gnu: Add falcosecurity-libs.

* gnu/packages/linux.scm (falcosecurity-libs): New variable.
* gnu/packages/patches/falcosecurity-libs-install-pman.patch
* gnu/packages/patches/falcosecurity-libs-libscap-pc.patch
* gnu/packages/patches/falcosecurity-libs-pkg-config.patch
* gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch
* gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.

Change-Id: I0cb15e6a25256598678fc20eb298ad947d699ef4

gnu/local.mk

@@ -1184,6 +1184,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/fail2ban-python310-server-action.patch	\
   %D%/packages/patches/fail2ban-python310-server-actions.patch	\
   %D%/packages/patches/fail2ban-python310-server-jails.patch	\
+  %D%/packages/patches/falcosecurity-libs-install-pman.patch	\
+  %D%/packages/patches/falcosecurity-libs-libscap-pc.patch	\
+  %D%/packages/patches/falcosecurity-libs-pkg-config.patch	\
+  %D%/packages/patches/falcosecurity-libs-shared-library-fix.patch	\
+  %D%/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch	\
   %D%/packages/patches/farstream-gupnp.patch                         \
   %D%/packages/patches/farstream-make.patch                          \
   %D%/packages/patches/fastcap-mulGlobal.patch			\

gnu/packages/linux.scm

@@ -100,6 +100,7 @@
 (define-module (gnu packages linux)
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
+  #:use-module (gnu packages adns)
   #:use-module (gnu packages admin)
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages apparmor)
@@ -114,10 +115,12 @@ (define-module (gnu packages linux)
   #:use-module (gnu packages calendar)
   #:use-module (gnu packages check)
   #:use-module (gnu packages cpio)
+  #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cryptsetup)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages curl)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages datastructures)
   #:use-module (gnu packages dbm)
@@ -166,11 +169,14 @@ (define-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages polkit)
   #:use-module (gnu packages popt)
+  #:use-module (gnu packages protobuf)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-xyz)
   #:use-module (gnu packages qt)
   #:use-module (gnu packages readline)
+  #:use-module (gnu packages regex)
+  #:use-module (gnu packages rpc)
   #:use-module (gnu packages rrdtool)
   #:use-module (gnu packages rsync)
   #:use-module (gnu packages samba)
@@ -178,6 +184,7 @@ (define-module (gnu packages linux)
   #:use-module (gnu packages serialization)
   #:use-module (gnu packages slang)
   #:use-module (gnu packages sqlite)
+  #:use-module (gnu packages tbb)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages textutils)
   #:use-module (gnu packages tls)
@@ -9577,6 +9584,91 @@ (define-public fakechroot
       (home-page "https://github.com/dex4er/fakechroot/")
       (license license:lgpl2.1+))))
 
+(define-public falcosecurity-libs
+  (package
+    (name "falcosecurity-libs")
+    (version "0.16.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/falcosecurity/libs/")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1vzymzkfipb3bnjjd9m8ykzj0l94fm8mnpcxfm8mpxz3jbd8xnv9"))
+              (patches
+               (search-patches
+                "falcosecurity-libs-pkg-config.patch"
+                "falcosecurity-libs-install-pman.patch"
+                "falcosecurity-libs-libscap-pc.patch"
+                "falcosecurity-libs-shared-library-fix.patch"
+                "falcosecurity-libs-libsinsp-pkg-config.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     (list
+      #:configure-flags
+      #~(list "-DUSE_BUNDLED_DEPS=OFF"
+              "-DBUILD_DRIVER=OFF"
+              "-DENABLE_DKMS=OFF"
+              "-DBUILD_LIBSCAP_MODERN_BPF=ON"
+              "-DSCAP_FILES_SUITE_ENABLE=OFF" ;attempts to download scap files
+              "-DBUILD_SHARED_LIBS=ON"
+              #$(string-append "-DFALCOSECURITY_LIBS_VERSION=" version))
+      ;; Only the libsinsp test suite is run, as the one for libscap requires
+      ;; elevated privileges.
+      #:test-target "run-unit-test-libsinsp"
+      #:phases
+      #~(modify-phases %standard-phases
+          (add-after 'unpack 'disable-problematic-tests
+            (lambda _
+              (substitute* "userspace/libsinsp/test/user.ut.cpp"
+                ;; The 'system_lookup' test assumes a root user
+                ;; exists in the build environment.
+                (("TEST_F\\(usergroup_manager_test, system_lookup)")
+                 "TEST_F(usergroup_manager_test, DISABLED_system_lookup)"))))
+          (add-after 'install 'delete-src
+            (lambda _
+              (delete-file-recursively
+               (string-append #$output "/src")))))))
+    (native-inputs (list bpftool
+                         clang
+                         googletest
+                         pkg-config
+                         valijson))     ;header-only library
+    (inputs
+     (list elfutils
+           libbpf
+           libelf))
+    (propagated-inputs
+     ;; The following inputs are in the 'Requires' field of libscap.pc and
+     ;; libsinp.pc.
+     (list c-ares
+           grpc
+           jsoncpp
+           openssl
+           protobuf
+           uthash                       ;included in libscap headers
+           zlib
+           ;; These are in the 'Requires.private' field of libscap.pc and
+           ;; libsinp.pc.  They are required because the headers are installed
+           ;; to a non-standard directory, and thus need to be found via the
+           ;; 'Cflags' field, which in turn mandates that both the pkg-config
+           ;; modules listed in the 'Requires' and 'Requires.private' be
+           ;; available.
+           curl
+           re2
+           tbb))
+    (home-page "https://github.com/falcosecurity/libs/")
+    (synopsis "libscap and lisbinsp Falco security libraries")
+    (description "The Falco security libraries include @code{libsinsp} and
+@code{libscap}.  @code{libscap} manages the data capture process, while
+@code{libsinsp} is a system inspection library that enriches events from
+@code{libscap} with machine state.  @code{libsinsp} also performs events
+filtering with rule evaluation through its internal rule engine.  These
+libraries are used by the @command{sysdig} command-line utility.")
+    (license license:asl2.0)))
+
 (define-public inputattach
   (package
     (name "inputattach")

gnu/packages/patches/falcosecurity-libs-install-pman.patch

@@ -0,0 +1,14 @@
+Install the pman library and its header.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libpman/CMakeLists.txt b/userspace/libpman/CMakeLists.txt
+index da92e9f27..4b57365fe 100644
+--- a/userspace/libpman/CMakeLists.txt
++++ b/userspace/libpman/CMakeLists.txt
+@@ -58,3 +58,6 @@ endif()
+ if(USE_BUNDLED_LIBBPF)
+     add_dependencies(pman libbpf)
+ endif()
++
++install(TARGETS pman LIBRARY ARCHIVE FRAMEWORK)
++install(FILES include/libpman.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})

gnu/packages/patches/falcosecurity-libs-libscap-pc.patch

@@ -0,0 +1,16 @@
+libscap: Guard against install_lib_link_libraries-NOTFOUND.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/cmake/modules/libscap.cmake b/cmake/modules/libscap.cmake
+index 81ad2d28d..8b6b4197e 100644
+--- a/cmake/modules/libscap.cmake
++++ b/cmake/modules/libscap.cmake
+@@ -95,7 +95,7 @@ foreach(libscap_install_lib ${LIBSCAP_INSTALL_LIBS})
+ 	list(APPEND libscap_link_libraries ${libscap_install_lib})
+ 	get_target_property(install_lib_link_libraries ${libscap_install_lib} LINK_LIBRARIES)
+ 	foreach (install_lib_link_library ${install_lib_link_libraries})
+-		if (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets)
++		if (${install_lib_link_library} AND (NOT ${install_lib_link_library} IN_LIST libscap_subdir_targets))
+ 			if(${install_lib_link_library} MATCHES "/")
+ 				# We have a path. Convert it to -L<dir> + -l<lib>.
+ 				get_filename_component(scap_lib_dir ${install_lib_link_library} DIRECTORY)

gnu/packages/patches/falcosecurity-libs-libsinsp-pkg-config.patch

@@ -0,0 +1,155 @@
+libsinsp: Refine pkg-config file generation.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index c5948489f..829bcd19b 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+ 
+@@ -6,5 +6,6 @@ Name: libscap
+ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+ 
+-Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
++Requires: zlib
++Libs: -L${libdir} -L{libdir}/@LIBS_PACKAGE_NAME@/libscap @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+ Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ -I@UTHASH_INCLUDE@
+diff --git a/userspace/libsinsp/CMakeLists.txt b/userspace/libsinsp/CMakeLists.txt
+index 6104603e8..832f86067 100644
+--- a/userspace/libsinsp/CMakeLists.txt
++++ b/userspace/libsinsp/CMakeLists.txt
+@@ -169,13 +169,9 @@ target_link_libraries(sinsp
+ 			"${RE2_LIB}"
+ )
+ 
+-set(SINSP_PKGCONFIG_LIBRARIES
+-	scap
+-	"${ZLIB_LIB}"
+-	"${CURL_LIBRARIES}"
+-	"${JSONCPP_LIB}"
+-	"${RE2_LIB}"
+-)
++set(SINSP_PKGCONFIG_LIBRARIES)
++set(SINSP_PKGCONFIG_REQUIRES jsoncpp)
++set(SINSP_PKGCONFIG_REQUIRES_PRIVATE libcurl re2)
+ 
+ if(NOT EMSCRIPTEN)
+ 	target_link_libraries(sinsp
+@@ -184,7 +180,8 @@ if(NOT EMSCRIPTEN)
+ 		PRIVATE
+ 		"${TBB_LIB}"
+ 	)
+-	list(APPEND SINSP_PKGCONFIG_LIBRARIES "${CARES_LIB}")
++	list(APPEND SINSP_PKGCONFIG_REQUIRES libcares)
++	list(APPEND SINSP_PKGCONFIG_REQUIRES_PRIVATE tbb)
+ endif()
+ 
+ if(USE_BUNDLED_VALIJSON)
+@@ -248,14 +245,12 @@ if(NOT WIN32)
+ 						"${PROTOBUF_LIB}"
+ 						"${CARES_LIB}"
+ 			)
+-			list(APPEND SINSP_PKGCONFIG_LIBRARIES
+-						"${GRPC_LIBRARIES}"
+-						"${GRPCPP_LIB}"
+-						"${GRPC_LIB}"
+-						"${GPR_LIB}"
+-						"${PROTOBUF_LIB}"
+-						"${CARES_LIB}"
+-			)
++			list(APPEND SINSP_PKGCONFIG_REQUIRES
++				gpr
++				grpc
++				grpc++
++				protobuf
++				libcares)
+ 
+ 			if(NOT MUSL_OPTIMIZED_BUILD)
+ 				target_link_libraries(sinsp INTERFACE rt anl)
+@@ -269,7 +264,7 @@ if(NOT WIN32)
+ 	endif() # NOT APPLE
+ 
+ 	target_link_libraries(sinsp INTERFACE "${OPENSSL_LIBRARIES}")
+-	list(APPEND SINSP_PKGCONFIG_LIBRARIES "${OPENSSL_LIBRARIES}")
++	list(APPEND SINSP_PKGCONFIG_REQUIRES libcrypto libssl)
+ 
+ 	target_link_libraries(sinsp INTERFACE dl pthread)
+ 	list(APPEND SINSP_PKGCONFIG_LIBRARIES dl pthread)
+@@ -306,41 +301,17 @@ if(NOT DEFINED SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR)
+ endif()
+ add_definitions(-DSINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR="${SINSP_AGENT_CGROUP_MEM_PATH_ENV_VAR}")
+ 
+-# Build our pkg-config "Libs:" flags. For now, loop over SINSP_PKGCONFIG_LIBRARIES. If
+-# we ever start using pkg_search_module or pkg_check_modules in cmake/modules
+-# we could add each module to our "Requires:" line instead. We might need to
+-# expand this to use some of the techniques in
+-# https://github.com/curl/curl/blob/curl-7_84_0/CMakeLists.txt#L1539
+-set(SINSP_PKG_CONFIG_LIBS)
+-set(SINSP_PKG_CONFIG_LIBDIRS "")
+-foreach(sinsp_lib ${SINSP_PKGCONFIG_LIBRARIES})
+-	if(${sinsp_lib} MATCHES "^-")
+-		# We have a flag. Pass it through unchanged.
+-		list(APPEND SINSP_PKG_CONFIG_LIBS ${sinsp_lib})
+-	elseif(${sinsp_lib} MATCHES "/")
+-		# We have a path. Convert it to -L<dir> + -l<lib>.
+-		get_filename_component(sinsp_lib_dir ${sinsp_lib} DIRECTORY)
+-		list(APPEND SINSP_PKG_CONFIG_LIBDIRS -L${sinsp_lib_dir})
+-		get_filename_component(sinsp_lib_base ${sinsp_lib} NAME_WE)
+-		string(REGEX REPLACE "^lib" "" sinsp_lib_base ${sinsp_lib_base})
+-		list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib_base})
+-	elseif(${sinsp_lib} STREQUAL "scap")
+-		# We require libscap.pc, so skip it.
+-	else()
+-		# Assume we have a plain library name. Prefix it with "-l".
+-		list(APPEND SINSP_PKG_CONFIG_LIBS -l${sinsp_lib})
+-	endif()
+-endforeach()
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_LIBRARIES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES)
++list(REMOVE_DUPLICATES SINSP_PKGCONFIG_REQUIRES_PRIVATE)
+ 
+-# Build our pkg-config "Cflags:" flags.
+-set(SINSP_PKG_CONFIG_INCLUDES "")
+-foreach(sinsp_include_directory ${LIBSINSP_INCLUDE_DIRS})
+-	list(APPEND SINSP_PKG_CONFIG_INCLUDES -I${sinsp_include_directory})
++set(SINSP_LINK_FLAGS)
++foreach(sinsp_link_library ${SINSP_PKGCONFIG_LIBRARIES})
++	list(APPEND SINSP_LINK_FLAGS "-l${sinsp_link_library}")
+ endforeach()
+ 
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBS "${SINSP_PKG_CONFIG_LIBS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_LIBDIRS)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_LIBDIRS "${SINSP_PKG_CONFIG_LIBDIRS}")
+-list(REMOVE_DUPLICATES SINSP_PKG_CONFIG_INCLUDES)
+-string(REPLACE ";" " " SINSP_PKG_CONFIG_INCLUDES "${SINSP_PKG_CONFIG_INCLUDES}")
++string(REPLACE ";" " " LIBSINSP_LINK_FLAGS "${SINSP_LINK_FLAGS}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES "${SINSP_PKGCONFIG_REQUIRES}")
++string(REPLACE ";" " " LIBSINSP_REQUIRES_PRIVATE "${SINSP_PKGCONFIG_REQUIRES_PRIVATE}")
++
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/libsinsp.pc.in ${CMAKE_CURRENT_BINARY_DIR}/libsinsp.pc @ONLY)
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index 9292e73ce..f20da76b3 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -1,4 +1,4 @@
+-prefix=${pcfiledir}/../..
++prefix=@CMAKE_INSTALL_PREFIX@
+ libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+ includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
+ 
+@@ -6,6 +6,7 @@ Name: libsinsp
+ Description: lib for System INSPection
+ Version: @FALCOSECURITY_LIBS_VERSION@
+ 
+-Requires: libscap
+-Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@
++Requires: libscap @LIBSINSP_REQUIRES@
++Requires.private: @LIBSINSP_REQUIRES_PRIVATE@
++Libs: -L${libdir} -lsinsp @LIBSINSP_LINK_FLAGS@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@

gnu/packages/patches/falcosecurity-libs-pkg-config.patch

@@ -0,0 +1,23 @@
+userspace: Extend CFLAGS of libscap.pc and libsinsp.pc.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/userspace/libscap/libscap.pc.in b/userspace/libscap/libscap.pc.in
+index 40b6e96ed..c5948489f 100644
+--- a/userspace/libscap/libscap.pc.in
++++ b/userspace/libscap/libscap.pc.in
+@@ -7,4 +7,4 @@ Description: lib for System CAPture
+ Version: @FALCOSECURITY_LIBS_VERSION@
+ 
+ Libs: -L${libdir} @LIBSCAP_LINK_LIBDIRS_FLAGS@ @LIBSCAP_LINK_LIBRARIES_FLAGS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libscap -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ -I@UTHASH_INCLUDE@
+diff --git a/userspace/libsinsp/libsinsp.pc.in b/userspace/libsinsp/libsinsp.pc.in
+index c1cc4a1e2..9292e73ce 100644
+--- a/userspace/libsinsp/libsinsp.pc.in
++++ b/userspace/libsinsp/libsinsp.pc.in
+@@ -8,4 +8,4 @@ Version: @FALCOSECURITY_LIBS_VERSION@
+ 
+ Requires: libscap
+ Libs: -L${libdir} -lsinsp @SINSP_PKG_CONFIG_LIBDIRS@ @SINSP_PKG_CONFIG_LIBS@
+-Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp @SINSP_PKG_CONFIG_INCLUDES@
++Cflags: -I${includedir}/@LIBS_PACKAGE_NAME@/libsinsp -I${includedir}/@LIBS_PACKAGE_NAME@/driver -I${includedir}/@LIBS_PACKAGE_NAME@ @SINSP_PKG_CONFIG_INCLUDES@

gnu/packages/patches/falcosecurity-libs-shared-library-fix.patch

@@ -0,0 +1,50 @@
+Fix shared library build.
+Upstream status: https://github.com/falcosecurity/libs/pull/1842
+
+diff --git a/driver/CMakeLists.txt b/driver/CMakeLists.txt
+index 80229cc03..70c9ba65b 100644
+--- a/driver/CMakeLists.txt
++++ b/driver/CMakeLists.txt
+@@ -152,6 +152,11 @@ set(DRIVER_SOURCES
+ 	ppm_consumer.h
+ 	capture_macro.h
+ 	socketcall_to_syscall.h
++	syscall_compat_loongarch64.h
++	syscall_compat_ppc64le.h
++	syscall_compat_riscv64.h
++	syscall_compat_s390x.h
++	syscall_compat_x86_64.h
+ 	syscall_ia32_64_map.c
+ )
+ 
+diff --git a/test/libscap/CMakeLists.txt b/test/libscap/CMakeLists.txt
+index e88603ebd..fa26ba7ee 100644
+--- a/test/libscap/CMakeLists.txt
++++ b/test/libscap/CMakeLists.txt
+@@ -45,6 +45,7 @@ set(LIBSCAP_TESTS_LIBRARIES
+ 	"${GTEST_LIB}"
+ 	"${GTEST_MAIN_LIB}"
+ 	"${CMAKE_THREAD_LIBS_INIT}"
++	"${PROTOBUF_LIB}"
+ 	scap
+ )
+ 
+diff --git a/userspace/libscap/engine/gvisor/CMakeLists.txt b/userspace/libscap/engine/gvisor/CMakeLists.txt
+index 6dfbafb14..875847b5d 100644
+--- a/userspace/libscap/engine/gvisor/CMakeLists.txt
++++ b/userspace/libscap/engine/gvisor/CMakeLists.txt
+@@ -76,6 +76,14 @@ if (BUILD_SHARED_LIBS)
+     add_dependencies(scap_engine_gvisor_o uthash)
+     add_dependencies(scap scap_engine_gvisor_o)
+     target_sources(scap PRIVATE $<TARGET_OBJECTS:scap_engine_gvisor_o>)
++
++    target_include_directories(scap_engine_gvisor_o
++        PRIVATE
++        ${CMAKE_BINARY_DIR}
++        ${CMAKE_CURRENT_BINARY_DIR}
++        ${CMAKE_SOURCE_DIR}
++        ${CMAKE_SOURCE_DIR}/userspace
++    )
+ else()
+     add_library(scap_engine_gvisor
+         ${scap_engine_gvisor_sources}