From 27f407b4bbaf29a3c5b9daa0a69f01bb9659e74c Mon Sep 17 00:00:00 2001
From: 06kellyjac <dev@j-k.io>
Date: Wed, 5 Apr 2023 10:47:26 +0100
Subject: [PATCH] tracee: 0.11.0 -> 0.13.0

Also split out into separate outputs and dropped tracee-*
binaries due to the new single tracee binary

Mark aarch64-linux as officially supported
---
 nixos/tests/tracee.nix                        | 12 ++-
 pkgs/tools/security/tracee/default.nix        | 33 +++----
 .../security/tracee/use-our-libbpf.patch      | 91 +------------------
 pkgs/top-level/all-packages.nix               |  4 +-
 4 files changed, 31 insertions(+), 109 deletions(-)

diff --git a/nixos/tests/tracee.nix b/nixos/tests/tracee.nix
index 1609d3abc69f..8ec86ef091ef 100644
--- a/nixos/tests/tracee.nix
+++ b/nixos/tests/tracee.nix
@@ -1,5 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
   name = "tracee-integration";
+  meta.maintainers = pkgs.tracee.meta.maintainers;
+
   nodes = {
     machine = { config, pkgs, ... }: {
       # EventFilters/trace_only_events_from_new_containers and
@@ -7,11 +9,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
       # require docker/dockerd
       virtualisation.docker.enable = true;
 
-      environment.systemPackages = [
+      environment.systemPackages = with pkgs; [
         # required by Test_EventFilters/trace_events_from_ls_and_which_binary_in_separate_scopes
-        pkgs.which
+        which
         # build the go integration tests as a binary
-        (pkgs.tracee.overrideAttrs (oa: {
+        (tracee.overrideAttrs (oa: {
           pname = oa.pname + "-integration";
           postPatch = oa.postPatch or "" + ''
             # prepare tester.sh (which will be embedded in the test binary)
@@ -20,10 +22,11 @@ import ./make-test-python.nix ({ pkgs, ... }: {
             # fix the test to look at nixos paths for running programs
             substituteInPlace tests/integration/integration_test.go \
               --replace "bin=/usr/bin/" "comm=" \
+              --replace "binary=/usr/bin/" "comm=" \
               --replace "/usr/bin/dockerd" "dockerd" \
               --replace "/usr/bin" "/run/current-system/sw/bin"
           '';
-          nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ pkgs.makeWrapper ];
+          nativeBuildInputs = oa.nativeBuildInputs or [ ] ++ [ makeWrapper ];
           buildPhase = ''
             runHook preBuild
             # just build the static lib we need for the go test binary
@@ -34,6 +37,7 @@ import ./make-test-python.nix ({ pkgs, ... }: {
             runHook postBuild
           '';
           doCheck = false;
+          outputs = [ "out" ];
           installPhase = ''
             mkdir -p $out/bin
             mv $GOPATH/tracee-integration $out/bin/
diff --git a/pkgs/tools/security/tracee/default.nix b/pkgs/tools/security/tracee/default.nix
index 89a8ba6bcc2f..bf1525d71e94 100644
--- a/pkgs/tools/security/tracee/default.nix
+++ b/pkgs/tools/security/tracee/default.nix
@@ -2,7 +2,7 @@
 , buildGoModule
 , fetchFromGitHub
 
-, llvmPackages_13
+, clang
 , pkg-config
 
 , zlib
@@ -14,20 +14,17 @@
 , tracee
 }:
 
-let
-  inherit (llvmPackages_13) clang;
-in
 buildGoModule rec {
   pname = "tracee";
-  version = "0.11.0";
+  version = "0.13.0";
 
   src = fetchFromGitHub {
     owner = "aquasecurity";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-fAbii/DEXx9WJpolc7amqF9TQj4oE5x0TCiNOtVasGo=";
+    hash = "sha256-55+eyulFbzR2ZzKbTN5sHIickpwXY8eJDDzf6Gzwhsk=";
   };
-  vendorSha256 = "sha256-eenhIsiJhPLgwJo2spIGURPkcsec3kO4L5UJ0FWniQc=";
+  vendorHash = "sha256-qEubjzYGdiBntPOJw8dR/THcvK2Bml97SXHImIWbDm0=";
 
   patches = [
     ./use-our-libbpf.patch
@@ -59,15 +56,16 @@ buildGoModule rec {
   # see passthru.tests.integration
   doCheck = false;
 
+  outputs = [ "out" "lib" "share" ];
+
   installPhase = ''
     runHook preInstall
 
-    mkdir -p $out/{bin,share/tracee}
+    mkdir -p $out/bin $lib/lib/tracee $share/share/tracee
 
-    mv ./dist/tracee-{ebpf,rules} $out/bin/
-
-    mv ./dist/rules $out/share/tracee/
-    mv ./cmd/tracee-rules/templates $out/share/tracee/
+    mv ./dist/tracee $out/bin/
+    mv ./dist/tracee.bpf.core.o $lib/lib/tracee/
+    mv ./cmd/tracee-rules/templates $share/share/tracee/
 
     runHook postInstall
   '';
@@ -76,10 +74,8 @@ buildGoModule rec {
   installCheckPhase = ''
     runHook preInstallCheck
 
-    $out/bin/tracee-ebpf --help
-    $out/bin/tracee-ebpf --version | grep "v${version}"
-
-    $out/bin/tracee-rules --help
+    $out/bin/tracee --help
+    $out/bin/tracee --version | grep "v${version}"
 
     runHook postInstallCheck
   '';
@@ -89,7 +85,7 @@ buildGoModule rec {
     version = testers.testVersion {
       package = tracee;
       version = "v${version}";
-      command = "tracee-ebpf --version";
+      command = "tracee --version";
     };
   };
 
@@ -111,6 +107,7 @@ buildGoModule rec {
       gpl2Plus
     ];
     maintainers = with maintainers; [ jk ];
-    platforms = [ "x86_64-linux" ];
+    platforms = [ "x86_64-linux" "aarch64-linux" ];
+    outputsToInstall = [ "out" "share" ];
   };
 }
diff --git a/pkgs/tools/security/tracee/use-our-libbpf.patch b/pkgs/tools/security/tracee/use-our-libbpf.patch
index 562bdb6e09f0..00d91ca6e3b3 100644
--- a/pkgs/tools/security/tracee/use-our-libbpf.patch
+++ b/pkgs/tools/security/tracee/use-our-libbpf.patch
@@ -1,5 +1,5 @@
 diff --git a/Makefile b/Makefile
-index c72cf63d..e96b7eed 100644
+index d7596a1a..dd7b97b6 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -50,6 +50,7 @@ CMD_STATICCHECK ?= staticcheck
@@ -10,18 +10,7 @@ index c72cf63d..e96b7eed 100644
  LIB_ELF ?= libelf
  LIB_ZLIB ?= zlib
  
-@@ -172,10 +173,6 @@ env:
- 	@echo "KERN_BUILD_PATH          $(KERN_BUILD_PATH)"
- 	@echo "KERN_SRC_PATH            $(KERN_SRC_PATH)"
- 	@echo ---------------------------------------
--	@echo "LIBBPF_CFLAGS            $(LIBBPF_CFLAGS)"
--	@echo "LIBBPF_LDLAGS            $(LIBBPF_LDFLAGS)"
--	@echo "LIBBPF_SRC               $(LIBBPF_SRC)"
--	@echo ---------------------------------------
- 	@echo "STATIC                   $(STATIC)"
- 	@echo ---------------------------------------
- 	@echo "BPF_VCPU                 $(BPF_VCPU)"
-@@ -274,8 +271,6 @@ OUTPUT_DIR = ./dist
+@@ -279,8 +280,6 @@ OUTPUT_DIR = ./dist
  $(OUTPUT_DIR):
  #
  	@$(CMD_MKDIR) -p $@
@@ -30,61 +19,7 @@ index c72cf63d..e96b7eed 100644
  
  #
  # embedded btfhub
-@@ -286,37 +281,6 @@ $(OUTPUT_DIR)/btfhub:
- 	@$(CMD_MKDIR) -p $@
- 	@$(CMD_TOUCH) $@/.place-holder # needed for embed.FS
- 
--#
--# libbpf
--#
--
--LIBBPF_CFLAGS = "-fPIC"
--LIBBPF_LDLAGS =
--LIBBPF_SRC = ./3rdparty/libbpf/src
--
--$(OUTPUT_DIR)/libbpf/libbpf.a: \
--	$(LIBBPF_SRC) \
--	$(wildcard $(LIBBPF_SRC)/*.[ch]) \
--	| .checkver_$(CMD_CLANG) $(OUTPUT_DIR)
--#
--	CC="$(CMD_CLANG)" \
--		CFLAGS="$(LIBBPF_CFLAGS)" \
--		LD_FLAGS="$(LIBBPF_LDFLAGS)" \
--		$(MAKE) \
--		-C $(LIBBPF_SRC) \
--		BUILD_STATIC_ONLY=1 \
--		DESTDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/) \
--		OBJDIR=$(abspath ./$(OUTPUT_DIR)/libbpf/obj) \
--		INCLUDEDIR= LIBDIR= UAPIDIR= prefix= libdir= \
--		install install_uapi_headers
--
--$(LIBBPF_SRC): \
--	| .check_$(CMD_GIT)
--#
--ifeq ($(wildcard $@), )
--	@$(CMD_GIT) submodule update --init --recursive
--endif
--
- #
- # non co-re ebpf
- #
-@@ -333,7 +297,6 @@ BPF_NOCORE_TAG = $(subst .,_,$(KERN_RELEASE)).$(subst .,_,$(VERSION))
- bpf-nocore: $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o
- 
- $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
--	$(OUTPUT_DIR)/libbpf/libbpf.a \
- 	$(TRACEE_EBPF_OBJ_SRC)
- #
- 	MAKEFLAGS="--no-print-directory"
-@@ -351,7 +314,6 @@ $(OUTPUT_DIR)/tracee.bpf.$(BPF_NOCORE_TAG).o: \
- 		-I $(KERN_SRC_PATH)/include/uapi \
- 		-I $(KERN_BUILD_PATH)/include/generated \
- 		-I $(KERN_BUILD_PATH)/include/generated/uapi \
--		-I $(OUTPUT_DIR)/libbpf \
- 		-I ./3rdparty/include \
- 		-Wunused \
- 		-Wall \
-@@ -412,7 +374,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
+@@ -418,7 +417,6 @@ TRACEE_EBPF_OBJ_CORE_HEADERS = $(shell find pkg/ebpf/c -name *.h)
  bpf-core: $(OUTPUT_DIR)/tracee.bpf.core.o
  
  $(OUTPUT_DIR)/tracee.bpf.core.o: \
@@ -92,15 +27,7 @@ index c72cf63d..e96b7eed 100644
  	$(TRACEE_EBPF_OBJ_SRC) \
  	$(TRACEE_EBPF_OBJ_CORE_HEADERS)
  #
-@@ -421,7 +382,6 @@ $(OUTPUT_DIR)/tracee.bpf.core.o: \
- 		-D__BPF_TRACING__ \
- 		-DCORE \
- 		-I./pkg/ebpf/c/ \
--		-I$(OUTPUT_DIR)/libbpf/ \
- 		-I ./3rdparty/include \
- 		-target bpf \
- 		-O2 -g \
-@@ -447,8 +407,8 @@ ifeq ($(STATIC), 1)
+@@ -453,8 +451,8 @@ ifeq ($(STATIC), 1)
      GO_TAGS_EBPF := $(GO_TAGS_EBPF),netgo
  endif
  
@@ -111,7 +38,7 @@ index c72cf63d..e96b7eed 100644
  
  GO_ENV_EBPF =
  GO_ENV_EBPF += GOOS=linux
-@@ -468,6 +428,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
+@@ -474,6 +472,7 @@ $(OUTPUT_DIR)/tracee-ebpf: \
  	$(TRACEE_EBPF_SRC) \
  	./embedded-ebpf.go \
  	| .checkver_$(CMD_GO) \
@@ -119,11 +46,3 @@ index c72cf63d..e96b7eed 100644
  	.checklib_$(LIB_ELF) \
  	.checklib_$(LIB_ZLIB) \
  	btfhub
-@@ -658,7 +619,6 @@ test-rules: \
- .PHONY: test-upstream-libbpfgo
- test-upstream-libbpfgo: \
- 	.checkver_$(CMD_GO) \
--	$(OUTPUT_DIR)/libbpf/libbpf.a
- #
- 	./tests/libbpfgo.sh $(GO_ENV_EBPF)
- 
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 0e7a5db803b7..feae479eccdc 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -12971,7 +12971,9 @@ with pkgs;
 
   tracebox = callPackage ../tools/networking/tracebox { stdenv = gcc10StdenvCompat; };
 
-  tracee = callPackage ../tools/security/tracee { };
+  tracee = callPackage ../tools/security/tracee {
+    clang = clang_14;
+  };
 
   tracefilegen = callPackage ../development/tools/analysis/garcosim/tracefilegen { };