File falco.spec of Package falco

#
# spec file for package falco
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

%define falco_libs_version 0.14.2

Name:           falco
Version:        0.37.0
Release:        0
Summary:        Cloud Native Runtime Security
License:        Apache-2.0
URL:            https://github.com/falcosecurity/falco
Source0:        %{name}-%{version}.tar.gz
Source1:        https://github.com/falcosecurity/libs/archive/%{falco_libs_version}.tar.gz
Source2:        https://github.com/falcosecurity/libs/archive/7.0.0+driver.tar.gz
Source3:        https://github.com/troydhanson/uthash/archive/refs/tags/v1.9.8.tar.gz
Source4:        https://github.com/madler/zlib/archive/v1.2.13.tar.gz
Source5:        https://github.com/tristanpenman/valijson/archive/refs/tags/v0.6.tar.gz
Source6:        https://github.com/google/re2/archive/refs/tags/2022-06-01.tar.gz
Source7:        https://github.com/nlohmann/json/archive/v3.3.0.tar.gz
Source8:        https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.7.0.tar.gz
Source9:        https://github.com/yhirose/cpp-httplib/archive/refs/tags/v0.13.1.tar.gz
Source10:       https://github.com/jarro2783/cxxopts/archive/refs/tags/v3.0.0.tar.gz
Source11:       https://github.com/open-source-parsers/jsoncpp/archive/refs/tags/1.9.5.tar.gz
Source12:       https://sourceware.org/elfutils/ftp/0.189/elfutils-0.189.tar.bz2
Source13:       https://github.com/protocolbuffers/protobuf/releases/download/v3.17.3/protobuf-cpp-3.17.3.tar.gz
Source14:       https://github.com/openssl/openssl/releases/download/openssl-3.1.4/openssl-3.1.4.tar.gz
Source15:       https://c-ares.haxx.se/download/c-ares-1.19.1.tar.gz
Source16:       https://github.com/oneapi-src/oneTBB/archive/refs/tags/v2021.9.0.tar.gz
Source17:       https://github.com/libbpf/libbpf/archive/refs/tags/v1.3.0.tar.gz
#
Source20:       https://download.falco.org/rules/falco-rules-3.0.0.tar.gz
BuildRequires:  cmake
BuildRequires:  git-core
BuildRequires:  gcc13
BuildRequires:  gcc-c++
BuildRequires:  gcc13-c++
Recommends:     falcoctl

%description
Falco is a cloud native runtime security tool for Linux operating systems. It
is designed to detect and alert on abnormal behavior and potential security
threats in real-time.

At its core, Falco is a kernel monitoring and detection agent that observes
events, such as syscalls, based on custom rules. Falco can enhance these events
by integrating metadata from the container runtime and Kubernetes. The
collected events can be analyzed off-host in SIEM or data lake systems.

Falco, originally created by Sysdig, is an incubating project under the Cloud
Native Computing Foundation (CNCF) used in production by various organisations.

For detailed technical information and insights into the cyber threats that
Falco can detect, visit the official Falco website.

For comprehensive information on the latest updates and changes to the project,
please refer to the change log. Additionally, we have documented the release
process for delivering new versions of Falco.

%prep
%autosetup
mkdir -p build/falcosecurity-libs-repo/falcosecurity-libs-prefix/src/
cp %{SOURCE1} build/falcosecurity-libs-repo/falcosecurity-libs-prefix/src/%{falco_libs_version}.tar.gz
mkdir -p build/driver-repo/driver-prefix/src/
cp %{SOURCE2} build/driver-repo/driver-prefix/src/
mkdir -p build/uthash-prefix/src/
cp %{SOURCE3} build/uthash-prefix/src/
mkdir -p build/zlib-prefix/src/
cp %{SOURCE4} build/zlib-prefix/src/
mkdir -p build/valijson-prefix/src/
cp %{SOURCE5} build/valijson-prefix/src/
mkdir -p build/re2-prefix/src/
cp %{SOURCE6} build/re2-prefix/src/
mkdir -p build/njson-prefix/src/
cp %{SOURCE7} build/njson-prefix/src/
mkdir -p build/yamlcpp-prefix/src/
cp %{SOURCE8} build/yamlcpp-prefix/src/
mkdir -p build/cpp-httplib-prefix/src/
cp %{SOURCE9} build/cpp-httplib-prefix/src/
mkdir -p build/cxxopts-prefix/src/
cp %{SOURCE10} build/cxxopts-prefix/src/
mkdir -p build/jsoncpp-prefix/src/
cp %{SOURCE11} build/jsoncpp-prefix/src/
mkdir -p build/libelf-prefix/src/
cp %{SOURCE12} build/libelf-prefix/src/
mkdir -p build/protobuf-prefix/src/
cp %{SOURCE13} build/protobuf-prefix/src/
mkdir -p build/openssl-prefix/src/
cp %{SOURCE14} build/openssl-prefix/src/
mkdir -p build/c-ares-prefix/src/
cp %{SOURCE15} build/c-ares-prefix/src/
mkdir -p build/tbb-prefix/src/
cp %{SOURCE16} build/tbb-prefix/src/
mkdir -p build/libbpf-prefix/src/
cp %{SOURCE17} build/libbpf-prefix/src/

#
mkdir -p build/falcosecurity-rules-falco-prefix/src/
cp %{SOURCE20} build/falcosecurity-rules-falco-prefix/src/

%build

sed -i '/if(NOT WIN32 AND NOT APPLE AND NOT EMSCRIPTEN AND NOT MUSL_OPTIMIZED_BUILD)/,+2d' CMakeLists.txt

cd build
cmake \
    -DCMAKE_BUILD_TYPE=Release \
    -DUSE_BUNDLED_DEPS=On \
    -DFALCO_ETC_DIR=/etc/falco \
    -DBUILD_FALCO_MODERN_BPF=ON \
    -DMODERN_BPF_SKEL_DIR=/tmp \
    -DBUILD_DRIVER=Off \
    -DBUILD_BPF=Off \
    -DFALCO_VERSION=%{version } \
    ..

%make_build

%install
%make_install

%post
%postun

%files
%license LICENSE
%doc CHANGELOG.md README.md

%changelog