diff --git a/.github/workflows/reusable_build_test_driverkit.yml b/.github/workflows/reusable_build_test_driverkit.yml index 5297eca7..900337b5 100644 --- a/.github/workflows/reusable_build_test_driverkit.yml +++ b/.github/workflows/reusable_build_test_driverkit.yml @@ -27,6 +27,14 @@ jobs: - name: Test run: make test + + - name: Set integration tests DRIVERVERSIONS env + if: inputs.arch == 'amd64' + run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver 17f5df52a7d9ed6bb12d3b1768460def8439936d" >> $GITHUB_ENV + + - name: Set integration tests DRIVERVERSIONS env + if: inputs.arch == 'arm64' + run: echo "DRIVERVERSIONS=master 6.0.1+driver 2.0.0+driver" >> $GITHUB_ENV - name: Integration tests run: make integration_test diff --git a/Makefile b/Makefile index 048a5e6a..71e11d30 100644 --- a/Makefile +++ b/Makefile @@ -16,6 +16,8 @@ ifeq ($(COMMITS_FROM_GIT_TAG),0) endif endif +DRIVERVERSIONS ?= master + DOCKER_ORG ?= falcosecurity ARCH := $(shell uname -m) @@ -105,7 +107,9 @@ integration_test: $(test_configs) .PHONY: $(test_configs) $(test_configs): ${driverkit} - ${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 + $(foreach d,$(DRIVERVERSIONS),\ + ${driverkit} docker -c $@ --builderimage auto:master -l debug --timeout 600 --driverversion $d; \ + ) .PHONY: ${driverkit_docgen} ${driverkit_docgen}: ${PWD}/docgen diff --git a/pkg/driverbuilder/builder/builders.go b/pkg/driverbuilder/builder/builders.go index deda53d7..aa2ce62f 100644 --- a/pkg/driverbuilder/builder/builders.go +++ b/pkg/driverbuilder/builder/builders.go @@ -31,19 +31,25 @@ import ( ) // DriverDirectory is the directory the processor uses to store the driver. -const DriverDirectory = "/tmp/driver" - -// ModuleFileName is the standard file name for the kernel module. -const ModuleFileName = "module.ko" - -// ProbeFileName is the standard file name for the eBPF probe. -const ProbeFileName = "probe.o" - -// ModuleFullPath is the standard path for the kernel module. Builders must place the compiled module at this location. -var ModuleFullPath = path.Join(DriverDirectory, ModuleFileName) - -// ProbeFullPath is the standard path for the eBPF probe. Builders must place the compiled probe at this location. -var ProbeFullPath = path.Join(DriverDirectory, "bpf", ProbeFileName) +const ( + DriverDirectory = "/tmp/driver" + cmakeCmdFmt = `cmake -Wno-dev \ + -DUSE_BUNDLED_DEPS=On \ + -DCREATE_TEST_TARGETS=Off \ + -DBUILD_LIBSCAP_GVISOR=Off \ + -DBUILD_LIBSCAP_MODERN_BPF=Off \ + -DENABLE_DRIVERS_TESTS=Off \ + -DDRIVER_NAME=%s \ + -DPROBE_NAME=%s \ + -DBUILD_BPF=On \ + -DDRIVER_VERSION=%s \ + -DPROBE_VERSION=%s \ + -DGIT_COMMIT=%s \ + -DDRIVER_DEVICE_NAME=%s \ + -DPROBE_DEVICE_NAME=%s \ + .. && \ + sed -i s/'DRIVER_COMMIT ""'/'DRIVER_COMMIT "%s"'/g driver/src/driver_config.h` +) var HeadersNotFoundErr = errors.New("kernel headers not found") @@ -55,6 +61,14 @@ type Config struct { *Build } +func (c Config) ToDriverFullPath() string { + return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName)) +} + +func (c Config) ToProbeFullPath() string { + return path.Join(DriverDirectory, "build", "driver", "bpf", "probe.o") +} + type commonTemplateData struct { DriverBuildDir string ModuleDownloadURL string @@ -63,6 +77,7 @@ type commonTemplateData struct { BuildModule bool BuildProbe bool GCCVersion string + CmakeCmd string } // Builder represents a builder capable of generating a script for a driverkit target. @@ -293,10 +308,19 @@ func (c Config) toTemplateData(b Builder, kr kernelrelease.KernelRelease) common DriverBuildDir: DriverDirectory, ModuleDownloadURL: fmt.Sprintf("%s/%s.tar.gz", c.DownloadBaseURL, c.DriverVersion), ModuleDriverName: c.DriverName, - ModuleFullPath: ModuleFullPath, + ModuleFullPath: c.ToDriverFullPath(), BuildModule: len(c.ModuleFilePath) > 0, BuildProbe: len(c.ProbeFilePath) > 0, GCCVersion: c.GCCVersion, + CmakeCmd: fmt.Sprintf(cmakeCmdFmt, + c.DriverName, + c.DriverName, + c.DriverVersion, + c.DriverVersion, + c.DriverVersion, + c.DeviceName, + c.DeviceName, + c.DriverVersion), } } diff --git a/pkg/driverbuilder/builder/local.go b/pkg/driverbuilder/builder/local.go index 00e20778..95d7e0ab 100644 --- a/pkg/driverbuilder/builder/local.go +++ b/pkg/driverbuilder/builder/local.go @@ -4,6 +4,7 @@ import ( _ "embed" "fmt" "github.com/falcosecurity/driverkit/pkg/kernelrelease" + "path/filepath" ) // NOTE: since this is only used by local build, @@ -54,6 +55,15 @@ func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease, _ BuildModule: len(c.ModuleFilePath) > 0, BuildProbe: len(c.ProbeFilePath) > 0, GCCVersion: l.GccPath, + CmakeCmd: fmt.Sprintf(cmakeCmdFmt, + c.DriverName, + c.DriverName, + c.DriverVersion, + c.DriverVersion, + c.DriverVersion, + c.DeviceName, + c.DeviceName, + c.DriverVersion), }, UseDKMS: l.UseDKMS, DownloadSrc: len(l.SrcDir) == 0, // if no srcdir is provided, download src! @@ -63,17 +73,26 @@ func (l *LocalBuilder) TemplateData(c Config, kr kernelrelease.KernelRelease, _ } func (l *LocalBuilder) GetModuleFullPath(c Config, kr kernelrelease.KernelRelease) string { - moduleFullPath := ModuleFullPath if l.UseDKMS { // When using dkms, we will use a GLOB to match the pattern; ModuleFullPath won't be used in the templated script anyway. - moduleFullPath = fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName) + return fmt.Sprintf("/var/lib/dkms/%s/%s/%s/%s/module/%s.*", c.DriverName, c.DriverVersion, kr.String(), kr.Architecture.ToNonDeb(), c.DriverName) } - return moduleFullPath + if l.SrcDir != "" { + return filepath.Join(l.SrcDir, fmt.Sprintf("%s.ko", c.DriverName)) + } + return c.ToDriverFullPath() +} + +func (l *LocalBuilder) GetProbeFullPath(c Config) string { + if l.SrcDir != "" { + return filepath.Join(l.SrcDir, "bpf", "probe.o") + } + return c.ToProbeFullPath() } func (l *LocalBuilder) GetDriverBuildDir() string { driverBuildDir := DriverDirectory - if len(l.SrcDir) > 0 { + if l.SrcDir != "" { driverBuildDir = l.SrcDir } return driverBuildDir diff --git a/pkg/driverbuilder/builder/templates/alinux.sh b/pkg/driverbuilder/builder/templates/alinux.sh index 3b66ee0d..07b84717 100644 --- a/pkg/driverbuilder/builder/templates/alinux.sh +++ b/pkg/driverbuilder/builder/templates/alinux.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/almalinux.sh b/pkg/driverbuilder/builder/templates/almalinux.sh index 3b66ee0d..07b84717 100644 --- a/pkg/driverbuilder/builder/templates/almalinux.sh +++ b/pkg/driverbuilder/builder/templates/almalinux.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/amazonlinux.sh b/pkg/driverbuilder/builder/templates/amazonlinux.sh index 6b4f6a22..13818b87 100644 --- a/pkg/driverbuilder/builder/templates/amazonlinux.sh +++ b/pkg/driverbuilder/builder/templates/amazonlinux.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -45,19 +42,20 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel -{{ if .BuildModule }} -# Build the kernel module cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} -make KERNELDIR=/tmp/kernel CC=/usr/bin/gcc-{{ .GCCVersion }} LD=/usr/bin/ld.bfd CROSS_COMPILE="" -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +{{ if .BuildModule }} +# Build the module +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel LD=/usr/bin/ld.bfd CROSS_COMPILE="" driver +strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} {{ end }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/archlinux.sh b/pkg/driverbuilder/builder/templates/archlinux.sh index a2f59739..90c53e1c 100644 --- a/pkg/driverbuilder/builder/templates/archlinux.sh +++ b/pkg/driverbuilder/builder/templates/archlinux.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/lib/modules/*/build/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/centos.sh b/pkg/driverbuilder/builder/templates/centos.sh index 7dce58ff..ed85ad52 100644 --- a/pkg/driverbuilder/builder/templates/centos.sh +++ b/pkg/driverbuilder/builder/templates/centos.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,12 +39,14 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +sed -i 's/$(MAKE) -C $(KERNELDIR)/$(MAKE) KCFLAGS="-Wno-incompatible-pointer-types" -C $(KERNELDIR)/g' driver/Makefile.in +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -sed -i 's/make -C $(KERNELDIR)/make KCFLAGS="-Wno-incompatible-pointer-types" -C $(KERNELDIR)/g' Makefile -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -55,7 +54,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/debian.sh b/pkg/driverbuilder/builder/templates/debian.sh index 8c06a646..dbcd1d4e 100644 --- a/pkg/driverbuilder/builder/templates/debian.sh +++ b/pkg/driverbuilder/builder/templates/debian.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -50,11 +47,13 @@ cp -r lib/* /lib cd /usr/src sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -62,7 +61,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=$sourcedir -ls -l probe.o +make KERNELDIR=$sourcedir bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/fedora.sh b/pkg/driverbuilder/builder/templates/fedora.sh index 3b66ee0d..07b84717 100644 --- a/pkg/driverbuilder/builder/templates/fedora.sh +++ b/pkg/driverbuilder/builder/templates/fedora.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/flatcar.sh b/pkg/driverbuilder/builder/templates/flatcar.sh index 266b667e..a9c8edf6 100644 --- a/pkg/driverbuilder/builder/templates/flatcar.sh +++ b/pkg/driverbuilder/builder/templates/flatcar.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -49,11 +46,13 @@ sed -i -e 's|^\(EXTRAVERSION =\).*|\1 -flatcar|' Makefile make KCONFIG_CONFIG=/tmp/kernel.config oldconfig make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -61,7 +60,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/local.sh b/pkg/driverbuilder/builder/templates/local.sh index d94703ba..f23b10a1 100644 --- a/pkg/driverbuilder/builder/templates/local.sh +++ b/pkg/driverbuilder/builder/templates/local.sh @@ -30,12 +30,19 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} +{{ end }} -cp /tmp/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /tmp/fill-driver-config.sh {{ .DriverBuildDir }} +{{ if or .BuildProbe (and .BuildModule (not .UseDKMS)) }} +cd {{ .DriverBuildDir }} +{{ if .DownloadSrc }} +echo "* Configuring sources with cmake" +mkdir -p build && cd build +{{ .CmakeCmd }} +{{ end }} {{ end }} + {{ if .BuildModule }} {{ if .UseDKMS }} echo "* Building kmod with DKMS" @@ -47,10 +54,13 @@ dkms install --directive="MAKE='/tmp/falco-dkms-make'" -m "{{ .ModuleDriverName rm -Rf "/tmp/falco-dkms-make" {{ else }} echo "* Building kmod" -# Build the module -cd {{ .DriverBuildDir }} +{{ if .DownloadSrc }} +# Build the module - cmake configured +make CC={{ .GCCVersion }} driver +{{ else }} +# Build the module - preconfigured sources make CC={{ .GCCVersion }} -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +{{ end }} strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -59,16 +69,22 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} echo "* Building eBPF probe" - if [ ! -d /sys/kernel/debug/tracing ]; then echo "* Mounting debugfs" - mount -t debugfs nodev /sys/kernel/debug + # Do not fail if this fails. + mount -t debugfs nodev /sys/kernel/debug || : fi -# Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf +{{ if .DownloadSrc }} +# Build the eBPF probe - cmake configured +make bpf +ls -l driver/bpf/probe.o +{{ else }} +# Build the eBPF probe - preconfigured sources +cd bpf make ls -l probe.o {{ end }} +{{ end }} rm -Rf /tmp/module-download \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/opensuse.sh b/pkg/driverbuilder/builder/templates/opensuse.sh index 144a8e35..1874f2cc 100644 --- a/pkg/driverbuilder/builder/templates/opensuse.sh +++ b/pkg/driverbuilder/builder/templates/opensuse.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -45,11 +42,13 @@ cd /tmp/kernel-download/usr/src ls -alh /tmp/kernel-download/usr/src sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -57,7 +56,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=$sourcedir bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/oracle.sh b/pkg/driverbuilder/builder/templates/oracle.sh index 3b66ee0d..07b84717 100644 --- a/pkg/driverbuilder/builder/templates/oracle.sh +++ b/pkg/driverbuilder/builder/templates/oracle.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/photonos.sh b/pkg/driverbuilder/builder/templates/photonos.sh index 273d53a2..f83d4209 100644 --- a/pkg/driverbuilder/builder/templates/photonos.sh +++ b/pkg/driverbuilder/builder/templates/photonos.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -45,21 +42,20 @@ mkdir -p /tmp/kernel # eg: linux-headers-$kernelrelease mv usr/src/linux-*headers-*/* /tmp/kernel -{{ if .BuildModule }} +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} +{{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} - # Print results modinfo {{ .ModuleFullPath }} {{ end }} -{{ if .BuildProbe }} +{{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/redhat.sh b/pkg/driverbuilder/builder/templates/redhat.sh index 3d99c88c..dbbfc06b 100644 --- a/pkg/driverbuilder/builder/templates/redhat.sh +++ b/pkg/driverbuilder/builder/templates/redhat.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel rm -Rf /tmp/kernel-download @@ -44,11 +41,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -56,7 +55,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/rocky.sh b/pkg/driverbuilder/builder/templates/rocky.sh index 3b66ee0d..07b84717 100644 --- a/pkg/driverbuilder/builder/templates/rocky.sh +++ b/pkg/driverbuilder/builder/templates/rocky.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -42,11 +39,13 @@ rm -Rf /tmp/kernel mkdir -p /tmp/kernel mv usr/src/kernels/*/* /tmp/kernel +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -54,7 +53,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/sles.sh b/pkg/driverbuilder/builder/templates/sles.sh index ef83d674..d784dfcd 100644 --- a/pkg/driverbuilder/builder/templates/sles.sh +++ b/pkg/driverbuilder/builder/templates/sles.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel rm -Rf /tmp/kernel-download @@ -47,11 +44,13 @@ done ls -alh /tmp/kernel-download/usr/src sourcedir="$(find . -type d -name "linux-*-obj" | head -n 1 | xargs readlink -f)/*/default" +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -59,7 +58,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=$sourcedir bpf +ls -l driver/bpf/probe.o {{ end }} \ No newline at end of file diff --git a/pkg/driverbuilder/builder/templates/ubuntu.sh b/pkg/driverbuilder/builder/templates/ubuntu.sh index 0b9cefa5..e784a8ad 100644 --- a/pkg/driverbuilder/builder/templates/ubuntu.sh +++ b/pkg/driverbuilder/builder/templates/ubuntu.sh @@ -28,10 +28,7 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel mkdir /tmp/kernel-download @@ -46,11 +43,13 @@ cd /tmp/kernel-download/usr/src/ ls -altr sourcedir=$(find . -type d -name "{{ .KernelHeadersPattern }}" | head -n 1 | xargs readlink -f) +cd {{ .DriverBuildDir }} +mkdir -p build && cd build +{{ .CmakeCmd }} + {{ if .BuildModule }} # Build the module -cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=$sourcedir driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -58,7 +57,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=$sourcedir -ls -l probe.o +make KERNELDIR=$sourcedir bpf +ls -l driver/bpf/probe.o {{ end }} diff --git a/pkg/driverbuilder/builder/templates/vanilla.sh b/pkg/driverbuilder/builder/templates/vanilla.sh index 80877eda..64085553 100644 --- a/pkg/driverbuilder/builder/templates/vanilla.sh +++ b/pkg/driverbuilder/builder/templates/vanilla.sh @@ -28,15 +28,12 @@ rm -Rf /tmp/module-download mkdir -p /tmp/module-download curl --silent -SL {{ .ModuleDownloadURL }} | tar -xzf - -C /tmp/module-download -mv /tmp/module-download/*/driver/* {{ .DriverBuildDir }} - -cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile -bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} +mv /tmp/module-download/*/* {{ .DriverBuildDir }} # Fetch the kernel cd /tmp mkdir /tmp/kernel-download -{{ if .IsTarGz}} +{{ if .IsTarGz }} curl --silent -SL {{ .KernelDownloadURL }} | tar -zxf - -C /tmp/kernel-download {{ else }} curl --silent -SL {{ .KernelDownloadURL }} | tar -Jxf - -C /tmp/kernel-download @@ -59,11 +56,13 @@ make KCONFIG_CONFIG=/tmp/kernel.config modules_prepare export KBUILD_MODPOST_WARN=1 -{{ if .BuildModule }} -# Build the kernel module cd {{ .DriverBuildDir }} -make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel -mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} +mkdir -p build && cd build +{{ .CmakeCmd }} + +{{ if .BuildModule }} +# Build the module +make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel driver strip -g {{ .ModuleFullPath }} # Print results modinfo {{ .ModuleFullPath }} @@ -71,7 +70,6 @@ modinfo {{ .ModuleFullPath }} {{ if .BuildProbe }} # Build the eBPF probe -cd {{ .DriverBuildDir }}/bpf -make KERNELDIR=/tmp/kernel -ls -l probe.o +make KERNELDIR=/tmp/kernel bpf +ls -l driver/bpf/probe.o {{ end }} diff --git a/pkg/driverbuilder/docker.go b/pkg/driverbuilder/docker.go index e5d604e8..0645f8fc 100644 --- a/pkg/driverbuilder/docker.go +++ b/pkg/driverbuilder/docker.go @@ -146,24 +146,6 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { return err } - // Prepare driver config template - bufFillDriverConfig := bytes.NewBuffer(nil) - err = renderFillDriverConfig(bufFillDriverConfig, driverConfigData{DriverVersion: c.DriverVersion, DriverName: c.DriverName, DeviceName: c.DeviceName}) - if err != nil { - return err - } - - // Prepare makefile template - objList, err := LoadMakefileObjList(c) - if err != nil { - return err - } - bufMakefile := bytes.NewBuffer(nil) - err = renderMakefile(bufMakefile, makefileData{ModuleName: c.DriverName, ModuleBuildDir: builder.DriverDirectory, MakeObjList: objList}) - if err != nil { - return err - } - configDecoded, err := base64.StdEncoding.DecodeString(b.KernelConfigData) if err != nil { return err @@ -244,8 +226,6 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { files := []dockerCopyFile{ {"/driverkit/driverkit.sh", driverkitScript}, {"/driverkit/kernel.config", string(configDecoded)}, - {"/driverkit/module-Makefile", bufMakefile.String()}, - {"/driverkit/fill-driver-config.sh", bufFillDriverConfig.String()}, } var buf bytes.Buffer @@ -304,14 +284,14 @@ func (bp *DockerBuildProcessor) Start(b *builder.Build) error { } if len(b.ModuleFilePath) > 0 { - if err := copyFromContainer(ctx, cli, cdata.ID, builder.ModuleFullPath, b.ModuleFilePath); err != nil { + if err := copyFromContainer(ctx, cli, cdata.ID, c.ToDriverFullPath(), b.ModuleFilePath); err != nil { return err } slog.With("path", b.ModuleFilePath).Info("kernel module available") } if len(b.ProbeFilePath) > 0 { - if err := copyFromContainer(ctx, cli, cdata.ID, builder.ProbeFullPath, b.ProbeFilePath); err != nil { + if err := copyFromContainer(ctx, cli, cdata.ID, c.ToProbeFullPath(), b.ProbeFilePath); err != nil { return err } slog.With("path", b.ProbeFilePath).Info("eBPF probe available") diff --git a/pkg/driverbuilder/kubernetes.go b/pkg/driverbuilder/kubernetes.go index 8356ee90..eec739a5 100644 --- a/pkg/driverbuilder/kubernetes.go +++ b/pkg/driverbuilder/kubernetes.go @@ -102,11 +102,11 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { return err } - if builder.ModuleFullPath != "" { + if c.ModuleFilePath != "" { res = fmt.Sprintf("%s\n%s", "touch "+moduleLockFile, res) res = fmt.Sprintf("%s\n%s", res, "rm "+moduleLockFile) } - if builder.ProbeFullPath != "" { + if c.ProbeFilePath != "" { res = fmt.Sprintf("%s\n%s", "touch "+probeLockFile, res) res = fmt.Sprintf("%s\n%s", res, "rm "+probeLockFile) } @@ -128,24 +128,6 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { }, } - // Prepare driver config template - bufFillDriverConfig := bytes.NewBuffer(nil) - err = renderFillDriverConfig(bufFillDriverConfig, driverConfigData{DriverVersion: c.Build.DriverVersion, DriverName: c.DriverName, DeviceName: c.DeviceName}) - if err != nil { - return err - } - - // Prepare makefile template - objList, err := LoadMakefileObjList(c) - if err != nil { - return err - } - bufMakefile := bytes.NewBuffer(nil) - err = renderMakefile(bufMakefile, makefileData{ModuleName: c.DriverName, ModuleBuildDir: builder.DriverDirectory, MakeObjList: objList}) - if err != nil { - return err - } - configDecoded, err := base64.StdEncoding.DecodeString(b.KernelConfigData) if err != nil { return err @@ -154,12 +136,10 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { cm := &corev1.ConfigMap{ ObjectMeta: commonMeta, Data: map[string]string{ - "driverkit.sh": res, - "kernel.config": string(configDecoded), - "module-Makefile": bufMakefile.String(), - "fill-driver-config.sh": bufFillDriverConfig.String(), - "downloader.sh": waitForLockAndCat, - "unlock.sh": deleteLock, + "driverkit.sh": res, + "kernel.config": string(configDecoded), + "downloader.sh": waitForLockAndCat, + "unlock.sh": deleteLock, }, } // Construct environment variable array of corev1.EnvVar @@ -244,10 +224,10 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { return err } defer podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) - return bp.copyModuleAndProbeFromPodWithUID(ctx, b, namespace, string(uid)) + return bp.copyModuleAndProbeFromPodWithUID(ctx, c, b, namespace, string(uid)) } -func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context.Context, build *builder.Build, namespace string, falcoBuilderUID string) error { +func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context.Context, c builder.Config, build *builder.Build, namespace string, falcoBuilderUID string) error { namespacedClient := bp.coreV1Client.Pods(namespace) watch, err := namespacedClient.Watch(ctx, metav1.ListOptions{ LabelSelector: fmt.Sprintf("%s=%s", falcoBuilderUIDLabel, falcoBuilderUID), @@ -275,15 +255,15 @@ func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context } if p.Status.Phase == corev1.PodRunning { slog.With(falcoBuilderUIDLabel, falcoBuilderUID).Info("start downloading module and probe from pod") - if builder.ModuleFullPath != "" { - err = copySingleFileFromPod(build.ModuleFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, builder.ModuleFullPath, moduleLockFile) + if c.ModuleFilePath != "" { + err = copySingleFileFromPod(c.ModuleFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, c.ToDriverFullPath(), moduleLockFile) if err != nil { return err } slog.Info("Kernel Module extraction successful") } - if builder.ProbeFullPath != "" { - err = copySingleFileFromPod(build.ProbeFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, builder.ProbeFullPath, probeLockFile) + if c.ProbeFilePath != "" { + err = copySingleFileFromPod(c.ProbeFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, c.ToProbeFullPath(), probeLockFile) if err != nil { return err } diff --git a/pkg/driverbuilder/local.go b/pkg/driverbuilder/local.go index fcd8879a..56619353 100644 --- a/pkg/driverbuilder/local.go +++ b/pkg/driverbuilder/local.go @@ -2,7 +2,6 @@ package driverbuilder import ( "bufio" - "bytes" "context" _ "embed" "fmt" @@ -11,7 +10,6 @@ import ( "log/slog" "os" "os/exec" - "path" "path/filepath" "time" ) @@ -51,37 +49,7 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { } c := b.ToConfig() - // Prepare driver config template - bufFillDriverConfig := bytes.NewBuffer(nil) - err = renderFillDriverConfig(bufFillDriverConfig, driverConfigData{DriverVersion: c.DriverVersion, DriverName: c.DriverName, DeviceName: c.DeviceName}) - if err != nil { - return err - } - - // Prepare makefile template - objList, err := LoadMakefileObjList(c) - if err != nil { - return err - } - bufMakefile := bytes.NewBuffer(nil) - err = renderMakefile(bufMakefile, makefileData{ModuleName: c.DriverName, ModuleBuildDir: builder.DriverDirectory, MakeObjList: objList}) - if err != nil { - return err - } - - // Create all local files - files := []dockerCopyFile{ - {"/tmp/module-Makefile", bufMakefile.String()}, - {"/tmp/fill-driver-config.sh", bufFillDriverConfig.String()}, - } - for _, file := range files { - if err = os.WriteFile(file.Name, []byte(file.Body), 0o755); err != nil { - return err - } - defer os.Remove(file.Name) - } - - defer os.Remove(builder.DriverDirectory) + defer os.RemoveAll(builder.DriverDirectory) // Load gcc versions from system var gccs []string @@ -107,7 +75,7 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { } } else { // We won't use it! - gccs = []string{"gcc"} + gccs = []string{"UNUSED"} } // Cannot fail @@ -115,8 +83,9 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { vv.SrcDir = lbp.srcDir vv.UseDKMS = lbp.useDKMS - modulePath := vv.GetModuleFullPath(c, kr) - probePath := path.Join(vv.GetDriverBuildDir(), "bpf", builder.ProbeFileName) + // Fetch paths were kmod and probe will be built + srcModulePath := vv.GetModuleFullPath(c, kr) + srcProbePath := vv.GetProbeFullPath(c) for _, gcc := range gccs { vv.GccPath = gcc @@ -152,40 +121,40 @@ func (lbp *LocalBuildProcessor) Start(b *builder.Build) error { err = cmd.Wait() } } - if err == nil { - break + + // If we built the probe, disable its build for subsequent attempts (with other available gccs) + if c.ProbeFilePath != "" { + if _, err = os.Stat(srcProbePath); !os.IsNotExist(err) { + if err = copyDataToLocalPath(srcProbePath, b.ProbeFilePath); err != nil { + return err + } + slog.With("path", b.ProbeFilePath).Info("eBPF probe available") + c.ProbeFilePath = "" + } } - // If we received an error, perhaps we must just rebuilt the kmod. + + // If we received an error, perhaps we just need to try another build for the kmod. // Check if we were able to build anything. - koFiles, err := filepath.Glob(modulePath) + koFiles, err := filepath.Glob(srcModulePath) if err == nil && len(koFiles) > 0 { + // Since only kmod might need to get rebuilt + // with another gcc, break here if we actually built the kmod. break } - if _, err = os.Stat(probePath); !os.IsNotExist(err) { - c.ProbeFilePath = "" - } } if len(b.ModuleFilePath) > 0 { // If we received an error, perhaps we must just rebuilt the kmod. // Check if we were able to build anything. - koFiles, err := filepath.Glob(modulePath) + koFiles, err := filepath.Glob(srcModulePath) if err != nil || len(koFiles) == 0 { - return fmt.Errorf("failed to find kernel module .ko file: %s", modulePath) + return fmt.Errorf("failed to find kernel module .ko file: %s", srcModulePath) } if err = copyDataToLocalPath(koFiles[0], b.ModuleFilePath); err != nil { return err } slog.With("path", b.ModuleFilePath).Info("kernel module available") } - - if len(b.ProbeFilePath) > 0 { - if err = copyDataToLocalPath(probePath, b.ProbeFilePath); err != nil { - return err - } - slog.With("path", b.ProbeFilePath).Info("eBPF probe available") - } - return nil } diff --git a/pkg/driverbuilder/templates.go b/pkg/driverbuilder/templates.go index 66e5e5d9..a413e231 100644 --- a/pkg/driverbuilder/templates.go +++ b/pkg/driverbuilder/templates.go @@ -14,16 +14,6 @@ limitations under the License. package driverbuilder -import ( - "fmt" - "io" - "net/http" - "strings" - "text/template" - - "github.com/falcosecurity/driverkit/pkg/driverbuilder/builder" -) - var waitForLockScript = ` touch /tmp/download.lock while true; do @@ -56,123 +46,3 @@ while true; do done cat "$1" ` - -type makefileData struct { - ModuleName string - ModuleBuildDir string - MakeObjList string -} - -const makefileTemplate = ` -{{ .ModuleName }}-y += {{ .MakeObjList }} -obj-m += {{ .ModuleName }}.o -KERNELDIR ?= /lib/modules/$(shell uname -r)/build - -all: - make -C $(KERNELDIR) M={{ .ModuleBuildDir }} modules - -clean: - make -C $(KERNELDIR) M={{ .ModuleBuildDir }} clean - -install: all - make -C $(KERNELDIR) M={{ .ModuleBuildDir }} modules_install -` - -func renderMakefile(w io.Writer, md makefileData) error { - t := template.New("makefile") - t, _ = t.Parse(makefileTemplate) - return t.Execute(w, md) -} - -func LoadMakefileObjList(c builder.Config) (string, error) { - makefileUrl := fmt.Sprintf("https://raw.githubusercontent.com/%s/%s/%s/driver/Makefile.in", c.RepoOrg, c.RepoName, c.DriverVersion) - resp, err := http.Get(makefileUrl) - if err != nil { - return "", err - } - defer resp.Body.Close() - parsedMakefile, err := io.ReadAll(resp.Body) - if err != nil { - return "", err - } - lines := strings.Split(string(parsedMakefile), "\n") - for _, l := range lines { - if strings.HasPrefix(l, "@DRIVER_NAME@-y +=") { - return strings.Split(l, "@DRIVER_NAME@-y += ")[1], nil - } - if strings.HasPrefix(l, "@PROBE_NAME@-y +=") { - return strings.Split(l, "@PROBE_NAME@-y += ")[1], nil - } - } - return "", fmt.Errorf("obj list not found") -} - -type driverConfigData struct { - DriverVersion string - DriverName string - DeviceName string -} - -// XXX both PROBE and DRIVER variables are kept for now so that Driverkit is compatible with older versions. -// they can be removed when versions from early 2022/late 2021 will not be supported anymore. - -// Note that in the future DRIVER_COMMIT will be different from DRIVER_VERSION. Currently, it is the same as the commit -// and no decision has been made yet about the distinction in falcosecurity/libs. Will need to be updated. -const fillDriverConfigTemplate = ` -set -euxo pipefail - -DRIVER_BUILD_DIR=$1 -DRIVER_CONFIG_FILE="$DRIVER_BUILD_DIR/driver_config.h" - -cat << EOF > $DRIVER_CONFIG_FILE -#pragma once - -#define PROBE_VERSION "{{ .DriverVersion }}" -#define DRIVER_VERSION "{{ .DriverVersion }}" - -#define DRIVER_COMMIT "{{ .DriverVersion }}" - -#define PROBE_NAME "{{ .DriverName }}" -#define DRIVER_NAME "{{ .DriverName }}" - -#define PROBE_DEVICE_NAME "{{ .DeviceName }}" -#define DRIVER_DEVICE_NAME "{{ .DeviceName }}" - -#ifndef KBUILD_MODNAME -#define KBUILD_MODNAME DRIVER_NAME -#endif -EOF - -API_VERSION_FILE="$DRIVER_BUILD_DIR/API_VERSION" -if [[ -f $API_VERSION_FILE ]]; then - PPM_API_CURRENT_VERSION_MAJOR=$(cut -f 1 -d . "$API_VERSION_FILE") - PPM_API_CURRENT_VERSION_MINOR=$(cut -f 2 -d . "$API_VERSION_FILE") - PPM_API_CURRENT_VERSION_PATCH=$(cut -f 3 -d . "$API_VERSION_FILE") - - echo "#define PPM_API_CURRENT_VERSION_MAJOR" $PPM_API_CURRENT_VERSION_MAJOR >> $DRIVER_CONFIG_FILE - echo "#define PPM_API_CURRENT_VERSION_MINOR" $PPM_API_CURRENT_VERSION_MINOR >> $DRIVER_CONFIG_FILE - echo "#define PPM_API_CURRENT_VERSION_PATCH" $PPM_API_CURRENT_VERSION_PATCH >> $DRIVER_CONFIG_FILE -fi - -SCHEMA_VERSION_FILE="$DRIVER_BUILD_DIR/SCHEMA_VERSION" -if [[ -f $SCHEMA_VERSION_FILE ]]; then - PPM_SCHEMA_CURRENT_VERSION_MAJOR=$(cut -f 1 -d . "$SCHEMA_VERSION_FILE") - PPM_SCHEMA_CURRENT_VERSION_MINOR=$(cut -f 2 -d . "$SCHEMA_VERSION_FILE") - PPM_SCHEMA_CURRENT_VERSION_PATCH=$(cut -f 3 -d . "$SCHEMA_VERSION_FILE") - - echo "#define PPM_SCHEMA_CURRENT_VERSION_MAJOR" $PPM_SCHEMA_CURRENT_VERSION_MAJOR >> $DRIVER_CONFIG_FILE - echo "#define PPM_SCHEMA_CURRENT_VERSION_MINOR" $PPM_SCHEMA_CURRENT_VERSION_MINOR >> $DRIVER_CONFIG_FILE - echo "#define PPM_SCHEMA_CURRENT_VERSION_PATCH" $PPM_SCHEMA_CURRENT_VERSION_PATCH >> $DRIVER_CONFIG_FILE - - echo '#include "ppm_api_version.h"' >> $DRIVER_CONFIG_FILE -fi -` - -func renderFillDriverConfig(w io.Writer, dd driverConfigData) error { - t := template.New("driverconfig") - parsed, err := t.Parse(fillDriverConfigTemplate) - if err != nil { - return err - } - return parsed.Execute(w, dd) -} diff --git a/validate/validate.go b/validate/validate.go index dc618df3..02abd945 100644 --- a/validate/validate.go +++ b/validate/validate.go @@ -76,6 +76,19 @@ func init() { }, ) + V.RegisterTranslation( + "abs_dirpath", + T, + func(ut ut.Translator) error { + return ut.Add("abs_dirpath", "{0} must be a valid absolute dir path", true) + }, + func(ut ut.Translator, fe validator.FieldError) string { + t, _ := ut.T("abs_dirpath", fe.Field()) + + return t + }, + ) + V.RegisterTranslation( "target", T,