diff --git a/.github/workflows/cws-btfhub-sync.yml b/.github/workflows/cws-btfhub-sync.yml index c759e78216add..506ed8fff95db 100644 --- a/.github/workflows/cws-btfhub-sync.yml +++ b/.github/workflows/cws-btfhub-sync.yml @@ -8,11 +8,6 @@ on: required: false default: 'main' type: string - force_refresh: - description: 'Force refresh of the constants' - required: false - default: 'false' - type: boolean schedule: - cron: '30 4 * * 5' # at 4:30 UTC on Friday @@ -83,19 +78,11 @@ jobs: echo "ARTIFACT_NAME=constants-${{ matrix.cone }}" | tr '/' '-' >> $GITHUB_OUTPUT - name: Sync constants - if: ${{ !inputs.force_refresh }} env: ARTIFACT_NAME: ${{ steps.artifact-name.outputs.ARTIFACT_NAME }} run: | inv -e security-agent.generate-btfhub-constants --archive-path=./dev/dist/archive --output-path=./"$ARTIFACT_NAME".json - - name: Force sync constants - if: ${{ inputs.force_refresh }} - env: - ARTIFACT_NAME: ${{ steps.artifact-name.outputs.ARTIFACT_NAME }} - run: | - inv -e security-agent.generate-btfhub-constants --archive-path=./dev/dist/archive --output-path=./"$ARTIFACT_NAME".json --force-refresh - - name: Upload artifact uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: diff --git a/pkg/security/probe/constantfetch/btfhub.go b/pkg/security/probe/constantfetch/btfhub.go index b9652c940ee3a..b957afc6e3f7a 100644 --- a/pkg/security/probe/constantfetch/btfhub.go +++ b/pkg/security/probe/constantfetch/btfhub.go @@ -144,7 +144,6 @@ func newKernelInfos(kv *kernel.Version) (*kernelInfos, error) { // BTFHubConstants represents all the information required for identifying // a unique btf file from BTFHub type BTFHubConstants struct { - Commit string `json:"commit"` Constants []map[string]uint64 `json:"constants"` Kernels []BTFHubKernel `json:"kernels"` } diff --git a/pkg/security/probe/constantfetch/btfhub/constants.json b/pkg/security/probe/constantfetch/btfhub/constants.json index 0467b8c1b1bc8..5d47d7f3ed688 100644 --- a/pkg/security/probe/constantfetch/btfhub/constants.json +++ b/pkg/security/probe/constantfetch/btfhub/constants.json @@ -1,5 +1,4 @@ { - "commit": "", "constants": [ { "binprm_file_offset": 168, diff --git a/pkg/security/probe/constantfetch/btfhub/main.go b/pkg/security/probe/constantfetch/btfhub/main.go index f71dcaaf486e4..5d7849b3dedcf 100644 --- a/pkg/security/probe/constantfetch/btfhub/main.go +++ b/pkg/security/probe/constantfetch/btfhub/main.go @@ -40,13 +40,11 @@ import ( func main() { var archiveRootPath string var constantOutputPath string - var forceRefresh bool var combineConstants bool var cpuPprofPath string flag.StringVar(&archiveRootPath, "archive-root", "", "Root path of BTFHub archive") flag.StringVar(&constantOutputPath, "output", "", "Output path for JSON constants") - flag.BoolVar(&forceRefresh, "force-refresh", false, "Force refresh of the constants") flag.BoolVar(&combineConstants, "combine", false, "Don't read btf files, but read constants") flag.StringVar(&cpuPprofPath, "cpu-prof", "", "Path to the CPU profile to generate") flag.Parse() @@ -81,21 +79,7 @@ func main() { } fmt.Printf("btfhub-archive: commit %s\n", archiveCommit) - preAllocHint := 0 - - if !forceRefresh { - // skip if commit is already the most recent - currentConstants, err := getCurrentConstants(constantOutputPath) - if err == nil && currentConstants.Commit != "" { - if currentConstants.Commit == archiveCommit { - fmt.Printf("already at most recent archive commit") - return - } - preAllocHint = len(currentConstants.Kernels) - } - } - - twCollector := newTreeWalkCollector(preAllocHint) + twCollector := newTreeWalkCollector() var wg sync.WaitGroup // github actions runner have only 2 cores @@ -118,8 +102,6 @@ func main() { export := twCollector.finish() - export.Commit = archiveCommit - if err := outputConstants(&export, constantOutputPath); err != nil { panic(err) } @@ -173,16 +155,7 @@ func combineConstantFiles(archiveRootPath string) (constantfetch.BTFHubConstants return constantfetch.BTFHubConstants{}, errors.New("no json file found") } - lastCommit := "" - for _, file := range files { - if lastCommit != "" && file.Commit != lastCommit { - return constantfetch.BTFHubConstants{}, errors.New("multiple different commits in constant files") - } - } - - res := constantfetch.BTFHubConstants{ - Commit: lastCommit, - } + res := constantfetch.BTFHubConstants{} for _, file := range files { offset := len(res.Constants) @@ -197,20 +170,6 @@ func combineConstantFiles(archiveRootPath string) (constantfetch.BTFHubConstants return res, nil } -func getCurrentConstants(path string) (*constantfetch.BTFHubConstants, error) { - cjson, err := os.ReadFile(path) - if err != nil { - return nil, err - } - - var currentConstants constantfetch.BTFHubConstants - if err := json.Unmarshal(cjson, ¤tConstants); err != nil { - return nil, err - } - - return ¤tConstants, nil -} - func getCommitSha(cwd string) (string, error) { cmd := exec.Command("git", "rev-parse", "HEAD") cmd.Dir = cwd @@ -231,10 +190,10 @@ type treeWalkCollector struct { queryChan chan extractionQuery } -func newTreeWalkCollector(preAllocHint int) *treeWalkCollector { +func newTreeWalkCollector() *treeWalkCollector { return &treeWalkCollector{ counter: 0, - results: make([]extractionResult, 0, preAllocHint), + results: make([]extractionResult, 0), cache: make(map[string]map[string]uint64), queryChan: make(chan extractionQuery), } diff --git a/tasks/security_agent.py b/tasks/security_agent.py index fe1def0e39b8c..7f98765991c23 100644 --- a/tasks/security_agent.py +++ b/tasks/security_agent.py @@ -591,10 +591,9 @@ def single_run(ctx, table_url, output_file, output_string_file, abis=None): @task -def generate_btfhub_constants(ctx, archive_path, force_refresh=False, output_path=DEFAULT_BTFHUB_CONSTANTS_PATH): - force_refresh_opt = "-force-refresh" if force_refresh else "" +def generate_btfhub_constants(ctx, archive_path, output_path=DEFAULT_BTFHUB_CONSTANTS_PATH): ctx.run( - f"go run -tags linux_bpf,btfhubsync ./pkg/security/probe/constantfetch/btfhub/ -archive-root {archive_path} -output {output_path} {force_refresh_opt}", + f"go run -tags linux_bpf,btfhubsync ./pkg/security/probe/constantfetch/btfhub/ -archive-root {archive_path} -output {output_path}", )