Skip to content

update(deps): bump to libs 0.21 #2164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 14 commits into
base: dev
Choose a base branch
from
Open

update(deps): bump to libs 0.21 #2164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
434c508
update(cmake): bump libs to 0.21.0
therealbobo Aug 28, 2025
e3073f1
fix(ci): bump zig and container image
therealbobo Aug 28, 2025
98a3b0b
fix(ci): use bpftool from repo
therealbobo Aug 28, 2025
3ae86c3
fix(ci): use correct zig url
therealbobo Aug 28, 2025
a4ee9dc
use updated container plugin
therealbobo Aug 28, 2025
8076fe1
install container plugin in correct location
therealbobo Aug 28, 2025
587b635
fix(ci): make others arch build work
therealbobo Oct 13, 2025
e76fb90
feat: add container plugin config file
therealbobo Oct 11, 2025
2beb683
cleanup: remove deprecated flags
therealbobo Oct 11, 2025
012150b
fix(chisel): each chisel owns a sinsp_filter_check_list
therealbobo Oct 14, 2025
722e06d
chore(cmake/modules): update container plugin hashes
therealbobo Oct 15, 2025
f6874e4
chore(cmake/modules): update libs and driver hashes
therealbobo Oct 15, 2025
674e7ae
fix: use the member filter check list
therealbobo Oct 16, 2025
490cdf2
fix(ci): install bpftool from source and use zig stable
therealbobo Oct 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 12 additions & 9 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,14 @@
build-sysdig-linux:
runs-on: ubuntu-24.04${{ matrix.platform == 'arm64' && '-arm' || '' }}
container:
image: ubuntu:22.04
image: ubuntu:24.04
strategy:
matrix:
platform:
- amd64
- arm64
env:
ZIG_VERSION: 0.14.0-dev.3259+0779e847f
ZIG_VERSION: 0.14.1

steps:
- name: Checkout Sysdig
Expand All @@ -27,13 +27,11 @@
fetch-depth: 0

- name: Install deps
run: |

Check failure on line 30 in .github/workflows/ci.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2006:style:13:15: Use $(...) notation instead of legacy backticks `...` [shellcheck]

Raw Output:
e:.github/workflows/ci.yaml:30:9: shellcheck reported issue in this script: SC2006:style:13:15: Use $(...) notation instead of legacy backticks `...` [shellcheck]

Check warning on line 30 in .github/workflows/ci.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2046:warning:13:15: Quote this to prevent word splitting [shellcheck]

Raw Output:
w:.github/workflows/ci.yaml:30:9: shellcheck reported issue in this script: SC2046:warning:13:15: Quote this to prevent word splitting [shellcheck]
cp -v scripts/zig-cc /usr/bin/
cp -v scripts/zig-c++ /usr/bin/
apt update && \
apt install -y --no-install-recommends \
autoconf \
automake \
build-essential \
ca-certificates \
clang \
Expand All @@ -42,6 +40,7 @@
git \
libelf-dev \
libtool \
linux-tools-`uname -r` \
llvm \
ninja-build \
pkg-config \
Expand All @@ -55,10 +54,10 @@
make install && \
cd ../.. && \
rm -fr bpftool && \
curl -LO https://ziglang.org/builds/zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
tar -xaf zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
rm -v zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
cd zig-linux-"$(uname -m)"-"${ZIG_VERSION}" && \
curl -LO "https://ziglang.org/download/${ZIG_VERSION}/zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
tar -xaf "zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
rm -v "zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
cd zig-* && \
cp -v zig /usr/bin && \
find lib -exec cp --parents {} /usr/ \; && \
cd .. && \
Expand Down Expand Up @@ -129,9 +128,13 @@
steps:
- name: Checkout Sysdig
uses: actions/checkout@v4
- name: Install NSIS
if: matrix.os == 'windows-latest'
run: |
choco install nsis -y
- name: Build
run: |
cmake -Wno-dev -S . -B build
cmake -Wno-dev -DCMAKE_POLICY_VERSION_MINIMUM=3.5 -S . -B build
cmake --build build --target package --config Release
- name: Upload Artifacts
uses: actions/upload-artifact@v4
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/release-draft.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
release_arch: aarch64

env:
ZIG_VERSION: 0.14.0-dev.3259+0779e847f
ZIG_VERSION: 0.14.1

steps:
- name: Checkout Sysdig
Expand All @@ -37,13 +37,11 @@
fetch-depth: 0

- name: Install deps
run: |

Check failure on line 40 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2006:style:13:15: Use $(...) notation instead of legacy backticks `...` [shellcheck]

Raw Output:
e:.github/workflows/release-draft.yaml:40:9: shellcheck reported issue in this script: SC2006:style:13:15: Use $(...) notation instead of legacy backticks `...` [shellcheck]

Check warning on line 40 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2046:warning:13:15: Quote this to prevent word splitting [shellcheck]

Raw Output:
w:.github/workflows/release-draft.yaml:40:9: shellcheck reported issue in this script: SC2046:warning:13:15: Quote this to prevent word splitting [shellcheck]
cp -v scripts/zig-cc /usr/bin/
cp -v scripts/zig-c++ /usr/bin/
apt update && \
apt install -y --no-install-recommends \
autoconf \
automake \
build-essential \
ca-certificates \
clang \
Expand All @@ -52,6 +50,7 @@
git \
libelf-dev \
libtool \
linux-tools-`uname -r` \
llvm \
ninja-build \
pkg-config \
Expand All @@ -65,15 +64,16 @@
make install && \
cd ../.. && \
rm -fr bpftool && \
curl -LO https://ziglang.org/builds/zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
tar -xaf zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
rm -v zig-linux-"$(uname -m)"-"${ZIG_VERSION}".tar.xz && \
cd zig-linux-"$(uname -m)"-"${ZIG_VERSION}" && \
curl -LO "https://ziglang.org/download/${ZIG_VERSION}/zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
tar -xaf "zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
rm -v "zig-$(uname -m)-linux-${ZIG_VERSION}.tar.xz" && \
cd zig-* && \
cp -v zig /usr/bin && \
find lib -exec cp --parents {} /usr/ \; && \
cd .. && \
rm -fr zig*


- name: Build Sysdig
env:
CC: zig-cc
Expand Down Expand Up @@ -216,10 +216,10 @@
run: printenv PRIVATE_KEY | gpg --import -

- name: Sign DEBs
run: debsigs --sign=origin --default-key="${{ env.KEY_ID }}" *.deb

Check warning on line 219 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:57: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:219:9: shellcheck reported issue in this script: SC2035:info:1:57: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

- name: Sign RPMs
run: rpm --define "_gpg_name ${{ env.KEY_ID }}" --define "_binary_filedigest_algorithm 8" --addsign *.rpm

Check warning on line 222 in .github/workflows/release-draft.yaml

View workflow job for this annotation

GitHub Actions / actionlint 

[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2035:info:1:96: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

Raw Output:
i:.github/workflows/release-draft.yaml:222:9: shellcheck reported issue in this script: SC2035:info:1:96: Use ./*glob* or -- *glob* so names with dashes won't become options [shellcheck]

- name: Upload Signed Packages
uses: actions/upload-artifact@v4
Expand Down
24 changes: 9 additions & 15 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@ if(EXISTS ${CMAKE_CURRENT_BINARY_DIR}/CMakeLists.txt)
"The following wiki page has more information on manually building sysdig: http://bit.ly/1oJ84UI")
endif()

cmake_minimum_required(VERSION 3.5.1)
cmake_minimum_required(VERSION 3.28)

project(sysdig)

option(MINIMAL_BUILD "Produce a minimal sysdig binary with only the essential features (no eBPF probe driver, no kubernetes, no mesos, no marathon and no container metadata)" OFF)
option(MUSL_OPTIMIZED_BUILD "Enable if you want a musl optimized build" OFF)
option(USE_BUNDLED_DEPS "Enable bundled dependencies instead of using the system ones" ON)

Expand Down Expand Up @@ -71,22 +70,14 @@ add_definitions(-DCHISEL_TOOL_LIBRARY_NAME="${CHISEL_TOOL_LIBRARY_NAME}")

option(BUILD_WARNINGS_AS_ERRORS "Enable building with -Wextra -Werror flags")

if(APPLE)
set(MINIMAL_BUILD ON)
endif()

if(MINIMAL_BUILD)
set(MINIMAL_BUILD_FLAGS "-DMINIMAL_BUILD")
endif()

if(MUSL_OPTIMIZED_BUILD)
set(SYSDIG_MUSL_FLAGS "-static -Os")
endif()

if(NOT WIN32)

set(SYSDIG_DEBUG_FLAGS "-D_DEBUG")
set(CMAKE_COMMON_FLAGS "-Wall -ggdb ${MINIMAL_BUILD_FLAGS} ${SYSDIG_MUSL_FLAGS}")
set(CMAKE_COMMON_FLAGS "-Wall -ggdb ${SYSDIG_MUSL_FLAGS}")

if(BUILD_WARNINGS_AS_ERRORS)
set(CMAKE_SUPPRESSED_WARNINGS "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits -Wno-implicit-fallthrough -Wno-format-truncation")
Expand Down Expand Up @@ -122,9 +113,7 @@ if(NOT WIN32)
endif()

else()
set(MINIMAL_BUILD ON)

set(SYSDIG_FLAGS_WIN "-D_CRT_SECURE_NO_WARNINGS -DWIN32 -DMINIMAL_BUILD /EHsc /W3 /Zi")
set(SYSDIG_FLAGS_WIN "-D_CRT_SECURE_NO_WARNINGS -DWIN32 /EHsc /W3 /Zi")

if(CMAKE_VERSION VERSION_LESS 3.15.0)
set(SYSDIG_FLAGS_WIN_DEBUG "/MTd /Od")
Expand All @@ -144,7 +133,7 @@ else()
set(CMAKE_CXX_FLAGS_RELEASE "${SYSDIG_FLAGS_WIN_RELEASE}")
endif()

# Modern BPF is not supported on not Linux systems and in MINIMAL_BUILD
# Modern BPF is not supported on not Linux systems
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
option(BUILD_SYSDIG_MODERN_BPF "Build modern BPF support for Sysdig" ON)
if(BUILD_SYSDIG_MODERN_BPF)
Expand All @@ -165,11 +154,16 @@ if(MSVC OR WIN32)
_DISABLE_CONSTEXPR_MUTEX_CONSTRUCTOR
NOMINMAX
)

# Set MSVC runtime library for Windows builds (CMake 3.15+)
# This ensures consistent runtime linkage across all targets and dependencies
set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$<CONFIG:Debug>:Debug>")
endif()

include(falcosecurity-libs)
include(yaml-cpp)
include(nlohmann-json)
include(container_plugin)

if(CMAKE_SYSTEM_NAME MATCHES "Linux")
if(NOT DEFINED DRIVER_VERSION)
Expand Down
95 changes: 95 additions & 0 deletions cmake/modules/container_plugin.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# SPDX-License-Identifier: Apache-2.0
#
# Copyright (C) 2025 The Falco Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
# in compliance with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under the License
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
# or implied. See the License for the specific language governing permissions and limitations under
# the License.
#

include(ExternalProject)

string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} PLUGINS_SYSTEM_NAME)

set(CONTAINER_VERSION "0.3.7")

if(UNIX AND NOT APPLE)

set(CONTAINER_LIBRARY
"${CMAKE_BINARY_DIR}/container_plugin-prefix/src/container_plugin/libcontainer.so"
)
if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
set(CONTAINER_HASH "fd4e0b36ff9eb8ea34ee8166d0bfa29f9de7939e7c6e1ef931a9d6261b20f5ab")
else() # arm64
set(CONTAINER_HASH "fb13572da413d2272d249459f0afd1879514a265e43acaaa8a844163bede239d")
endif()

if(NOT TARGET container_plugin)
message(STATUS "Fetching container plugin ${CONTAINER_VERSION} in '${CONTAINER_LIBRARY}'")
ExternalProject_Add(
container_plugin
URL "https://download.falco.org/plugins/stable/container-${CONTAINER_VERSION}-${PLUGINS_SYSTEM_NAME}-${CMAKE_HOST_SYSTEM_PROCESSOR}.tar.gz"
URL_HASH "SHA256=${CONTAINER_HASH}"
BUILD_BYPRODUCTS "${CONTAINER_LIBRARY}"
CONFIGURE_COMMAND ""
BUILD_COMMAND ""
INSTALL_COMMAND ""
)

install(
FILES "${CONTAINER_LIBRARY}"
DESTINATION share/plugins
COMPONENT "${SYSDIG_COMPONENT_NAME}"
)
endif()
else()

# Determine the correct library extension for the platform
if(APPLE)
set(CONTAINER_LIB_EXT "dylib")
elseif(WIN32)
set(CONTAINER_LIB_EXT "dll")
else()
set(CONTAINER_LIB_EXT "so")
endif()

# On Windows, shared libraries don't have the "lib" prefix
# and multi-config generators place outputs in config subdirectories
if(WIN32)
set(CONTAINER_LIBRARY
"${CMAKE_BINARY_DIR}/container_plugin-prefix/src/container_plugin/plugins/container/${CMAKE_BUILD_TYPE}/container.${CONTAINER_LIB_EXT}"
)
else()
set(CONTAINER_LIBRARY
"${CMAKE_BINARY_DIR}/container_plugin-prefix/src/container_plugin/plugins/container/libcontainer.${CONTAINER_LIB_EXT}"
)
endif()
if(NOT TARGET container_plugin)
message(STATUS "Fetching container plugin source ${CONTAINER_VERSION} in '${CONTAINER_LIBRARY}'")
ExternalProject_Add(
container_plugin
URL "https://github.com/falcosecurity/plugins/archive/refs/tags/plugins/container/v${CONTAINER_VERSION}.tar.gz"
URL_HASH "SHA256=da063e8d99310596a4c369fb010053e391247f2db6cd3fae9e733582923b71c4"
SOURCE_SUBDIR plugins/container
BUILD_IN_SOURCE 1
BUILD_BYPRODUCTS "${CONTAINER_LIBRARY}"
CONFIGURE_COMMAND
${CMAKE_COMMAND} . -DENABLE_ASYNC=OFF -G "${CMAKE_GENERATOR}"
BUILD_COMMAND ${CMAKE_COMMAND} --build . --config ${CMAKE_BUILD_TYPE}
INSTALL_COMMAND ""
)

install(
FILES "${CONTAINER_LIBRARY}"
DESTINATION share/plugins
COMPONENT "${SYSDIG_COMPONENT_NAME}"
)
endif()

endif()
4 changes: 2 additions & 2 deletions cmake/modules/driver.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,8 @@ else()
# In case you want to test against another driver version (or branch, or commit) just pass the variable -
# ie., `cmake -DDRIVER_VERSION=dev ..`
if(NOT DRIVER_VERSION)
set(DRIVER_VERSION "8.0.0+driver")
set(DRIVER_CHECKSUM "SHA256=f35990d6a1087a908fe94e1390027b9580d4636032c0f2b80bf945219474fd6b")
set(DRIVER_VERSION "8.1.0+driver")
set(DRIVER_CHECKSUM "SHA256=182e6787bf86249a846a3baeb4dcd31578b76d4a13efa16ce3f44d66b18a77a6")
endif()

# cd /path/to/build && cmake /path/to/source
Expand Down
4 changes: 2 additions & 2 deletions cmake/modules/falcosecurity-libs.cmake
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,8 @@ else()
# In case you want to test against another falcosecurity/libs version (or branch, or commit) just pass the variable -
# ie., `cmake -DFALCOSECURITY_LIBS_VERSION=dev ..`
if(NOT FALCOSECURITY_LIBS_VERSION)
set(FALCOSECURITY_LIBS_VERSION "0.20.0")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=4ae6ddb42a1012bacd88c63abdaa7bd27ca0143c4721338a22c45597e63bc99d")
set(FALCOSECURITY_LIBS_VERSION "0.21.0")
set(FALCOSECURITY_LIBS_CHECKSUM "SHA256=9e977001dd42586df42a5dc7e7a948c297124865a233402e44bdec68839d322a")
endif()

# cd /path/to/build && cmake /path/to/source
Expand Down
26 changes: 14 additions & 12 deletions userspace/chisel/chisel.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,6 @@ using namespace std;
extern vector<chiseldir_info>* g_chisel_dirs;
extern sinsp_evttables g_infotables;

// todo(jasondellaluce): this list is static and prevents chisels from using
// plugin-defined extraction fields. The right way would be to have a filtercheck
// list owned by each chisel itself and populate depending on the loaded plugins.
static sinsp_filter_check_list s_filterlist;

///////////////////////////////////////////////////////////////////////////////
// For Lua debugging
///////////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -167,12 +162,13 @@ const static struct luaL_Reg ll_evt [] =
///////////////////////////////////////////////////////////////////////////////
// chiselinfo implementation
///////////////////////////////////////////////////////////////////////////////
chiselinfo::chiselinfo(sinsp* inspector)
chiselinfo::chiselinfo(sinsp* inspector, std::shared_ptr<sinsp_filter_check_list> filter_check_list)
{
m_filter = NULL;
m_formatter = NULL;
m_dumper = NULL;
m_inspector = inspector;
m_filter_check_list = filter_check_list;
m_has_nextrun_args = false;
m_end_capture = false;

Expand Down Expand Up @@ -208,8 +204,8 @@ void chiselinfo::init(string filterstr, string formatterstr)

void chiselinfo::set_filter(string filterstr)
{

sinsp_filter_compiler compiler(m_inspector, filterstr);
auto filter_factory = std::make_shared<sinsp_filter_factory>(m_inspector, *m_filter_check_list);
sinsp_filter_compiler compiler(filter_factory, filterstr);
if(m_filter)
{
delete m_filter;
Expand All @@ -232,11 +228,11 @@ void chiselinfo::set_formatter(string formatterstr)

if(formatterstr == "" || formatterstr == "default")
{
m_formatter = new sinsp_evt_formatter(m_inspector, DEFAULT_OUTPUT_STR, s_filterlist);
m_formatter = new sinsp_evt_formatter(m_inspector, DEFAULT_OUTPUT_STR, *m_filter_check_list);
}
else
{
m_formatter = new sinsp_evt_formatter(m_inspector, formatterstr, s_filterlist);
m_formatter = new sinsp_evt_formatter(m_inspector, formatterstr, *m_filter_check_list);
}
}

Expand All @@ -255,7 +251,7 @@ void chiselinfo::set_callback_precise_interval(uint64_t interval)
///////////////////////////////////////////////////////////////////////////////
// chisel implementation
///////////////////////////////////////////////////////////////////////////////
sinsp_chisel::sinsp_chisel(sinsp* inspector, string filename, bool is_file)
sinsp_chisel::sinsp_chisel(sinsp* inspector, std::string filename, bool is_file)
{
m_inspector = inspector;
m_ls = NULL;
Expand Down Expand Up @@ -1224,7 +1220,7 @@ void sinsp_chisel::load(string cmdstr, bool is_file)
//
// Allocate the chisel context for the script
//
m_lua_cinfo = new chiselinfo(m_inspector);
m_lua_cinfo = new chiselinfo(m_inspector, m_filter_check_list);

//
// Set the context globals
Expand Down Expand Up @@ -1449,6 +1445,12 @@ void sinsp_chisel::set_args(vector<pair<string, string>> args)
#endif
}


void sinsp_chisel::set_filter_list(std::shared_ptr<sinsp_filter_check_list> filter_list)
{
m_filter_check_list = std::move(filter_list);
}

void sinsp_chisel::on_init()
{
//
Expand Down
Loading