From 7336d44e836d92092c03058f42e61d3c69b477f1 Mon Sep 17 00:00:00 2001
From: Fede Barcelona <fede_rico_94@hotmail.com>
Date: Mon, 26 Aug 2024 23:18:50 +0200
Subject: [PATCH] feat(cmake): add conditional builds for falcoctl and rules

There are systems, like Nix derivations where the build process
does not have network access in order to enforce reproducibility.
This patch allows people building Falco to optionally skip the build
of falcoctl with `-DADD_FALCOCTL_DEPENDENCY=OFF` and point to their own
self-backed, or pre-fetched rules files with
`-DFALCOSECURITY_RULES_FALCO_PATH=<some-path>` and
`-DFALCOSECURITY_RULES_LOCAL_PATH=<some-path>`.

For context, I needed to apply these patches while building the
project with Nix in https://github.com/tembleking/falco-nix but I think
that would be benefitial for the community to have also these options
open, and that would also make Falco feasible to be added to the
nixpkgs repository at https://github.com/nixos/nixpkgs

Signed-off-by: Fede Barcelona <fede_rico_94@hotmail.com>
---
 cmake/modules/falcoctl.cmake | 8 ++++++++
 cmake/modules/rules.cmake    | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/cmake/modules/falcoctl.cmake b/cmake/modules/falcoctl.cmake
index f462f55245f..5bf7b0489de 100644
--- a/cmake/modules/falcoctl.cmake
+++ b/cmake/modules/falcoctl.cmake
@@ -14,10 +14,15 @@
 
 include(ExternalProject)
 
+option(ADD_FALCOCTL_DEPENDENCY "Add falcoctl dependency while building falco" ON)
+
+if(ADD_FALCOCTL_DEPENDENCY)
 string(TOLOWER ${CMAKE_HOST_SYSTEM_NAME} FALCOCTL_SYSTEM_NAME)
 
 set(FALCOCTL_VERSION "0.8.0")
 
+message(STATUS "Building with falcoctl: ${FALCOCTL_VERSION}")
+
 if(${CMAKE_HOST_SYSTEM_PROCESSOR} STREQUAL "x86_64")
     set(FALCOCTL_SYSTEM_PROC_GO "amd64")
     set(FALCOCTL_HASH "7b763bfaf38faf582840af22750dca7150d03958a5dc47f6118748713d661589")
@@ -36,3 +41,6 @@ ExternalProject_Add(
 
 install(PROGRAMS "${PROJECT_BINARY_DIR}/falcoctl-prefix/src/falcoctl/falcoctl" DESTINATION "${FALCO_BIN_DIR}" COMPONENT "${FALCO_COMPONENT_NAME}")
 install(DIRECTORY DESTINATION "${FALCO_ABSOLUTE_SHARE_DIR}/plugins" COMPONENT "${FALCO_COMPONENT_NAME}")
+else()
+    message(STATUS "Won't build with falcoctl")
+endif()
diff --git a/cmake/modules/rules.cmake b/cmake/modules/rules.cmake
index f62032ae9e2..81a42946b63 100644
--- a/cmake/modules/rules.cmake
+++ b/cmake/modules/rules.cmake
@@ -15,6 +15,7 @@
 include(GNUInstallDirs)
 include(ExternalProject)
 
+if(NOT DEFINED FALCOSECURITY_RULES_FALCO_PATH)
 # falco_rules.yaml
 set(FALCOSECURITY_RULES_FALCO_VERSION "falco-rules-3.1.0")
 set(FALCOSECURITY_RULES_FALCO_CHECKSUM "SHA256=3b617920c0b66128627613e591a954eb9572747a4c287bc13b53b38786250162")
@@ -28,10 +29,13 @@ ExternalProject_Add(
   INSTALL_COMMAND ""
   TEST_COMMAND ""
 )
+endif()
 
+if(NOT DEFINED FALCOSECURITY_RULES_LOCAL_PATH)
 # falco_rules.local.yaml
 set(FALCOSECURITY_RULES_LOCAL_PATH "${PROJECT_BINARY_DIR}/falcosecurity-rules-local-prefix/falco_rules.local.yaml")
 file(WRITE "${FALCOSECURITY_RULES_LOCAL_PATH}" "# Your custom rules!\n")
+endif()
 
 if(NOT DEFINED FALCO_ETC_DIR)
 	set(FALCO_ETC_DIR "${CMAKE_INSTALL_FULL_SYSCONFDIR}/falco")