From 90f5ec47833cf169e07c9a4583169db74128004a Mon Sep 17 00:00:00 2001 From: Federico Di Pierro Date: Thu, 19 Jan 2023 16:30:37 +0100 Subject: [PATCH] update(scripts): multiple renamings to falcoctl service + fixed description. Moreover, now falcoctl service is enabled by default. It being bound to falco.target allows us to avoid it running when falco.target is not running. Signed-off-by: Federico Di Pierro --- cmake/cpack/CMakeCPackOptions.cmake | 2 +- scripts/CMakeLists.txt | 2 +- scripts/debian/postinst.in | 49 +++++++++---------- scripts/debian/postrm.in | 2 +- scripts/rpm/postinstall.in | 47 +++++++++--------- scripts/rpm/postuninstall.in | 2 +- scripts/rpm/preuninstall.in | 2 +- ...rvice => falcoctl-artifact-follow.service} | 2 +- 8 files changed, 50 insertions(+), 58 deletions(-) rename scripts/systemd/{falcoctl.service => falcoctl-artifact-follow.service} (83%) diff --git a/cmake/cpack/CMakeCPackOptions.cmake b/cmake/cpack/CMakeCPackOptions.cmake index 3dbcdbdb6e3..ef2a556ad5f 100644 --- a/cmake/cpack/CMakeCPackOptions.cmake +++ b/cmake/cpack/CMakeCPackOptions.cmake @@ -6,7 +6,7 @@ if(CPACK_GENERATOR MATCHES "DEB" OR CPACK_GENERATOR MATCHES "RPM") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-modern-bpf.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falco-plugin.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") - list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") + list(APPEND CPACK_INSTALL_COMMANDS "cp scripts/systemd/falcoctl-artifact-follow.service _CPack_Packages/${CPACK_TOPLEVEL_TAG}/${CPACK_GENERATOR}/${CPACK_PACKAGE_FILE_NAME}/usr/lib/systemd/system") endif() if(CPACK_GENERATOR MATCHES "TGZ") diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index b2598518ce7..d86098bf1c0 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -28,7 +28,7 @@ file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-modern-bpf.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falco-plugin.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") -file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl.service" +file(COPY "${PROJECT_SOURCE_DIR}/scripts/systemd/falcoctl-artifact-follow.service" DESTINATION "${PROJECT_BINARY_DIR}/scripts/systemd") # Debian diff --git a/scripts/debian/postinst.in b/scripts/debian/postinst.in index 08c6b7362db..3d197f85d82 100755 --- a/scripts/debian/postinst.in +++ b/scripts/debian/postinst.in @@ -17,7 +17,7 @@ # chosen_driver= -enable_falcoctl=0 +enable_falcoctl=1 if [ "$1" = "configure" ]; then if [ -x /usr/bin/dialog ]; then @@ -40,21 +40,18 @@ if [ "$1" = "configure" ]; then chosen_driver="modern-bpf" ;; 5) - chosen_driver="plugin" + chosen_driver="plugin (needs manual configuration)" ;; esac - - if [ -n "$chosen_driver" ]; then - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ - 1 "No" \ - 2 "Yes" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=1 - ;; - esac - fi + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 2) + enable_falcoctl=0 + ;; + esac clear fi fi @@ -79,13 +76,12 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl.service':" - systemctl --system enable "falcoctl.service" || true - echo "[POST-INSTALL] Start 'falcoctl.service':" - systemctl --system start "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true fi fi @@ -97,12 +93,11 @@ if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-decon echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" - # restart falcoctl on upgrade if service is already running - systemctl --system condrestart "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true fi fi fi diff --git a/scripts/debian/postrm.in b/scripts/debian/postrm.in index 1bce2b47d75..9f4b1da8a85 100755 --- a/scripts/debian/postrm.in +++ b/scripts/debian/postrm.in @@ -27,7 +27,7 @@ if [ -d /run/systemd/system ] && [ "$1" = remove ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true - systemctl --system disable 'falcoctl.service' || true + systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/rpm/postinstall.in b/scripts/rpm/postinstall.in index 800c914dd81..79db759cb19 100755 --- a/scripts/rpm/postinstall.in +++ b/scripts/rpm/postinstall.in @@ -16,7 +16,7 @@ # chosen_driver= -enable_falcoctl=0 +enable_falcoctl=1 if [ $1 -eq 1 ]; then if [ -x /usr/bin/dialog ]; then @@ -39,20 +39,18 @@ if [ $1 -eq 1 ]; then chosen_driver="modern-bpf" ;; 5) - chosen_driver="plugin" + chosen_driver="plugin (needs manual configuration)" ;; esac - if [ -n "$chosen_driver" ]; then - CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to subscribe to automatic ruleset feed?" 10 40 2 \ - 1 "No" \ - 2 "Yes" \ - 2>&1 >/dev/tty) - case $CHOICE in - 2) - enable_falcoctl=1 - ;; - esac - fi + CHOICE=$(dialog --clear --title "Falcoctl" --menu "Do you want to follow automatic ruleset updates?" 10 40 2 \ + 1 "Yes" \ + 2 "No" \ + 2>&1 >/dev/tty) + case $CHOICE in + 2) + enable_falcoctl=0 + ;; + esac clear fi fi @@ -87,13 +85,12 @@ if [ $1 -eq 1 ]; then systemctl --system enable "falco-$chosen_driver.service" || true echo "[POST-INSTALL] Start 'falco-$chosen_driver.service':" systemctl --system start "falco-$chosen_driver.service" || true - - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Enable 'falcoctl.service':" - systemctl --system enable "falcoctl.service" || true - echo "[POST-INSTALL] Start 'falcoctl.service':" - systemctl --system start "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Enable 'falcoctl-artifact-follow.service':" + systemctl --system enable "falcoctl-artifact-follow.service" || true + echo "[POST-INSTALL] Start 'falcoctl-artifact-follow.service':" + systemctl --system start "falcoctl-artifact-follow.service" || true fi fi @@ -106,11 +103,11 @@ if [ $1 -gt 1 ]; then echo "[POST-INSTALL] Trigger 'falco-$chosen_driver.service' condrestart:" # restart falco on upgrade if service is already running systemctl --system condrestart "falco-$chosen_driver.service" || true - if [ $enable_falcoctl -eq 1 ]; then - echo "[POST-INSTALL] Trigger 'falcoctl.service' condrestart:" - # restart falcoctl on upgrade if service is already running - systemctl --system condrestart "falcoctl.service" || true - fi + fi + if [ $enable_falcoctl -eq 1 ]; then + echo "[POST-INSTALL] Trigger 'falcoctl-artifact-follow.service' condrestart:" + # restart falcoctl-artifact-follow on upgrade if service is already running + systemctl --system condrestart "falcoctl-artifact-follow.service" || true fi fi fi diff --git a/scripts/rpm/postuninstall.in b/scripts/rpm/postuninstall.in index d63e14ea500..3091c411eb3 100755 --- a/scripts/rpm/postuninstall.in +++ b/scripts/rpm/postuninstall.in @@ -23,7 +23,7 @@ if [ -d /run/systemd/system ] && [ $1 -eq 0 ]; then systemctl --system disable 'falco-bpf.service' || true systemctl --system disable 'falco-modern-bpf.service' || true systemctl --system disable 'falco-plugin.service' || true - systemctl --system disable 'falcoctl.service' || true + systemctl --system disable 'falcoctl-artifact-follow.service' || true echo "[POST-REMOVE] Trigger deamon-reload:" systemctl --system daemon-reload || true diff --git a/scripts/rpm/preuninstall.in b/scripts/rpm/preuninstall.in index 18220f496b7..291e62e1cde 100755 --- a/scripts/rpm/preuninstall.in +++ b/scripts/rpm/preuninstall.in @@ -34,4 +34,4 @@ falco-driver-loader --clean %systemd_preun 'falco-bpf.service' %systemd_preun 'falco-modern-bpf.service' %systemd_preun 'falco-plugin.service' -%systemd_preun 'falcoctl.service' \ No newline at end of file +%systemd_preun 'falcoctl-artifact-follow.service' \ No newline at end of file diff --git a/scripts/systemd/falcoctl.service b/scripts/systemd/falcoctl-artifact-follow.service similarity index 83% rename from scripts/systemd/falcoctl.service rename to scripts/systemd/falcoctl-artifact-follow.service index bc12c6ed66e..80e1ec8704c 100644 --- a/scripts/systemd/falcoctl.service +++ b/scripts/systemd/falcoctl-artifact-follow.service @@ -1,5 +1,5 @@ [Unit] -Description=Falco: Automatic rules update service +Description=Falcoctl Artifact Follow: automatic artifacts update service Documentation=https://falco.org/docs/ After=falco.target BindsTo=falco.target