))
;; Other variables useful for reproducibility.
+ (setenv "KBUILD_BUILD_VERSION" "1")
(setenv "KBUILD_BUILD_USER" "guix")
(setenv "KBUILD_BUILD_HOST" "guix")
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 10/14] gnu: make-linux-libre*: Run install targets in parallel.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
fffbd864ec831a4d38796f590580ccf264a2553a.1715791830.git.maxim.cournoyer@gmail.com
This reduces the total build time by about 20%.

* gnu/packages/linux.scm (make-linux-libre*) [phases] {install}: Ensure that
-jN is used for the install targets. Also honor make flags.

Change-Id: Ib3f4fdcbdeab736315a91eafa8d6d1dff5b89884
---

gnu/packages/linux.scm | 41 ++++++++++++++++++++++++-----------------
1 file changed, 24 insertions(+), 17 deletions(-)

Toggle diff (71 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5386a263cd..4547ab525f 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1049,9 +1049,15 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
(close-port port))
(invoke "make" "oldconfig"))))
(replace 'install
- (lambda _
+ (lambda* (#:key make-flags parallel-build? #:allow-other-keys)
(let ((moddir (string-append #$output "/lib/modules"))
- (dtbdir (string-append #$output "/lib/dtbs")))
+ (dtbdir (string-append #$output "/lib/dtbs"))
+ (make-flags
+ (append make-flags
+ (list "-j"
+ (if parallel-build?
+ (number->string (parallel-job-count))
+ "1")))))
;; Install kernel image, kernel configuration and link map.
(for-each (lambda (file) (install-file file #$output))
(find-files "." "^(\\.config|bzImage|zImage|Image\
@@ -1059,22 +1065,23 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
;; Install device tree files
(unless (null? (find-files "." "\\.dtb$"))
(mkdir-p dtbdir)
- (invoke "make" (string-append "INSTALL_DTBS_PATH=" dtbdir)
- "dtbs_install"))
+ (apply invoke "make"
+ (string-append "INSTALL_DTBS_PATH=" dtbdir)
+ "dtbs_install" make-flags))
;; Install kernel modules
(mkdir-p moddir)
- (invoke "make"
- ;; Disable depmod because the Guix system's module
- ;; directory is an union of potentially multiple
- ;; packages. It is not possible to use depmod to
- ;; usefully calculate a dependency graph while
- ;; building only one of them.
- "DEPMOD=true"
- (string-append "MODULE_DIR=" moddir)
- (string-append "INSTALL_PATH=" #$output)
- (string-append "INSTALL_MOD_PATH=" #$output)
- "INSTALL_MOD_STRIP=1"
- "modules_install")
+ (apply invoke "make"
+ ;; Disable depmod because the Guix system's module
+ ;; directory is an union of potentially multiple
+ ;; packages. It is not possible to use depmod to
+ ;; usefully calculate a dependency graph while building
+ ;; only one of them.
+ "DEPMOD=true"
+ (string-append "MODULE_DIR=" moddir)
+ (string-append "INSTALL_PATH=" #$output)
+ (string-append "INSTALL_MOD_PATH=" #$output)
+ "INSTALL_MOD_STRIP=1"
+ "modules_install" make-flags)
(let* ((versions (filter (lambda (name)
(not (string-prefix? "." name)))
(scandir moddir)))
@@ -1096,7 +1103,7 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
elfutils ;needed to enable CONFIG_STACK_VALIDATION
flex
bison
- util-linux ;needed for hexdump
+ util-linux ;needed for hexdump
;; These are needed to compile the GCC plugins.
gmp
mpfr
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 11/14] gnu: linux: Turn %default-extra-linux-options into a procedure.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
bb53c321b19c0cb4fc1f1faa1f11833f107dca7e.1715791830.git.maxim.cournoyer@gmail.com
This is to allow version-specific options to the list of defaults.

* gnu/packages/linux.scm (%default-extra-linux-options): Transform to...
(default-extra-linux-options): ... this procedure, which accepts a 'version'
argument.
(make-linux-libre, linux-libre-arm-generic, linux-libre-arm-generic-5.10)
(linux-libre-arm-generic-5.4, linux-libre-arm64-generic)
(linux-libre-arm64-generic-5.10, linux-libre-arm64-generic-5.4)
(linux-libre-riscv64-generic, linux-libre-mips64el-fuloong2e)
(linux-libre-with-bpf): Adjust accordingly.
* doc/guix-cookbook.texi (Customizing the Kernel): Adjust accordingly.

Change-Id: Ifd3be8b7ed8699bada224a938dbc84205366ff3d
---

doc/guix-cookbook.texi | 17 +++++++++--------
gnu/packages/linux.scm | 24 ++++++++++++------------
2 files changed, 21 insertions(+), 20 deletions(-)

Toggle diff (163 lines)
diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 3bc63cba7a..6f23fe53ec 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -1681,7 +1681,7 @@ Customizing the Kernel
;; See kernel-config for an example.
(configuration-file #f)
(defconfig "defconfig")
- (extra-options %default-extra-linux-options))
+ (extra-options (default-extra-linux-options version)))
...)
@end lisp
@@ -1748,7 +1748,7 @@ Customizing the Kernel
it:
@lisp
-(define %default-extra-linux-options
+(define (default-extra-linux-options version)
`(;; https://lists.gnu.org/archive/html/guix-devel/2014-04/msg00039.html
("CONFIG_DEVPTS_MULTIPLE_INSTANCES" . #true)
;; Modules required for initrd:
@@ -1798,7 +1798,7 @@ Customizing the Kernel
%file-systems
%efi-support
%emulation
- (@@@@ (gnu packages linux) %default-extra-linux-options)))
+ ((@@@@ (gnu packages linux) default-extra-linux-options) version)))
(define-public linux-libre-macbook41
;; XXX: Access the internal 'make-linux-libre*' procedure, which is
@@ -1812,11 +1812,12 @@ Customizing the Kernel
#:extra-options %macbook41-config-options))
@end lisp
-In the above example @code{%file-systems} is a collection of flags enabling
-different file system support, @code{%efi-support} enables EFI support and
-@code{%emulation} enables a x86_64-linux machine to act in 32-bit mode also.
-@code{%default-extra-linux-options} are the ones quoted above, which had to be
-added in since they were replaced in the @code{extra-options} keyword.
+In the above example @code{%file-systems} is a collection of flags
+enabling different file system support, @code{%efi-support} enables EFI
+support and @code{%emulation} enables a x86_64-linux machine to act in
+32-bit mode also. The @code{default-extra-linux-options} procedure is
+the one defined above, which had to be used to avoid loosing the default
+configuration options of the @code{extra-options} keyword.
This all sounds like it should be doable, but how does one even know which
modules are required for a particular system? Two places that can be helpful
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 4547ab525f..eaa9f66d74 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -825,7 +825,7 @@ (define* (kernel-config arch #:key variant)
(config (search-auxiliary-file file)))
(and config (local-file config))))
-(define %default-extra-linux-options
+(define (default-extra-linux-options version)
`(;; Make the kernel config available at /proc/config.gz
("CONFIG_IKCONFIG" . #t)
("CONFIG_IKCONFIG_PROC" . #t)
@@ -938,7 +938,7 @@ (define* (make-linux-libre version gnu-revision hash-string supported-systems
;; for an example.
(configuration-file #f)
(defconfig "defconfig")
- (extra-options %default-extra-linux-options)
+ (extra-options (default-extra-linux-options version))
(patches
`(,%boot-logo-patch
,@(if (apply-infodoc-patch? version)
@@ -964,7 +964,7 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
;; See kernel-config for an example.
(configuration-file #f)
(defconfig "defconfig")
- (extra-options %default-extra-linux-options))
+ (extra-options (default-extra-linux-options version)))
(package
(name (if extra-version
(string-append "linux-libre-" extra-version)
@@ -1208,7 +1208,7 @@ (define-public linux-libre-arm-generic
(append
`(;; needed to fix the RTC on rockchip platforms
("CONFIG_RTC_DRV_RK808" . #t))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-version))))
(define-public linux-libre-arm-generic-5.10
(make-linux-libre* linux-libre-5.10-version
@@ -1221,7 +1221,7 @@ (define-public linux-libre-arm-generic-5.10
(append
`(;; needed to fix the RTC on rockchip platforms
("CONFIG_RTC_DRV_RK808" . #t))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-5.10-version))))
(define-public linux-libre-arm-generic-5.4
(make-linux-libre* linux-libre-5.4-version
@@ -1234,7 +1234,7 @@ (define-public linux-libre-arm-generic-5.4
(append
`(;; needed to fix the RTC on rockchip platforms
("CONFIG_RTC_DRV_RK808" . #t))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-5.4-version))))
(define-public linux-libre-arm-generic-4.19
(make-linux-libre* linux-libre-4.19-version
@@ -1286,7 +1286,7 @@ (define-public linux-libre-arm64-generic
("CONFIG_BATTERY_CW2015" . m)
("CONFIG_CHARGER_GPIO" . m)
("CONFIG_SND_SOC_ES8316" . m))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-version))))
(define-public linux-libre-arm64-generic-5.10
(make-linux-libre* linux-libre-5.10-version
@@ -1312,7 +1312,7 @@ (define-public linux-libre-arm64-generic-5.10
("CONFIG_BATTERY_CW2015" . m)
("CONFIG_CHARGER_GPIO" . m)
("CONFIG_SND_SOC_ES8316" . m))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-5.10-version))))
(define-public linux-libre-arm64-generic-5.4
(make-linux-libre* linux-libre-5.4-version
@@ -1325,7 +1325,7 @@ (define-public linux-libre-arm64-generic-5.4
(append
`(;; needed to fix the RTC on rockchip platforms
("CONFIG_RTC_DRV_RK808" . #t))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-5.4-version))))
(define-public linux-libre-riscv64-generic
(make-linux-libre* linux-libre-version
@@ -1349,7 +1349,7 @@ (define-public linux-libre-riscv64-generic
("CONFIG_HW_RANDOM_VIRTIO" . m)
("CONFIG_VIRTIO_CONSOLE" . m)
("CONFIG_CRYPTO_XTS" . m))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-version))))
(define-public linux-libre-mips64el-fuloong2e
(make-linux-libre* linux-libre-version
@@ -1361,7 +1361,7 @@ (define-public linux-libre-mips64el-fuloong2e
#:extra-options
(append
`(("CONFIG_OVERLAY_FS" . m))
- %default-extra-linux-options)))
+ (default-extra-linux-options linux-libre-version))))
(define-public linux-libre-with-bpf
(let ((base-linux-libre
@@ -1375,7 +1375,7 @@ (define-public linux-libre-with-bpf
#:configuration-file kernel-config
#:extra-options
(append %bpf-extra-linux-options
- %default-extra-linux-options))))
+ (default-extra-linux-options linux-libre-6.8-version)))))
(package
(inherit base-linux-libre)
(inputs (modify-inputs (package-inputs base-linux-libre)
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 12/14] gnu: linux-libre: Enable BTF debug info.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
0ef662fff82aa5034e95f41ff413c06355a0fd70.1715791830.git.maxim.cournoyer@gmail.com
This is needed for software making use of eBPF programs, such as the sysdig
utility, among others. For more information about BPF, see:

* gnu/packages/linux.scm (%default-extra-linux-options): Enable
CONFIG_DEBUG_INFO, CONFIG_DEBUG_INFO_BTF,
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT, CONFIG_BPF_JIT,
CONFIG_BPF_JIT_ALWAYS_ON, CONFIG_BPF_SYSCALL and BPF_UNPRIV_DEFAULT_OFF.
Disable CONFIG_DEBUG_INFO_REDUCED.
(make-linux-libre*) [native-inputs]: Add dwarves, python-wrapper and zlib.

Change-Id: Idfc64f82aa404e86168bffcf721a325f9e807f75
---

gnu/packages/linux.scm | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)

Toggle diff (45 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index eaa9f66d74..d2b9344296 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -829,6 +829,24 @@ (define (default-extra-linux-options version)
`(;; Make the kernel config available at /proc/config.gz
("CONFIG_IKCONFIG" . #t)
("CONFIG_IKCONFIG_PROC" . #t)
+ ;; Debugging options.
+ ("CONFIG_DEBUG_INFO" . #t) ;required by BTF
+ ,@(if (version>=? version "5.1")
+ '(("CONFIG_DEBUG_INFO_BTF" . #t))
+ '())
+ ,@(if (version>=? version "5.12")
+ '(("CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT" . #t))
+ '())
+ ("CONFIG_DEBUG_INFO_REDUCED" . #f) ;incompatible with BTF
+ ;; Tracing and related options.
+ ,@(if (version>=? version "5.1")
+ '(("CONFIG_BPF_JIT" . #t)
+ ("CONFIG_BPF_JIT_ALWAYS_ON" . #t)
+ ("CONFIG_BPF_SYSCALL" . #t))
+ '())
+ ,@(if (version>=? version "5.13")
+ '(("BPF_UNPRIV_DEFAULT_OFF" . #t))
+ '())
;; Some very mild hardening.
("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
;; All kernels should have NAMESPACES options enabled
@@ -1107,7 +1125,12 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
;; These are needed to compile the GCC plugins.
gmp
mpfr
- mpc))
+ mpc
+ ;; These are needed when building with the CONFIG_DEBUG_INFO_BTF
+ ;; support.
+ dwarves ;for pahole
+ python-wrapper
+ zlib))
(home-page "https://www.gnu.org/software/linux-libre/")
(synopsis "100% free redistribution of a cleaned Linux kernel")
(description "GNU Linux-Libre is a free (as in freedom) variant of the
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 13/14] gnu: linux-libre: Enable Zstd compression of kernel modules.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
e44997cd26f6afa47cdd7ba3a3e702141a888e8f.1715791830.git.maxim.cournoyer@gmail.com
This brings the on disk size of the kernel from 164 MiB to 144 MiB, or about
12%.

* gnu/packages/linux.scm (default-extra-linux-options)
[version>=5.13]: Enable CONFIG_MODULE_COMPRESS_ZSTD, else
CONFIG_MODULE_COMPRESS_GZIP.
(make-linux-libre*) [phases] {set-environment}: Set ZSTD_CLEVEL environment
variable to 19.
[native-inputs]: Add zstd.
* gnu/build/linux-modules.scm (module-regex): Add .zst to regexp. Update doc.
(modinfo-section-contents): Extend support to Zstd compressed module.
(dot-ko): Register the 'zstd compression type.
(ensure-dot-ko, file-name->module-name, load-linux-module*)
(module-name->file-name/guess, write-module-name-database)
(write-module-alias-database, write-module-device-database): Update doc.
(module-name-lookup): Also consider zstd-compressed modules.
* gnu/installer.scm (installer-program): Add guile-zstd extension to gexp.
* gnu/system/linux-initrd.scm (flat-linux-module-directory): Likewise.
Decompress zstd-compressed modules for use in initrd.
* guix/profiles.scm (linux-module-database): Add guile-zstd extension to gexp.

Change-Id: Ide899dc5c58ea5033583b1a91a92c025fc8d901a
---

gnu/build/linux-modules.scm | 62 +++++++++++++++++++++----------------
gnu/installer.scm | 1 +
gnu/packages/linux.scm | 13 ++++++--
gnu/system/linux-initrd.scm | 6 ++--
guix/profiles.scm | 7 +++--
5 files changed, 57 insertions(+), 32 deletions(-)

Toggle diff (259 lines)
diff --git a/gnu/build/linux-modules.scm b/gnu/build/linux-modules.scm
index 68c32ff873..32baf6c525 100644
--- a/gnu/build/linux-modules.scm
+++ b/gnu/build/linux-modules.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2018 Danny Milosavljevic <dannym@scratchpost.org>
;;; Copyright © 2023 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -26,6 +27,7 @@ (define-module (gnu build linux-modules)
#:use-module ((guix build utils) #:select (find-files invoke))
#:use-module (guix build union)
#:autoload (zlib) (call-with-gzip-input-port)
+ #:autoload (zstd) (call-with-zstd-input-port)
#:use-module (rnrs io ports)
#:use-module (rnrs bytevectors)
#:use-module (srfi srfi-1)
@@ -108,24 +110,29 @@ (define (key=value->pair str)
(cons (string->symbol (string-take str =))
(string-drop str (+ 1 =)))))
-;; Matches kernel modules, without compression, with GZIP compression or with
-;; XZ compression.
-(define module-regex "\\.ko(\\.gz|\\.xz)?$")
+;; Matches kernel modules, without compression, with GZIP, XZ or ZSTD
+;; compression.
+(define module-regex "\\.ko(\\.gz|\\.xz|\\.zst)?$")
(define (modinfo-section-contents file)
"Return the contents of the '.modinfo' section of FILE as a list of
key/value pairs.."
+ (define (decompress-file decompressor file)
+ (let ((port (open-file file "r0")))
+ (dynamic-wind
+ (lambda ()
+ #t)
+ (lambda ()
+ (decompressor port get-bytevector-all))
+ (lambda ()
+ (close-port port)))))
+
(define (get-bytevector file)
(cond
((string-suffix? ".ko.gz" file)
- (let ((port (open-file file "r0")))
- (dynamic-wind
- (lambda ()
- #t)
- (lambda ()
- (call-with-gzip-input-port port get-bytevector-all))
- (lambda ()
- (close-port port)))))
+ (decompress-file call-with-gzip-input-port file))
+ ((string-suffix? ".ko.zst" file)
+ (decompress-file call-with-zstd-input-port file))
(else
(call-with-input-file file get-bytevector-all))))
@@ -213,11 +220,12 @@ (define* (dot-ko name #:optional compression)
(let ((suffix (match compression
('xz ".ko.xz")
('gzip ".ko.gz")
+ ('zstd ".ko.zst")
(else ".ko"))))
(string-append name suffix)))
(define (ensure-dot-ko name compression)
- "Return NAME with a '.ko[.gz|.xz]' suffix appended, unless it already has
+ "Return NAME with a '.ko[.gz|.xz|.zst]' suffix appended, unless it already has
it."
(if (string-contains name ".ko")
name
@@ -235,7 +243,7 @@ (define (normalize-module-name module)
(define (file-name->module-name file)
"Return the module name corresponding to FILE, stripping the trailing
-'.ko[.gz|.xz]' and normalizing it."
+'.ko[.gz|.xz|.zst]' and normalizing it."
(normalize-module-name (strip-extension (basename file))))
(define (find-module-file directory module)
@@ -333,11 +341,11 @@ (define* (load-linux-module* file
(recursive? #t)
(lookup-module dot-ko)
(black-list (module-black-list)))
- "Load Linux module from FILE, the name of a '.ko[.gz|.xz]' file; return true
-on success, false otherwise. When RECURSIVE? is true, load its dependencies
-first (à la 'modprobe'.) The actual files containing modules depended on are
-obtained by calling LOOKUP-MODULE with the module name. Modules whose name
-appears in BLACK-LIST are not loaded."
+ "Load Linux module from FILE, the name of a '.ko[.gz|.xz|.zst]' file; return
+true on success, false otherwise. When RECURSIVE? is true, load its
+dependencies first (à la 'modprobe'.) The actual files containing modules
+depended on are obtained by calling LOOKUP-MODULE with the module name.
+Modules whose name appears in BLACK-LIST are not loaded."
(define (black-listed? module)
(let ((result (member module black-list)))
(when result
@@ -695,7 +703,7 @@ (define* (module-name->file-name/guess directory name
"Guess the file name corresponding to NAME, a module name. That doesn't
always work because sometimes underscores in NAME map to hyphens (e.g.,
\"input-leds.ko\"), sometimes not (e.g., \"mac_hid.ko\"). If the module is
-compressed then COMPRESSED can be set to 'xz or 'gzip, depending on the
+compressed then COMPRESSED can be set to 'zstd, 'xz or 'gzip, depending on the
compression type."
(string-append directory "/" (ensure-dot-ko name compression)))
@@ -706,6 +714,8 @@ (define (module-name-lookup directory)
(define (guess-file-name name)
(let ((names (list
(module-name->file-name/guess directory name)
+ (module-name->file-name/guess directory name
+ #:compression 'zstd)
(module-name->file-name/guess directory name
#:compression 'xz)
(module-name->file-name/guess directory name
@@ -729,8 +739,8 @@ (define (module-name-lookup directory)
(define (write-module-name-database directory)
"Write a database that maps \"module names\" as they appear in the relevant
-ELF section of '.ko[.gz|.xz]' files, to actual file names. This format is
-Guix-specific. It aims to deal with inconsistent naming, in particular
+ELF section of '.ko[.gz|.xz|.zst]' files, to actual file names. This format
+is Guix-specific. It aims to deal with inconsistent naming, in particular
hyphens vs. underscores."
(define mapping
(map (lambda (file)
@@ -749,8 +759,8 @@ (define (write-module-name-database directory)
(pretty-print mapping port))))
(define (write-module-alias-database directory)
- "Traverse the '.ko[.gz|.xz]' files in DIRECTORY and create the corresponding
-'modules.alias' file."
+ "Traverse the '.ko[.gz|.xz|.zst]' files in DIRECTORY and create the
+corresponding 'modules.alias' file."
(define aliases
(map (lambda (file)
(cons (file-name->module-name file) (module-aliases file)))
@@ -796,9 +806,9 @@ (define %not-dash
(char-set-complement (char-set #\-)))
(define (write-module-device-database directory)
- "Traverse the '.ko[.gz|.xz]' files in DIRECTORY and create the corresponding
-'modules.devname' file. This file contains information about modules that can
-be loaded on-demand, such as file system modules."
+ "Traverse the '.ko[.gz|.xz|.zst]' files in DIRECTORY and create the
+corresponding 'modules.devname' file. This file contains information about
+modules that can be loaded on-demand, such as file system modules."
(define aliases
(filter-map (lambda (file)
(match (aliases->device-tuple (module-aliases file))
diff --git a/gnu/installer.scm b/gnu/installer.scm
index 3b06b4f01b..3792fc7e35 100644
--- a/gnu/installer.scm
+++ b/gnu/installer.scm
@@ -386,6 +386,7 @@ (define (installer-program)
guile-json-3 guile-git guile-webutils
guile-gnutls
guile-zlib ;for (gnu build linux-modules)
+ guile-zstd ;for (gnu build linux-modules)
(current-guix))
(with-imported-modules `(,@(source-module-closure
`(,@modules
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index d2b9344296..7147a6b41a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -847,6 +847,10 @@ (define (default-extra-linux-options version)
,@(if (version>=? version "5.13")
'(("BPF_UNPRIV_DEFAULT_OFF" . #t))
'())
+ ;; Compress kernel modules via Zstd.
+ ,(if (version>=? version "5.13")
+ '("CONFIG_MODULE_COMPRESS_ZSTD" . #t)
+ '("CONFIG_MODULE_COMPRESS_GZIP" . #t))
;; Some very mild hardening.
("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
;; All kernels should have NAMESPACES options enabled
@@ -1036,7 +1040,10 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
"EXTRAVERSION ?="))
(setenv "EXTRAVERSION"
#$(and extra-version
- (string-append "-" extra-version)))))
+ (string-append "-" extra-version)))
+ ;; Use the maximum compression available for Zstd-compressed
+ ;; modules.
+ (setenv "ZSTD_CLEVEL" "19")))
(replace 'configure
(lambda _
(let ((config
@@ -1130,7 +1137,9 @@ (define* (make-linux-libre* version gnu-revision source supported-systems
;; support.
dwarves ;for pahole
python-wrapper
- zlib))
+ zlib
+ ;; For Zstd compression of kernel modules.
+ zstd))
(home-page "https://www.gnu.org/software/linux-libre/")
(synopsis "100% free redistribution of a cleaned Linux kernel")
(description "GNU Linux-Libre is a free (as in freedom) variant of the
diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index d448c78918..f902637e48 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -128,7 +128,7 @@ (define (flat-linux-module-directory linux modules)
(define build-exp
(with-imported-modules imported-modules
- (with-extensions (list guile-zlib)
+ (with-extensions (list guile-zlib guile-zstd)
#~(begin
(use-modules (gnu build linux-modules)
(guix build utils)
@@ -168,7 +168,9 @@ (define (flat-linux-module-directory linux modules)
;; is already gzipped as a whole.
(cond
((string-contains file ".ko.gz")
- (invoke #+(file-append gzip "/bin/gunzip") file))))
+ (invoke #+(file-append gzip "/bin/gunzip") file))
+ ((string-contains file ".ko.zst")
+ (invoke #+(file-append zstd "/bin/zstd") "-d" file))))
(mkdir #$output)
(for-each (lambda (module)
diff --git a/guix/profiles.scm b/guix/profiles.scm
index d41802422b..864ed02b6d 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -7,7 +7,7 @@
;;; Copyright © 2016, 2017, 2018, 2019, 2021, 2022 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
;;; Copyright © 2017 Huang Ying <huang.ying.caritas@gmail.com>
-;;; Copyright © 2017, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2017, 2021, 2024 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;; Copyright © 2019 Kyle Meyer <kyle@kyleam.com>
;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
;;; Copyright © 2020 Danny Milosavljevic <dannym@scratchpost.org>
@@ -1487,11 +1487,14 @@ (define* (linux-module-database manifest #:optional system)
(define guile-zlib
(module-ref (resolve-interface '(gnu packages guile)) 'guile-zlib))
+ (define guile-zstd
+ (module-ref (resolve-interface '(gnu packages guile)) 'guile-zstd))
+
(define build
(with-imported-modules (source-module-closure
'((guix build utils)
(gnu build linux-modules)))
- (with-extensions (list guile-zlib)
+ (with-extensions (list guile-zlib guile-zstd)
#~(begin
(use-modules (ice-9 ftw)
(ice-9 match)
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 18:57 +0200
[PATCH 14/14] gnu: linux-libre-with-bpf: Deprecate in favor of linux-libre.
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
e7e2a929b4f35ef52e15fa1b187053e396e714e5.1715791830.git.maxim.cournoyer@gmail.com
The kernel has progressively enabled the BPF settings, to the point where
having a separate kernel for it makes little sense, so repatriate the few
non-default BPF-related configs to our main kernel.

* gnu/packages/linux.scm (%bpf-extra-linux-options): Delete variable.
(default-extra-linux-options): Enable CONFIG_NET_CLS_BPF and
CONFIG_NET_ACT_BPF. CONFIG_IKHEADERS is dropped as it adds 4 MiB to the
kernel image and appears somewhat redundant with BTF debug info.
(linux-libre-with-bpf): Deprecate to linux-libre.

Change-Id: Id672241916dcbcdca7cbc16d869d00223446cd3d
---

gnu/packages/linux.scm | 46 +++---------------------------------------
1 file changed, 3 insertions(+), 43 deletions(-)

Toggle diff (73 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 7147a6b41a..96921805db 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -847,6 +847,8 @@ (define (default-extra-linux-options version)
,@(if (version>=? version "5.13")
'(("BPF_UNPRIV_DEFAULT_OFF" . #t))
'())
+ ("CONFIG_NET_CLS_BPF" . m) ;classify packets based on BPF filters
+ ("CONFIG_NET_ACT_BPF" . m) ;to execute BPF code on packets
;; Compress kernel modules via Zstd.
,(if (version>=? version "5.13")
'("CONFIG_MODULE_COMPRESS_ZSTD" . #t)
@@ -903,30 +905,6 @@ (define (default-extra-linux-options version)
("CONFIG_CIFS" . m)
("CONFIG_9P_FS" . m)))
-;; See https://github.com/iovisor/bcc/blob/master/INSTALL.md#kernel-configuration
-(define %bpf-extra-linux-options
- `(;; Needed for probes
- ("CONFIG_UPROBE_EVENTS" . #t)
- ("CONFIG_KPROBE_EVENTS" . #t)
- ;; kheaders module also helpful for tracing
- ("CONFIG_IKHEADERS" . #t)
- ("CONFIG_BPF" . #t)
- ("CONFIG_BPF_SYSCALL" . #t)
- ("CONFIG_BPF_JIT_ALWAYS_ON" . #t)
- ;; optional, for tc filters
- ("CONFIG_NET_CLS_BPF" . m)
- ;; optional, for tc actions
- ("CONFIG_NET_ACT_BPF" . m)
- ("CONFIG_BPF_JIT" . #t)
- ;; for Linux kernel versions 4.1 through 4.6
- ;; ("CONFIG_HAVE_BPF_JIT" . y)
- ;; for Linux kernel versions 4.7 and later
- ("CONFIG_HAVE_EBPF_JIT" . #t)
- ;; optional, for kprobes
- ("CONFIG_BPF_EVENTS" . #t)
- ;; kheaders module
- ("CONFIG_IKHEADERS" . #t)))
-
(define (config->string options)
(string-join (map (match-lambda
((option . 'm)
@@ -1396,25 +1374,7 @@ (define-public linux-libre-mips64el-fuloong2e
(default-extra-linux-options linux-libre-version))))
(define-public linux-libre-with-bpf
- (let ((base-linux-libre
- (make-linux-libre*
- linux-libre-6.8-version
- linux-libre-6.8-gnu-revision
- linux-libre-6.8-source
- '("x86_64-linux" "i686-linux" "armhf-linux"
- "aarch64-linux" "powerpc64le-linux" "riscv64-linux")
- #:extra-version "bpf"
- #:configuration-file kernel-config
- #:extra-options
- (append %bpf-extra-linux-options
- (default-extra-linux-options linux-libre-6.8-version)))))
- (package
- (inherit base-linux-libre)
- (inputs (modify-inputs (package-inputs base-linux-libre)
- (prepend cpio)))
- (synopsis "Linux-libre with BPF support")
- (description "This package provides GNU Linux-Libre with support
-for @acronym{BPF, the Berkeley Packet Filter}."))))
+ (deprecated-package "linux-libre-with-bpf" linux-libre))
;;;
--
2.41.0
M
M
Maxim Cournoyer wrote on 15 May 19:24 +0200
control message for bug #70962
(address . control@debbugs.gnu.org)
87le4bxa1w.fsf@gmail.com
retitle 70962 Add BTF support to kernel, sysdig and dependents, zstd-compressed modules
quit
M
M
Maxim Cournoyer wrote on 15 May 20:30 +0200
[PATCH 00/14] Add BTF support to kernel, sysdig and dependents, zstd-compressed modules
(address . 70962@debbugs.gnu.org)(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
cover.1715793606.git.maxim.cournoyer@gmail.com
This series adds BTF (Berkeley Type Format) support to our kernel, catching up
with other main distributions in enabling embedded BPF (Berkeley Packet
Filter) programs.

This was motivated by packaging 'sysdig', a system introspection application
that can make use of BTF. Adding BTF does incur some size increase; with
'linux-libre' package going up from 132 MiB to 164 MiB (24%). This is later
somewhat mitigated by using Zstd compressed (at maximum level, 19) kernel
modules, which brings the kernel size back down to 144 MiB, which corresponds
to a more reasonable 9% increase from before this series. The BPF kernel
variant we were carrying is removed as proper BPF support will now exists in
our main kernel.

That's it! I hope you enjoy using 'csysdig' to keep track of the syscalls and
IO usage of your process/threads.
END



Maxim Cournoyer (14):
gnu: grpc: Modernize.
gnu: grpc: Propagate abseil-cpp-cxxstd11.
gnu: Add valijson.
gnu: libbpf: Use gexps.
gnu: libbpf: Update to 1.4.1.
gnu: Add falcosecurity-libs.
gnu: Add sysdig.
gnu: Add dwarves.
gnu: make-linux-libre*: Set KBUILD_BUILD_VERSION for reproducibility.
gnu: make-linux-libre*: Run install targets in parallel.
gnu: linux: Turn %default-extra-linux-options into a procedure.
gnu: linux-libre: Enable BTF debug info.
gnu: linux-libre: Enable Zstd compression of kernel modules.
gnu: linux-libre-with-bpf: Deprecate in favor of linux-libre.

doc/guix-cookbook.texi | 17 +-
gnu/build/linux-modules.scm | 62 ++--
gnu/installer.scm | 1 +
gnu/local.mk | 7 +
gnu/packages/admin.scm | 58 +++
gnu/packages/linux.scm | 347 +++++++++++++-----
.../dwarves-threading-reproducibility.patch | 23 ++
.../falcosecurity-libs-install-pman.patch | 14 +
.../falcosecurity-libs-libscap-pc.patch | 16 +
...lcosecurity-libs-libsinsp-pkg-config.patch | 155 ++++++++
.../falcosecurity-libs-pkg-config.patch | 23 ++
...alcosecurity-libs-shared-library-fix.patch | 50 +++
.../sysdig-shared-falcosecurity-libs.patch | 71 ++++
gnu/packages/rpc.scm | 121 +++---
gnu/packages/serialization.scm | 26 +-
gnu/system/linux-initrd.scm | 6 +-
guix/profiles.scm | 7 +-
17 files changed, 812 insertions(+), 192 deletions(-)
create mode 100644 gnu/packages/patches/dwarves-threading-reproducibility.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-install-pman.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-pkg-config.patch
create mode 100644 gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch
create mode 100644 gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch


base-commit: 029f2e970d5d14dda2dc89a4a3cc17de573ff90c
--
2.41.0
?