Adds falco 0.39.0 and falcoctl 0.10.0 rocks

Note that the Dockerfiles are identical to the previous versions. Thus, the rockfiles are also the same. Falco 0.39.0 comes with falcoctl 0.10.0, which is why we're building that version as well. Added the new versions into the sanity and integration tests.
canonical · Oct 3, 2024 · 66a9628 · 66a9628
1 parent 650a6da
commit 66a9628
Show file tree

Hide file tree

Showing 6 changed files with 227 additions and 9 deletions.
diff --git a/falco/0.39.0/rockcraft.yaml b/falco/0.39.0/rockcraft.yaml
@@ -0,0 +1,132 @@
+# Copyright 2024 Canonical, Ltd.
+# See LICENSE file for licensing details
+
+# Based on: https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile
+name: falco
+summary: Falco rock
+description: |
+    A rock containing Falco.
+
+    Falco is a cloud native runtime security tool for Linux operating systems. It is designed
+    to detect and alert on abnormal behavior and potential security threats in real-time.
+license: Apache-2.0
+version: 0.39.0
+
+base: [email protected]
+build-base: [email protected]
+
+platforms:
+  amd64:
+  arm64:
+
+environment:
+  # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L12-L16
+  VERSION_BUCKET: deb
+  FALCO_VERSION: 0.39.0
+  HOST_ROOT: /host
+  HOME: /root
+
+# Services to be loaded by the Pebble entrypoint.
+services:
+  falco:
+    summary: "falco service"
+    override: replace
+    startup: enabled
+    command: "/docker-entrypoint.sh /usr/bin/falco [ --help ]"
+    on-success: shutdown
+    on-failure: shutdown
+
+entrypoint-service: falco
+
+parts:
+  build-falco:
+    plugin: nil
+    source: https://github.com/falcosecurity/falco
+    source-type: git
+    source-tag: $CRAFT_PROJECT_VERSION
+    source-depth: 1
+    build-packages:
+      # https://falco.org/docs/developer-guide/source/
+      - git
+      - cmake
+      - clang
+      - build-essential
+      - linux-tools-common
+      - linux-tools-generic
+      - libelf-dev
+      - llvm
+      # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
+      # this version of gcc. Thus, we're building with gcc 12.
+      # xref: https://github.com/apache/arrow/issues/36969
+      - gcc-12
+      - g++-12
+    stage-packages:
+      # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L20-L42
+      - bc
+      - bison
+      - ca-certificates
+      - clang
+      - curl
+      - dkms
+      - dwarves
+      - flex
+      - gcc
+      - gcc-11
+      - gnupg2
+      - jq
+      - libc6-dev
+      - libelf-dev
+      - libssl-dev
+      - llvm
+      - make
+      - netcat-openbsd
+      - patchelf
+      - xz-utils
+      - zstd
+    build-environment:
+      - GOOS: linux
+      - GOARCH: $CRAFT_ARCH_BUILD_FOR
+      - HOST_ROOT: /host
+    override-build: |
+      # Installing additional packages here because of the $(uname -r) part. We need that for
+      # build idempotency, so we can build locally *and* in the CI.
+      # linux-tools and linux-cloud-tools are required for building BPF.
+      apt install linux-headers-$(uname -r) linux-tools-$(uname -r) linux-cloud-tools-$(uname -r)
+
+      # https://falco.org/docs/developer-guide/source/
+      mkdir -p build
+      pushd build
+      # On ubuntu-24.04, we have gcc 13, and abseil (grpc's dependency) fails to build with
+      # this version of gcc. Thus, we're building with gcc 12.
+      # xref: https://github.com/apache/arrow/issues/36969
+      update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-12 12 --slave /usr/bin/g++ g++ /usr/bin/g++-12
+
+      # Based on: https://github.com/falcosecurity/falco/blob/0.39.0/.github/workflows/reusable_build_packages.yaml#L105
+      cmake -S .. \
+        -DUSE_BUNDLED_DEPS=On \
+        -DBUILD_BPF=On \
+        -DFALCO_ETC_DIR=/etc/falco \
+        -DBUILD_DRIVER=Off \
+        -DCREATE_TEST_TARGETS=Off
+      make falco -j6
+
+      # Generate the .deb file.
+      # make package will also generate the .tar.gz amd .rpm files, which we do not need,
+      # so we call cpack ourselves.
+      # make package depends on the preinstall target.
+      make preinstall
+      cpack --config ./CPackConfig.cmake -G DEB
+      popd
+
+      # Unpack the .deb into the install directory.
+      dpkg-deb --extract build/falco-*.deb ${CRAFT_PART_INSTALL}/
+
+      # Change the falco config within the container to enable ISO 8601 output.
+      # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L52
+      sed -i -e 's/time_format_iso_8601: false/time_format_iso_8601: true/' ${CRAFT_PART_INSTALL}/etc/falco/falco.yaml
+
+      # https://github.com/falcosecurity/falco/blob/0.39.0/docker/falco/Dockerfile#L61
+      mkdir -p ${CRAFT_PART_INSTALL}/lib
+      ln -s $HOST_ROOT/lib/modules ${CRAFT_PART_INSTALL}/lib/modules
+
+      cp docker/falco/docker-entrypoint.sh ${CRAFT_PART_INSTALL}/
diff --git a/falcoctl/0.10.0/falcoctl-entrypoint.sh b/falcoctl/0.10.0/falcoctl-entrypoint.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+# Required to prevent Pebble from considering the service to have
+# exited too quickly to be worth restarting or respecting the
+# "on-failure: shutdown" directive and thus hanging indefinitely:
+# https://github.com/canonical/pebble/issues/240#issuecomment-1599722443
+sleep 1.1
+
+/usr/bin/falcoctl $@
diff --git a/falcoctl/0.10.0/rockcraft.yaml b/falcoctl/0.10.0/rockcraft.yaml
@@ -0,0 +1,67 @@
+# Copyright 2024 Canonical, Ltd.
+# See LICENSE file for licensing details
+
+# Based on: https://github.com/falcosecurity/falcoctl/blob/v0.10.0/build/Dockerfile
+name: falcoctl
+summary: falcoctl rock
+description: |
+    A rock containing falcoctl.
+
+    falcoctl is the official CLI tool for working with Falco and its ecosystem components.
+license: Apache-2.0
+version: 0.10.0
+
+base: [email protected]
+build-base: [email protected]
+run-user: _daemon_
+
+platforms:
+  amd64:
+  arm64:
+
+environment:
+  APP_VERSION: 0.10.0
+
+# Services to be loaded by the Pebble entrypoint.
+services:
+  falcoctl:
+    summary: "falcoctl service"
+    override: replace
+    startup: enabled
+    command: "/falcoctl-entrypoint.sh [ --help ]"
+    on-success: shutdown
+    on-failure: shutdown
+
+entrypoint-service: falcoctl
+
+parts:
+  build-falcoctl:
+    plugin: go
+    source: https://github.com/falcosecurity/falcoctl
+    source-type: git
+    source-tag: v${CRAFT_PROJECT_VERSION}
+    source-depth: 1
+    stage-packages:
+      # Required by falcoctl in order to verify certificates.
+      - ca-certificates
+    build-snaps:
+      - go/1.23/stable
+    build-environment:
+      - CGO_ENABLED: 0
+      - GOOS: linux
+      - GOARCH: $CRAFT_ARCH_BUILD_FOR
+      - VERSION: $CRAFT_PROJECT_VERSION
+      - PROJECT: github.com/falcosecurity/falcoctl
+      - LDFLAGS: -X $PROJECT/cmd/version.semVersion=$VERSION -X $PROJECT/cmd/version.buildDate="\"$(date -u +'%Y-%m-%dT%H:%M:%SZ')\"" -s -w
+    override-build: |
+      mkdir -p ${CRAFT_PART_INSTALL}/usr/bin/
+      go mod download
+      go build -o ${CRAFT_PART_INSTALL}/usr/bin/ -ldflags "${LDFLAGS}" .
+
+  add-falcoctl-entrypoint:
+    plugin: nil
+    override-build: |
+      # Running falcoctl directly may finish sooner than 1 second, which means Pebble will just
+      # hang around and not finish, which is undesirable for an init container.
+      # We're setting this as the entrypoint, which will just pass the arguments to falcoctl + 1.1s sleep.
+      cp $CRAFT_PROJECT_DIR/falcoctl-entrypoint.sh ${CRAFT_PART_INSTALL}/
diff --git a/tests/integration/test_falco.py b/tests/integration/test_falco.py
@@ -6,12 +6,21 @@
 import logging
 import time
 
+import pytest
 from k8s_test_harness import harness
 from k8s_test_harness.util import constants, env_util, k8s_util
 
 LOG = logging.getLogger(__name__)
 
 
+_FALCOCTL_VERSIONS = {
+    # Based on the Falco releases.
+    # falco_version: falcoctl_version
+    "0.38.2": "0.9.0",
+    "0.39.0": "0.10.0",
+}
+
+
 def _get_event_generator_helm_cmd():
     return k8s_util.get_helm_install_command(
         "event-generator",
@@ -25,13 +34,13 @@ def _get_event_generator_helm_cmd():
     )
 
 
-def _get_falco_helm_cmd(image_version: str):
+def _get_falco_helm_cmd(falco_version: str):
     falco_rock = env_util.get_build_meta_info_for_rock_version(
-        "falco", image_version, "amd64"
+        "falco", falco_version, "amd64"
     )
 
     falcoctl_rock = env_util.get_build_meta_info_for_rock_version(
-        "falcoctl", "0.9.0", "amd64"
+        "falcoctl", _FALCOCTL_VERSIONS[falco_version], "amd64"
     )
 
     images = [
@@ -94,9 +103,10 @@ def _assert_falco_logs(instance: harness.Instance):
     assert False, "Expected Falco logs to contain Warnings, based on event-generator"
 
 
-def test_integration_falco(function_instance: harness.Instance):
+@pytest.mark.parametrize("image_version", ["0.38.2", "0.39.0"])
+def test_integration_falco(function_instance: harness.Instance, image_version):
     # Deploy Falco helm chart and wait for it to become active.
-    function_instance.exec(_get_falco_helm_cmd("0.38.2"))
+    function_instance.exec(_get_falco_helm_cmd(image_version))
 
     # Wait for the daemonset to become Active.
     k8s_util.wait_for_daemonset(function_instance, "falco", "falco", retry_times=10)

diff --git a/tests/sanity/test_falco.py b/tests/sanity/test_falco.py
@@ -18,9 +18,9 @@
 ]
 
 
-@pytest.mark.parametrize("image_version", ["0.38.2"])
-def test_falco_rock(image_version):
-    """Test falco rock."""
+@pytest.mark.parametrize("image_version", ["0.38.2", "0.39.0"])
+def test_falco_rock(rock_name, image_version):
+    """Test falco rocks."""
     rock = env_util.get_build_meta_info_for_rock_version(
         "falco", image_version, "amd64"
     )

diff --git a/tests/sanity/test_falcoctl.py b/tests/sanity/test_falcoctl.py
@@ -7,7 +7,7 @@
 from k8s_test_harness.util import docker_util, env_util
 
 
-@pytest.mark.parametrize("image_version", ["0.9.0"])
+@pytest.mark.parametrize("image_version", ["0.9.0", "0.10.0"])
 def test_falcoctl_rock(image_version):
     """Test falcoctl rock."""
     rock = env_util.get_build_meta_info_for_rock_version(