ZeroDownTime/alpine-overlay
3
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Minor falco tweaks before the version upgrade

Browse Source
This commit is contained in:
Stefan Reimer 2023-11-06 14:25:51 +00:00
parent 9cf3c9d95a
commit 62a146f1a2
3 changed files with 85 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
kubezero/falco/:w Normal file
View File

@ -0,0 +1,73 @@
# Contributor: Stefan Reimer <stefan@zero-downtime.net>
# Maintainer: Stefan Reimer <stefan@zero-downtime.net>
pkgname=falco
pkgver=0.36.2
pkgrel=0
pkgdesc="Falco is the open source solution for runtime security for hosts, containers, Kubernetes and the cloud"
url="https://github.com/falcosecurity/falco"
arch="x86_64 aarch64"
license="AGPL-3.0"
makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev
protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev zlib-dev jsoncpp-dev re2-dev onetbb-dev@edge-community"
options="!check"
depends="falco-kernel~$pkgver"
# Original config
# https://raw.githubusercontent.com/falcosecurity/rules/main/rules/falco_rules.yaml
# https://raw.githubusercontent.com/falcosecurity/falco/master/falco.yaml
source="
$pkgname-$pkgver.tar.gz::https://github.com/falcosecurity/falco/archive/refs/tags/$pkgver.tar.gz
alpine.patch
falco.patch
rules.patch
"
prepare() {
[[ -d build ]] || mkdir build
# Disable static binaries
patch -i $srcdir/alpine.patch
}
build() {
cd build
cmake \
-DCPACK_GENERATOR=TGZ \
-DCMAKE_BUILD_TYPE=Release \
-DFALCO_VERSION=$pkgver \
-DCMAKE_INSTALL_PREFIX=/usr \
-DFALCO_ETC_DIR=/etc/falco \
-DUSE_BUNDLED_DEPS=Off \
-DBUILD_SHARED_LIBS=On \
-DMUSL_OPTIMIZED_BUILD=On \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DBUILD_LIBSCAP_MODERN_BPF=Off \
..
make falco falcoctl
}
package() {
cd build
make DESTDIR="${pkgdir}" install
# patch falco config
cd $pkgdir/etc/falco
patch -i $srcdir/falco.patch
patch -i $srcdir/rules.patch
# We dont build anything on targets so remove sources
rm -rf $pkgdir/usr/src
rm -rf $pkgdir/usr/lib
rm -rf $pkgdir/usr/include
}
sha512sums="
a3fef235ab4f3121bd0400827712652530ec417498c44ada8b6bf565f7631d035673b53dad94ea6ae9c854d45202ed71b2771f19e0c92eea3fc3503e5b75b02e falco-0.36.2.tar.gz
8ff7a677f723f2d4a09808939500ddff81f15b8a62a2e091d8042765d105d30b67f9993d05ef129dfad6c866ea37d608a3ae9bc7e99730995542f8b5181ba594 alpine.patch
b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08 falco.patch
d8f71ca7c6d854a866826b3f2f5630b6f30448f794c4c5a56a9ea656ee03c3645a1cf7663b5e79d3ea63d4fab8bd44f91a80b1752c8239c8310efa08b495f2e2 rules.patch
"

15
kubezero/falco/APKBUILD
View File

@ -7,7 +7,6 @@ pkgdesc="Falco is the open source solution for runtime security for hosts, conta
url="https://github.com/falcosecurity/falco" url="https://github.com/falcosecurity/falco"
arch="x86_64 aarch64" arch="x86_64 aarch64"
license="AGPL-3.0" license="AGPL-3.0"
# These deps are for BUNLDE_DEPS=On
makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev makedepends="cmake linux-headers bash perl autoconf elfutils-dev libtool argp-standalone musl-fts-dev musl-libintl musl-obstack-dev
protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev" protobuf-dev jq-dev openssl-dev curl-dev c-ares-dev grpc-dev yaml-dev yaml-cpp-dev jsoncpp-dev re2-dev"
options="!check" options="!check"
@ -33,13 +32,21 @@ prepare() {
build() { build() {
cd build cd build
cmake .. \
cmake \
-DCPACK_GENERATOR=TGZ \
-DCMAKE_BUILD_TYPE=Release \ -DCMAKE_BUILD_TYPE=Release \
-DFALCO_VERSION=$pkgver \ -DFALCO_VERSION=$pkgver \
-DCMAKE_INSTALL_PREFIX=/usr \ -DCMAKE_INSTALL_PREFIX=/usr \
-DFALCO_ETC_DIR=/etc/falco \
-DMINIMAL_BUILD=On \
-DUSE_BUNDLED_DEPS=Off \ -DUSE_BUNDLED_DEPS=Off \
-DBUILD_DRIVER=Off \
-DMUSL_OPTIMIZED_BUILD=On \ -DMUSL_OPTIMIZED_BUILD=On \
-DBUILD_DRIVER=Off \
-DBUILD_BPF=Off \
-DBUILD_LIBSCAP_MODERN_BPF=Off \
..
#-DBUILD_SHARED_LIBS=On \
make falco falcoctl make falco falcoctl
} }
@ -61,7 +68,7 @@ package() {
sha512sums=" sha512sums="
dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz dc648d9b0a625a02320ff0235bbf4f4940e7ba40c684a8a1f972d34f0a3447b4a34e665d7fbc0ee1ec9a014f65f81a304dc76b4ec804fc7b4e448f330b9474af falco-0.35.1.tar.gz
8ff7a677f723f2d4a09808939500ddff81f15b8a62a2e091d8042765d105d30b67f9993d05ef129dfad6c866ea37d608a3ae9bc7e99730995542f8b5181ba594 alpine.patch
b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08 falco.patch b152fcf6cd81895efa37797ab7ff1aac7350b5f51f2648aa9e3cce9d5ece55791ddf82c396e9da216293e2379a785a294cc972f28a91162dc5bc88ab09e1ab08 falco.patch
d8f71ca7c6d854a866826b3f2f5630b6f30448f794c4c5a56a9ea656ee03c3645a1cf7663b5e79d3ea63d4fab8bd44f91a80b1752c8239c8310efa08b495f2e2 rules.patch d8f71ca7c6d854a866826b3f2f5630b6f30448f794c4c5a56a9ea656ee03c3645a1cf7663b5e79d3ea63d4fab8bd44f91a80b1752c8239c8310efa08b495f2e2 rules.patch
a067c340269b50354d8eff5cdcf1d60799819b8c20f2f4615af71746eb430d7db320062aa033b75822d4cb3fc2bc73f69d3a0b3ddaba5610155b630e28af6105 alpine.patch
" "

2
kubezero/falco/alpine.patch
View File

@ -5,7 +5,7 @@
if(MUSL_OPTIMIZED_BUILD) if(MUSL_OPTIMIZED_BUILD)
- set(MUSL_FLAGS "-static -Os -fPIE -pie") - set(MUSL_FLAGS "-static -Os -fPIE -pie")
+ set(MUSL_FLAGS "-Os -fPIE -pie") + set(MUSL_FLAGS "-fPIE -pie")
add_definitions(-DMUSL_OPTIMIZED) add_definitions(-DMUSL_OPTIMIZED)
endif() endif()