Skip to content

Commit

Permalink
build: bump sinsp, scap and the drivers to 5c0b863ddade7a45568c0ac97d…
Browse files Browse the repository at this point in the history 
…037422c9efb750

Signed-off-by: Lorenzo Fontana <lo@linux.com>
  • Loading branch information
@fntlnz @poiana
fntlnz authored and poiana committed Nov 10, 2020
1 parent 0f14821 commit 55a93bc
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cmake/modules/sysdig.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,8 @@ file(MAKE_DIRECTORY ${SYSDIG_CMAKE_WORKING_DIR})
# default below In case you want to test against another sysdig version just pass the variable - ie., `cmake
# -DSYSDIG_VERSION=dev ..`
if(NOT SYSDIG_VERSION)
set(SYSDIG_VERSION "fntlnz/sinsp-fixes")
set(SYSDIG_CHECKSUM "SHA256=30343d50a756cfa1d97939733e3177b6e3f78652555538c3ce4aa4890229d5e5")
set(SYSDIG_VERSION "5c0b863ddade7a45568c0ac97d037422c9efb750")
set(SYSDIG_CHECKSUM "SHA256=9de717b3a4b611ea6df56afee05171860167112f74bb7717b394bcc88ac843cd")
endif()
set(PROBE_VERSION "${SYSDIG_VERSION}")

Expand Down

7 comments on commit 55a93bc

@kddiji
Copy link

@kddiji kddiji commented on 55a93bc May 12, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what will be the driver version for the latest release 0.33.0? Would that be 6599e2efebce30a95f27739d655d53f0d5f686e4? This is what I am seeing here => #2177. Can someone confirm if possible?

@jasondellaluce
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you can see in https://github.com/falcosecurity/falco/blob/0.33.0/cmake/modules/driver.cmake#L29, Falco 0.33.0 ships with driver version 3.0.1. Also, please note that the latest Falco version. is 0.34.1, and that a new one (0.35.0) will be released at the end of the month.

@kddiji
Copy link

@kddiji kddiji commented on 55a93bc May 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am refactoring our pipeline and struggling to get the right falco driver version and it's compatible driverkit download path (those 2 confuse me a LOT). This below is my current config:

  - name: InstallDriverkit
        action: ExecuteBash
        inputs:
          commands:
            # Driver version taken from https://github.com/falcosecurity/falco/blob/0.27.0/cmake/modules/sysdig.cmake#L32 (keep in sync as we update Falco version)
            - |
              mkdir /tmp/driverkit && cd /tmp/driverkit
              echo "kernelrelease: $(uname -r)" >> vanilla.yml
              echo "kernelversion: $(uname -v | cut -f1 -d' ' | cut -f2 -d'#')" >> vanilla.yml
              echo "target: vanilla" >> vanilla.yml
              echo "output:" >> vanilla.yml
              echo "  module: /tmp/driverkit/falco.ko" >> vanilla.yml
              echo "driverversion: 5c0b863ddade7a45568c0ac97d037422c9efb750" >> vanilla.yml
              cat /boot/config-$(uname -r) | base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> vanilla.yml
              curl -LO https://github.com/falcosecurity/driverkit/releases/download/v0.3.0/driverkit_0.3.0_linux_amd64.tar.gz
              tar -xvzf driverkit_0.3.0_linux_amd64.tar.gz
              ./driverkit docker -c vanilla.yml --loglevel=debug --timeout=300
              mkdir /lib/modules/$(uname -r)/kernel/drivers/falco/ && cp /tmp/driverkit/falco.ko "$_"
              depmod
            - echo "falco" > /etc/modules-load.d/falco.conf
            - docker image rm $(docker images falcosecurity/driverkit-builder --quiet)
            - rm -rf /tmp/driverkit

      - name: RebootFinal
        action: Reboot
        onFailure: Abort
        maxAttempts: 2

  - name: validate
    steps:
      - name: CheckWorking
        action: ExecuteBash
        inputs:
          commands:
            - uname -r
            - docker --version
            - lsmod | grep falco

now I would like to bump up to version 0.33.0 for example, I am sure now of the driver version but unsure of it's compatible driverkit download path https://github.com/falcosecurity/driverkit/releases/download/

         commands:
            # Driver version taken from https://github.com/falcosecurity/falco/blob/0.33.0/cmake/modules/driver.cmake#L29 (keep in sync as we update Falco version)
            - |
              mkdir /tmp/driverkit && cd /tmp/driverkit
              echo "kernelrelease: $(uname -r)" >> vanilla.yml
              echo "kernelversion: $(uname -v | cut -f1 -d' ' | cut -f2 -d'#')" >> vanilla.yml
              echo "target: vanilla" >> vanilla.yml
              echo "output:" >> vanilla.yml
              echo "  module: /tmp/driverkit/falco.ko" >> vanilla.yml
              echo "driverversion: 3.0.1+driver" >> vanilla.yml
              cat /boot/config-$(uname -r) | base64 -w0 | awk '{print "kernelconfigdata: " $1;}' >> vanilla.yml
              curl -LO https://github.com/falcosecurity/driverkit/releases/download/ .... # ==> need to point to a version compatible to falco 0.33.0
              tar -xvzf driverkit_0.3.0_linux_amd64.tar.gz # need to update 
              ./driverkit docker -c vanilla.yml --loglevel=debug --timeout=300
              mkdir /lib/modules/$(uname -r)/kernel/drivers/falco/ && cp /tmp/driverkit/falco.ko "$_"
              depmod
            - echo "falco" > /etc/modules-load.d/falco.conf
            - docker image rm $(docker images falcosecurity/driverkit-builder --quiet)
            - rm -rf /tmp/driverkit

I would appreciate if you can point me to the right path as it's been a blocker for us. Thanks @jasondellaluce

@Andreagit97
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you remember it by change @FedeDP ?

@FedeDP
Copy link
Contributor

@FedeDP FedeDP commented on 55a93bc May 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by compatible driverkit download path?

EDIT: if you mean driverkit version, any of the version coming out AFTER that driverversion are ok; just go with the latest and you'll be good to go.
Driverkit strives to keep backward compatibility, so that latest driverkit can build any driverversion against any kernelrelease.

@kddiji
Copy link

@kddiji kddiji commented on 55a93bc May 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct meant to say driver kit. So in my case driver version 3.0.1+driver and driverkit => v0.12.0 which can be grabbed from https://github.com/falcosecurity/driverkit/releases/download/v0.12.0/driverkit_0.12.0_linux_amd64.tar.gz. Agree?

@FedeDP
Copy link
Contributor

@FedeDP FedeDP commented on 55a93bc May 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes sir!

Please sign in to comment.