Closed fntlnz closed 4 years ago
Here's the action plan in form of the dependencies we have.
Dates in the dd/mm/yyyy
format.
name | current used version | latest available version | current used release date | latest available release date | project status | ubuntu packages | fedora packages | centos packages | debian packages | arch linux packages | alpine packages | alpine edge packages |
---|---|---|---|---|---|---|---|---|---|---|---|---|
libscap | falco/0.18.0 | falco/0.18.0 | 31/10/2018 | 31/10/2018 | maintained | n/a | n/a | n/a | n/a | n/a | n/a | |
libsinsp | falco/0.18.0 | falco/0.18.0 | 31/10/2018 | 31/10/2018 | maintained | n/a | n/a | n/a | n/a | n/a | n/a | |
zlib | 1.2.11 | 1.2.11 | 15/01/2017 | 15/01/2017 | maintained | zlib1g-dev=1:1.2.11.dfsg-0ubuntu2, zlib1g-dev=1:1.2.11.dfsg-0ubuntu2 | zlib=1.2.11-19.fc30, zlib-devel=1.2.11-19.fc30 | zlib=1.2.11-10.el8, zlib-devel=1.2.11-10.el8 | zlib1g=1:1.2.11.dfsg-1 | zlib=1:1.2.11-4 | zlib-dev-1.2.11-r1, zlib-1.2.11-r1 | zlib-dev-1.2.11-r3, zlib-1.2.11-r3 |
jq | 1.5 | 1.6 | 16/08/2015 | 02/11/2018 | maintained | jq=1.5+dfsg-2, libjq-dev=1.5+dfsg-2 | jq=1.6-2.fc30 | jq=1.5-12.el8 | jq=1.5+dfsg-2+b1 | jq=1.6-2 | jq-dev-1.6-r0, jq-1.6-r0 | jq-dev-1.6-r0, jq-1.6-r0 |
nlohmann-json | 3.3.0 | 3.7.3 | 05/10/2018 | 17/11/2019 | maintained | n/a | n/a | n/a | n/a | n/a | n/a | |
ncurses | 6.0 | 6.1 | 08/08/2015 | 27/01/2018 | maintained | libncurses5-dev=6.1-1ubuntu1.18.04, libncurses5=6.1-1ubuntu1.18.04 | ncurses=6.1-10.20180923.fc30 | ncurses=6.1-7.20180224.el8, ncurses-devel=6.1-7.20180224.el8 | libncurses-dev=6.1+20181013-2+deb10u2 | ncurses=6.1-7 | ncurses-dev-6.1_p20190518-r0, ncurses-6.1_p20190518-r0 | ncurses-dev-6.1_p20191130-r0, ncurses-6.1_p20191130-r0 |
libb64 | 1.2 | 1.2 | 28/06/2013 | 28/06/2013 | unmaintained | libb64-0d=1.2-4, libb64-dev=1.2-4 | libb64-devel=1.2-4.fc30 | n/a | libb64-0d=1.2-5,libb64-dev=1.2-5 | libb64=1.2.1-3 | n/a | n/a |
yamlcpp | 0.6.2 | 0.6.3 | 06/03/2018 | 25/09/2019 | maintained | libyaml-cpp-dev=0.5.2-4ubuntu1 | yaml-cpp=0.6.2-1.fc30, yaml-cpp-devel=0.6.2-1.fc30 | n/a | libyaml-cpp-dev=0.6.2-4, libyaml-cpp0.6=0.6.2-4 | yaml-cpp=0.6.3-1 | yaml-cpp-0.6.2-r2, yaml-cpp-dev-0.6.2-r2 | yaml-cpp-0.6.3-r0 yaml-cpp-dev-0.6.3-r0 |
OpenSSL | 1.0.2n | 1.1.1c | 27/03/2018 | 10/09/2019 | maintained | openssl=1.1.1-1ubuntu2.1~18.04.5 | openssl=1:1.1.1d-2.fc30, openssl-devel=1:1.1.1d-2.fc30 | openssl=1:1.1.1-8.el8, openssl-devel=1:1.1.1-8.el8 | openssl=1.1.1d-0+deb10u2 | openssl=1.1.1.d-2 | openssl-1.1.1d-r0 | openssl-1.1.1d-r2 |
libcurl | 7.61.0 | 7.67.0 | 16/07/2018 | 06/11/2019 | maintained | curl=7.58.0-2ubuntu3.8 | libcurl=7.65.3-4.fc30, libcurl-devel=7.65.3-4.fc30 | libcurl=7.61.1-8.el8, libcurl-devel=7.61.1-8.el8 | libcurl4=7.64.0-4 | curl=7.67.0-3 | libcurl-7.66.0-r0, curl-dev-7.66.0-r0 | libcurl-7.67.0-r0, curl-dev-7.67.0-r0 |
LuaJIT | 2.0.3 | 2.0.5 | 19/02/2013 | 01/05/2017 | maintained | luajit=2.1.0~beta3+dfsg-5.1 | luajit=2.1.0-0.9beta3.fc30, luajit-devel=2.1.0-0.9beta3.fc30 | n/a | luajit=2.1.0~beta3+dfsg-5.1 | luajit=2.0.5-2 | luajit-2.1.0_beta3-r4, luajit-dev-2.1.0_beta3-r4 | luajit-2.1.0_beta3-r5, luajit-dev-2.1.0_beta3-r5 |
lpeg | 1.0 | 1.2 | nd | nd | nd | lua-lpeg-dev=1.0.0-2ubuntu0.18.04.1, lua-lpeg=1.0.0-2ubuntu0.18.04.1 | lua-lpeg=1.0.1-10.fc30 | lua-lpeg=1.0.1-6.el8 | lua-lpeg-dev=1.0.0-2, lua-lpeg=1.0.0-2 | lua-lpeg=1.0.2-1 | lua-lpeg-dev-1.0.1-r4, lua-lpeg-1.0.1-r4 | lua-lpeg-dev-1.0.1-r4, lua-lpeg-1.0.1-r4 |
Libyaml | 0.1.4 | 0.2.2 | 24/12/2012 | 13/03/2019 | maintained | libyaml-dev=0.1.7-2ubuntu3 | libyaml=0.2.1-5.fc30, libyaml-devel=0.2.1-5.fc30 | libyaml=0.1.7-5.el8 | libyaml-dev=0.2.1-1, libyaml-0-2=0.2.1-1 | libyaml=0.2.2-1 | yaml-0.2.2-r1 | yaml-0.2.2-r1 |
lyaml | 6.0 | 6.2.4 | 27/07/2015 | 21/07/2019 | maintained | n/a | n/a | n/a | n/a | n/a | lua-lyaml-6.2-r3 | lua-lyaml-6.2-r3 |
civetweb | 1.11 | 1.11 | 10/09/2018 | 10/09/2018 | maintained | n/a | n/a | n/a | n/a | n/a | ||
cares | 1.13.0 | 1.15.0 | 20/06/2017 | 23/10/2018 | maintained | libc-ares2=1.14.0-1, libc-ares-dev=1.14.0-1 | c-ares=1.15.0-3.fc30, c-ares-devel=1.15.0-3.fc30 | c-ares=1.13.0-5.el8, c-ares-devel=1.13.0-5.el8 | libc-ares2=1.14.0-1,libc-ares-dev=1.14.0-1 | c-ares=1.15.0-1 | c-ares-dev-1.15.0-r0, c-ares-1.15.0-r0 | c-ares-1.15.0-r0 c-ares-dev-1.15.0-r0 |
protobuf | 3.8.0 | 3.11.1 | 29/05/2019 | 03/12/2019 | maintained | libprotobuf-dev=3.0.0-9.1ubuntu1 | protobuf=3.6.1-3.fc30 | protobuf=3.5.0-7.el8 | libprotobuf-dev=3.6.1.3-2 | protobuf=3.10.1-1 | protobuf-3.6.1-r1 | protobuf-c-1.3.2-r3, protobuf-dev-3.11.1-r0 |
tbb | 2018_U5 | 2019_U9 | 19/06/2018 | 10/10/2019 | maintained | libtbb-dev=2017~U7-8, libtbb2=2017~U7-8 | tbb-devel=2019.8-3.fc30, tbb=2019.8-3.fc30 | tbb=2018.2-9.el8, tbb-dev=2018.2-9.el8 | libtbb-dev=2018~U6-4, libtbb2=2018~U6-4 | libbtbb=2018.12.R1-1 | n/a | n/a |
gRPC | 1.25.0 | 1.25.0 | 06/11/2019 | 06/11/2019 | maintained | libgrpc-dev=1.3.2-1.1~build1, libgrpc++1=1.3.2-1.1~build1 | grpc=1.18.0-2.fc30, grpc-devel=1.18.0-2.fc30 | n/a | libgrpc-dev=1.16.1-1, libgrpc6=1.16.1-1 | grpc=1.25.0-3 | n/a | grpc-dev-1.25.0-r1, grpc-1.25.0-r1 |
Appendix
I also added release dates to emphasize the fact that having the OS dealing with dependencies and dependencies dependencies is a better idea than doing it ourselves, we even have dependencies as old as 2012.
libscap
and libsinsp
will still be compiled into Falco but their dependencies will be not. As an alternative in future we can look into installing the Sysdig package as a whole but doesn't seem convenient from a user point of view because they will then have all the other sysdig tooling while they only wanted Falco. A better alternative would be to split libsinsp and libscap from the Sysdig repository and let them have their own packages.
IMPORTANT: It's important to note that OpenSSL has different release series, the LTS we use now, 1.0.2
is EOL on Dec 31th 2019 - read here - this is why in the list I went with the 1.1.1c
as latest available.
Talking with @leodido - we acknowledge that when we are ready with the Inputs API (can replace civetweb with an HTTP external Input), we do a gRPC output Webhook, and the new rules engine we can drop: civetweb
, lyaml
, libyaml
, lpeg
, LuaJIT
, cURL
.
Not sure if we need b64
still, and we can send a patch to libscap
to avoid ncurses
in builds that don't use that feature
for nlohmann-json
we will keep building it since it's an header-only dependency
I already see our builds going from 40 minutes to 1
For future documentation purposes, to build, Falco also requires the openssl binary to be available in the system when using the new dynamic configuration.
We might want to check out the AUR as well once this is simplified
Another dependency we need to have is the cpack
binary whenever the user want to create deb and rpm packages. Along with rpmbuild
for rpm packages.
What would you like to be added:
At the moment, the main Falco
CMakeLists.txt
and its children have hard-coded compilation flags to always compile falco as a static binary.While has its advantages (no extra dependencies), using static binaries as a packaging medium can be cause of any sort of issues, like:
Of course, one might say: "Yes but packaging becomes more difficult"
I would argue with that, we have three main distribution mediums:
For the rpm and deb package we can easily declare their dependencies in them instead.
For the container image we can install the needed dependencies directly in the container.
This does not affect the kernel module and the bpf probe. FTR I'm trying to refactor the bpf probe in a "compile once and run everywhere" fashion in issue #942 .
Why is this needed:
Because we all deserve better builds.