Merge branch 'main' into wolfictl-f628e12e-8f0c-4bf3-89e0-02259ce0cb1d

wolfi-dev · Nov 30, 2023 · 468ac59 · 468ac59
2 parents e3b95bc + 717f774
commit 468ac59
Show file tree

Hide file tree

Showing 9 changed files with 106 additions and 70 deletions.
diff --git a/aws-c-s3.yaml b/aws-c-s3.yaml
@@ -1,6 +1,6 @@
 package:
   name: aws-c-s3
-  version: 0.4.1
+  version: 0.4.3
   epoch: 0
   description: "AWS C99 library implementation for communicating with the S3 service"
   copyright:
@@ -36,7 +36,7 @@ environment:
 pipeline:
   - uses: fetch
     with:
-      expected-sha256: 139cf462db2bcf5eb6b6317051b9419b7dde027759f07c3f4f52f8af944c6e92
+      expected-sha256: 993efb6c644eaaddf2f9e2f8fdc52b62b2c6f1546199ffb37a650e1f0953e239
       uri: https://github.com/awslabs/aws-c-s3/archive/refs/tags/v${{package.version}}.tar.gz
 
   - runs: |

diff --git a/aws-crt-cpp.yaml b/aws-crt-cpp.yaml
@@ -1,6 +1,6 @@
 package:
   name: aws-crt-cpp
-  version: 0.24.8
+  version: 0.24.9
   epoch: 0
   description: "C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++"
   copyright:
@@ -32,7 +32,7 @@ pipeline:
     with:
       repository: https://github.com/awslabs/aws-crt-cpp
       tag: v${{package.version}}
-      expected-commit: 39e29736fa6cbea5607db8f5c1fea5b59c793213
+      expected-commit: 5f1eae687f86a8b356521fa61d6685d10dfecd28
 
   - runs: |
       if [ "$CBUILD" != "$CHOST" ]; then

diff --git a/containerd.yaml b/containerd.yaml
@@ -1,6 +1,6 @@
 package:
   name: containerd
-  version: 1.7.9
+  version: 1.7.10
   epoch: 0
   description: An open and reliable container runtime
   copyright:
@@ -23,7 +23,7 @@ pipeline:
     with:
       repository: https://github.com/containerd/containerd
       tag: v${{package.version}}
-      expected-commit: 4f03e100cb967922bec7459a78d16ccbac9bb81d
+      expected-commit: 4e1fe7492b9df85914c389d1f15a3ceedbb280ac
 
   - runs: |
       make VERSION="v${{package.version}}"

diff --git a/falco.yaml b/falco.yaml
@@ -12,57 +12,51 @@ package:
 environment:
   contents:
     packages:
+      - abseil-cpp-dev
+      - autoconf
+      - automake
+      - bash
+      - binutils
+      - bpftool
       - build-base
       - busybox
+      - c-ares-dev
       - ca-certificates-bundle
-      - clang-16
-      - gcc
+      - clang-16-dev
       - cmake
-      - make
+      - curl-dev
+      - elfutils-dev
       - git
-      - bash
-      - perl
+      - grpc-dev
+      - icu-dev
+      - jsoncpp-dev
+      - jq-dev
+      - libbpf-dev
+      - libcurl-openssl4
+      - libelf
+      - libsystemd
+      - libtbb-dev
+      - libtool
+      - libzstd1
       - linux-headers
-      - autoconf
-      - automake
+      - llvm16
       - m4
-      - libtool
-      - elfutils-dev
-      - libelf
-      - libelf-static
-      - patch
-      - binutils
-      - libbpf
-      - openssl
+      - make
       - openssl-dev
-      - yaml-dev
-      - c-ares
-      - c-ares-dev
-      - protobuf
+      - patch
+      - perl
       - protobuf-dev
-      - protobuf-c-dev
-      - re2
       - re2-dev
-      - zlib-dev
-      - libcurl-openssl4
-      - llvm16
-      - abseil-cpp
-      - abseil-cpp-dev
-      - abseillib
-      - jq-dev
-      - curl-dev
-      - grpc
-      - grpc-dev
-      - icu
-      - icu-dev
-      - yaml-cpp
-      - yaml-cpp-dev
       - systemd-dev
-      - libsystemd
-      - libzstd1
+      - yaml-cpp-dev
+      - yaml-dev
+      - zlib-dev
       - zstd
       - zstd-dev
-      - libtbb-dev
+      # TODO: Believe these are needed for 'make sinsp' to succeed.
+      - tinydir
+      - uthash
+      - valijson
 
 pipeline:
   - uses: git-checkout
@@ -72,37 +66,64 @@ pipeline:
       expected-commit: 1b62b5ccd1c64cd972ef0252262075cbf42a130c
       recurse-submodules: true
 
-  - runs: |
-      # Replace the find_dependency with find_package macro for newer cmake, otherwise it will fail.
-      sed -i 's/find_dependency(Protobuf CONFIG)/find_package(Protobuf CONFIG)/' /usr/lib64/cmake/grpc/gRPCConfig.cmake
+  - uses: patch
+    with:
+      # to prevent usage of vendored tbb
+      patches: tbb.patch
 
   - runs: |
       mkdir -p "${{targets.destdir}}"/etc/falco
       install -Dm755 ./falco.yaml "${{targets.destdir}}"/etc/falco/falco.yaml
-      sed -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' < "${{targets.destdir}}"/etc/falco/falco.yaml
 
-  - working-directory: build
+  - runs: |
+      sed -i '165s/${FALCO_LIBRARIES}/${FALCO_LIBRARIES} zstd/' userspace/falco/CMakeLists.txt
+
+  - working-directory: /home/build/build
+    # NOTE: These flags have been specifically set. Do not go changing these
+    # as part of development! They need to be set as they are.
+    # TODO: REMOVE THIS COMMENT ABOVE BEFORE MERGING
     pipeline:
       - runs: |
-          cmake \
-            -DCMAKE_INSTALL_PREFIX=/usr \
-            -DCMAKE_INSTALL_LIBDIR=/usr/lib \
-            -DFALCO_ETC_DIR=/etc/falco \
-            -DCMAKE_BUILD_TYPE=Release \
-            -DUSE_BUNDLED_DEPS=Off \
-            -DMINIMAL_BUILD=On \
-            -DBUILD_DRIVER=On \
-            -DBUILD_FALCO_MODERN_BPF=Off \
-            -DBUILD_BPF=Off \
-          ..
+          cmake                                     \
+            -Wno-dev                                \
+            -DCMAKE_INSTALL_PREFIX=/usr             \
+            -DCMAKE_INSTALL_LIBDIR=lib              \
+            -DCMAKE_BUILD_TYPE=MinSizeRel           \
+            -DUSE_BUNDLED_TBB=OFF                   \
+            -DUSE_BUNDLED_RE2=OFF                   \
+            -DUSE_BUNDLED_JSONCPP=OFF               \
+            -DBUILD_FALCO_MODERN_BPF=ON             \
+            -DBUILD_STATIC_LIBS=OFF                 \
+            -DUSE_BUNDLED_DEPS=OFF                  \
+            -DBUILD_SHARED_LIBS=ON                  \
+            -DBUILD_DRIVER=OFF                      \
+            -DFALCOSECURITY_SHARED_LIBS_VERSION=0   \
+            -DFALCOSECURITY_SHARED_LIBS_SOVERSION=0 \
+            ..
       - runs: |
-          make falco
+          make falco -j$(nproc)
+          make install PREFIX="/usr" DESTDIR="${{targets.destdir}}"
           install -Dm755 ./userspace/falco/falco "${{targets.destdir}}"/usr/bin/falco
+      - runs: |
+          mv "${{targets.destdir}}"/usr/lib/falcosecurity/* "${{targets.destdir}}"/usr/lib/
+          rm -rf "${{targets.destdir}}"/usr/lib/falcosecurity/
 
   - uses: strip
 
+subpackages:
+  - name: falco-dev
+    description: Falco development headers
+    pipeline:
+      - uses: split/dev
+
+  - name: falco-src
+    description: Falco kernel module sources
+    pipeline:
+      - runs: |
+          mkdir -p "${{targets.contextdir}}"/usr
+          mv "${{targets.destdir}}"/usr/src "${{targets.contextdir}}"/usr/src
+
 update:
   enabled: true
   github:
     identifier: falcosecurity/falco
-    strip-prefix: v
diff --git a/falco/tbb.patch b/falco/tbb.patch
@@ -0,0 +1,15 @@
+diff --git a/userspace/falco/CMakeLists.txt b/userspace/falco/CMakeLists.txt
+index 973655f2..c1771319 100644
+--- a/userspace/falco/CMakeLists.txt
++++ b/userspace/falco/CMakeLists.txt
+@@ -83,6 +83,9@@ set(
+   FALCO_LIBRARIES
+   falco_engine
+   sinsp
++  "${JSONCPP_LIB}"
++  "${TBB_LIB}"
++  "${RE2_LIB}"
+   "${YAMLCPP_LIB}"
+ )
+
+
diff --git a/mdbook.yaml b/mdbook.yaml
@@ -1,6 +1,6 @@
 package:
   name: mdbook
-  version: 0.4.35
+  version: 0.4.36
   epoch: 0
   description: "Create book from markdown files. Like Gitbook but implemented in Rust."
   copyright:
@@ -24,7 +24,7 @@ pipeline:
     with:
       repository: https://github.com/rust-lang/mdbook
       tag: v${{package.version}}
-      expected-commit: 94e0a44e152d8d7c62620e83e0632160977b1dd5
+      expected-commit: b7f46213c7df8f499eca0c82e7b41804cc15e369
 
   - name: Configure and build
     runs: |

diff --git a/perl.yaml b/perl.yaml
@@ -1,6 +1,6 @@
 package:
   name: perl
-  version: 5.38.1 # when bumping this version also bump Perl packages epochs to trigger a rebuild
+  version: 5.38.2 # when bumping this version also bump Perl packages epochs to trigger a rebuild
   epoch: 0
   description: "Larry Wall's Practical Extraction and Report Language"
   copyright:
@@ -21,7 +21,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://www.cpan.org/src/5.0/perl-${{package.version}}.tar.gz
-      expected-sha256: e9b02f3f37f73f38e456ef76d7daded16141cfd91dd4aa271c5f9e6332eade98
+      expected-sha256: a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e
 
   # Delete bundled zlib and bzip2 sources
   - runs: |

diff --git a/py3-botocore.yaml b/py3-botocore.yaml
@@ -1,6 +1,6 @@
 package:
   name: py3-botocore
-  version: 1.33.2
+  version: 1.33.3
   epoch: 0
   description: "The low-level, core functionality of Boto3"
   copyright:
@@ -27,7 +27,7 @@ pipeline:
   - uses: fetch
     with:
       uri: https://files.pythonhosted.org/packages/source/b/botocore/botocore-${{package.version}}.tar.gz
-      expected-sha256: 16a30faac6e6f17961c009defb74ab1a3508b8abc58fab98e7cf96af0d91ea84
+      expected-sha256: 462528fc8dc1953bc19841fd2ccee1626ec8f5b13d9e451e13452c71de2fe0dc
 
   - runs: |
       python3 setup.py build

diff --git a/zarf.yaml b/zarf.yaml
@@ -1,6 +1,6 @@
 package:
   name: zarf
-  version: 0.31.2
+  version: 0.31.3
   epoch: 0
   description: DevSecOps for Air Gap & Limited-Connection Systems.
   copyright:
@@ -19,7 +19,7 @@ pipeline:
   - uses: git-checkout
     with:
       repository: https://github.com/defenseunicorns/zarf
-      expected-commit: 06c8e53e6a88ced00f1d8bc769e3d3f8efe7751a
+      expected-commit: 68238ab55823ca9eab2c3f66ac707e05ecd9e430
       tag: v${{package.version}}
 
   - uses: go/build