gnu: Add sysdig.

* gnu/packages/admin.scm (sysdig): New variable.
* gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

Change-Id: I02b64db7a548e17ea83beb1ea27db87d29e99cf1

gnu/local.mk

@@ -2083,6 +2083,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/slim-login.patch				\
   %D%/packages/patches/slim-display.patch			\
   %D%/packages/patches/stex-copy-from-immutable-store.patch	\
+  %D%/packages/patches/sysdig-shared-falcosecurity-libs.patch	\
   %D%/packages/patches/syslinux-gcc10.patch			\
   %D%/packages/patches/syslinux-strip-gnu-property.patch	\
   %D%/packages/patches/snappy-add-O2-flag-in-CmakeLists.txt.patch	\

gnu/packages/admin.scm

@@ -115,6 +115,7 @@ (define-module (gnu packages admin)
   #:use-module (gnu packages c)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages cpp)
   #:use-module (gnu packages crates-graphics)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages crates-windows)
@@ -5726,6 +5727,64 @@ (define-public seatd
 that require it.")
     (license license:expat)))
 
+(define-public sysdig
+  ;; Use the latest commit for now, as the latest 0.36.1 release does not yet
+  ;; support the falcosecurity-libs 0.16 API.
+  (let ((commit "598ad292b659425e475e5814d9e92c3c29188480")
+        (revision "0"))
+    (package
+      (name "sysdig")
+      (version (git-version "0.36.1" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/draios/sysdig")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0yyins3rb286dfibadfwwp2gwmdj7fsz3pdkpdvx05yvdqfkqds7"))
+                (patches
+                 (search-patches "sysdig-shared-falcosecurity-libs.patch"))))
+      (build-system cmake-build-system)
+      (arguments
+       (list #:tests? #f                ;no test suite
+             #:configure-flags
+             #~(list "-DUSE_BUNDLED_DEPS=OFF"
+                     ;; Already built and part of falcosecurity-libs, but
+                     ;; needed for the 'HAS_MODERN_BPF' define.
+                     "-DBUILD_SYSDIG_MODERN_BPF=ON"
+                     #$(string-append "-DSYSDIG_VERSION=" version))))
+      (native-inputs (list pkg-config))
+      (inputs
+       (list falcosecurity-libs
+             luajit
+             ncurses
+             nlohmann-json
+             yaml-cpp
+             zlib))
+      (home-page "https://github.com/draios/sysdig")
+      (synopsis "System exploration and troubleshooting tool")
+      (description "Sysdig is a simple tool for deep system visibility, with
+native support for containers.  It combines features of multiple system
+administration tools such as the @command{strace}, @command{tcpdump},
+@command{htop}, @command{iftop} and @command{lsof} into a single interface.
+The novel architecture of the tool means that the performance impact of the
+tracing on the system is very light, compared to the likes of
+@command{strace}.  The @command{sysdig} command has an interface similar to
+@command{strace}, while the @command{csysdig} command is better suited for
+interactive used, and has a user interface similar to @command{htop}.
+
+If you use Guix System, the kernel Linux has @acronym{BPF, Berkeley Packet
+Filter} support, and you should launch this tool using the @samp{--modern-bpf}
+argument of the @command{sysdig} or @command{csysdig} commands.  The following
+Bash aliases can be added to your @file{~/.bash_profile} file, for example:
+
+alias sysdig=sudo sysdig --modern-bpf
+alias cysdig=sudo csysdig --modern-bpf
+")                                      ;XXX no @example Texinfo support
+      (license license:asl2.0))))
+
 (define-public fail2ban
   (package
     (name "fail2ban")

gnu/packages/patches/sysdig-shared-falcosecurity-libs.patch

@@ -0,0 +1,84 @@
+Upstream status: https://github.com/draios/sysdig/pull/2093
+
+diff --git a/cmake/modules/falcosecurity-libs.cmake b/cmake/modules/falcosecurity-libs.cmake
+index 7cee8a3c4..dd59c1b32 100644
+--- a/cmake/modules/falcosecurity-libs.cmake
++++ b/cmake/modules/falcosecurity-libs.cmake
+@@ -16,6 +16,19 @@
+ # limitations under the License.
+ #
+ 
++option(USE_BUNDLED_FALCOSECURITY_LIBS "Enable building of the bundled falcosecurity libraries" ${USE_BUNDLED_DEPS})
++
++if(NOT USE_BUNDLED_FALCOSECURITY_LIBS)
++    find_package(PkgConfig REQUIRED)
++    pkg_check_modules(LIBSINSP REQUIRED IMPORTED_TARGET libsinsp)
++    message(STATUS "Found libsinsp:
++  include: ${LIBSINSP_INCLUDE_DIRS}
++  lib: ${LIBSINSP_LIBRARIES}
++  cflags: ${LIBSINSP_CFLAGS}")
++    return()
++endif()
++
++# else(): using bundled falcosecurity libs
+ set(FALCOSECURITY_LIBS_CMAKE_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/falcosecurity-libs-repo")
+ set(FALCOSECURITY_LIBS_CMAKE_WORKING_DIR "${CMAKE_BINARY_DIR}/falcosecurity-libs-repo")
+ 
+diff --git a/userspace/sysdig/CMakeLists.txt b/userspace/sysdig/CMakeLists.txt
+index 60f8072ad..0cb179ccc 100644
+--- a/userspace/sysdig/CMakeLists.txt
++++ b/userspace/sysdig/CMakeLists.txt
+@@ -20,7 +20,6 @@ if(NOT WIN32)
+ 	include(ncurses)
+ endif() # NOT WIN32
+ 
+-include(zlib)
+ include(luajit)
+ 
+ include_directories("${PROJECT_BINARY_DIR}/userspace/sinspui")
+@@ -84,6 +83,12 @@ if(USE_BUNDLED_DEPS)
+ 	add_dependencies(csysdig luajit)
+ endif()
+ 
++if(USE_BUNDLED_FALCOSECURITY_LIBS)
++    set(SINSP_LIB sinsp)
++else()
++    set(SINSP_LIB PkgConfig::LIBSINSP)
++endif()
++
+ target_include_directories(
+ 	sysdig
+ 	PUBLIC
+@@ -108,7 +113,7 @@ if(NOT WIN32)
+ 	include_directories(${PROJECT_BINARY_DIR}/driver/src)
+ 
+ 	target_link_libraries(sysdig
+-		sinsp
++		"${SINSP_LIB}"
+ 		"${LUAJIT_LIB}"
+ 		"${YAMLCPP_LIB}")
+ 
+@@ -117,7 +122,7 @@ if(NOT WIN32)
+ 	endif()
+ 
+ 	target_link_libraries(csysdig
+-		sinsp
++		"${SINSP_LIB}"
+ 		"${LUAJIT_LIB}"
+ 		"${CURSES_LIBRARIES}"
+ 		"${YAMLCPP_LIB}")
+@@ -140,12 +145,12 @@ else()
+ 	add_definitions(-DNOCURSESUI)
+ 
+ 	target_link_libraries(sysdig
+-		sinsp
++		"${SINSP_LIB}"
+ 		"${LUAJIT_LIB}"
+ 		"${YAMLCPP_LIB}")
+ 
+ 	target_link_libraries(csysdig
+-		sinsp
++		"${SINSP_LIB}"
+ 		"${LUAJIT_LIB}"
+ 		"${YAMLCPP_LIB}")
+