1. photon
  2. Blame
SPECS/falco/falco.spec
dbfa3103 
 %global security_hardening none
777972ab 
 Summary:        The Behavioral Activity Monitor With Container Support
 Name:           falco
aecc7617 
 Version:        0.8.1
 Release:        1%{?kernelsubrelease}%{?dist}
a6a94bc2 
 License:        GPLv2
777972ab 
 URL:            http://www.sysdig.org/falco/
a6a94bc2 
 Group:          Applications/System
777972ab 
 Vendor:         VMware, Inc.
 Distribution:   Photon
 Source0:        https://github.com/draios/%{name}/archive/%{name}-%{version}.tar.gz
aecc7617 
 %define sha1    falco=7873d34769656349678584502296b147aa5445fa
 Source1:        https://github.com/draios/sysdig/archive/sysdig-0.19.1.tar.gz
 %define sha1    sysdig=425ea9fab8e831274626a9c9e65f0dfb4f9bc019
51554638 
 Source2:        http://libvirt.org/sources/libvirt-2.0.0.tar.xz
777972ab 
 %define sha1    libvirt=9a923b06df23f7a5526e4ec679cdadf4eb35a38f
 BuildRequires:  cmake
 BuildRequires:  openssl-devel
 BuildRequires:  curl-devel
 BuildRequires:  zlib-devel
 BuildRequires:  ncurses-devel
 BuildRequires:  linux-devel = %{KERNEL_VERSION}-%{KERNEL_RELEASE}
a6a94bc2 
 BuildRequires:  libgcrypt
dbfa3103 
 BuildRequires:  sysdig
 BuildRequires:  git
 BuildRequires:  lua-devel
 BuildRequires:  libyaml-devel
 BuildRequires:  linux-api-headers
a6a94bc2 
 BuildRequires:  wget
51554638 
 %if %{with_check}
 BuildRequires:  dkms
 BuildRequires:  xz-devel
 BuildRequires:  jq
 %endif
777972ab 
 Requires:       zlib
 Requires:       ncurses
 Requires:       openssl
 Requires:       curl
 Requires:       libyaml
 Requires:       lua
 Requires:       sysdig
5a751e16 
 Requires:       dkms
51554638
dbfa3103 
 %description
 Sysdig falco is an open source, behavioral activity monitor designed to detect anomalous activity in your applications. Falco lets you continuously monitor and detect container, application, host, and network activity... all in one place, from one source of data, with one set of customizable rules. 
 
 %prep
 %setup
 %setup -T -D -a 1
51554638 
 tar xf %{SOURCE2} --no-same-owner
dbfa3103 
 %build
aecc7617 
 mv sysdig-0.19.1 ../sysdig
a6a94bc2 
 sed -i 's|../falco/rules|rules|g' userspace/engine/CMakeLists.txt
 sed -i 's|../falco/userspace|userspace|g' userspace/engine/config_falco_engine.h.in
dbfa3103 
 cmake -DCMAKE_INSTALL_PREFIX=%{_prefix} CMakeLists.txt
bf36478b 
 make KERNELDIR="/lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/build"
dbfa3103 
 
 %install
bf36478b 
 make install KERNELDIR="/lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/build" DESTDIR=%{buildroot}
5a751e16 
 mkdir -p %{buildroot}/lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/extra
 mv driver/falco-probe.ko %{buildroot}/lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/extra
 sed -i 's|/var/lib/dkms/$PACKAGE_NAME/$SYSDIG_VERSION/$KERNEL_RELEASE/$ARCH/module/$PROBE_NAME.ko|/lib/modules/$KERNEL_RELEASE/extra/$PROBE_NAME.ko|g' %{buildroot}/usr/bin/falco-probe-loader
dbfa3103
f5cd7d36 
 #falco requires docker instance and dpkg to pass make check.
 #%check
51554638 
 #easy_install pip
 #pip install 'stevedore>=0.14'
 #pip install 'avocado-framework<=36.0'
 #pip install fabric
 #pip install aexpect
 #pip install pystache
 #test/run_regression_tests.sh
98f63cc4
dbfa3103 
 %clean
 rm -rf %{buildroot}/*
 
 %files
 %defattr(-,root,root)
9c4dd492 
 %{_bindir}/*
bf36478b 
 %exclude %{_usrsrc}
 %{_sysconfdir}/*
9c4dd492 
 %{_datadir}/*
5a751e16 
 /lib/modules/%{KERNEL_VERSION}-%{KERNEL_RELEASE}/extra/falco-probe.ko
dbfa3103 
 
 %changelog
aecc7617 
 *   Tue Jan 02 2018 Alexey Makhalov <amakhalov@vmware.com> 0.8.1-1
 -   Version update to build against linux-4.14.y kernel
51554638 
 *   Thu Aug 24 2017 Rui Gu <ruig@vmware.com> 0.6.0-3
 -   Disable check section (Bug 1900272).
5a751e16 
 *   Thu May 11 2017 Chang Lee <changlee@vmware.com> 0.6.0-2
 -   Add falco-probe.ko and change falco-probe.ko path in falco-probe-loader
a6a94bc2 
 *   Mon Apr 03 2017 Chang Lee <changlee@vmware.com> 0.6.0-1
 -   Update to version 0.6.0
198b18db 
 *   Wed Jan 11 2017 Alexey Makhalov <amakhalov@vmware.com> 0.2.0-7
 -   Fix building for linux-4.9.2
777972ab 
 *   Mon Dec 19 2016 Xiaolin Li <xiaolinl@vmware.com> 0.2.0-6
 -   BuildRequires curl-devel
fc081194 
 *   Thu Dec 15 2016 Alexey Makhalov <amakhalov@vmware.com> 0.2.0-5
 -   Fix building for linux-4.9
bf36478b 
 *   Wed Nov 30 2016 Alexey Makhalov <amakhalov@vmware.com> 0.2.0-4
 -   Expand uname -r to have release number
 -   Exclude /usr/src
 *   Fri Sep  2 2016 Alexey Makhalov <amakhalov@vmware.com> 0.2.0-3
 -   Use KERNEL_VERSION macro
 *   Wed Jul 27 2016 Divya Thaluru <dthaluru@vmware.com> 0.2.0-2
 -   Removed packaging of debug files
 *   Tue Jun 28 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 0.2.0-1
 -   Initial build. First version