libs
libs copied to clipboard
falcosecurity
Create tagged releases
Motivation
I'm working with driverkit and it has the argument --driverversion. By default, the value is dev but this branch doesn't exists, so the commands fails.
driverkit docker --output-module /tmp/falco.ko --kernelversion=1 --kernelrelease=5.10.0-9-amd64 --driverversion=dev --target=debian --loglevel=debug INT ✘
DEBU running without a configuration file
DEBU running with options driverversion=dev kernelrelease=5.10.0-9-amd64 kernelversion=1 output-module=/tmp/falco.ko target=debian
INFO driver building, it will take a few seconds processor=docker
DEBU doing a new docker build
DEBU kernel header url found url="https://mirrors.edge.kernel.org/debian/pool/main/l/linux/linux-headers-5.10.0-9-amd64_5.10.70-1_amd64.deb"
DEBU kernel header url found url="https://mirrors.edge.kernel.org/debian/pool/main/l/linux/linux-headers-5.10.0-9-common_5.10.70-1_all.deb"
DEBU kernel header url found url="http://mirrors.kernel.org/debian/pool/main/l/linux/linux-kbuild-5.10_5.10.70-1~bpo10%2B1_amd64.deb"
DEBU + rm -Rf /tmp/driver
DEBU + mkdir /tmp/driver
DEBU + rm -Rf /tmp/module-download
DEBU + mkdir -p /tmp/module-download
DEBU M+ curl --silent -SL https://github.com/falcosecurity/libs/archive/dev.tar.gz
DEBU %+ tar -xzf - -C /tmp/module-download
DEBU !
DEBU gzip: stdin: not in gzip format
DEBU Htar: Child returned status 1
DEBU tar: Error is not recoverable: exiting now
DEBU log pipe close error=EOF
DEBU context canceled
FATA exiting error="Error: No such container:path: bdde9732059ace3b397f267d95065ed992ba1c9ead980fdcc53f45b1a36c6714:/tmp/driver/falco.ko"
curl --silent -SL https://github.com/falcosecurity/libs/archive/dev.tar.gz
404: Not Found
Aside that, as we don't have clear releases for the libs, we have to set the sha commit and not a tag, it's less convenient for users.
As falco libs are used by multple apps and are critical part for security, I propose to sign artifact with cosign like we're doing for falcosidekick.
Feature
Have real releases for the libs, allowing them to be used with driverkit
Alternatives
N/A
Additional context
N/A
I fully agree with tagging releases, however, it's not so simple because we have several components within this repo. Anyway, we have two accepted proposals on progress:
- versioning-and-release-of-the-libs-artifacts which describes goals we want to achieve
- driver-semver which is specifically for the drivers and will have some effects on the way we will tag the drivers (a WIP implementation in https://github.com/falcosecurity/libs/pull/39)
The implementation of the latter proposal will finally decouple the driver version from the version of the libs.
Using cosign may be an interesting addition. Thanks for suggesting it!
PS
In driverkit, dev is a leftover of the old branch. While we wait for the proposal to be realized, I'd suggest changing it to master.
Thanks @leogr, +1 for
masteras default branch
I've made the PR rn :point_right: https://github.com/falcosecurity/driverkit/pull/123 :smile_cat:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
I think this has been addressed. @FedeDP @Issif ?
If so, please close this issue :pray: