commit ffca79e2acfea78b33f24996369291fee27108fbbd24930acfe9671d4692e236 Author: Dirk Stoecker Date: Tue May 14 13:25:41 2024 +0000 Accepting request 1171210 from home:ojkastl_buildservice:Branch_server_monitoring new package tetragon: eBPF-based Security Observability and Runtime Enforcement OBS-URL: https://build.opensuse.org/request/show/1171210 OBS-URL: https://build.opensuse.org/package/show/server:monitoring/tetragon?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_service b/_service new file mode 100644 index 0000000..dfd5726 --- /dev/null +++ b/_service @@ -0,0 +1,20 @@ + + + https://github.com/cilium/tetragon + git + .git + v1.1.0 + @PARENT_TAG@ + enable + v(.*) + + + + + + *.tar + gz + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..c494b48 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/cilium/tetragon + 7398faf12671e0081b86853cad8af92c797620b4 \ No newline at end of file diff --git a/tetragon-1.1.0.obscpio b/tetragon-1.1.0.obscpio new file mode 100644 index 0000000..39921f1 --- /dev/null +++ b/tetragon-1.1.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a375f284411fd28cefe919435e0965ca53c55d1a17ec038d34a390700ba10f51 +size 178177038 diff --git a/tetragon.changes b/tetragon.changes new file mode 100644 index 0000000..b963e17 --- /dev/null +++ b/tetragon.changes @@ -0,0 +1,5 @@ +------------------------------------------------------------------- +Tue Apr 30 18:11:26 UTC 2024 - Johannes Kastl + +- new package tetragon: eBPF-based Security Observability and + Runtime Enforcement diff --git a/tetragon.obsinfo b/tetragon.obsinfo new file mode 100644 index 0000000..3c1577d --- /dev/null +++ b/tetragon.obsinfo @@ -0,0 +1,4 @@ +name: tetragon +version: 1.1.0 +mtime: 1714398629 +commit: 7398faf12671e0081b86853cad8af92c797620b4 diff --git a/tetragon.spec b/tetragon.spec new file mode 100644 index 0000000..6eaa085 --- /dev/null +++ b/tetragon.spec @@ -0,0 +1,199 @@ +# +# spec file for package tetragon +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define __arch_install_post export NO_BRP_STRIP_DEBUG=true + + +%define cli_binary_name tetra +%define cli_package_name tetragon-cli + +Name: tetragon +Version: 1.1.0 +Release: 0 +Summary: eBPF-based Security Observability and Runtime Enforcement +License: Apache-2.0 +URL: https://github.com/cilium/tetragon +Source: tetragon-%{version}.tar.gz +Source1: vendor.tar.gz +BuildRequires: go >= 1.22 +BuildRequires: make +BuildRequires: clang +BuildRequires: llvm + +%description +Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security +Observability and Runtime Enforcement. + +Tetragon detects and is able to react to security-significant events, such as + +* Process execution events +* System call activity +* I/O activity including network & file access + +When used in a Kubernetes environment, Tetragon is Kubernetes-aware - that is, +it understands Kubernetes identities such as namespaces, pods and so on - so +that security event detection can be configured in relation to individual +workloads. + +%package -n %{cli_package_name} +Summary: CLI for Tetragon +Provides: tetra = %{version} + +%description -n %{cli_package_name} +To interact with Tetragon, install the Tetragon client CLI tetra. + +%package -n %{cli_package_name}-bash-completion +Summary: Bash Completion for %{cli_package_name} +Group: System/Shells +Requires: %{cli_package_name} = %{version} +Requires: bash-completion +Supplements: (%{cli_package_name} and bash-completion) +BuildArch: noarch + +%description -n %{cli_package_name}-bash-completion +Bash command line completion support for %{cli_package_name}. + +%package -n %{cli_package_name}-fish-completion +Summary: Fish Completion for %{cli_package_name} +Group: System/Shells +Requires: %{cli_package_name} = %{version} +Supplements: (%{cli_package_name} and fish) +BuildArch: noarch + +%description -n %{cli_package_name}-fish-completion +Fish command line completion support for %{cli_package_name}. + +%package -n %{cli_package_name}-zsh-completion +Summary: Zsh Completion for %{cli_package_name} +Group: System/Shells +Requires: %{cli_package_name} = %{version} +Supplements: (%{cli_package_name} and zsh) +BuildArch: noarch + +%description -n %{cli_package_name}-zsh-completion +zsh command line completion support for %{cli_package_name}. + +%prep +%autosetup -p 1 -a 1 + +%build +# +# tetragon +# +CGO_ENABLED=0 go build \ + -mod=vendor \ + -buildmode=pie \ + -ldflags="-X github.com/cilium/tetragon/pkg/version.Version=%{version}" \ + -o bin/%{name} ./cmd/%{name} + +# bpf stuff +# https://github.com/cilium/tetragon/blob/main/Makefile#L159 +# https://github.com/cilium/tetragon/blob/main/bpf/Makefile +make -C ./bpf BPF_TARGET_ARCH=x86 %{?_smp_mflags} + +# +# tetra cli +# +CGO_ENABLED=0 go build \ + -mod=vendor \ + -buildmode=pie \ + -ldflags="-X github.com/cilium/tetragon/pkg/version.Version=%{version}" \ + -o bin/%{cli_binary_name} ./cmd/%{cli_binary_name} + +%install +# +# tetragon +# +install -D -m 0755 bin/%{name} %{buildroot}/%{_bindir}/%{name} +install -D -m 0644 ./install/linux-tarball/systemd/tetragon.service %{buildroot}/%{_unitdir}/%{name}.service +sed -i 's#/local##' %{buildroot}/%{_unitdir}/%{name}.service +install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/ +install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/ +install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/%{name}.tp.d/ +install -D -m 0644 ./install/linux-tarball/usr/local/lib/tetragon/tetragon.conf.d/* %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/ +sed -i 's#/local##' %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/* +sed -i 's#/lib/#/lib64/#' %{buildroot}%{_sysconfdir}/%{name}/%{name}.conf.d/bpf-lib + +install -d -m 0755 %{buildroot}/%{_libdir}/%{name}/ +install -d -m 0755 %{buildroot}/%{_libdir}/%{name}/bpf +install -D -m 0644 ./bpf/objs/*.o %{buildroot}/%{_libdir}/%{name}/bpf + +# +# tetra cli +# +# Install the binary. +install -D -m 0755 bin/%{cli_binary_name} %{buildroot}/%{_bindir}/%{cli_binary_name} + +# create the bash completion file +mkdir -p %{buildroot}%{_datarootdir}/bash-completion/completions/ +%{buildroot}/%{_bindir}/%{cli_binary_name} completion bash > %{buildroot}%{_datarootdir}/bash-completion/completions/%{cli_binary_name} + +# create the fish completion file +mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/ +%{buildroot}/%{_bindir}/%{cli_binary_name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{cli_binary_name}.fish + +# create the zsh completion file +mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/ +%{buildroot}/%{_bindir}/%{cli_binary_name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{cli_binary_name} + +%pre +%service_add_pre %{name}.service + +%post +%service_add_post %{name}.service + +%preun +%service_del_preun %{name}.service + +%postun +%service_del_postun %{name}.service + +%check + +%files +%doc README.md +%license LICENSE +%{_bindir}/%{name} +%{_unitdir}/%{name}.service +%dir %attr(755,root, root) %{_sysconfdir}/%{name}/ +%dir %attr(755,root, root) %{_sysconfdir}/%{name}/%{name}.conf.d/ +%defattr(0644, root, root) +%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf.d/* +%dir %attr(755,root, root) %{_libdir}/%{name} +%dir %attr(755,root, root) %{_libdir}/%{name}/bpf/ +%attr(644,root, root) %{_libdir}/%{name}/bpf/* + +%files -n %{cli_package_name} +%doc README.md +%license LICENSE +%{_bindir}/%{cli_binary_name} + +%files -n %{cli_package_name}-bash-completion +%dir %{_datarootdir}/bash-completion/completions/ +%{_datarootdir}/bash-completion/completions/%{cli_binary_name} + +%files -n %{cli_package_name}-fish-completion +%dir %{_datarootdir}/fish +%dir %{_datarootdir}/fish/vendor_completions.d +%{_datarootdir}/fish/vendor_completions.d/%{cli_binary_name}.fish + +%files -n %{cli_package_name}-zsh-completion +%dir %{_datarootdir}/zsh_completion.d/ +%{_datarootdir}/zsh_completion.d/_%{cli_binary_name} + +%changelog diff --git a/vendor.tar.gz b/vendor.tar.gz new file mode 100644 index 0000000..c207b74 --- /dev/null +++ b/vendor.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6c133018e2dd9dc711bc92ce236ff141f590d955df58bd22498554910f77c7a8 +size 13828906