-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new(docker,pkg/driverbuilder): use cmake
instead of makefile template to build kmod and bpf
#302
Conversation
git | ||
|
||
# Install cmake3.x (on centos7 `cmake` package installs cmake2.x) | ||
RUN curl -L -o /tmp/cmake.tar.gz https://github.com/Kitware/CMake/releases/download/v3.22.5/cmake-3.22.5-linux-$(uname -m).tar.gz; \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need to manually install a cmake 3.x on centos:7.
|
||
cp /driverkit/module-Makefile {{ .DriverBuildDir }}/Makefile | ||
bash /driverkit/fill-driver-config.sh {{ .DriverBuildDir }} | ||
mv /tmp/module-download/*/* {{ .DriverBuildDir }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Scripts are a bit different now:
- we move all the stuff under the download libs repo to
{{ .DriverBuildDir }}
now, not only thedriver
subfolder - we run
cmake
with lots of things disabled. Unfortunately, given that libs only recently gained the ability to build the bpf probe inMINIMAL_BUILD
mode, we need to configure the project in full mode, and this requiresgit
becausegrpc
andprotobuf
deps need to be fetched/cloned. - Then, building is just a matter of calling
make driver
andmake bpf
with the correctCC
andKERNELDIR
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually really like how much this all simplifies the code, and I think the trade offs are worth it.
cc @falcosecurity/driverkit-maintainers |
I think this is awesome! Which would you prefer though - we can put this through now, or do #308 first and then rebase this? |
Let's go with #308 first! I will split the docker images |
I will also need to update the new |
Split #309 out of this ! |
6d65cb8
to
826307a
Compare
Need more fixes to the new local (as in "internal to containers") module and probe paths (that will now be |
@@ -55,6 +43,14 @@ type Config struct { | |||
*Build | |||
} | |||
|
|||
func (c Config) ToDriverFullPath() string { | |||
return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We expect the built kmod with cmake to be under /tmp/driver/build/driver/$drivername.ko
.
return path.Join(DriverDirectory, "build", "driver", fmt.Sprintf("%s.ko", c.DriverName)) | ||
} | ||
|
||
func (c Config) ToProbeFullPath() string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We expect the built probe with cmake to be under /tmp/driver/build/driver/bpf/probe.o
.
{{ if .BuildModule }} | ||
# Build the module | ||
cd {{ .DriverBuildDir }} | ||
make CC=/usr/bin/gcc-{{ .GCCVersion }} KERNELDIR=/tmp/kernel | ||
mv {{ .ModuleDriverName }}.ko {{ .ModuleFullPath }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't need the mv
anymore since ModuleFullPath is already the correct path.
@@ -102,11 +102,11 @@ func (bp *KubernetesBuildProcessor) buildModule(b *builder.Build) error { | |||
return err | |||
} | |||
|
|||
if builder.ModuleFullPath != "" { | |||
if c.ModuleFilePath != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The following are small fixes in the kubernetes builder. cc @Lowaiz
@@ -275,15 +255,15 @@ func (bp *KubernetesBuildProcessor) copyModuleAndProbeFromPodWithUID(ctx context | |||
} | |||
if p.Status.Phase == corev1.PodRunning { | |||
slog.With(falcoBuilderUIDLabel, falcoBuilderUID).Info("start downloading module and probe from pod") | |||
if builder.ModuleFullPath != "" { | |||
err = copySingleFileFromPod(build.ModuleFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, builder.ModuleFullPath, moduleLockFile) | |||
if c.ModuleFilePath != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same fix as above.
if err != nil { | ||
return err | ||
} | ||
slog.Info("Kernel Module extraction successful") | ||
} | ||
if builder.ProbeFullPath != "" { | ||
err = copySingleFileFromPod(build.ProbeFilePath, bp.coreV1Client, bp.clientConfig, p.Namespace, p.Name, builder.ProbeFullPath, probeLockFile) | ||
if c.ProbeFilePath != "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same fix as above.
0ea2552
to
6a7fde7
Compare
TODO: i need to also fix the |
6306d33
to
33d576c
Compare
/hold for review |
So my vote here is to merge this, try it downstream, and then report back. I love this change, and we're ready to merge it. If something breaks downstream, we can handle it in a separate MR/release |
Nice! I will make sure to rebase asap and let the flow go on :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
… to build kmod and bpf. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…` in template scripts. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…ute existing dir path. Moreover, take into account srcDir in local builder: when src-dir is specified, sources do not need to be configured through cmake. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…e driverversions. In CI, enable multiple driverversions to test that we do not break against old driver versions. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Moreover, add back some now unused cmake variables, ie: * PROBE_NAME * PROBE_VERSION * PROBE_DEVICE_NAME Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
33d576c
to
13171b6
Compare
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
…l` cmd. Moreover, properly fill CmakeCmd for local target too. Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approve again :)
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: EXONER4TED, FedeDP The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/unhold |
What type of PR is this?
/kind feature
Any specific area of the project related to this PR?
/area pkg
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Docker images changes will be split to their own PR if maintainers agree this is the way to go.
Also: while testing i discovered that recent archlinux kmods fail to build (eg: against
6.6.1.arch1-1
) even with master images and code.Will investigate further, but it seems we need a builder image with an updated glibc version.
Opened an issue to track that: #303
Does this PR introduce a user-facing change?: