[Buildroot] [RFC PATCH v2 0/3] Bump sysdig and falco libs

Yann E. MORIN yann.morin.1998 at free.fr
Sun Aug 13 07:34:05 UTC 2023 

Francis, All,

On 2023-08-11 17:27 +0200, Francis Laniel spake thusly:
> With this contribution, I bumped sysdig and falcosecurity-libs.
> Sadly, I am not fully satisfied with the result, hence the fact I marked it as
> RFC because I would like to get your feedback to make it better.
> 
> First of all, sysdig builds and runs:
> Welcome to Buildroot
> buildroot login: root
> # sysdig --version
> sysdig version 0.31.4
> # sysdig | head
> scap: loading out-of-tree module taints kernel.
> scap: driver loading, scap
> scap: adding new consumer (____ptrval____)
> scap: initializing ring buffer for CPU 0
> scap: CPU buffer initialized, size=8388608
> 26 15:12:28.226519423 0 sysdig (108) > switch next=0 pgft_maj=10 pgft_min=1348 vm_size=47288 vm_rss=19408 vm_swap=0
> 27 15:12:28.227409149 0 <NA> (0) > switch next=13 pgft_maj=0 pgft_min=0 vm_size=0 vm_rss=0 vm_swap=0
> ...
> 
> Nonetheless, I had to increase the minimal size of the image as libsinsp.a is
> quite big:
> # du -sh /sysdig/libsinsp.a
> 171.4M  /sysdig/libsinsp.a
> I am not forcefully sure where this library is used, I will investigate and
> maybe we can run everything without it.

There is no need to have static libs (.a files) on the target, as static
libs are only used at linking phase, which happens on the build machine.

So, unless sysdig embeds a linker and generates an executalbe from
those, it should be safe to remove.

> Secondly, I had to tweak heavily the libscap CMakeLists.txt to install several
> shared libraries.
> Indeed, the libraries are compiled as static, but the sysdig binary is not
> static, so it needs plenty of shared libraries to be run from the image.
> I am not really sure what is the best solution here (either compiling sysdig as
> static or not), but in any case my patch for CMakeLists.txt is not really clean.

I don't quite understand this part.

If the libraries are present as static libs at build time, then sysdig
would be statically linked to those, even if sysdig is not itself a
statically linked binary.

Indeed, it's possible to have, say;

    ld libfoo.a libbar.so main.o -o myprogram

where myprogram would then be a dynamically linked executable,, which
would have been linked with libfoo.a and dynamically linked with
libbar.so.

So you'll have to expand a bit on that part...

Ah, I think I understand what you are trying to say: falcosecurity-libs
build libscap.a and does not install it, but sysdig needs to link
against it, right?

If so, then it has nothing to do with the fact that sysdig is not
static, but just about the fact that sysdig needs to link with those
libraries.

I'll also further reply to the sysdig bump...

> Finally, I had to modify the magical number in falcosecurity-libs.mk for
> API_VERSION and SCHEMA_VERSION.
> While this is not really a big pain, I am wondering if this is not possible to
> read the corresponding values from the corresponding files (i.e. API_VERSION and
> SCHEMA_VERSION).
> So, for future update we would not need to take care of it ourselves.

That is what I was going to suggest while reviewing patch 1/3. I'll
reply further there.

Regards,
Yann E. MORIN.

> Changes since:
>  v1:
>   * Removed everything regarding VALIJSON in sysdig.mk.
>   * Bumped first falcosecurity-libs to avoid problem when building it.
>   * Added runtime test for sysdig.
> 
> Francis Laniel (3):
>   package/falcosecurity-libs: bump to version 0.10.5
>   package/sysdig: bump to version 0.31.4
>   support/testing/package: add new test for sysdig
> 
>  .../0002-cmake-Install-shared-libraries.patch | 61 +++++++++++++++++++
>  .../falcosecurity-libs.hash                   |  2 +-
>  .../falcosecurity-libs/falcosecurity-libs.mk  | 10 +--
>  package/sysdig/sysdig.hash                    |  2 +-
>  package/sysdig/sysdig.mk                      |  9 ++-
>  .../testing/tests/package/test_sysdig.config  |  1 +
>  support/testing/tests/package/test_sysdig.py  | 46 ++++++++++++++
>  7 files changed, 122 insertions(+), 9 deletions(-)
>  create mode 100644 package/falcosecurity-libs/0002-cmake-Install-shared-libraries.patch
>  create mode 100644 support/testing/tests/package/test_sysdig.config
>  create mode 100644 support/testing/tests/package/test_sysdig.py
> 
> --
> 2.34.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

More information about the buildroot mailing list