Adding VersionStream for datadog-agent-7.73 (wolfi-dev#75786)

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev>
Signed-off-by: Amber Arcadia <amber.arcadia@chainguard.dev>
Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com>
Co-authored-by: Amber Arcadia <amber.arcadia@chainguard.dev>
Co-authored-by: Arturo Borrero Gonzalez <arturo.borrero@chainguard.dev>
Co-authored-by: Daniel Watkins <daniel.watkins@chainguard.dev>

Author: 4 people

datadog-agent-7.73.yaml

@@ -0,0 +1,71 @@
+Author: Sergio Durigan Junior <sergiodj@chainguard.dev>
+Bug-Chainguard: https://github.com/chainguard-dev/internal-dev/issues/12556
+
+datadog-agent version 7.66.0 introduces a few changes that break our
+build.  Namely:
+
+* https://github.com/DataDog/datadog-agent/commit/494f98eb5db09652258c0e0aac936a35d69d7b62
+  changed how the system-probe task refers to the embedded clang
+  compiler.  Previously, it would just call "clang" and let $PATH
+  resolve it, which would conveniently make it use our version of
+  clang-12 installed under /opt/clang/bin.  Now, it hardcodes the
+  compiler as being /opt/datadog-agent/embedded/bin/clang-bpf.  While
+  this could work fine (because clang-bpf has exactly the same version
+  as our clang), upstream's clang doesn't come with system headers
+  available.  This makes clang-bpf fail to find stdarg.h, which causes
+  an FTBFS.
+
+* https://github.com/DataDog/datadog-agent/commit/81ff57c37398943f4e8f486cb51d6ffeb8f901e7
+  got rid of quite a few headers included in
+  pkg/security/ebpf/c/prebuilt/probe.c.  One of them, <linux/mount.h>,
+  is actually still necessary to perform our build (otherwise clang
+  will error out with undefined reference for MNT_INTERNAL).
+
+diff --git a/pkg/security/ebpf/c/prebuilt/probe.c b/pkg/security/ebpf/c/prebuilt/probe.c
+index 38655a7246..767c247062 100644
+--- a/pkg/security/ebpf/c/prebuilt/probe.c
++++ b/pkg/security/ebpf/c/prebuilt/probe.c
+@@ -4,6 +4,8 @@
+ #include <linux/types.h>
+ #include <linux/version.h>
+ 
++#include <linux/mount.h>
++
+ #include <net/sock.h>
+ #include <net/netfilter/nf_conntrack.h>
+ #include <net/netfilter/nf_nat.h>
+diff --git a/tasks/system_probe.py b/tasks/system_probe.py
+index c800313532..7a270835e6 100644
+--- a/tasks/system_probe.py
++++ b/tasks/system_probe.py
+@@ -132,17 +132,17 @@ def ninja_define_ebpf_compiler(
+     nw.variable("kheaders", get_kernel_headers_flags(kernel_release, arch=arch))
+     nw.rule(
+         name="ebpfclang",
+-        command="/opt/datadog-agent/embedded/bin/clang-bpf -MD -MF $out.d $target $ebpfflags $kheaders $flags -c $in -o $out",
++        command="/opt/clang/bin/clang -MD -MF $out.d $target $ebpfflags $kheaders $flags -c $in -o $out",
+         depfile="$out.d",
+     )
+ 
+-    strip = "/opt/datadog-agent/embedded/bin/llvm-strip -g $out"
+-    strip_lbb = "/opt/datadog-agent/embedded/bin/llvm-strip -w -N \"LBB*\" $out"
++    strip = "/opt/clang/bin/llvm-strip -g $out"
++    strip_lbb = "/opt/clang/bin/llvm-strip -w -N \"LBB*\" $out"
+     strip_part = f"&& {strip} && {strip_lbb}" if strip_object_files else ""
+ 
+     nw.rule(
+         name="llc",
+-        command=f"/opt/datadog-agent/embedded/bin/llc-bpf -march=bpf -filetype=obj -o $out $in {strip_part}",
++        command=f"/opt/clang/bin/llc -march=bpf -filetype=obj -o $out $in {strip_part}",
+     )
+ 
+ 
+@@ -151,7 +151,7 @@ def ninja_define_co_re_compiler(nw: NinjaWriter, arch: Arch | None = None):
+ 
+     nw.rule(
+         name="ebpfcoreclang",
+-        command="/opt/datadog-agent/embedded/bin/clang-bpf -MD -MF $out.d -target bpf $ebpfcoreflags $flags -c $in -o $out",
++        command="/opt/clang/bin/clang -MD -MF $out.d -target bpf $ebpfcoreflags $flags -c $in -o $out",
+         depfile="$out.d",
+     )
+ 

datadog-agent-7.73/fix-7.66.0-ftbfs.patch

@@ -0,0 +1,44 @@
+diff --git a/pkg/security/resolvers/sbom/collectorv2/sqlite.go b/pkg/security/resolvers/sbom/collectorv2/sqlite.go
+index 6e46d97c..5ba3392a 100644
+--- a/pkg/security/resolvers/sbom/collectorv2/sqlite.go
++++ b/pkg/security/resolvers/sbom/collectorv2/sqlite.go
+@@ -16,6 +16,15 @@ import (
+ // This is required to load sqlite based RPM databases
+ func init() {
+ 	// mattn/go-sqlite3 is only registering the sqlite3 driver
+-	// let's register the sqlite (no 3) driver as well
+-	sql.Register("sqlite", &sqlite3.SQLiteDriver{})
++	// let's register the sqlite (no 3) driver as well, but only if not already registered
++	// to avoid panic from duplicate registration (can happen when both this package and
++	// pkg/util/trivy are imported together like how we bundle during build time)
++	func() {
++		defer func() {
++			if r := recover(); r != nil {
++				// Driver already registered, silently ignore
++			}
++		}()
++		sql.Register("sqlite", &sqlite3.SQLiteDriver{})
++	}()
+ }
+diff --git a/pkg/util/trivy/sqlite.go b/pkg/util/trivy/sqlite.go
+index 97f6f93d..e4f33da1 100644
+--- a/pkg/util/trivy/sqlite.go
++++ b/pkg/util/trivy/sqlite.go
+@@ -18,6 +18,15 @@ import (
+ // This is required to load sqlite based RPM databases
+ func init() {
+ 	// mattn/go-sqlite3 is only registering the sqlite3 driver
+-	// let's register the sqlite (no 3) driver as well
+-	sql.Register("sqlite", &sqlite3.SQLiteDriver{})
++	// let's register the sqlite (no 3) driver as well, but only if not already registered
++	// to avoid panic from duplicate registration (can happen when both this package and
++	// pkg/security/resolvers/sbom/collectorv2 are imported together like how we bundle during build time)
++	func() {
++		defer func() {
++			if r := recover(); r != nil {
++				// Driver already registered, silently ignore
++			}
++		}()
++		sql.Register("sqlite", &sqlite3.SQLiteDriver{})
++	}()
+ }

datadog-agent-7.73/fix-sqlite-double-registration.patch

@@ -0,0 +1,13 @@
+diff --git a/datadog_checks_dev/pyproject.toml b/datadog_checks_dev/pyproject.toml
+index 260e4dc642..8f66624770 100644
+--- a/datadog_checks_dev/pyproject.toml
++++ b/datadog_checks_dev/pyproject.toml
+@@ -68,7 +68,7 @@ cli = [
+     "pip-tools",
+     "pathspec>=0.10.0",
+     "platformdirs>=2.0.0a3",
+-    "pydantic>=2.0.2",
++    "pydantic>=2.4.0",
+     "pysmi==0.3.4",
+     "securesystemslib[crypto]==0.28.0",
+     "semver>=2.13.0",

datadog-agent-7.73/int-core-datadog_checks_dev-pyproject-toml.patch

@@ -0,0 +1,13 @@
+diff --git a/mysql/hatch.toml b/mysql/hatch.toml
+index 2f6784e9ce..b47f98c80c 100644
+--- a/mysql/hatch.toml
++++ b/mysql/hatch.toml
+@@ -10,7 +10,7 @@ mypy-args = [
+ mypy-deps = [
+   "types-cachetools==0.1.10",
+   "types-enum34==1.1.1",
+-  "types-pymysql==1.1.0.1",
++  "types-pymysql==1.1.1.1",
+ ]
+ 
+ [[envs.default.matrix]]

datadog-agent-7.73/int-core-mysql-hatch-toml.patch

@@ -0,0 +1,13 @@
+diff --git a/singlestore/hatch.toml b/singlestore/hatch.toml
+index 142ef97f7a..7ce040c208 100644
+--- a/singlestore/hatch.toml
++++ b/singlestore/hatch.toml
+@@ -2,7 +2,7 @@
+ check-types = false
+ 
+ mypy-deps = [
+-  "types-PyMySQL==1.1.0.1",
++  "types-PyMySQL==1.1.1.1",
+ ]
+ 
+ [[envs.default.matrix]]