Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-debug/sysdig
diff options
context:
space:
mode:
Diffstat (limited to 'dev-debug/sysdig')
-rw-r--r--dev-debug/sysdig/metadata.xml2
-rw-r--r--dev-debug/sysdig/sysdig-0.39.0.ebuild169
2 files changed, 171 insertions, 0 deletions
diff --git a/dev-debug/sysdig/metadata.xml b/dev-debug/sysdig/metadata.xml
index c16f8ef41665..05dad048fe79 100644
--- a/dev-debug/sysdig/metadata.xml
+++ b/dev-debug/sysdig/metadata.xml
@@ -10,6 +10,8 @@
<name>Proxy Maintainers</name>
</maintainer>
<use>
+ <flag name="bpf">Enable the BPF probe as alternative event source
+ to <pkg>dev-debug/scap-driver</pkg>.</flag>
<flag name="modules">Build kernel modules needed for tracing local
events. Disable this only if you intend to use sysdig purely
to work with dumpfiles.</flag>
diff --git a/dev-debug/sysdig/sysdig-0.39.0.ebuild b/dev-debug/sysdig/sysdig-0.39.0.ebuild
new file mode 100644
index 000000000000..2a9539574c2c
--- /dev/null
+++ b/dev-debug/sysdig/sysdig-0.39.0.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LLVM_COMPAT=( {15..19} )
+LLVM_OPTIONAL=1
+
+LUA_COMPAT=( luajit )
+
+inherit bash-completion-r1 cmake flag-o-matic linux-info llvm-r1 lua-single
+
+DESCRIPTION="A system exploration and troubleshooting tool"
+HOMEPAGE="https://sysdig.com/"
+
+# The version of falcosecurity-libs required by sysdig as source tree
+LIBS_VERSION="0.18.1"
+LIBS="falcosecurity-libs-${LIBS_VERSION}"
+
+SRC_URI="https://github.com/draios/sysdig/archive/${PV}.tar.gz -> ${P}.tar.gz
+ https://github.com/falcosecurity/libs/archive/${LIBS_VERSION}.tar.gz -> ${LIBS}.tar.gz"
+
+# The driver version as found in cmake/modules/driver.cmake or alternatively
+# as git tag on the $LIBS_VERSION of falcosecurity-libs.
+DRIVER_VERSION="7.3.0+driver"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="bpf +modules"
+REQUIRED_USE="${LUA_REQUIRED_USE}"
+
+RDEPEND="${LUA_DEPS}
+ dev-cpp/abseil-cpp:=
+ dev-cpp/tbb:=
+ dev-cpp/yaml-cpp:=
+ dev-libs/jsoncpp:=
+ dev-libs/libb64:=
+ bpf? ( >=dev-libs/libbpf-1.1:= )
+ dev-libs/protobuf:=
+ dev-libs/re2:=
+ dev-libs/uthash
+ net-libs/grpc:=
+ net-misc/curl
+ sys-libs/ncurses:=
+ sys-libs/zlib:=
+ virtual/libelf:="
+
+DEPEND="${RDEPEND}
+ dev-cpp/nlohmann_json
+ dev-cpp/valijson
+ bpf? ( $(llvm_gen_dep '
+ sys-devel/clang:${LLVM_SLOT}=
+ sys-devel/llvm:${LLVM_SLOT}=[llvm_targets_BPF(+)]
+ ')
+ )
+ virtual/os-headers"
+
+BDEPEND="bpf? ( dev-util/bpftool )"
+
+# pin the driver to the falcosecurity-libs version
+PDEPEND="modules? ( =dev-debug/scap-driver-${LIBS_VERSION}* )"
+
+PATCHES=(
+ "${FILESDIR}/0.38.1-scap-loader.patch"
+)
+
+pkg_pretend() {
+ if use bpf; then
+ local CONFIG_CHECK="
+ ~BPF
+ ~BPF_EVENTS
+ ~BPF_JIT
+ ~BPF_SYSCALL
+ ~FTRACE_SYSCALLS
+ ~HAVE_EBPF_JIT
+ "
+ check_extra_config
+ fi
+}
+
+pkg_setup() {
+ use bpf && llvm-r1_pkg_setup
+}
+
+src_prepare() {
+ # do not build with debugging info
+ sed -i -e 's/-ggdb//g' CMakeLists.txt "${WORKDIR}"/libs-${LIBS_VERSION}/cmake/modules/CompilerFlags.cmake || die
+
+ # fix the driver version
+ sed -i -e 's/0.0.0-local/${DRIVER_VERSION}/g' cmake/modules/driver.cmake || die
+
+ cmake_src_prepare
+}
+
+src_configure() {
+ # known problems with strict aliasing:
+ # https://github.com/falcosecurity/libs/issues/1964
+ append-flags -fno-strict-aliasing
+
+ local mycmakeargs=(
+ # do not build the kernel driver
+ -DBUILD_DRIVER=OFF
+
+ # libscap examples are not installed or really useful
+ -DBUILD_LIBSCAP_EXAMPLES=OFF
+
+ # do not build internal libs as shared
+ -DBUILD_SHARED_LIBS=OFF
+
+ # build BPF probe depending on USE
+ -DBUILD_SYSDIG_MODERN_BPF:BOOL=$(usex bpf)
+
+ # set driver version to prevent downloading (don't ask..)
+ -DDRIVER_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}/driver
+ -DDRIVER_VERSION=${DRIVER_VERSION}
+
+ # point sysdig to the libs tree
+ -DFALCOSECURITY_LIBS_SOURCE_DIR="${WORKDIR}"/libs-${LIBS_VERSION}
+
+ # explicitly set sysdig version - required for some reason
+ -DSYSDIG_VERSION=${PV}
+
+ # do not use bundled dependencies for sysdig
+ -DUSE_BUNDLED_DEPS=OFF
+
+ # do not use bundled dependencies for falcosecurity-libs
+ -DUSE_BUNDLED_B64=OFF
+ -DUSE_BUNDLED_JSONCPP=OFF
+ -DUSE_BUNDLED_RE2=OFF
+ -DUSE_BUNDLED_TBB=OFF
+ -DUSE_BUNDLED_VALIJSON=OFF
+
+ # set valijson include path to prevent downloading
+ -DVALIJSON_INCLUDE="${ESYSROOT}"/usr/include
+
+ # enable chisels
+ -DWITH_CHISEL=ON
+ )
+
+ cmake_src_configure
+}
+
+src_install() {
+ cmake_src_install
+
+ # remove driver headers
+ rm -r "${ED}"/usr/src || die
+
+ # remove libscap/libsinsp headers & libs (see #938187)
+ rm -r "${ED}"/usr/include/sysdig || die
+ rm -r "${ED}"/usr/$(get_libdir) || die
+
+ # move bashcomp to the proper location
+ dobashcomp "${ED}"/usr/etc/bash_completion.d/sysdig || die
+ rm -r "${ED}"/usr/etc || die
+}
+
+pkg_postinst() {
+ if use bpf; then
+ elog
+ elog "You have enabled the 'modern BPF' probe."
+ elog "This eBPF-based event source is an alternative to the traditional"
+ elog "scap kernel module."
+ elog
+ elog "To use it, start sysdig/csysdig with '--modern-bpf'."
+ elog
+ fi
+}