From: Felix Geyer Date: Fri, 15 Nov 2019 17:12:53 +0000 (+0000) Subject: Import libseccomp_2.4.2-2.debian.tar.xz X-Git-Tag: archive/raspbian/2.4.2-2+rpi1^2~4^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=02b3ecb2d722a3e7ff6e058b38dba443301ac370;p=libseccomp.git Import libseccomp_2.4.2-2.debian.tar.xz [dgit import tarball libseccomp 2.4.2-2 libseccomp_2.4.2-2.debian.tar.xz] --- 02b3ecb2d722a3e7ff6e058b38dba443301ac370 diff --git a/changelog b/changelog new file mode 100644 index 0000000..dc5e258 --- /dev/null +++ b/changelog @@ -0,0 +1,259 @@ +libseccomp (2.4.2-2) unstable; urgency=medium + + [ Christian Ehrhardt ] + * d/rules: fix potential FTFBS after full python3 switch + * d/t/control: drop python2 test following the removal of the package + + [ Felix Geyer ] + * Remove build-dependency on valgrind for mips64el as it's broken there. + * Backport patch to define __SNR_ppoll again. + - Add api_define__SNR_ppoll_again.patch + * Replace custom patch for cython3 with the upstream fix. + + -- Felix Geyer Fri, 15 Nov 2019 18:12:53 +0100 + +libseccomp (2.4.2-1) unstable; urgency=medium + + [ Christian Ehrhardt ] + * New upstream release 2.4.2 for compatibility with newer kernels and + fixing FTBFS (LP: #1849785). + - drop d/p/python_install_dir.patch (now upstream) + - d/rules: adapt to python 3.8 lacking the m modifier on includes + see https://wiki.debian.org/Python/Python3.8 + - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix + build time test on arm64 + + [ Felix Geyer ] + * Drop Python 2 bindings. (Closes: #936917) + - Add cython3.patch to use the Python 3 cython variant. + + -- Felix Geyer Wed, 13 Nov 2019 00:00:49 +0100 + +libseccomp (2.4.1-2) unstable; urgency=medium + + * Remove build-dependency on valgrind for mipsel and x32 as it's broken + on those archs. + * Set Rules-Requires-Root: no. + + -- Felix Geyer Fri, 19 Jul 2019 00:03:34 +0200 + +libseccomp (2.4.1-1) unstable; urgency=medium + + * New upstream release. + - Addresses CVE-2019-9893 (Closes: #924646) + * Drop all patches for parisc arch support, merged upstream. + * Build-depend on valgrind to run more unit tests. + * Run dh_auto_configure for every python 3 version to install the extension + in the correct path. + * Update the symbols file. + * Adapt autopkgtest to new upstream version: + - Build against pthread + - Build scmp_api_level tool + * Upgrade to debhelper compat level 12. + - Add d/not-installed file + * Fix install path of the python module. + - Add python_install_dir.patch + * Add autopkgtest for python packages. + + -- Felix Geyer Wed, 17 Jul 2019 23:23:28 +0200 + +libseccomp (2.3.3-4) unstable; urgency=medium + + [ Ondřej Nový ] + * d/copyright: Change Format URL to correct one + + [ Helmut Grohne ] + * Fix FTCBFS: (Closes: #903556) + + Multiarchify python Build-Depends. + + Annotate cython dependencies with :native for now. + + Drop noop dh_auto_build invocations. + + Pass a suitable PYTHONPATH for python2. + + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. + + -- Felix Geyer Sun, 10 Feb 2019 12:25:44 +0100 + +libseccomp (2.3.3-3) unstable; urgency=medium + + * Fix FTBFS: Adapt to renamed README file. (Closes: #902767) + + -- Felix Geyer Sun, 01 Jul 2018 20:32:03 +0200 + +libseccomp (2.3.3-2) unstable; urgency=medium + + [ Helmut Grohne ] + * Support the nopython build profile. (Closes: #897057) + + [ Felix Geyer ] + * Run upstream "live" tests in an autopkgtest. + + -- Felix Geyer Sun, 13 May 2018 09:53:08 +0200 + +libseccomp (2.3.3-1) unstable; urgency=medium + + * New upstream release. (Closes: #895417) + - Adds pkey_mprotect syscall. (Closes: #893722) + * Refresh parisc patch. + * Move libseccomp2 back to /usr/lib. (Closes: #894988) + * Make test failures cause the build to fail. (Closes: 877901) + * Build python bindings. (Closes: #810712) + * Switch to debhelper compat level 10. + * Move git repo to salsa.debian.org + * Add myself to Uploaders. + + -- Felix Geyer Sun, 22 Apr 2018 23:55:03 +0200 + +libseccomp (2.3.1-2.1) unstable; urgency=medium + + [ Martin Pitt ] + * Non-maintainer upload with Kees' consent. + + [ Laurent Bigonville ] + * Ensure strict enough generated dependencies (Closes: #844496) + + -- Martin Pitt Thu, 17 Nov 2016 10:16:44 +0100 + +libseccomp (2.3.1-2) unstable; urgency=medium + + * Add hppa (parisc) support (Closes: #820501) + + -- Luca Bruno Sat, 28 May 2016 20:05:01 +0200 + +libseccomp (2.3.1-1) unstable; urgency=medium + + * New upstream release + * control: add Vcs-* fields + + -- Luca Bruno Tue, 05 Apr 2016 22:16:55 +0200 + +libseccomp (2.3.0-1) unstable; urgency=medium + + * New upstream release + + drop all patches, applied upstream + * libseccomp2: update symbols file + * control: add myself to uploaders + * control: bump policy version + + -- Luca Bruno Sun, 03 Apr 2016 00:31:09 +0200 + +libseccomp (2.2.3-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/patches/add-x86-32bit-socket-calls.patch: add the newly + connected direct socket calls. (Closes: #809556) + * debian/add-membarrier.patch: add membarrier syscall. + * Backport patches for ppc/ppc64 and s390x. (Closes: #800818) + + -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 + +libseccomp (2.2.3-2) unstable; urgency=medium + + * debian/control: enable mips64, mips64el, and x32 architectures, + thanks to Helmut Grohne (Closes: 797383). + + -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 + +libseccomp (2.2.3-1) unstable; urgency=medium + + * New upstream release (Closes: 793032). + * debian/control: update Homepage (Closes: 793033). + + -- Kees Cook Mon, 03 Aug 2015 15:06:08 -0700 + +libseccomp (2.2.1-2) unstable; urgency=medium + + * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl + (Closes: 788923). + + -- Kees Cook Tue, 16 Jun 2015 12:45:08 -0700 + +libseccomp (2.2.1-1) unstable; urgency=medium + + * New upstream release (Closes: 785428). + - debian/patches dropped: incorporated upstream. + * debian/libseccomp2.symbols: include only documented symbols. + * debian/libseccomp-dev.install: include static library (Closes: 698508). + * debian/control: + - add newly supported arm64, mips, and mipsel. + - bump standards version, no changes needed. + + -- Kees Cook Sat, 16 May 2015 08:15:26 -0700 + +libseccomp (2.1.1-1) unstable; urgency=low + + * New upstream release (Closes: 733293). + * copyright: add a few missed people. + * rules: adjusted for new test target. + * libseccomp2.symbols: drop accidentally exported functions. + * control: + - bump standards, no changes needed. + - add armel target + + -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 + +libseccomp (2.1.0+dfsg-1) unstable; urgency=low + + * Rebuild source package without accidental binaries (Closes: 725617). + - debian/watch: mangle upstream version check. + * debian/rules: make tests non-fatal while upstream fixes them + (Closes: 721292). + + -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 + +libseccomp (2.1.0-1) unstable; urgency=low + + * New upstream release (Closes: 718398): + - dropped debian/patches/manpage-dashes.patch: taken upstream. + - dropped debian/patches/include-unistd.patch: not needed. + - debian/patches/testsuite-x86-write.patch: taken upstream. + - ABI bump: moved from libseccomp1 to libseccomp2. + * debian/control: + - added Arch: armhf, now supported upstream. + - added seccomp binary package for helper tools. + * Added debian/patches/manpage-typo.patch: spelling fix. + * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. + + -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 + +libseccomp (1.0.1-2) unstable; urgency=low + + * debian/rules: enable testsuite at build time, thanks to + Stéphane Graber (Closes: 698803). + * Added debian/patches/include-unistd.patch: detect location of + asm/unistd.h correctly. + * Added debian/patches/testsuite-x86-write.patch: skip the "write" + syscall correctly on x86. + * debian/control: bump standards to 3.9.4, no changes needed. + + -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 + +libseccomp (1.0.1-1) unstable; urgency=low + + * New upstream release. + * debian/control: only build on amd64 and i386 (Closes: 687368). + + -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 + +libseccomp (1.0.0-1) unstable; urgency=low + + * New upstream release. + - bump ABI. + - drop build verbosity patch, use upstream V=1 instead. + * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). + * debian/patches/pkgconfig-macro.patch: use literals for macro. + + -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 + +libseccomp (0.1.0-1) unstable; urgency=low + + * New upstream release. + - drop patches taken upstream: + - libexecdir.patch + - pass-flags.patch + + -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 + +libseccomp (0.0.0~20120605-1) unstable; urgency=low + + * Initial release (Closes: #676257). + + -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --git a/control b/control new file mode 100644 index 0000000..6d2dcae --- /dev/null +++ b/control @@ -0,0 +1,62 @@ +Source: libseccomp +Section: libs +Priority: optional +Maintainer: Kees Cook +Uploaders: Luca Bruno , Felix Geyer +Build-Depends: debhelper-compat (= 12), + linux-libc-dev, + dh-python , + python3-all-dev:any , + libpython3-all-dev , + cython3:native , + valgrind [amd64 arm64 armhf i386 mips mips64 powerpc ppc64 ppc64el s390x] +Rules-Requires-Root: no +Standards-Version: 3.9.7 +Homepage: https://github.com/seccomp/libseccomp +Vcs-Git: https://salsa.debian.org/debian/libseccomp.git +Vcs-Browser: https://salsa.debian.org/debian/libseccomp + +Package: libseccomp-dev +Section: libdevel +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} +Suggests: seccomp +Description: high level interface to Linux seccomp filter (development files) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + . + This package contains the development files. + +Package: libseccomp2 +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: high level interface to Linux seccomp filter + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + +Package: seccomp +Section: utils +Architecture: linux-any +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: libseccomp-dev +Description: helper tools for high level interface to Linux seccomp filter + Provides helper tools for interacting with libseccomp. Currently, only + a single tool exists, providing a way to easily enumerate syscalls across + the supported architectures. + +Package: python3-seccomp +Build-Profiles: +Architecture: linux-any +Multi-Arch: same +Section: python +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} +Description: high level interface to Linux seccomp filter (Python 3 bindings) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. diff --git a/copyright b/copyright new file mode 100644 index 0000000..307817f --- /dev/null +++ b/copyright @@ -0,0 +1,39 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libseccomp +Source: https://sourceforge.net/projects/libseccomp/ + +Files: * +Copyright: 2012 Paul Moore + 2012 Ashley Lai + 2012 Corey Bryant + 2012 Eduardo Otubo + 2012 Eric Paris +License: LGPL-2.1 + +Files: tests/22-sim-basic_chains_array.tests +Copyright: 2013 Vitaly Shukela +License: LGPL-2.1 + +Files: src/hash.* +Copyright: 2006 Bob Jenkins +License: LGPL-2.1 + +Files: debian/* +Copyright: 2012 Kees Cook +License: LGPL-2.1 + +License: LGPL-2.1 + This library is free software; you can redistribute it and/or modify it + under the terms of version 2.1 of the GNU Lesser General Public License as + published by the Free Software Foundation. + . + This library is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + for more details. + . + You should have received a copy of the GNU Lesser General Public License + along with this library; if not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --git a/docs b/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/docs @@ -0,0 +1 @@ +README.md diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..c16083c --- /dev/null +++ b/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +upstream-tag = upstream/%(version)s +debian-tag = debian/%(version)s +pristine-tar = True +upstream-branch = upstream +debian-branch = debian/sid + +[buildpackage] +submodules = True diff --git a/libseccomp-dev.install b/libseccomp-dev.install new file mode 100644 index 0000000..b973af4 --- /dev/null +++ b/libseccomp-dev.install @@ -0,0 +1,4 @@ +usr/include/* +usr/lib/*/lib*.so +usr/lib/*/lib*.a +usr/lib/*/pkgconfig/* diff --git a/libseccomp-dev.manpages b/libseccomp-dev.manpages new file mode 100644 index 0000000..7c72677 --- /dev/null +++ b/libseccomp-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/libseccomp2.install b/libseccomp2.install new file mode 100644 index 0000000..3ddde58 --- /dev/null +++ b/libseccomp2.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff --git a/libseccomp2.symbols b/libseccomp2.symbols new file mode 100644 index 0000000..b710bf8 --- /dev/null +++ b/libseccomp2.symbols @@ -0,0 +1,28 @@ +libseccomp.so.2 libseccomp2 #MINVER# +* Build-Depends-Package: libseccomp-dev + seccomp_api_get@Base 2.4.1 + seccomp_api_set@Base 2.4.1 + seccomp_attr_get@Base 0.0.0~20120605 + seccomp_attr_set@Base 0.0.0~20120605 + seccomp_export_bpf@Base 0.0.0~20120605 + seccomp_export_pfc@Base 0.0.0~20120605 + seccomp_init@Base 0.0.0~20120605 + seccomp_load@Base 0.0.0~20120605 + seccomp_release@Base 0.0.0~20120605 + seccomp_reset@Base 0.0.0~20120605 + seccomp_rule_add@Base 0.0.0~20120605 + seccomp_rule_add_exact@Base 0.0.0~20120605 + seccomp_syscall_priority@Base 0.0.0~20120605 + seccomp_syscall_resolve_name@Base 1.0.1 + seccomp_merge@Base 1.0.1 + seccomp_arch_add@Base 1.0.1 + seccomp_arch_exist@Base 1.0.1 + seccomp_arch_remove@Base 1.0.1 + seccomp_arch_native@Base 2.1.0 + seccomp_rule_add_array@Base 2.1.0 + seccomp_rule_add_exact_array@Base 2.1.0 + seccomp_syscall_resolve_name_arch@Base 2.1.0 + seccomp_syscall_resolve_num_arch@Base 2.1.0 + seccomp_arch_resolve_name@Base 2.2.1 + seccomp_syscall_resolve_name_rewrite@Base 2.2.1 + seccomp_version@Base 2.3.0 diff --git a/not-installed b/not-installed new file mode 100644 index 0000000..4f60595 --- /dev/null +++ b/not-installed @@ -0,0 +1,3 @@ +usr/lib/python*/*-packages/install_files.txt +usr/lib/python*/*-packages/seccomp-*.egg-info +usr/lib/*/libseccomp.la diff --git a/patches/api_define__SNR_ppoll_again.patch b/patches/api_define__SNR_ppoll_again.patch new file mode 100644 index 0000000..cc8ea1e --- /dev/null +++ b/patches/api_define__SNR_ppoll_again.patch @@ -0,0 +1,41 @@ +https://github.com/seccomp/libseccomp/pull/186 + +From 2e54815cd843687d750cc9822f992389bb7b76cd Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Wed, 13 Nov 2019 13:36:10 +0100 +Subject: [PATCH] api: define __SNR_ppoll again + +Commit bf747eb21e428c2b3ead6ebcca27951b681963a0 accidentally removed the +__SNR_ppoll definition. Add it back, using a PNR value if disabled in +the kernel headers. + +Signed-off-by: Miroslav Lichvar +--- + include/seccomp-syscalls.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h +index 6457592..3c958df 100644 +--- a/include/seccomp-syscalls.h ++++ b/include/seccomp-syscalls.h +@@ -272,6 +272,7 @@ + #define __PNR_timerfd_gettime64 -10238 + #define __PNR_timerfd_settime64 -10239 + #define __PNR_utimensat_time64 -10240 ++#define __PNR_ppoll -10241 + + /* + * libseccomp syscall definitions +@@ -1359,6 +1360,12 @@ + #define __SNR_poll __PNR_poll + #endif + ++#ifdef __NR_ppoll ++#define __SNR_ppoll __NR_ppoll ++#else ++#define __SNR_ppoll __PNR_ppoll ++#endif ++ + #ifdef __NR_ppoll_time64 + #define __SNR_ppoll_time64 __NR_ppoll_time64 + #else diff --git a/patches/cython3.patch b/patches/cython3.patch new file mode 100644 index 0000000..4b749d0 --- /dev/null +++ b/patches/cython3.patch @@ -0,0 +1,45 @@ +https://github.com/seccomp/libseccomp/pull/188 + +From 8d09eb9314ad00aa0584345ae66d4419b38da8e0 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Wed, 13 Nov 2019 20:54:25 -0500 +Subject: [PATCH] build: try to use explicitly marked Python 3.x tools first + +Python 2.x is going EOL very soon, so let's require Python 3.x now +and attempt to use the explicitly marked Python 3.x tools first. + +Signed-off-by: Paul Moore +--- + configure.ac | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 2ae6b2d..7d80b40 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO]) + dnl #### + dnl cython checks + dnl #### +-AC_CHECK_PROG(have_cython, cython, "yes", "no") +-AS_IF([test "$have_cython" = yes], [ +- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)") +- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); +- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); ++AC_CHECK_PROGS(cython, cython3 cython, "no") ++AS_IF([test "$cython" != no], [ ++ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)") ++ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); ++ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); + ],[ + CYTHON_VER_MAJ=0 + CYTHON_VER_MIN=0 +@@ -112,7 +112,7 @@ AS_IF([test "$enable_python" = yes], [ + AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [ + AC_MSG_ERROR([python bindings require cython 0.29 or higher]) + ]) +- AM_PATH_PYTHON ++ AM_PATH_PYTHON([3]) + ]) + AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) + AC_DEFINE_UNQUOTED([ENABLE_PYTHON], diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..bbdb514 --- /dev/null +++ b/patches/series @@ -0,0 +1,3 @@ +tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch +cython3.patch +api_define__SNR_ppoll_again.patch diff --git a/patches/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch b/patches/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch new file mode 100644 index 0000000..82c9360 --- /dev/null +++ b/patches/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch @@ -0,0 +1,47 @@ +From 35803ceb43c453762a3ab5177c5f8d5dbb813478 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Tue, 5 Nov 2019 15:11:11 -0500 +Subject: [PATCH] tests: rely on __SNR_xxx instead of __NR_xxx for syscalls + +We recently changed how libseccomp handles syscall numbers that are +not defined natively, but we missed test #15. + +Signed-off-by: Paul Moore + +Note: Tagged for v2.5, but needed to build 2.4.2 with newer kernels on arm +This is part of PR: https://github.com/seccomp/libseccomp/pull/182 +Upstream Bug: https://github.com/seccomp/libseccomp/issues/184 +Origin: upstream, https://github.com/pcmoore/misc-libseccomp/commit/35803ceb43c453762a3ab5177c5f8d5dbb813478 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1849785 +Last-Update: 2019-11-12 + +--- + tests/15-basic-resolver.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 6badef1..0c1eefe 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -55,15 +55,15 @@ int main(int argc, char *argv[]) + unsigned int arch; + char *name = NULL; + +- if (seccomp_syscall_resolve_name("open") != __NR_open) ++ if (seccomp_syscall_resolve_name("open") != __SNR_open) + goto fail; +- if (seccomp_syscall_resolve_name("read") != __NR_read) ++ if (seccomp_syscall_resolve_name("read") != __SNR_read) + goto fail; + if (seccomp_syscall_resolve_name("INVALID") != __NR_SCMP_ERROR) + goto fail; + + rc = seccomp_syscall_resolve_name_rewrite(SCMP_ARCH_NATIVE, "openat"); +- if (rc != __NR_openat) ++ if (rc != __SNR_openat) + goto fail; + + while ((arch = arch_list[iter++]) != -1) { +-- +2.24.0 + diff --git a/python-seccomp.install b/python-seccomp.install new file mode 100644 index 0000000..a71458d --- /dev/null +++ b/python-seccomp.install @@ -0,0 +1 @@ +usr/lib/python2.*/dist-packages/seccomp.so diff --git a/python3-seccomp.install b/python3-seccomp.install new file mode 100644 index 0000000..97a45dc --- /dev/null +++ b/python3-seccomp.install @@ -0,0 +1 @@ +usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff --git a/rules b/rules new file mode 100755 index 0000000..54d5951 --- /dev/null +++ b/rules @@ -0,0 +1,37 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Enable verbose build details. +export V=1 + +include /usr/share/dpkg/architecture.mk + +%: +ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) + dh $@ --with python3 +else + dh $@ +endif + +ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) + +override_dh_auto_install: + dh_auto_install + for pyver in `py3versions -s`; do \ + set -e; \ + if python3 -c "pyver='$$pyver'; exit(0 if float(pyver[6:]) >= 3.8 else 1)"; then \ + export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ + else \ + export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata_m_${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ + fi; \ + dh_auto_configure -- --enable-python PYTHON=$$pyver; \ + dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ + done +endif + +override_dh_auto_clean: + dh_auto_clean + rm -f regression.out diff --git a/seccomp.install b/seccomp.install new file mode 100644 index 0000000..1df36c6 --- /dev/null +++ b/seccomp.install @@ -0,0 +1 @@ +usr/bin/* diff --git a/seccomp.manpages b/seccomp.manpages new file mode 100644 index 0000000..5ea05fe --- /dev/null +++ b/seccomp.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/* diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/common b/tests/common new file mode 100644 index 0000000..e02e8db --- /dev/null +++ b/tests/common @@ -0,0 +1,12 @@ +SRCDIR="$(pwd)" + +mkdir "$AUTOPKGTEST_TMP/tests" "$AUTOPKGTEST_TMP/tools" +cp -a tests/. "$AUTOPKGTEST_TMP/tests/" + +cd "$AUTOPKGTEST_TMP/tests" + +# build tools needed for tests +for tool in scmp_api_level scmp_arch_detect scmp_sys_resolver; do + echo "Building $tool ..." + gcc -O2 -g "$SRCDIR/tools/$tool.c" "$SRCDIR/tools/util.c" -lseccomp -o ../tools/$tool +done diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..3d2c4ba --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: testsuite-live +Depends: libseccomp-dev, build-essential +Restrictions: isolation-machine + +Tests: testsuite-live-python3 +Depends: libseccomp-dev, build-essential, python3-seccomp +Restrictions: isolation-machine, allow-stderr diff --git a/tests/testsuite-live b/tests/testsuite-live new file mode 100644 index 0000000..bbf20d0 --- /dev/null +++ b/tests/testsuite-live @@ -0,0 +1,17 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +# manually build necessary files against the installed libseccomp + +# build live tests +for filename in *-live-*.tests; do + testname=$(echo "$filename" | cut -f 1 -d '.') + echo "Building $testname ..." + gcc -O2 -g "${testname}.c" util.c -pthread -lseccomp -o "$testname" +done + +echo "Running test suite ..." +./regression -T live diff --git a/tests/testsuite-live-python2 b/tests/testsuite-live-python2 new file mode 100644 index 0000000..9c9ded4 --- /dev/null +++ b/tests/testsuite-live-python2 @@ -0,0 +1,8 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +echo "Running test suite ..." +./regression -T live -m python diff --git a/tests/testsuite-live-python3 b/tests/testsuite-live-python3 new file mode 100644 index 0000000..f4fb094 --- /dev/null +++ b/tests/testsuite-live-python3 @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +# make sure "python" points to python3 as this is not configurable +# in the regression script +mkdir python3env +ln -s /usr/bin/python3 python3env/python + +echo "Running test suite ..." +PATH="$(pwd)/python3env:$PATH" ./regression -T live -m python diff --git a/watch b/watch new file mode 100644 index 0000000..5689edc --- /dev/null +++ b/watch @@ -0,0 +1,6 @@ +# See uscan(1) for format +version=3 +opts=dversionmangle=s/\+dfsg// \ +https://github.com/seccomp/libseccomp/releases \ + /download/v.*/libseccomp-(.*)\.tar\.gz \ + debian uupdate