[Buildroot] [RFC PATCH v1 0/2] Bump sysdig and falco libs
Francis Laniel
flaniel at linux.microsoft.com
Fri Jul 7 14:26:40 UTC 2023
Hi.
Le vendredi 28 avril 2023, 17:22:09 CEST Francis Laniel a écrit :
> Hi.
>
>
> With this contribution, I bumped sysdig and falcosecurity-libs.
> Sadly, I am not fully satisfied with the result, hence the fact I marked it
> as RFC because I would like to get your feedback to make it better.
>
> First of all, sysdig builds and runs:
> Welcome to Buildroot
> buildroot login: root
> # sysdig --version
> sysdig version 0.31.4
> # sysdig | head
> scap: loading out-of-tree module taints kernel.
> scap: driver loading, scap
> scap: adding new consumer (____ptrval____)
> scap: initializing ring buffer for CPU 0
> scap: CPU buffer initialized, size=8388608
> 26 15:12:28.226519423 0 sysdig (108) > switch next=0 pgft_maj=10
> pgft_min=1348 vm_size=47288 vm_rss=19408 vm_swap=0 27 15:12:28.227409149 0
> <NA> (0) > switch next=13 pgft_maj=0 pgft_min=0 vm_size=0 vm_rss=0
> vm_swap=0 ...
>
> Nonetheless, I had to increase the minimal size of the image as libsinsp.a
> is quite big:
> # du -sh /sysdig/libsinsp.a
> 152.7M /sysdig/libsinsp.a
> I am not forcefully sure where this library is used, I will investigate and
> maybe we can run everything without it.
>
> Secondly, I had to tweak heavily the libscap CMakeLists.txt to install
> several shared libraries.
> Indeed, the libraries are compiled as static, but the sysdig binary is not
> static, so it needs plenty of shared libraries to be run from the image.
> I am not really sure what is the best solution here (either compiling sysdig
> as static or not), but in any case my patch for CMakeLists.txt is not
> really clean.
>
> Finally, I had to modify the magical number in falcosecurity-libs.mk for
> API_VERSION and SCHEMA_VERSION.
> While this is not really a big pain, I am wondering if this is not possible
> to read the corresponding values from the corresponding files (i.e.
> API_VERSION and SCHEMA_VERSION).
> So, for future update we would not need to take care of it ourselves.
>
> Francis Laniel (2):
> package/sysdig: bump to version 0.31.4
> package/falcosecurity-libs: bump to version 0.10.5
>
> .../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
> .../falcosecurity-libs.hash | 2 +-
> .../falcosecurity-libs/falcosecurity-libs.mk | 12 ++--
> ...BUNDLED_DEPS-before-getting-nlohmann.patch | 52 ----------------
> package/sysdig/sysdig.hash | 2 +-
> package/sysdig/sysdig.mk | 8 ++-
> 6 files changed, 77 insertions(+), 60 deletions(-)
> create mode 100644
> package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch delete
> mode 100644
> package/sysdig/0001-cmake-Check-USE_BUNDLED_DEPS-before-getting-nlohmann.pa
> tch
>
>
> Best regards and thank you in advance for your advises.
> --
> 2.34.1
Can someone please share some feedback on this contribution?
Best regards and thank you in advance.
More information about the buildroot
mailing list