From 6444bf97c934f2547ee75bad27707f36bf809702 Mon Sep 17 00:00:00 2001 From: Felix Geyer Date: Sun, 20 Sep 2020 18:03:41 +0100 Subject: [PATCH] Import libseccomp_2.4.4-1.debian.tar.xz [dgit import tarball libseccomp 2.4.4-1 libseccomp_2.4.4-1.debian.tar.xz] --- changelog | 284 ++++++++++ control | 62 +++ copyright | 39 ++ docs | 1 + gbp.conf | 9 + libseccomp-dev.install | 4 + libseccomp-dev.manpages | 1 + libseccomp2.install | 1 + libseccomp2.symbols | 28 + not-installed | 3 + patches/cython3.patch | 45 ++ patches/riscv64_support.patch | 999 ++++++++++++++++++++++++++++++++++ patches/series | 2 + python-seccomp.install | 1 + python3-seccomp.install | 1 + rules | 37 ++ seccomp.install | 1 + seccomp.manpages | 1 + source/format | 1 + tests/common | 12 + tests/control | 7 + tests/testsuite-live | 17 + tests/testsuite-live-python2 | 8 + tests/testsuite-live-python3 | 13 + upstream/metadata | 4 + upstream/signing-key.asc | 192 +++++++ watch | 6 + 27 files changed, 1779 insertions(+) create mode 100644 changelog create mode 100644 control create mode 100644 copyright create mode 100644 docs create mode 100644 gbp.conf create mode 100644 libseccomp-dev.install create mode 100644 libseccomp-dev.manpages create mode 100644 libseccomp2.install create mode 100644 libseccomp2.symbols create mode 100644 not-installed create mode 100644 patches/cython3.patch create mode 100644 patches/riscv64_support.patch create mode 100644 patches/series create mode 100644 python-seccomp.install create mode 100644 python3-seccomp.install create mode 100755 rules create mode 100644 seccomp.install create mode 100644 seccomp.manpages create mode 100644 source/format create mode 100644 tests/common create mode 100644 tests/control create mode 100644 tests/testsuite-live create mode 100644 tests/testsuite-live-python2 create mode 100644 tests/testsuite-live-python3 create mode 100644 upstream/metadata create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/changelog b/changelog new file mode 100644 index 0000000..87d3372 --- /dev/null +++ b/changelog @@ -0,0 +1,284 @@ +libseccomp (2.4.4-1) unstable; urgency=medium + + * Team upload. + + [ Debian Janitor ] + * Set upstream metadata fields: Repository, Repository-Browse. + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository. + + [ Felix Geyer ] + * New upstream release. + * Download and verify orig gpg signature. + + -- Felix Geyer Sun, 20 Sep 2020 19:03:41 +0200 + +libseccomp (2.4.3-1) unstable; urgency=medium + + * New upstream release. + * Drop patches that have been applied upstream: + - tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch + - api_define__SNR_ppoll_again.patch + * Cherry-pick support for the riscv64 architecture. (Closes: #952386) + - Add riscv64_support.patch + + -- Felix Geyer Thu, 12 Mar 2020 23:35:13 +0100 + +libseccomp (2.4.2-2) unstable; urgency=medium + + [ Christian Ehrhardt ] + * d/rules: fix potential FTFBS after full python3 switch + * d/t/control: drop python2 test following the removal of the package + + [ Felix Geyer ] + * Remove build-dependency on valgrind for mips64el as it's broken there. + * Backport patch to define __SNR_ppoll again. + - Add api_define__SNR_ppoll_again.patch + * Replace custom patch for cython3 with the upstream fix. + + -- Felix Geyer Fri, 15 Nov 2019 18:12:53 +0100 + +libseccomp (2.4.2-1) unstable; urgency=medium + + [ Christian Ehrhardt ] + * New upstream release 2.4.2 for compatibility with newer kernels and + fixing FTBFS (LP: #1849785). + - drop d/p/python_install_dir.patch (now upstream) + - d/rules: adapt to python 3.8 lacking the m modifier on includes + see https://wiki.debian.org/Python/Python3.8 + - d/p/tests-rely-on-__SNR_xxx-instead-of-__NR_xxx-for-sysc.patch: fix + build time test on arm64 + + [ Felix Geyer ] + * Drop Python 2 bindings. (Closes: #936917) + - Add cython3.patch to use the Python 3 cython variant. + + -- Felix Geyer Wed, 13 Nov 2019 00:00:49 +0100 + +libseccomp (2.4.1-2) unstable; urgency=medium + + * Remove build-dependency on valgrind for mipsel and x32 as it's broken + on those archs. + * Set Rules-Requires-Root: no. + + -- Felix Geyer Fri, 19 Jul 2019 00:03:34 +0200 + +libseccomp (2.4.1-1) unstable; urgency=medium + + * New upstream release. + - Addresses CVE-2019-9893 (Closes: #924646) + * Drop all patches for parisc arch support, merged upstream. + * Build-depend on valgrind to run more unit tests. + * Run dh_auto_configure for every python 3 version to install the extension + in the correct path. + * Update the symbols file. + * Adapt autopkgtest to new upstream version: + - Build against pthread + - Build scmp_api_level tool + * Upgrade to debhelper compat level 12. + - Add d/not-installed file + * Fix install path of the python module. + - Add python_install_dir.patch + * Add autopkgtest for python packages. + + -- Felix Geyer Wed, 17 Jul 2019 23:23:28 +0200 + +libseccomp (2.3.3-4) unstable; urgency=medium + + [ Ondřej Nový ] + * d/copyright: Change Format URL to correct one + + [ Helmut Grohne ] + * Fix FTCBFS: (Closes: #903556) + + Multiarchify python Build-Depends. + + Annotate cython dependencies with :native for now. + + Drop noop dh_auto_build invocations. + + Pass a suitable PYTHONPATH for python2. + + Pass _PYTHON_SYSCONFIGDATA_NAME for python3. + + -- Felix Geyer Sun, 10 Feb 2019 12:25:44 +0100 + +libseccomp (2.3.3-3) unstable; urgency=medium + + * Fix FTBFS: Adapt to renamed README file. (Closes: #902767) + + -- Felix Geyer Sun, 01 Jul 2018 20:32:03 +0200 + +libseccomp (2.3.3-2) unstable; urgency=medium + + [ Helmut Grohne ] + * Support the nopython build profile. (Closes: #897057) + + [ Felix Geyer ] + * Run upstream "live" tests in an autopkgtest. + + -- Felix Geyer Sun, 13 May 2018 09:53:08 +0200 + +libseccomp (2.3.3-1) unstable; urgency=medium + + * New upstream release. (Closes: #895417) + - Adds pkey_mprotect syscall. (Closes: #893722) + * Refresh parisc patch. + * Move libseccomp2 back to /usr/lib. (Closes: #894988) + * Make test failures cause the build to fail. (Closes: 877901) + * Build python bindings. (Closes: #810712) + * Switch to debhelper compat level 10. + * Move git repo to salsa.debian.org + * Add myself to Uploaders. + + -- Felix Geyer Sun, 22 Apr 2018 23:55:03 +0200 + +libseccomp (2.3.1-2.1) unstable; urgency=medium + + [ Martin Pitt ] + * Non-maintainer upload with Kees' consent. + + [ Laurent Bigonville ] + * Ensure strict enough generated dependencies (Closes: #844496) + + -- Martin Pitt Thu, 17 Nov 2016 10:16:44 +0100 + +libseccomp (2.3.1-2) unstable; urgency=medium + + * Add hppa (parisc) support (Closes: #820501) + + -- Luca Bruno Sat, 28 May 2016 20:05:01 +0200 + +libseccomp (2.3.1-1) unstable; urgency=medium + + * New upstream release + * control: add Vcs-* fields + + -- Luca Bruno Tue, 05 Apr 2016 22:16:55 +0200 + +libseccomp (2.3.0-1) unstable; urgency=medium + + * New upstream release + + drop all patches, applied upstream + * libseccomp2: update symbols file + * control: add myself to uploaders + * control: bump policy version + + -- Luca Bruno Sun, 03 Apr 2016 00:31:09 +0200 + +libseccomp (2.2.3-3) unstable; urgency=medium + + [ Martin Pitt ] + * debian/patches/add-x86-32bit-socket-calls.patch: add the newly + connected direct socket calls. (Closes: #809556) + * debian/add-membarrier.patch: add membarrier syscall. + * Backport patches for ppc/ppc64 and s390x. (Closes: #800818) + + -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 + +libseccomp (2.2.3-2) unstable; urgency=medium + + * debian/control: enable mips64, mips64el, and x32 architectures, + thanks to Helmut Grohne (Closes: 797383). + + -- Kees Cook Tue, 01 Sep 2015 15:37:31 -0700 + +libseccomp (2.2.3-1) unstable; urgency=medium + + * New upstream release (Closes: 793032). + * debian/control: update Homepage (Closes: 793033). + + -- Kees Cook Mon, 03 Aug 2015 15:06:08 -0700 + +libseccomp (2.2.1-2) unstable; urgency=medium + + * debian/{rules,*.install}: move to /lib, thanks to Michael Biebl + (Closes: 788923). + + -- Kees Cook Tue, 16 Jun 2015 12:45:08 -0700 + +libseccomp (2.2.1-1) unstable; urgency=medium + + * New upstream release (Closes: 785428). + - debian/patches dropped: incorporated upstream. + * debian/libseccomp2.symbols: include only documented symbols. + * debian/libseccomp-dev.install: include static library (Closes: 698508). + * debian/control: + - add newly supported arm64, mips, and mipsel. + - bump standards version, no changes needed. + + -- Kees Cook Sat, 16 May 2015 08:15:26 -0700 + +libseccomp (2.1.1-1) unstable; urgency=low + + * New upstream release (Closes: 733293). + * copyright: add a few missed people. + * rules: adjusted for new test target. + * libseccomp2.symbols: drop accidentally exported functions. + * control: + - bump standards, no changes needed. + - add armel target + + -- Kees Cook Sat, 12 Apr 2014 10:44:22 -0700 + +libseccomp (2.1.0+dfsg-1) unstable; urgency=low + + * Rebuild source package without accidental binaries (Closes: 725617). + - debian/watch: mangle upstream version check. + * debian/rules: make tests non-fatal while upstream fixes them + (Closes: 721292). + + -- Kees Cook Sun, 06 Oct 2013 15:05:51 -0700 + +libseccomp (2.1.0-1) unstable; urgency=low + + * New upstream release (Closes: 718398): + - dropped debian/patches/manpage-dashes.patch: taken upstream. + - dropped debian/patches/include-unistd.patch: not needed. + - debian/patches/testsuite-x86-write.patch: taken upstream. + - ABI bump: moved from libseccomp1 to libseccomp2. + * debian/control: + - added Arch: armhf, now supported upstream. + - added seccomp binary package for helper tools. + * Added debian/patches/manpage-typo.patch: spelling fix. + * Added debian/patches/build-ldflags.patch: fix LDFLAGS handling. + + -- Kees Cook Tue, 13 Aug 2013 00:02:01 -0700 + +libseccomp (1.0.1-2) unstable; urgency=low + + * debian/rules: enable testsuite at build time, thanks to + Stéphane Graber (Closes: 698803). + * Added debian/patches/include-unistd.patch: detect location of + asm/unistd.h correctly. + * Added debian/patches/testsuite-x86-write.patch: skip the "write" + syscall correctly on x86. + * debian/control: bump standards to 3.9.4, no changes needed. + + -- Kees Cook Wed, 23 Jan 2013 13:11:53 -0800 + +libseccomp (1.0.1-1) unstable; urgency=low + + * New upstream release. + * debian/control: only build on amd64 and i386 (Closes: 687368). + + -- Kees Cook Fri, 07 Dec 2012 11:38:03 -0800 + +libseccomp (1.0.0-1) unstable; urgency=low + + * New upstream release. + - bump ABI. + - drop build verbosity patch, use upstream V=1 instead. + * libseccomp-dev.manpages: fix build location (Closes: 682152, 682471). + * debian/patches/pkgconfig-macro.patch: use literals for macro. + + -- Kees Cook Fri, 03 Aug 2012 16:59:41 -0700 + +libseccomp (0.1.0-1) unstable; urgency=low + + * New upstream release. + - drop patches taken upstream: + - libexecdir.patch + - pass-flags.patch + + -- Kees Cook Fri, 08 Jun 2012 12:32:22 -0700 + +libseccomp (0.0.0~20120605-1) unstable; urgency=low + + * Initial release (Closes: #676257). + + -- Kees Cook Tue, 05 Jun 2012 11:28:07 -0700 diff --git a/control b/control new file mode 100644 index 0000000..6d2dcae --- /dev/null +++ b/control @@ -0,0 +1,62 @@ +Source: libseccomp +Section: libs +Priority: optional +Maintainer: Kees Cook +Uploaders: Luca Bruno , Felix Geyer +Build-Depends: debhelper-compat (= 12), + linux-libc-dev, + dh-python , + python3-all-dev:any , + libpython3-all-dev , + cython3:native , + valgrind [amd64 arm64 armhf i386 mips mips64 powerpc ppc64 ppc64el s390x] +Rules-Requires-Root: no +Standards-Version: 3.9.7 +Homepage: https://github.com/seccomp/libseccomp +Vcs-Git: https://salsa.debian.org/debian/libseccomp.git +Vcs-Browser: https://salsa.debian.org/debian/libseccomp + +Package: libseccomp-dev +Section: libdevel +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: libseccomp2 (= ${binary:Version}), ${misc:Depends} +Suggests: seccomp +Description: high level interface to Linux seccomp filter (development files) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + . + This package contains the development files. + +Package: libseccomp2 +Architecture: linux-any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: high level interface to Linux seccomp filter + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + +Package: seccomp +Section: utils +Architecture: linux-any +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: libseccomp-dev +Description: helper tools for high level interface to Linux seccomp filter + Provides helper tools for interacting with libseccomp. Currently, only + a single tool exists, providing a way to easily enumerate syscalls across + the supported architectures. + +Package: python3-seccomp +Build-Profiles: +Architecture: linux-any +Multi-Arch: same +Section: python +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} +Description: high level interface to Linux seccomp filter (Python 3 bindings) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. diff --git a/copyright b/copyright new file mode 100644 index 0000000..307817f --- /dev/null +++ b/copyright @@ -0,0 +1,39 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libseccomp +Source: https://sourceforge.net/projects/libseccomp/ + +Files: * +Copyright: 2012 Paul Moore + 2012 Ashley Lai + 2012 Corey Bryant + 2012 Eduardo Otubo + 2012 Eric Paris +License: LGPL-2.1 + +Files: tests/22-sim-basic_chains_array.tests +Copyright: 2013 Vitaly Shukela +License: LGPL-2.1 + +Files: src/hash.* +Copyright: 2006 Bob Jenkins +License: LGPL-2.1 + +Files: debian/* +Copyright: 2012 Kees Cook +License: LGPL-2.1 + +License: LGPL-2.1 + This library is free software; you can redistribute it and/or modify it + under the terms of version 2.1 of the GNU Lesser General Public License as + published by the Free Software Foundation. + . + This library is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + for more details. + . + You should have received a copy of the GNU Lesser General Public License + along with this library; if not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-2.1". diff --git a/docs b/docs new file mode 100644 index 0000000..b43bf86 --- /dev/null +++ b/docs @@ -0,0 +1 @@ +README.md diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..c16083c --- /dev/null +++ b/gbp.conf @@ -0,0 +1,9 @@ +[DEFAULT] +upstream-tag = upstream/%(version)s +debian-tag = debian/%(version)s +pristine-tar = True +upstream-branch = upstream +debian-branch = debian/sid + +[buildpackage] +submodules = True diff --git a/libseccomp-dev.install b/libseccomp-dev.install new file mode 100644 index 0000000..b973af4 --- /dev/null +++ b/libseccomp-dev.install @@ -0,0 +1,4 @@ +usr/include/* +usr/lib/*/lib*.so +usr/lib/*/lib*.a +usr/lib/*/pkgconfig/* diff --git a/libseccomp-dev.manpages b/libseccomp-dev.manpages new file mode 100644 index 0000000..7c72677 --- /dev/null +++ b/libseccomp-dev.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man3/* diff --git a/libseccomp2.install b/libseccomp2.install new file mode 100644 index 0000000..3ddde58 --- /dev/null +++ b/libseccomp2.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff --git a/libseccomp2.symbols b/libseccomp2.symbols new file mode 100644 index 0000000..b710bf8 --- /dev/null +++ b/libseccomp2.symbols @@ -0,0 +1,28 @@ +libseccomp.so.2 libseccomp2 #MINVER# +* Build-Depends-Package: libseccomp-dev + seccomp_api_get@Base 2.4.1 + seccomp_api_set@Base 2.4.1 + seccomp_attr_get@Base 0.0.0~20120605 + seccomp_attr_set@Base 0.0.0~20120605 + seccomp_export_bpf@Base 0.0.0~20120605 + seccomp_export_pfc@Base 0.0.0~20120605 + seccomp_init@Base 0.0.0~20120605 + seccomp_load@Base 0.0.0~20120605 + seccomp_release@Base 0.0.0~20120605 + seccomp_reset@Base 0.0.0~20120605 + seccomp_rule_add@Base 0.0.0~20120605 + seccomp_rule_add_exact@Base 0.0.0~20120605 + seccomp_syscall_priority@Base 0.0.0~20120605 + seccomp_syscall_resolve_name@Base 1.0.1 + seccomp_merge@Base 1.0.1 + seccomp_arch_add@Base 1.0.1 + seccomp_arch_exist@Base 1.0.1 + seccomp_arch_remove@Base 1.0.1 + seccomp_arch_native@Base 2.1.0 + seccomp_rule_add_array@Base 2.1.0 + seccomp_rule_add_exact_array@Base 2.1.0 + seccomp_syscall_resolve_name_arch@Base 2.1.0 + seccomp_syscall_resolve_num_arch@Base 2.1.0 + seccomp_arch_resolve_name@Base 2.2.1 + seccomp_syscall_resolve_name_rewrite@Base 2.2.1 + seccomp_version@Base 2.3.0 diff --git a/not-installed b/not-installed new file mode 100644 index 0000000..4f60595 --- /dev/null +++ b/not-installed @@ -0,0 +1,3 @@ +usr/lib/python*/*-packages/install_files.txt +usr/lib/python*/*-packages/seccomp-*.egg-info +usr/lib/*/libseccomp.la diff --git a/patches/cython3.patch b/patches/cython3.patch new file mode 100644 index 0000000..4b749d0 --- /dev/null +++ b/patches/cython3.patch @@ -0,0 +1,45 @@ +https://github.com/seccomp/libseccomp/pull/188 + +From 8d09eb9314ad00aa0584345ae66d4419b38da8e0 Mon Sep 17 00:00:00 2001 +From: Paul Moore +Date: Wed, 13 Nov 2019 20:54:25 -0500 +Subject: [PATCH] build: try to use explicitly marked Python 3.x tools first + +Python 2.x is going EOL very soon, so let's require Python 3.x now +and attempt to use the explicitly marked Python 3.x tools first. + +Signed-off-by: Paul Moore +--- + configure.ac | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 2ae6b2d..7d80b40 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -91,11 +91,11 @@ AC_SUBST([VERSION_MICRO]) + dnl #### + dnl cython checks + dnl #### +-AC_CHECK_PROG(have_cython, cython, "yes", "no") +-AS_IF([test "$have_cython" = yes], [ +- AS_ECHO("checking cython version... $(cython -V 2>&1 | cut -d' ' -f 3)") +- CYTHON_VER_MAJ=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); +- CYTHON_VER_MIN=$(cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); ++AC_CHECK_PROGS(cython, cython3 cython, "no") ++AS_IF([test "$cython" != no], [ ++ AS_ECHO("checking cython version... $($cython -V 2>&1 | cut -d' ' -f 3)") ++ CYTHON_VER_MAJ=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 1); ++ CYTHON_VER_MIN=$($cython -V 2>&1 | cut -d' ' -f 3 | cut -d'.' -f 2); + ],[ + CYTHON_VER_MAJ=0 + CYTHON_VER_MIN=0 +@@ -112,7 +112,7 @@ AS_IF([test "$enable_python" = yes], [ + AS_IF([test "$CYTHON_VER_MAJ" -eq 0 -a "$CYTHON_VER_MIN" -lt 29], [ + AC_MSG_ERROR([python bindings require cython 0.29 or higher]) + ]) +- AM_PATH_PYTHON ++ AM_PATH_PYTHON([3]) + ]) + AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) + AC_DEFINE_UNQUOTED([ENABLE_PYTHON], diff --git a/patches/riscv64_support.patch b/patches/riscv64_support.patch new file mode 100644 index 0000000..f6f2d8d --- /dev/null +++ b/patches/riscv64_support.patch @@ -0,0 +1,999 @@ +From 5432e15521d5ce5a7d3f26bf78674cbaa9d73d1f Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Tue, 7 Jan 2020 14:51:19 +0100 +Subject: [PATCH] arch: Add RISC-V 64-bit support + +Signed-off-by: Andreas Schwab +[PM: minor macro shuffling in seccomp.h.in] +Signed-off-by: Paul Moore +--- + include/seccomp-syscalls.h | 5 + + include/seccomp.h.in | 12 + + src/Makefile.am | 1 + + src/arch-riscv64-syscalls.c | 553 ++++++++++++++++++++++++++++++ + src/arch-riscv64.c | 31 ++ + src/arch-riscv64.h | 30 ++ + src/arch.c | 7 + + src/gen_pfc.c | 2 + + src/python/libseccomp.pxd | 1 + + src/python/seccomp.pyx | 2 + + src/system.c | 1 + + tests/15-basic-resolver.c | 1 + + tests/16-sim-arch_basic.c | 6 + + tests/16-sim-arch_basic.py | 1 + + tests/23-sim-arch_all_le_basic.c | 3 + + tests/23-sim-arch_all_le_basic.py | 1 + + tests/regression | 6 +- + tools/scmp_arch_detect.c | 3 + + tools/scmp_bpf_disasm.c | 2 + + tools/scmp_bpf_sim.c | 2 + + tools/util.c | 2 + + tools/util.h | 7 + + 22 files changed, 677 insertions(+), 2 deletions(-) + create mode 100644 src/arch-riscv64-syscalls.c + create mode 100644 src/arch-riscv64.c + create mode 100644 src/arch-riscv64.h + +diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h +index 3c958df..d7eb383 100644 +--- a/include/seccomp-syscalls.h ++++ b/include/seccomp-syscalls.h +@@ -273,6 +273,7 @@ + #define __PNR_timerfd_settime64 -10239 + #define __PNR_utimensat_time64 -10240 + #define __PNR_ppoll -10241 ++#define __PNR_renameat -10242 + + /* + * libseccomp syscall definitions +@@ -1494,7 +1495,11 @@ + #define __SNR_rename __PNR_rename + #endif + ++#ifdef __NR_renameat + #define __SNR_renameat __NR_renameat ++#else ++#define __SNR_renameat __PNR_renameat ++#endif + + #define __SNR_renameat2 __NR_renameat2 + +diff --git a/include/seccomp.h.in b/include/seccomp.h.in +index 42f3a79..208b366 100644 +--- a/include/seccomp.h.in ++++ b/include/seccomp.h.in +@@ -196,6 +196,18 @@ struct scmp_arg_cmp { + #define SCMP_ARCH_PARISC AUDIT_ARCH_PARISC + #define SCMP_ARCH_PARISC64 AUDIT_ARCH_PARISC64 + ++/** ++ * The RISC-V architecture tokens ++ */ ++/* RISC-V support for audit was merged in 5.0-rc1 */ ++#ifndef AUDIT_ARCH_RISCV64 ++#ifndef EM_RISCV ++#define EM_RISCV 243 ++#endif /* EM_RISCV */ ++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif /* AUDIT_ARCH_RISCV64 */ ++#define SCMP_ARCH_RISCV64 AUDIT_ARCH_RISCV64 ++ + /** + * Convert a syscall name into the associated syscall number + * @param x the syscall name +diff --git a/src/Makefile.am b/src/Makefile.am +index 2e7e38d..47e2f33 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -42,6 +42,7 @@ SOURCES_ALL = \ + arch-parisc.h arch-parisc.c arch-parisc64.c arch-parisc-syscalls.c \ + arch-ppc.h arch-ppc.c arch-ppc-syscalls.c \ + arch-ppc64.h arch-ppc64.c arch-ppc64-syscalls.c \ ++ arch-riscv64.h arch-riscv64.c arch-riscv64-syscalls.c \ + arch-s390.h arch-s390.c arch-s390-syscalls.c \ + arch-s390x.h arch-s390x.c arch-s390x-syscalls.c + +diff --git a/src/arch-riscv64-syscalls.c b/src/arch-riscv64-syscalls.c +new file mode 100644 +index 0000000..ceebece +--- /dev/null ++++ b/src/arch-riscv64-syscalls.c +@@ -0,0 +1,553 @@ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++ ++#include ++ ++#include "arch.h" ++#include "arch-riscv64.h" ++ ++/* NOTE: based on Linux 5.4 */ ++const struct arch_syscall_def riscv64_syscall_table[] = { \ ++ { "_llseek", __PNR__llseek }, ++ { "_newselect", __PNR__newselect }, ++ { "_sysctl", __PNR__sysctl }, ++ { "accept", 202 }, ++ { "accept4", 242 }, ++ { "access", __PNR_access }, ++ { "acct", 89 }, ++ { "add_key", 217 }, ++ { "adjtimex", 171 }, ++ { "afs_syscall", __PNR_afs_syscall }, ++ { "alarm", __PNR_alarm }, ++ { "arm_fadvise64_64", __PNR_arm_fadvise64_64 }, ++ { "arm_sync_file_range", __PNR_arm_sync_file_range }, ++ { "arch_prctl", __PNR_arch_prctl }, ++ { "bdflush", __PNR_bdflush }, ++ { "bind", 200 }, ++ { "bpf", 280 }, ++ { "break", __PNR_break }, ++ { "breakpoint", __PNR_breakpoint }, ++ { "brk", 214 }, ++ { "cachectl", __PNR_cachectl }, ++ { "cacheflush", __PNR_cacheflush }, ++ { "capget", 90 }, ++ { "capset", 91 }, ++ { "chdir", 49 }, ++ { "chmod", __PNR_chmod }, ++ { "chown", __PNR_chown }, ++ { "chown32", __PNR_chown32 }, ++ { "chroot", 51 }, ++ { "clock_adjtime", 266 }, ++ { "clock_adjtime64", __PNR_clock_adjtime64 }, ++ { "clock_getres", 114 }, ++ { "clock_getres_time64", __PNR_clock_getres_time64 }, ++ { "clock_gettime", 113 }, ++ { "clock_gettime64", __PNR_clock_gettime64 }, ++ { "clock_nanosleep", 115 }, ++ { "clock_nanosleep_time64", __PNR_clock_nanosleep_time64 }, ++ { "clock_settime", 112 }, ++ { "clock_settime64", __PNR_clock_settime64 }, ++ { "clone", 220 }, ++ { "clone3", 435 }, ++ { "close", 57 }, ++ { "connect", 203 }, ++ { "copy_file_range", 285 }, ++ { "creat", __PNR_creat }, ++ { "create_module", __PNR_create_module }, ++ { "delete_module", 106 }, ++ { "dup", 23 }, ++ { "dup2", __PNR_dup2 }, ++ { "dup3", 24 }, ++ { "epoll_create", __PNR_epoll_create }, ++ { "epoll_create1", 20 }, ++ { "epoll_ctl", 21 }, ++ { "epoll_ctl_old", __PNR_epoll_ctl_old }, ++ { "epoll_pwait", 22 }, ++ { "epoll_wait", __PNR_epoll_wait }, ++ { "epoll_wait_old", __PNR_epoll_wait_old }, ++ { "eventfd", __PNR_eventfd }, ++ { "eventfd2", 19 }, ++ { "execve", 221 }, ++ { "execveat", 281 }, ++ { "exit", 93 }, ++ { "exit_group", 94 }, ++ { "faccessat", 48 }, ++ { "fadvise64", 223 }, ++ { "fadvise64_64", __PNR_fadvise64_64 }, ++ { "fallocate", 47 }, ++ { "fanotify_init", 262 }, ++ { "fanotify_mark", 263 }, ++ { "fchdir", 50 }, ++ { "fchmod", 52 }, ++ { "fchmodat", 53 }, ++ { "fchown", 55 }, ++ { "fchown32", __PNR_fchown32 }, ++ { "fchownat", 54 }, ++ { "fcntl", 25 }, ++ { "fcntl64", __PNR_fcntl64 }, ++ { "fdatasync", 83 }, ++ { "fgetxattr", 10 }, ++ { "finit_module", 273 }, ++ { "flistxattr", 13 }, ++ { "flock", 32 }, ++ { "fork", __PNR_fork }, ++ { "fremovexattr", 16 }, ++ { "fsconfig", 431 }, ++ { "fsetxattr", 7 }, ++ { "fsmount", 432 }, ++ { "fsopen", 430 }, ++ { "fspick", 433 }, ++ { "fstat", 80 }, ++ { "fstat64", __PNR_fstat64 }, ++ { "fstatat64", __PNR_fstatat64 }, ++ { "fstatfs", 44 }, ++ { "fstatfs64", __PNR_fstatfs64 }, ++ { "fsync", 82 }, ++ { "ftime", __PNR_ftime }, ++ { "ftruncate", 46 }, ++ { "ftruncate64", __PNR_ftruncate64 }, ++ { "futex", 98 }, ++ { "futex_time64", __PNR_futex_time64 }, ++ { "futimesat", __PNR_futimesat }, ++ { "get_kernel_syms", __PNR_get_kernel_syms }, ++ { "get_mempolicy", 236 }, ++ { "get_robust_list", 100 }, ++ { "get_thread_area", __PNR_get_thread_area }, ++ { "get_tls", __PNR_get_tls }, ++ { "getcpu", 168 }, ++ { "getcwd", 17 }, ++ { "getdents", __PNR_getdents }, ++ { "getdents64", 61 }, ++ { "getegid", 177 }, ++ { "getegid32", __PNR_getegid32 }, ++ { "geteuid", 175 }, ++ { "geteuid32", __PNR_geteuid32 }, ++ { "getgid", 176 }, ++ { "getgid32", __PNR_getgid32 }, ++ { "getgroups", 158 }, ++ { "getgroups32", __PNR_getgroups32 }, ++ { "getitimer", 102 }, ++ { "getpeername", 205 }, ++ { "getpgid", 155 }, ++ { "getpgrp", __PNR_getpgrp }, ++ { "getpid", 172 }, ++ { "getpmsg", __PNR_getpmsg }, ++ { "getppid", 173 }, ++ { "getpriority", 141 }, ++ { "getrandom", 278 }, ++ { "getresgid", 150 }, ++ { "getresgid32", __PNR_getresgid32 }, ++ { "getresuid", 148 }, ++ { "getresuid32", __PNR_getresuid32 }, ++ { "getrlimit", 163 }, ++ { "getrusage", 165 }, ++ { "getsid", 156 }, ++ { "getsockname", 204 }, ++ { "getsockopt", 209 }, ++ { "gettid", 178 }, ++ { "gettimeofday", 169 }, ++ { "getuid", 174 }, ++ { "getuid32", __PNR_getuid32 }, ++ { "getxattr", 8 }, ++ { "gtty", __PNR_gtty }, ++ { "idle", __PNR_idle }, ++ { "init_module", 105 }, ++ { "inotify_add_watch", 27 }, ++ { "inotify_init", __PNR_inotify_init }, ++ { "inotify_init1", 26 }, ++ { "inotify_rm_watch", 28 }, ++ { "io_cancel", 3 }, ++ { "io_destroy", 1 }, ++ { "io_getevents", 4 }, ++ { "io_pgetevents", 292 }, ++ { "io_pgetevents_time64", __PNR_io_pgetevents_time64 }, ++ { "io_setup", 0 }, ++ { "io_submit", 2 }, ++ { "io_uring_enter", 426 }, ++ { "io_uring_register", 427 }, ++ { "io_uring_setup", 425 }, ++ { "ioctl", 29 }, ++ { "ioperm", __PNR_ioperm }, ++ { "iopl", __PNR_iopl }, ++ { "ioprio_get", 31 }, ++ { "ioprio_set", 30 }, ++ { "ipc", __PNR_ipc }, ++ { "kcmp", 272 }, ++ { "kexec_file_load", 294 }, ++ { "kexec_load", 104 }, ++ { "keyctl", 219 }, ++ { "kill", 129 }, ++ { "lchown", __PNR_lchown }, ++ { "lchown32", __PNR_lchown32 }, ++ { "lgetxattr", 9 }, ++ { "link", __PNR_link }, ++ { "linkat", 37 }, ++ { "listen", 201 }, ++ { "listxattr", 11 }, ++ { "llistxattr", 12 }, ++ { "lock", __PNR_lock }, ++ { "lookup_dcookie", 18 }, ++ { "lremovexattr", 15 }, ++ { "lseek", 62 }, ++ { "lsetxattr", 6 }, ++ { "lstat", __PNR_lstat }, ++ { "lstat64", __PNR_lstat64 }, ++ { "madvise", 233 }, ++ { "mbind", 235 }, ++ { "membarrier", 283 }, ++ { "memfd_create", 279 }, ++ { "migrate_pages", 238 }, ++ { "mincore", 232 }, ++ { "mkdir", __PNR_mkdir }, ++ { "mkdirat", 34 }, ++ { "mknod", __PNR_mknod }, ++ { "mknodat", 33 }, ++ { "mlock", 228 }, ++ { "mlock2", 284 }, ++ { "mlockall", 230 }, ++ { "mmap", 222 }, ++ { "mmap2", __PNR_mmap2 }, ++ { "modify_ldt", __PNR_modify_ldt }, ++ { "mount", 40 }, ++ { "move_mount", 429 }, ++ { "move_pages", 239 }, ++ { "mprotect", 226 }, ++ { "mpx", __PNR_mpx }, ++ { "mq_getsetattr", 185 }, ++ { "mq_notify", 184 }, ++ { "mq_open", 180 }, ++ { "mq_timedreceive", 183 }, ++ { "mq_timedreceive_time64", __PNR_mq_timedreceive_time64 }, ++ { "mq_timedsend", 182 }, ++ { "mq_timedsend_time64", __PNR_mq_timedsend_time64 }, ++ { "mq_unlink", 181 }, ++ { "mremap", 216 }, ++ { "msgctl", 187 }, ++ { "msgget", 186 }, ++ { "msgrcv", 188 }, ++ { "msgsnd", 189 }, ++ { "msync", 227 }, ++ { "multiplexer", __PNR_multiplexer }, ++ { "munlock", 229 }, ++ { "munlockall", 231 }, ++ { "munmap", 215 }, ++ { "name_to_handle_at", 264 }, ++ { "nanosleep", 101 }, ++ { "newfstatat", 79 }, ++ { "nfsservctl", 42 }, ++ { "nice", __PNR_nice }, ++ { "oldfstat", __PNR_oldfstat }, ++ { "oldlstat", __PNR_oldlstat }, ++ { "oldolduname", __PNR_oldolduname }, ++ { "oldstat", __PNR_oldstat }, ++ { "olduname", __PNR_olduname }, ++ { "oldwait4", __PNR_oldwait4 }, ++ { "open", __PNR_open }, ++ { "open_by_handle_at", 265 }, ++ { "open_tree", 428 }, ++ { "openat", 56 }, ++ { "pause", __PNR_pause }, ++ { "pciconfig_iobase", __PNR_pciconfig_iobase }, ++ { "pciconfig_read", __PNR_pciconfig_read }, ++ { "pciconfig_write", __PNR_pciconfig_write }, ++ { "perf_event_open", 241 }, ++ { "personality", 92 }, ++ { "pidfd_open", 434 }, ++ { "pidfd_send_signal", 424 }, ++ { "pipe", __PNR_pipe }, ++ { "pipe2", 59 }, ++ { "pivot_root", 41 }, ++ { "pkey_alloc", 289 }, ++ { "pkey_free", 290 }, ++ { "pkey_mprotect", 288 }, ++ { "poll", __PNR_poll }, ++ { "ppoll", 73 }, ++ { "ppoll_time64", __PNR_ppoll_time64 }, ++ { "prctl", 167 }, ++ { "pread64", 67 }, ++ { "preadv", 69 }, ++ { "preadv2", 286 }, ++ { "prlimit64", 261 }, ++ { "process_vm_readv", 270 }, ++ { "process_vm_writev", 271 }, ++ { "prof", __PNR_prof }, ++ { "profil", __PNR_profil }, ++ { "pselect6", 72 }, ++ { "pselect6_time64", __PNR_pselect6_time64 }, ++ { "ptrace", 117 }, ++ { "putpmsg", __PNR_putpmsg }, ++ { "pwrite64", 68 }, ++ { "pwritev", 70 }, ++ { "pwritev2", 287 }, ++ { "query_module", __PNR_query_module }, ++ { "quotactl", 60 }, ++ { "read", 63 }, ++ { "readahead", 213 }, ++ { "readdir", __PNR_readdir }, ++ { "readlink", __PNR_readlink }, ++ { "readlinkat", 78 }, ++ { "readv", 65 }, ++ { "reboot", 142 }, ++ { "recv", __PNR_recv }, ++ { "recvfrom", 207 }, ++ { "recvmmsg", 243 }, ++ { "recvmmsg_time64", __PNR_recvmmsg_time64 }, ++ { "recvmsg", 212 }, ++ { "remap_file_pages", 234 }, ++ { "removexattr", 14 }, ++ { "rename", __PNR_rename }, ++ { "renameat", __PNR_renameat }, ++ { "renameat2", 276 }, ++ { "request_key", 218 }, ++ { "restart_syscall", 128 }, ++ { "rmdir", __PNR_rmdir }, ++ { "riscv_flush_icache", 244 }, ++ { "rseq", 293 }, ++ { "rt_sigaction", 134 }, ++ { "rt_sigpending", 136 }, ++ { "rt_sigprocmask", 135 }, ++ { "rt_sigqueueinfo", 138 }, ++ { "rt_sigreturn", 139 }, ++ { "rt_sigsuspend", 133 }, ++ { "rt_sigtimedwait", 137 }, ++ { "rt_sigtimedwait_time64", __PNR_rt_sigtimedwait_time64 }, ++ { "rt_tgsigqueueinfo", 240 }, ++ { "rtas", __PNR_rtas }, ++ { "s390_guarded_storage", __PNR_s390_guarded_storage }, ++ { "s390_pci_mmio_read", __PNR_s390_pci_mmio_read }, ++ { "s390_pci_mmio_write", __PNR_s390_pci_mmio_write }, ++ { "s390_runtime_instr", __PNR_s390_runtime_instr }, ++ { "s390_sthyi", __PNR_s390_sthyi }, ++ { "sched_get_priority_max", 125 }, ++ { "sched_get_priority_min", 126 }, ++ { "sched_getaffinity", 123 }, ++ { "sched_getattr", 275 }, ++ { "sched_getparam", 121 }, ++ { "sched_getscheduler", 120 }, ++ { "sched_rr_get_interval", 127 }, ++ { "sched_rr_get_interval_time64", __PNR_sched_rr_get_interval_time64 }, ++ { "sched_setaffinity", 122 }, ++ { "sched_setattr", 274 }, ++ { "sched_setparam", 118 }, ++ { "sched_setscheduler", 119 }, ++ { "sched_yield", 124 }, ++ { "seccomp", 277 }, ++ { "security", __PNR_security }, ++ { "select", __PNR_select }, ++ { "semctl", 191 }, ++ { "semget", 190 }, ++ { "semop", 193 }, ++ { "semtimedop", 192 }, ++ { "semtimedop_time64", __PNR_semtimedop_time64 }, ++ { "send", __PNR_send }, ++ { "sendfile", 71 }, ++ { "sendfile64", __PNR_sendfile64 }, ++ { "sendmmsg", 269 }, ++ { "sendmsg", 211 }, ++ { "sendto", 206 }, ++ { "set_mempolicy", 237 }, ++ { "set_robust_list", 99 }, ++ { "set_thread_area", __PNR_set_thread_area }, ++ { "set_tid_address", 96 }, ++ { "set_tls", __PNR_set_tls }, ++ { "setdomainname", 162 }, ++ { "setfsgid", 152 }, ++ { "setfsgid32", __PNR_setfsgid32 }, ++ { "setfsuid", 151 }, ++ { "setfsuid32", __PNR_setfsuid32 }, ++ { "setgid", 144 }, ++ { "setgid32", __PNR_setgid32 }, ++ { "setgroups", 159 }, ++ { "setgroups32", __PNR_setgroups32 }, ++ { "sethostname", 161 }, ++ { "setitimer", 103 }, ++ { "setns", 268 }, ++ { "setpgid", 154 }, ++ { "setpriority", 140 }, ++ { "setregid", 143 }, ++ { "setregid32", __PNR_setregid32 }, ++ { "setresgid", 149 }, ++ { "setresgid32", __PNR_setresgid32 }, ++ { "setresuid", 147 }, ++ { "setresuid32", __PNR_setresuid32 }, ++ { "setreuid", 145 }, ++ { "setreuid32", __PNR_setreuid32 }, ++ { "setrlimit", 164 }, ++ { "setsid", 157 }, ++ { "setsockopt", 208 }, ++ { "settimeofday", 170 }, ++ { "setuid", 146 }, ++ { "setuid32", __PNR_setuid32 }, ++ { "setxattr", 5 }, ++ { "sgetmask", __PNR_sgetmask }, ++ { "shmat", 196 }, ++ { "shmctl", 195 }, ++ { "shmdt", 197 }, ++ { "shmget", 194 }, ++ { "shutdown", 210 }, ++ { "sigaction", __PNR_sigaction }, ++ { "sigaltstack", 132 }, ++ { "signal", __PNR_signal }, ++ { "signalfd", __PNR_signalfd }, ++ { "signalfd4", 74 }, ++ { "sigpending", __PNR_sigpending }, ++ { "sigprocmask", __PNR_sigprocmask }, ++ { "sigreturn", __PNR_sigreturn }, ++ { "sigsuspend", __PNR_sigsuspend }, ++ { "socket", 198 }, ++ { "socketcall", __PNR_socketcall }, ++ { "socketpair", 199 }, ++ { "splice", 76 }, ++ { "spu_create", __PNR_spu_create }, ++ { "spu_run", __PNR_spu_run }, ++ { "ssetmask", __PNR_ssetmask }, ++ { "stat", __PNR_stat }, ++ { "stat64", __PNR_stat64 }, ++ { "statfs", 43 }, ++ { "statfs64", __PNR_statfs64 }, ++ { "statx", 291 }, ++ { "stime", __PNR_stime }, ++ { "stty", __PNR_stty }, ++ { "subpage_prot", __PNR_subpage_prot }, ++ { "swapcontext", __PNR_swapcontext }, ++ { "swapoff", 225 }, ++ { "swapon", 224 }, ++ { "switch_endian", __PNR_switch_endian }, ++ { "symlink", __PNR_symlink }, ++ { "symlinkat", 36 }, ++ { "sync", 81 }, ++ { "sync_file_range", 84 }, ++ { "sync_file_range2", __PNR_sync_file_range2 }, ++ { "syncfs", 267 }, ++ { "syscall", __PNR_syscall }, ++ { "sys_debug_setcontext", __PNR_sys_debug_setcontext }, ++ { "sysfs", __PNR_sysfs }, ++ { "sysinfo", 179 }, ++ { "syslog", 116 }, ++ { "sysmips", __PNR_sysmips }, ++ { "tee", 77 }, ++ { "tgkill", 131 }, ++ { "time", __PNR_time }, ++ { "timer_create", 107 }, ++ { "timer_delete", 111 }, ++ { "timer_getoverrun", 109 }, ++ { "timer_gettime", 108 }, ++ { "timer_gettime64", __PNR_timer_gettime64 }, ++ { "timer_settime", 110 }, ++ { "timer_settime64", __PNR_timer_settime64 }, ++ { "timerfd", __PNR_timerfd }, ++ { "timerfd_create", 85 }, ++ { "timerfd_gettime", 87 }, ++ { "timerfd_gettime64", __PNR_timerfd_gettime64 }, ++ { "timerfd_settime", 86 }, ++ { "timerfd_settime64", __PNR_timerfd_settime64 }, ++ { "times", 153 }, ++ { "tkill", 130 }, ++ { "truncate", 45 }, ++ { "truncate64", __PNR_truncate64 }, ++ { "tuxcall", __PNR_tuxcall }, ++ { "ugetrlimit", __PNR_ugetrlimit }, ++ { "ulimit", __PNR_ulimit }, ++ { "umask", 166 }, ++ { "umount", __PNR_umount }, ++ { "umount2", 39 }, ++ { "uname", 160 }, ++ { "unlink", __PNR_unlink }, ++ { "unlinkat", 35 }, ++ { "unshare", 97 }, ++ { "uselib", __PNR_uselib }, ++ { "userfaultfd", 282 }, ++ { "usr26", __PNR_usr26 }, ++ { "usr32", __PNR_usr32 }, ++ { "ustat", __PNR_ustat }, ++ { "utime", __PNR_utime }, ++ { "utimensat", 88 }, ++ { "utimensat_time64", __PNR_utimensat_time64 }, ++ { "utimes", __PNR_utimes }, ++ { "vfork", __PNR_vfork }, ++ { "vhangup", 58 }, ++ { "vm86", __PNR_vm86 }, ++ { "vm86old", __PNR_vm86old }, ++ { "vmsplice", 75 }, ++ { "vserver", __PNR_vserver }, ++ { "wait4", 260 }, ++ { "waitid", 95 }, ++ { "waitpid", __PNR_waitpid }, ++ { "write", 64 }, ++ { "writev", 66 }, ++ { NULL, __NR_SCMP_ERROR }, ++}; ++ ++/** ++ * Resolve a syscall name to a number ++ * @param name the syscall name ++ * ++ * Resolve the given syscall name to the syscall number using the syscall table. ++ * Returns the syscall number on success, including negative pseudo syscall ++ * numbers; returns __NR_SCMP_ERROR on failure. ++ * ++ */ ++int riscv64_syscall_resolve_name(const char *name) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = riscv64_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].name != NULL; iter++) { ++ if (strcmp(name, table[iter].name) == 0) ++ return table[iter].num; ++ } ++ ++ return __NR_SCMP_ERROR; ++} ++ ++/** ++ * Resolve a syscall number to a name ++ * @param num the syscall number ++ * ++ * Resolve the given syscall number to the syscall name using the syscall table. ++ * Returns a pointer to the syscall name string on success, including pseudo ++ * syscall names; returns NULL on failure. ++ * ++ */ ++const char *riscv64_syscall_resolve_num(int num) ++{ ++ unsigned int iter; ++ const struct arch_syscall_def *table = riscv64_syscall_table; ++ ++ /* XXX - plenty of room for future improvement here */ ++ for (iter = 0; table[iter].num != __NR_SCMP_ERROR; iter++) { ++ if (num == table[iter].num) ++ return table[iter].name; ++ } ++ ++ return NULL; ++} ++ ++ ++/** ++ * Iterate through the syscall table and return the syscall mapping ++ * @param spot the offset into the syscall table ++ * ++ * Return the syscall mapping at position @spot or NULL on failure. This ++ * function should only ever be used internally by libseccomp. ++ * ++ */ ++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot) ++{ ++ /* XXX - no safety checks here */ ++ return &riscv64_syscall_table[spot]; ++} +diff --git a/src/arch-riscv64.c b/src/arch-riscv64.c +new file mode 100644 +index 0000000..67bc926 +--- /dev/null ++++ b/src/arch-riscv64.c +@@ -0,0 +1,31 @@ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#include ++#include ++#include ++ ++#include "arch.h" ++#include "arch-riscv64.h" ++ ++const struct arch_def arch_def_riscv64 = { ++ .token = SCMP_ARCH_RISCV64, ++ .token_bpf = AUDIT_ARCH_RISCV64, ++ .size = ARCH_SIZE_64, ++ .endian = ARCH_ENDIAN_LITTLE, ++ .syscall_resolve_name = riscv64_syscall_resolve_name, ++ .syscall_resolve_num = riscv64_syscall_resolve_num, ++ .syscall_rewrite = NULL, ++ .rule_add = NULL, ++}; +diff --git a/src/arch-riscv64.h b/src/arch-riscv64.h +new file mode 100644 +index 0000000..16fca6b +--- /dev/null ++++ b/src/arch-riscv64.h +@@ -0,0 +1,30 @@ ++/* ++ * This library is free software; you can redistribute it and/or modify it ++ * under the terms of version 2.1 of the GNU Lesser General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This library is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License ++ * for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, see . ++ */ ++ ++#ifndef _ARCH_RISCV64_H ++#define _ARCH_RISCV64_H ++ ++#include ++ ++#include "arch.h" ++#include "system.h" ++ ++extern const struct arch_def arch_def_riscv64; ++ ++int riscv64_syscall_resolve_name(const char *name); ++const char *riscv64_syscall_resolve_num(int num); ++ ++const struct arch_syscall_def *riscv64_syscall_iterate(unsigned int spot); ++ ++#endif +diff --git a/src/arch.c b/src/arch.c +index bfa664f..83c2c9b 100644 +--- a/src/arch.c ++++ b/src/arch.c +@@ -41,6 +41,7 @@ + #include "arch-parisc.h" + #include "arch-ppc.h" + #include "arch-ppc64.h" ++#include "arch-riscv64.h" + #include "arch-s390.h" + #include "arch-s390x.h" + #include "db.h" +@@ -94,6 +95,8 @@ const struct arch_def *arch_def_native = &arch_def_ppc; + const struct arch_def *arch_def_native = &arch_def_s390x; + #elif __s390__ + const struct arch_def *arch_def_native = &arch_def_s390; ++#elif __riscv && __riscv_xlen == 64 ++const struct arch_def *arch_def_native = &arch_def_riscv64; + #else + #error the arch code needs to know about your machine type + #endif /* machine type guess */ +@@ -156,6 +159,8 @@ const struct arch_def *arch_def_lookup(uint32_t token) + return &arch_def_s390; + case SCMP_ARCH_S390X: + return &arch_def_s390x; ++ case SCMP_ARCH_RISCV64: ++ return &arch_def_riscv64; + } + + return NULL; +@@ -206,6 +211,8 @@ const struct arch_def *arch_def_lookup_name(const char *arch_name) + return &arch_def_s390; + else if (strcmp(arch_name, "s390x") == 0) + return &arch_def_s390x; ++ else if (strcmp(arch_name, "riscv64") == 0) ++ return &arch_def_riscv64; + + return NULL; + } +diff --git a/src/gen_pfc.c b/src/gen_pfc.c +index 75d8507..8186f0d 100644 +--- a/src/gen_pfc.c ++++ b/src/gen_pfc.c +@@ -87,6 +87,8 @@ static const char *_pfc_arch(const struct arch_def *arch) + return "s390x"; + case SCMP_ARCH_S390: + return "s390"; ++ case SCMP_ARCH_RISCV64: ++ return "riscv64"; + default: + return "UNKNOWN"; + } +diff --git a/src/python/libseccomp.pxd b/src/python/libseccomp.pxd +index 8ae84d9..f1194b6 100644 +--- a/src/python/libseccomp.pxd ++++ b/src/python/libseccomp.pxd +@@ -51,6 +51,7 @@ cdef extern from "seccomp.h": + SCMP_ARCH_PPC64LE + SCMP_ARCH_S390 + SCMP_ARCH_S390X ++ SCMP_ARCH_RISCV64 + + cdef enum scmp_filter_attr: + SCMP_FLTATR_ACT_DEFAULT +diff --git a/src/python/seccomp.pyx b/src/python/seccomp.pyx +index 44e4925..113fbf4 100644 +--- a/src/python/seccomp.pyx ++++ b/src/python/seccomp.pyx +@@ -214,6 +214,7 @@ cdef class Arch: + PARISC64 - 64-bit PA-RISC + PPC64 - 64-bit PowerPC + PPC - 32-bit PowerPC ++ RISCV64 - 64-bit RISC-V + """ + + cdef int _token +@@ -237,6 +238,7 @@ cdef class Arch: + PPC64LE = libseccomp.SCMP_ARCH_PPC64LE + S390 = libseccomp.SCMP_ARCH_S390 + S390X = libseccomp.SCMP_ARCH_S390X ++ RISCV64 = libseccomp.SCMP_ARCH_RISCV64 + + def __cinit__(self, arch=libseccomp.SCMP_ARCH_NATIVE): + """ Initialize the architecture object. +diff --git a/src/system.c b/src/system.c +index 8e5aafc..bcd7e3c 100644 +--- a/src/system.c ++++ b/src/system.c +@@ -80,6 +80,7 @@ int sys_chk_seccomp_syscall(void) + case SCMP_ARCH_PPC64LE: + case SCMP_ARCH_S390: + case SCMP_ARCH_S390X: ++ case SCMP_ARCH_RISCV64: + break; + default: + goto unsupported; +diff --git a/tests/15-basic-resolver.c b/tests/15-basic-resolver.c +index 0c1eefe..2679270 100644 +--- a/tests/15-basic-resolver.c ++++ b/tests/15-basic-resolver.c +@@ -45,6 +45,7 @@ unsigned int arch_list[] = { + SCMP_ARCH_S390X, + SCMP_ARCH_PARISC, + SCMP_ARCH_PARISC64, ++ SCMP_ARCH_RISCV64, + -1 + }; + +diff --git a/tests/16-sim-arch_basic.c b/tests/16-sim-arch_basic.c +index 5413e18..0b141e1 100644 +--- a/tests/16-sim-arch_basic.c ++++ b/tests/16-sim-arch_basic.c +@@ -90,6 +90,9 @@ int main(int argc, char *argv[]) + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, SCMP_ARCH_PPC64LE); ++ if (rc != 0) ++ goto out; ++ rc = seccomp_arch_add(ctx, SCMP_ARCH_RISCV64); + if (rc != 0) + goto out; + +@@ -156,6 +159,9 @@ int main(int argc, char *argv[]) + rc = seccomp_arch_remove(ctx, SCMP_ARCH_PPC64LE); + if (rc != 0) + goto out; ++ rc = seccomp_arch_remove(ctx, SCMP_ARCH_RISCV64); ++ if (rc != 0) ++ goto out; + + out: + seccomp_release(ctx); +diff --git a/tests/16-sim-arch_basic.py b/tests/16-sim-arch_basic.py +index 7d7a05f..846553f 100755 +--- a/tests/16-sim-arch_basic.py ++++ b/tests/16-sim-arch_basic.py +@@ -44,6 +44,7 @@ def test(args): + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) + f.add_arch(Arch("ppc64le")) ++ f.add_arch(Arch("riscv64")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +diff --git a/tests/23-sim-arch_all_le_basic.c b/tests/23-sim-arch_all_le_basic.c +index 5672980..32739e5 100644 +--- a/tests/23-sim-arch_all_le_basic.c ++++ b/tests/23-sim-arch_all_le_basic.c +@@ -69,6 +69,9 @@ int main(int argc, char *argv[]) + if (rc != 0) + goto out; + rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("ppc64le")); ++ if (rc != 0) ++ goto out; ++ rc = seccomp_arch_add(ctx, seccomp_arch_resolve_name("riscv64")); + if (rc != 0) + goto out; + +diff --git a/tests/23-sim-arch_all_le_basic.py b/tests/23-sim-arch_all_le_basic.py +index 5927f37..33eedb1 100755 +--- a/tests/23-sim-arch_all_le_basic.py ++++ b/tests/23-sim-arch_all_le_basic.py +@@ -40,6 +40,7 @@ def test(args): + f.add_arch(Arch("mipsel64")) + f.add_arch(Arch("mipsel64n32")) + f.add_arch(Arch("ppc64le")) ++ f.add_arch(Arch("riscv64")) + f.add_rule(ALLOW, "read", Arg(0, EQ, sys.stdin.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stdout.fileno())) + f.add_rule(ALLOW, "write", Arg(0, EQ, sys.stderr.fileno())) +diff --git a/tests/regression b/tests/regression +index 56822fb..ef98c3d 100755 +--- a/tests/regression ++++ b/tests/regression +@@ -25,7 +25,8 @@ GLBL_ARCH_LE_SUPPORT=" \ + x86 x86_64 x32 \ + arm aarch64 \ + mipsel mipsel64 mipsel64n32 \ +- ppc64le" ++ ppc64le \ ++ riscv64" + GLBL_ARCH_BE_SUPPORT=" \ + mips mips64 mips64n32 \ + parisc parisc64 \ +@@ -46,6 +47,7 @@ GLBL_ARCH_64B_SUPPORT=" \ + mips64 \ + parisc64 \ + ppc64 \ ++ riscv64 \ + s390x" + + GLBL_SYS_ARCH="../tools/scmp_arch_detect" +@@ -777,7 +779,7 @@ function run_test_live() { + + # setup the arch specific return values + case "$arch" in +- x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x) ++ x86|x86_64|x32|arm|aarch64|parisc|parisc64|ppc|ppc64|ppc64le|ppc|s390|s390x|riscv64) + rc_kill_process=159 + rc_kill=159 + rc_allow=160 +diff --git a/tools/scmp_arch_detect.c b/tools/scmp_arch_detect.c +index ad43f2d..b844a68 100644 +--- a/tools/scmp_arch_detect.c ++++ b/tools/scmp_arch_detect.c +@@ -120,6 +120,9 @@ int main(int argc, char *argv[]) + case SCMP_ARCH_S390X: + printf("s390x\n"); + break; ++ case SCMP_ARCH_RISCV64: ++ printf("riscv64\n"); ++ break; + default: + printf("unknown\n"); + } +diff --git a/tools/scmp_bpf_disasm.c b/tools/scmp_bpf_disasm.c +index 27fba9a..5c914b4 100644 +--- a/tools/scmp_bpf_disasm.c ++++ b/tools/scmp_bpf_disasm.c +@@ -508,6 +508,8 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_S390; + else if (strcmp(optarg, "s390x") == 0) + arch = AUDIT_ARCH_S390X; ++ else if (strcmp(optarg, "riscv64") == 0) ++ arch = AUDIT_ARCH_RISCV64; + else + exit_usage(argv[0]); + break; +diff --git a/tools/scmp_bpf_sim.c b/tools/scmp_bpf_sim.c +index 4d30822..a381314 100644 +--- a/tools/scmp_bpf_sim.c ++++ b/tools/scmp_bpf_sim.c +@@ -285,6 +285,8 @@ int main(int argc, char *argv[]) + arch = AUDIT_ARCH_S390; + else if (strcmp(optarg, "s390x") == 0) + arch = AUDIT_ARCH_S390X; ++ else if (strcmp(optarg, "riscv64") == 0) ++ arch = AUDIT_ARCH_RISCV64; + else + exit_fault(EINVAL); + break; +diff --git a/tools/util.c b/tools/util.c +index 7122335..741b2a2 100644 +--- a/tools/util.c ++++ b/tools/util.c +@@ -78,6 +78,8 @@ + #define ARCH_NATIVE AUDIT_ARCH_S390X + #elif __s390__ + #define ARCH_NATIVE AUDIT_ARCH_S390 ++#elif __riscv && __riscv_xlen == 64 ++#define ARCH_NATIVE AUDIT_ARCH_RISCV64 + #else + #error the simulator code needs to know about your machine type + #endif +diff --git a/tools/util.h b/tools/util.h +index 08c4839..6c2ca33 100644 +--- a/tools/util.h ++++ b/tools/util.h +@@ -72,6 +72,13 @@ + #define AUDIT_ARCH_PPC64LE (EM_PPC64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) + #endif + ++#ifndef AUDIT_ARCH_RISCV64 ++#ifndef EM_RISCV ++#define EM_RISCV 243 ++#endif /* EM_RISCV */ ++#define AUDIT_ARCH_RISCV64 (EM_RISCV|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) ++#endif /* AUDIT_ARCH_RISCV64 */ ++ + extern uint32_t arch; + + uint16_t ttoh16(uint32_t arch, uint16_t val); diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..6975c72 --- /dev/null +++ b/patches/series @@ -0,0 +1,2 @@ +cython3.patch +riscv64_support.patch diff --git a/python-seccomp.install b/python-seccomp.install new file mode 100644 index 0000000..a71458d --- /dev/null +++ b/python-seccomp.install @@ -0,0 +1 @@ +usr/lib/python2.*/dist-packages/seccomp.so diff --git a/python3-seccomp.install b/python3-seccomp.install new file mode 100644 index 0000000..97a45dc --- /dev/null +++ b/python3-seccomp.install @@ -0,0 +1 @@ +usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff --git a/rules b/rules new file mode 100755 index 0000000..54d5951 --- /dev/null +++ b/rules @@ -0,0 +1,37 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Enable verbose build details. +export V=1 + +include /usr/share/dpkg/architecture.mk + +%: +ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) + dh $@ --with python3 +else + dh $@ +endif + +ifeq ($(filter nopython,$(DEB_BUILD_PROFILES)),) + +override_dh_auto_install: + dh_auto_install + for pyver in `py3versions -s`; do \ + set -e; \ + if python3 -c "pyver='$$pyver'; exit(0 if float(pyver[6:]) >= 3.8 else 1)"; then \ + export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata__${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ + else \ + export _PYTHON_SYSCONFIGDATA_NAME='_sysconfigdata_m_${DEB_HOST_ARCH_OS}_${DEB_HOST_MULTIARCH}'; \ + fi; \ + dh_auto_configure -- --enable-python PYTHON=$$pyver; \ + dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ + done +endif + +override_dh_auto_clean: + dh_auto_clean + rm -f regression.out diff --git a/seccomp.install b/seccomp.install new file mode 100644 index 0000000..1df36c6 --- /dev/null +++ b/seccomp.install @@ -0,0 +1 @@ +usr/bin/* diff --git a/seccomp.manpages b/seccomp.manpages new file mode 100644 index 0000000..5ea05fe --- /dev/null +++ b/seccomp.manpages @@ -0,0 +1 @@ +debian/tmp/usr/share/man/man1/* diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/tests/common b/tests/common new file mode 100644 index 0000000..e02e8db --- /dev/null +++ b/tests/common @@ -0,0 +1,12 @@ +SRCDIR="$(pwd)" + +mkdir "$AUTOPKGTEST_TMP/tests" "$AUTOPKGTEST_TMP/tools" +cp -a tests/. "$AUTOPKGTEST_TMP/tests/" + +cd "$AUTOPKGTEST_TMP/tests" + +# build tools needed for tests +for tool in scmp_api_level scmp_arch_detect scmp_sys_resolver; do + echo "Building $tool ..." + gcc -O2 -g "$SRCDIR/tools/$tool.c" "$SRCDIR/tools/util.c" -lseccomp -o ../tools/$tool +done diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..3d2c4ba --- /dev/null +++ b/tests/control @@ -0,0 +1,7 @@ +Tests: testsuite-live +Depends: libseccomp-dev, build-essential +Restrictions: isolation-machine + +Tests: testsuite-live-python3 +Depends: libseccomp-dev, build-essential, python3-seccomp +Restrictions: isolation-machine, allow-stderr diff --git a/tests/testsuite-live b/tests/testsuite-live new file mode 100644 index 0000000..bbf20d0 --- /dev/null +++ b/tests/testsuite-live @@ -0,0 +1,17 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +# manually build necessary files against the installed libseccomp + +# build live tests +for filename in *-live-*.tests; do + testname=$(echo "$filename" | cut -f 1 -d '.') + echo "Building $testname ..." + gcc -O2 -g "${testname}.c" util.c -pthread -lseccomp -o "$testname" +done + +echo "Running test suite ..." +./regression -T live diff --git a/tests/testsuite-live-python2 b/tests/testsuite-live-python2 new file mode 100644 index 0000000..9c9ded4 --- /dev/null +++ b/tests/testsuite-live-python2 @@ -0,0 +1,8 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +echo "Running test suite ..." +./regression -T live -m python diff --git a/tests/testsuite-live-python3 b/tests/testsuite-live-python3 new file mode 100644 index 0000000..f4fb094 --- /dev/null +++ b/tests/testsuite-live-python3 @@ -0,0 +1,13 @@ +#!/bin/sh + +set -eu + +. debian/tests/common + +# make sure "python" points to python3 as this is not configurable +# in the regression script +mkdir python3env +ln -s /usr/bin/python3 python3env/python + +echo "Running test suite ..." +PATH="$(pwd)/python3env:$PATH" ./regression -T live -m python diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..0fef70b --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,4 @@ +Bug-Database: https://github.com/seccomp/libseccomp/issues +Bug-Submit: https://github.com/seccomp/libseccomp/issues/new +Repository: https://github.com/seccomp/libseccomp.git +Repository-Browse: https://github.com/seccomp/libseccomp diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..5ddf435 --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,192 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6TSxkBEACy+4BPGoI7vphGh/q5WET0lmU7LcDwuNs/satPRH/vPoSYLxYU +FmZ64A2zA4/imlohR+9VMfEVgOX6f23vZWheC2Z12bCtK0/cGLfoGMddFi7mg6aV +hJeAegYkC6hDAYI+Mc/mt0fYvDB+bSPUCUdnB/NegbWegJMJur2pc0/nQqeeoRdp +sazOyBEs4ipP1p05DZA/MifGNRASMHJg2bYG2FyC48Vx/xl0B+oactTwPODJlkQS +n6+yYTcvYh7wIbbainEi0jBnyRj6bi6jODPTjArW2YRzEmPEkqbBsfA/HYEpH4DR +IyZIJzqkP/+P+F+BVBjPVz4r6CWvCjnTMTlROfaUqIvfmpdKKtBDVN0Cjn6GVYae +t9yoJM5bcJK+KEp5aNmW3U7vDMG2XEttw4vdfIFc9ZEWnu2kyiltQw9cUk3ucsIH +79M4o24oVu2+J/z4QNGbRHdbxbO6c9R+IxAfiF/FAz5OhQfRHrDayfQV457cE/Ga +ZhE1AeT7EdnXFF3G1RhTTE2lomQ1TfBSK6CyIyabU7I0R2Gh0aITpAE0fP4heZNZ +zA8vPggdtRzgKgu4tC2is2Dg3NQnPc+k4mnU07LwmJuxCluN7pNhhlhtJkNWnA+a +C2sV8zIicH7SAwmGoeMkp1kluxcdp/jGKsdRIfIDnVax4/t6VPL2+lKQzwARAQAB +tB5QYXVsIE1vb3JlIDxwY21vb3JlQHVtaWNoLmVkdT6JAjgEEwECACIFAk6TS4MC +GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFXkWlroynyKs5MP/it8TqV6 +IVXZh9X6ioJbchNcofT+L74+BjHXpzmdlf0awutCrKdZTWz5zC4A7Xrnam5LNg9j +aZr44oUOhnwIKwm1xxm2KBIGky7nKMinUfsSlYlfJybSJjWA3hv3dKI4Fpd7xsy1 +5CDcmfAD5NfQeW7KD5I0U89zKsdFyGCZV03xWbrvGPitncPB+Sifjp29lWmGwOwY +5tNcg7Mvby5vi6Zit686Q4wjYzmgoCDKKgk6QSo/VAqXJn8PRttuZArDfckraL+h +LXsxx1W0zaKVi9qeyR3n/++fDxPcc5rQIsd9TZj7nojj/5qGjoLCPwFDZaR97u8M +v795+ITrMCLRPYAd8DE94e3sjZK8R+hCtD0Xp9KgaNWofnA4cIHQyWaKI5is4NaT +9Y638We5RkTaYrFC0dxSgiekmnB0pogDU69smFNa26r0CX85cQf4YKYURc1xnbmS +Cyh+gvIHXVSGglmGXgKJ436qUBFCq2/BlecLZm/Lk0vQyPdCr08ZzPc7AUfc1hAe ++PiZ7RDkhJzQaUN3ufjvcyeMGHoUejaO3G9ODE/yVZ6Yi8HQPN7IGmyeh73xaqcv +5PpSrfpK+yjR13WGdi6PRL1IBfverc1fXtxXBywFhV4o/Jatj6XrS7hsU5EJ43An +I9Cqa+8FBjLIrqzfAKHng3qYKA3R346+L0pPtB5QYXVsIE1vb3JlIDxwbW9vcmVA +cmVkaGF0LmNvbT6JAjgEEwECACIFAk6TS60CGwMGCwkIBwMCBhUIAgkKCwQWAgMB +Ah4BAheAAAoJEFXkWlroynyKK8AP+QFOxGd3sSxMgEgTjT2fUUwqjD0oRZUrC3RZ +pld+fqmMIoGP0XRQYIpSZubX/ryn0DK9zd7D1o8nOz32lz8QfeEwshh+KAI93V0J +iIFprZUtCJxXKIO2GuHVgwqyzQs+DbXoov6BiTmbNHDGy1xT+mx4Z0xboHX2ZzKc +mLj42w7Qv5clL8X+4D3EiePCWeaw5e/p2xlPEVXfaYlu3nsUUrRwdx1RZSZ/qJE6 +CZLL348vp7mf9nR7bGBx8NiHrzbE3nh7ofZ8ai/dUTkkK+cFsxr5Gkt1nHegdv2t +Q3pk/KoR6YYvGYIDeuyZB0zMs2VW6zLIrD7qPc9sFLIwAsgBW3pWyznZ9mZrpbqp +JPzkhDYQH5XnTkL5g0tq4z3eDtOCODB2rNRrj/JvZcv3WmT1IK2d3x3E06Bfb4oy +qMgTzD2z/IHgyL9Wt+yyogB0Y0zyGj3lV3fISIINT2mn+UtutYIqDEeGbSEtQrXx +yIvQEViPO52mO+QdOtc5ZMfQ9ddsQKbawK/pqbzVMRPXX1z5hYKyx/Tv0roBrAzj +DSBI2vP0NmfzzSUKZ3POOZLOxE0425AYeNE623SCntrOWNYdgwf9EfnAcMgsY2Kl +a18e24ZHdAGFmJWBYx+XllheI6diU7dOZAlvuuuslVJfvD8ixzm7SR98elmUk57k +wf9FO9yxtCBQYXVsIE1vb3JlIDxwYXVsQHBhdWwtbW9vcmUuY29tPokCOgQTAQIA +JQIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAk6TS8ACGQEACgkQVeRaWujK +fIrtrg/2Kr2XYWu6jYDX2PSWeLQ/5P/VgGzjZI+AKaj5JyEID/5J31yvSKICjK3F +Wl+lHRo/LQzQx8f6gQ9FEBeDTndpa1t23XQGmBgEDAev6FHX3jmheFTkJJ+dEYpc +gX7R+jTjmrRYjAFu1Jo2fIblBTvECwlKLxDvSzAvp5giHYj8TDWcYPlZcDqfq9Aq +5p7UjkRYvAAUlkwSxPE28zcWPwgQuikcyVw/ObPpNWon+0TfruzindsyKnMss7mE +pxUMhRHAWM8KACBUmScP2TC95xKzm+KtlT6E/pdPXItPXiFg5sg8Vf5Rco8j16+b +DzviiAC21Mp69wtnV8Mdsl1jiL65wotclG+SMcgUmyqD3rgBW3jSedDFFu6CHQyG +FuthVj25eNUSXjhVOMCWQSxOgv4uN1jgk89paHJuBqHwKfk55ezQJFB1UlkJqH7L +NJ2uVd0Go5PTE2mBbkBQ4bvSyfhlOUYbcjNUlZOZSHsaQPVXDUXCW90LjH4azg8j +ek7YinygvZBpxQurRj7honmoqqyBfvOweA8wDdjIYURFrA4kwYwN8d+xdIDv5Pu5 +8U/ruus+y59MebQDhMr1BaM26QhgPZ6Ur/vHvTkW6bFo+Q0Rg9/abO67O00OZX/+ +oakt1BZ3Tb30L6nGu7ZosTXos+s9Leter/wcOk49JNd5q4WnZbkCDQROk0sZARAA +7lIE/HyQ5pTSabH0OJKa78mNJckQ+2NsEwUpEj459Ca5s3DvJCT7ZBOUQaL5ctkl +KgjByI+3BSIT90swim6vdMYxSrS7IpQ17zb3pdV5H5LFQSCvS1Dd466amWFWCyb6 +ZWl3g7kmf5xEEIob9PLMlCe37gsIXp9M0hbRIOVISeqCiWp5HkcMXwMEd5XHxGN6 +CCgG86vzxEOnLKoMdXQIxkenA4ggk5cCBoYd0FMURH53EznhuceS3euNSzu71+H3 +SJjIdjIjYQDhpHF6gXoI+u8NSWsZ9dEn/s+9e/uP2cYvAPmR01a73QyVIZS23eo9 +rmMqlPJNjJbybQ81uaHxQqA5ljC7WWqYl7tia+QSKYMEyMkHvTqnPPhJvghsQoJO +aeN6j/qIQWIl5fQEENLRzkcGO6SLEDOKzEgABZSwP9Wff47jyzD4JVb71qApI60m +3TGB829vBavFIkHNzhvr91m+6AfeUvZlWlFmC3v4BsqH/3SzwwQU28cxy53a/EDO +wm2MDJL4wkVLO2Yh2CZ/4x07VZtjmGmG6wyVOq+9GQ3cnTPEgynfZYsdPaml/RJm +kbCAmDbHbyV4NhT1RCg803thZZX8HzJcM2nywutGlzi0xxv63tP48tfTAV6ajqyQ +5jeRGKCq/zpME9Ghr/oH414NlGcomYU0UQ5Fjpdk8eMAEQEAAYkCHwQYAQIACQUC +TpNLGQIbDAAKCRBV5Fpa6Mp8iqQaD/9L2zMdzYznSOnApTz1SHhpgbi8RKaKy88j +WTz0AxZGrYF6cKv8BH2fFgA7phlONcWhUvWpEEpP208EY52c811lohRocNhSlXgW +XHYCiG2vydsQe9HEdBB6bUOO0z8g2DPcoBtUGWe1gDZddRW2VbqN2ts8Wxebog2Y +Y3tvJ0ocMo150t5c0koldlStav/zM2eipz+zTjfsN4Xy04q/WQ63FIbub5o5jcUJ +j1o177I1VtA8eEumsfnMMRgQBfz0t2bEIc/ZmrsuR+j/H4WlBAuIarNjWtIylH/e +VJhxFtXGnCI5mO1gN90QG6IpwszcwEPJf3gU7dO8r+HXeTBifLYB/JnzGWixPaek +DgCrNOZXz+48KEJEoVXUxsnqa8PRIUO5OtVRq3mk2uwcIHqPEBLb0yB6GRQjb9jQ +qBdRPun2FavjxWRuTZBGS1RItLW8bmAJz1d/ySWizRqnoz8U0s9SyGGHx5OsyJJu +FO6FFr31m7WZG5LPfQJUNiyR2y9ZrjdPbwXmchywhTLqyTb5N6j5RfAdn74H379t +ilUhH5c7ieVLt/RLTtWXEnkZzsO7LvP/3X0jHt3eZD2WzvVg4llZFvnuie8C0/yC +Twhc2xMJOLd2WpH6ZKHNbRqv1a2xg8K2KGdhlZrRo/AYbX/FjZ/k9klZwEjFsefd +0Ff4mojoNokCNgQoAQgAIBYhBHEAqt+ubm6UDS4K1lXkWlroynyKBQJbxKnWAh0B +AAoJEFXkWlroynyKGT4P/jXnXhB+VEkr+NL86MssDU+S9Gz+kCYEOSxFPFvhxpmk +x+Q9Y2SXugaThp9h9IIUH6lhtAZeYimzGC67ObZh+Ev0SIfN24xvZ2nPzLLj1pay +/2f/OQ0g7LalC7SpaF/7nIrxrYSP3Lyv3QAw/ZCeP8+U0CCV0Nw2Jrxck61ySXOR +W9diyGKTszNwzWQOPUBOLlMw2BxjudQW0Djy8mYoqyByUYEWtbcGgJ3MSPzE0RgW +PLgVujdzDunGDeJd9SBeI220ILxAHiB96JZYxmkVoz4trB7PwyA3plg19CXjwZ5J +ediKZov02JG0aGNpL2678YwJAGDCLMNhBi9gDqx3Xf6rvzqK/CvR3xQs6/bAjiAC +FHSUjv1oQ+p75yyt0clVrJOaB3kh6DICr+dZYuBvPGbls0yMTvEvCRxrj0rmpd9w +tI2ZTvN6ak9+5c9ZI7N+tQKYRPonfrVigVR+VgoWS0UMh5IQedkcfMO1vX2S5i/m +mmtDPT8aTyearL/ZpRoba8UvuTi/jksGTkR9QwKxBQeBWIy4xpKtddtp29RJFAFm +m3uvsHTGfRIm0oAGnbSgAooQSqZiv9bQvjzP0maWc7A9uNIspKj4CaEjDttqMzPG +u5GyplMDGnmEuldXbUhyCLlRXzVqmxuE46q0G2vl+qwiwwoYDauNoyvLvHK0AOZb +uQINBFvEpn0BEACpnI2D7qSeKGEihHtIvbZAhN6x3zkkELaLB2+MmhWZAdTmzfFm +JU28DXNLuCqxyy7GxATaBdPR5gPyq4LkA/xqTqC5nK9zTZqxtqwh9xTFCchUhmdC +voSkFy3R1cZlifLVartuIBHQXd9XfYkJMop4whsbPcbzDJ9JYUqHpuqysNAAhHge +vKIzZ93B7nW5JIBHf1/iVMSnC7+l3gSLMg0n+0UalGiQSpgzUSnyfgnoJjBbbyQT +JMrOhGSJHviezcCT3OOctnn0j5I0DuU1IRJ5h+MZ4NpgV2YyHCTXdHE9x1DGE9Wu +ExubFjiAvJtgcYkwcfqyqpbcK2IICWOUv+XJbrApm0PdaclyXbrJZRZ08QBOW9cZ +8tnrkvb4PtktigiHzTy9LenoWP7lSXVeroju3+g+igkaa9ZbgVkHOkDRrrjtJhNl +3yPEaK0RplLpJ6J/ysGvjuG9b/pWAsXptsfSN4TCCKIAqOg4/RINiyM5YzzIIqLc +vwBzm8awFpoMsexhBBUJLdBC3F2s53AZJUkH+NYJ/lZgnDA9/EVYPAOGCXt5u/Ot +ZyCyJzyYD6fZtLshQiRRdDMkeCZ+W88+HmgxA3Ck6vfSPIPyVUGYQYqREzZqfBVV +FuANufrr+dBYYxE0R61zYMJdXL8fsNshHR5mlcHg4EODdnhOeRSeIuS+uQARAQAB +iQI2BBgBCAAgFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAlvEpn0CGwwACgkQVeRa +WujKfIquIRAArTQcsGL/5Tw+L4g0OxUeH1/E7TQ54UrpT9f4PjPj0SPZevqzsV/b +uRemr6bqpNx5aMvLhoeoAodq4a0GmC+BX9ucfGKELavgReQWpyAlFFop8/MCbonq +q+07PdO+6ZJiff0VIMGFAdWOabzQ9VMkYQ4ibF+etTjgWNpJ0UiFhUNric+eT00t +HMzEq2WdgbnS/bwANsEF7kIA3klF7lkYG5MFN5gTbWssHeavfUn3coR9AJVqmx+m +bJdUiMxiMrzRORepUO1zs8XJzLMkOb5h2CElk1um0LfGI9T/RZ3nyP5uv3xU5aG/ +Rp2owv4EsvjhpATt+votq3iZk2hkwymYmMbKpZ690sNT7tTYS5E6dX085NRmEQpy +/U+gX/V5rsWULPmQ2UJEoIizyRrhxq/O73ZinapkDZVO+DeePBrdXDwDOKlhDQ2V +dMp/uLbOg8Hxs2N+Brnn5Ts6FADeP951F9VxTaRWrppOt9eRQgxasYE9hEzFS61e +WY3qHfWT59Pnx+KPmuR69SobBrG5Y7qYvlQxHQUsiVhRlPDDlOuZk0nbK7QR4/aX +7AwNxp2byo7cduCOecs+uSsAcWgA+KMif8yGzHxywHm34dTn7JY0Moqd03n09UY4 +3LISNC1atd/q0BTijMpzroU+4i3omeL3SSHJRBJJSMxSxU5SXV/DBMa5Ag0EW8Sm +sQEQAOQoaAL4LSK1yQzbIJg4hojiJ+iOIMhz2BG9zVNp2CJ4veyfjgH0eUbSr8kX +D1OBkdw9hJuyQXIu4hARvkh41H1N9BTDRMXt5VzeiZUQBS0mJlTQ6EJrX6z+Y497 +0OwPXHYTZG7EcBtTrrY9s+Bm0JnBQr5lZ4TdoGWg8sQxGZIY79zUYYjle6naBZQ0 +QFUTgfyKbx4n8gzXqIZbpj/SrbGctFve36HD+YVwmkcjIJuxKBKMcVfTRQ1AG1PV +qoIyV/gTcmPbVMKcC8L9S0ixkWrqmVhkNJEblzkTEhN0WF5XjzasbxCkUGcJ24Cd +oM5515LpCKaqOTSyuov2aDJfGrNoXi0LTo93M+xaBq6Li/kVUb9S7KY1CSD7buuw +9CAriAVJZBYCuvByp49tBwYWSVhn2GURh7mex91NsJ2H7OveLygYEHSvT+S2ARA1 +lvpLDEG8LvIuKo8QrwmCkE5AO4WU6c62gnrajWwTDU0R38vXObD0dquguhvVyLWi +OEVWacUUXfTN6hCLoqUlOAijKgSmHVhjIs2nngKdR/PLOQiVjKpMxxDoyStMJkfg +khL8v9D/VBU398QwBOBHXFDovKZLhNz32KU3Ma2pE+RGZYBEQeCAWBK51MNdcpsd +Q0p26O33H6Np+GWRHSwrtvO00HK0Wd4eOmO5LY2AiSUdK0NXABEBAAGJBGwEGAEI +ACAWIQRxAKrfrm5ulA0uCtZV5Fpa6Mp8igUCW8SmsQIbAgJACRBV5Fpa6Mp8isF0 +IAQZAQgAHRYhBEtCqM8H8pnVVJd+7+og8tqXN4lzBQJbxKaxAAoJEOog8tqXN4lz +0fkQAILG/ON167EqJq2VNMCD/e4Su5M5/RzcosEk+0xxmHyjOTn/36TG9uneNSr+ +IaNdSeH926LaVpcauSFdCKbegKjznUTtmMfdJQX+iTdfO7JTSdZACFHQUSva4Rs6 +33VMTnyhJdRerxrGvNAL0aAyDdTG5rc/CSQjj683AJGK9T7iZubgkBKWoYY8jtJi +nsSuePp+gFetIhCQyG2nSq4yrIgXbd6l/kJdsqq6xEz42mbGJf2uPQ/BEbD/gzWj +m8sRUAJ91u0lHqz3KjQ4MzdsU+Mm/ngZdyXWzwlfC24QbHAr9cnWwZvtLdvo2G7z +igMX7PyMwfEq5l7i3gFS0Mny3LtvGqH1AS/YJczDeyonDtR2gAptYlyBHOBftdj7 +hVoZS0QNNss2B0kwHqSWOLtfgMHWiBXFq8buntwWGW2rUXs77gvKYG9TB1a0NYp1 +Hv2FOOUCWY9pzs/WBOkW0s5EOiatxoDfAFIoKH7FlqDf7Cnr3IpaKS6tXDH+7B35 +QBptYgMIY43v+GhqIEELkaYow3VnnTcbQFi0VfBxh/GgyhydhFyaUs5djklCZ091 +nRRYeDSyUhB1nlr7FnuLK91/rm6YI+IWmw2j3Z6urlnD6TNYPFfeZzXDoJgtlRsc +HFQL2/HCIiCcObVFd8HbCvHmNpMdRxId8qogOr/y5Lu2FYvzRzEP/A8NNqwqj7zX +Wk5w6lj4tVk796B4gPNZ0NUIXYeUobEtuuPjrh4SQSVOluvADCV5/8quP4fdw/iN +tmaoTqYqmhpHArFgP9gjHQ7vL3+eHCQIqV0hdhsLm0t8ol5ArP3BgNtfS3RcQf3k +Q9aQdIYscz5iTvCpcncVrMXDxz3wO7YKylzNHDUF7bo1FMc9HPedcKbzG/BRFnpw +YNn8w24xlr9+o1YEzwgc48N7djcAsYl7KCIKq82vWrbeePNHLA4yo0rdqS1RP7jI +lOlMWfxF+IGODkwCfiuMWVo35h5uMPueA0xyEfGobX1OtK6pkeFq1b1mNYCVr++4 +eWaJj64cv3ijx/sA+Ni51pD1dHrwURuX5FIixRJm0awwoJgxbsXLy54PGVgatNoa +1Wx4lnt/6HA32MtM7Im0NMLGAt298GD/AIr3bAnbovevNTjaxwpO8KlMNLhANqYt +GjFlhucGfQjVOxOU0c3QL1wBJ5s0bNltz5C8LqCRpqjJc43v3CfQ/IZzqZ+g51wJ +WWgN9wAj62doD4x6JlVg17AZm6WRoGQjslyDUuBE3ZtZd2XXpc7P/rbmfZQCcr1W +1h8moBknbU2eOji/cULgGM3Y8W5V3RwNgD7IFHDKr1I19PyBEMr+Qk+KVHpsw09S +xOtqJHdjtKxzOrgL0rG+n0VYx6dl2Lt4mQINBF3C4AkBEADQxp4jfxmbJ3t/ZuKc +sV4JxG8mhuGXBkzMB0k2uGULCpY4yh7dsN4PBU7PuHgUMkxJnJlbg0xVR2nux20I +NzroYn8xzRe+jSmKTW0fTvNH+Nxyr4k+KgqmVZCcfyvwXuL7IOfG5luc/oSXJV62 +u+LHP891dVcJlVN0Ef9i5Sz9iRkkMUknwoTrOK9q1nZNOA+XoLMhCIdyWIPx6jFm +PxfZpgEJw6YIeyOSRIPYtH4twuDj50bzQuTTfQ3ph9FdcXVLYwP3BayvfFasGhyJ +6caqVW9GpMDa/OPvteNmt2WbqaRgcX9CWWOKonhFqkaWAXj0lYFkM65DTzSUKpNt +oh2MRVA7qyGZ2zlHocNWSplQ8VJlly6ch9O95UEXlSIJFxAi/7NBNuG/CekHQxxQ +ZhdslUe7LIsujlKS8Fy0bpYsTDPb/g+rUuIHWCOhEC+B0qOYVEf+wcc9jTQjZf6N +P3zIV4dO+Mc9GVT+d3Kz0y11g1ON0b82qy2ONvRys1NmqXC2vCnXzKCQ6UTHRYt+ +EdV0nlo59G+lolCnT8t1sW7ezuByA4zWMI6hLyk0NLb8xwPK9BT732RGhzba7a7E +aArTBsPA3rWvObC1kQWSaw+ule5rmnTL5Q4Jw3qDhgM9b2Bg3hLYP5/UU0INq7kr +H413Kin0C29T1aNmLfMTfmS5EwARAQABtCZUb20gSHJvbWF0a2EgPHRvbS5ocm9t +YXRrYUBvcmFjbGUuY29tPokCTgQTAQgAOBYhBEemj843x9cCT9ZeETVs5iwrUkCZ +BQJdwuAJAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEDVs5iwrUkCZNL0P +/3KFyrWXW5ouPuAzWeMMUZrQmyz31T70iVSS8PtPWb8S2QxQdzgpdVPrvxT+wfq5 +zJbdz3X5uPvdOXUeyv0bAQRqYQVX/tkz10zu6+m+Bgx0H6I5Xk9F7EDvag1EDDs/ +BDSLh9VbsTllSaNpLhFjSRj0dVmE1DgaUDX5F66npYMgSIspsAjEI1MZ1PDYQfho +yxEMiz0ld14yv6HE7hBPekcQW2mAWzlpZmgw9NVIcqShy3znJNGGpQUbLEtGbrv/ +wRMNWjGWPJyfE5dLDvkfQjrdsTRWv5+Sd5/z3fwp0G8dUq1iWeegu6mFe0KRLB5z +3lcc+QJSlWetyyoYWOhq1Jzn0QHjakZp2Nb4rtp9/b9TdhvD5cOjpsECmL5qMri1 +mn/j4F63AG4yLQaYrwwjWzDcz+jQ8wNuyl7cXQFD6UYbywC1tC9DE0VppV2nOirt +TOPz8+etXMx6sg40STJ4dbYn/gJLhiycSaUAqGkSHpC24FbcvkVwKz5MBUYuLEgN +H3RyNKVgnb5JWZofE7ehOVCc+VAmzMyobjE+71FRXlPdmqD/im4vYDsqzb15wX79 +VsXqI0bij+xVYaR7GoQbTfVQ0a6f6slWex6PmKOnZTjfLL7sEu1JhAteqlI9I0Nl +NJBF/y32T6lQpO+3CJGhY+2rSiCpnI31NMusAkcufnxquQINBF3C4AkBEAC9ReOz +Yf6nryTLn8lGg6M0kpMX3P7v8GlOV1hZ8hTDlUETpo+xxR3FvNjWEDNyuawCpvNz +8Pu3OKqxKDIivyVdJNEc335glsMY7BmAevLvAtyfjb0rOzOXqLfhdsn108Nr6Ai+ +lkMs8xlK2hxGI3qpDHzImOYmhWD4J181gxlj5Gaj8fOyV8JZvfY6AZcei2tzlmHp +j9SSh7K59trUZtaUDljUeVAEP4KfU1sLEYy3BUzS+eb4Qw1tleui+89E/J4zPrgw +wuLg5OU+ScTigfbEF/05MMUAySiKieKhp8IFsT41+FXOlotBl0wz6Jbo4HxNtY5P +trpv6BOrBlYfhfhZeANk4+y5OnLqRjjgTvf1p9CHmsgs6sx/lkNyXpzoxKR89Rzx +HxnrgUATSa80JK9o/0tPZkN33HKJlkSndPQEM4uLrTsIxvNsBSOPIKC09siMbbBe +I0t811P1pMh8zvTnRl2FSQjiumLoVhr+xxZ2wWiPxztVQkMLuuWXkzcxQUfuw5nE +QCH+WdqYKNmV6rw2kU6j10q0kvvspWPMTbsI/vBY3KyiP1F8dToXiwulNT1U05NG +J20YbzEHnYEKatBq9ZILLx63c8eLZ6VppkAE0ZlmgsOvn+zIcv81P4x9mDLvuqTO +zRj/RuDAY6qJHuICpsV3F5A03z9ne/Z9u0mwSwARAQABiQI2BBgBCAAgFiEER6aP +zjfH1wJP1l4RNWzmLCtSQJkFAl3C4AkCGwwACgkQNWzmLCtSQJkiQA/8Cm07bQf2 +FIKTdwRECJO7pvpuc3zE1XsSuLyu40qpsWX24Ll97S7cpOK7rN2jSZ6UDoXpNgXV +iOzma5yiC+GO6UUWxr8xE/CDXeuawxHUt0Xrn+UQnWsirsrZifjVPkXou71QM+ka +Q9qXy4liOpRaJjf8B7iz3ilgMUACnMcwOVn+jbswLQpNetsKk+vrLwQlILPkWcKG +xIu1Iro3E7WoIPojHHtT7Co7mSRzaNI00VU7jMwZwXFQL/IbeGsKlaAyxh1BzRLn +LdPN8hxiYtEq2IG66Uq3EmigtwOvh06d/Qi/gBH6CWxdahRk7HwATyrNvbjfduzN +nhF+lPA39iKrI5+IGasK6Lp9HklUJD0Q9JK7yac/cUj5LptY/PBFC7eJKHJLyohm +vlXYgRSeAXEm7uGpU5k/jUZDM4Z1o5JboiNVQoqDWs6iDYJb82cRjKKlvC2d2lFK +xtBOR3xJZUUsIpoQrstxn1LA5DcBosPvd9ISyIZs38UyJNTz07GUedEpeE3YhLke +sc6n2iL9D2Yjz/S4ANukxl9YZDW+EFS8LtTchvK11OHWubvWxWFV7txLFmkBYQwk +2krCi2MVguRZGj8bodqjty1H8ZMfA5NYwAKeyQmsmTHqNmR1Ws/cdQCV7+3q9Rur +lUtY1AVxx4LtnS16GX+OVCybWzbK1uqLrfo= +=9JXr +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 0000000..b4ba68c --- /dev/null +++ b/watch @@ -0,0 +1,6 @@ +# See uscan(1) for format +version=4 +opts="dversionmangle=s/\+dfsg//,pgpsigurlmangle=s/$/.asc/" \ +https://github.com/seccomp/libseccomp/releases \ + /download/v.*/libseccomp-(.*)\.tar\.gz \ + debian uupdate -- 2.30.2