From 28591f1543caa8066479353ffa7f1ca3a042449248943323f1ca9ae903741cd6 Mon Sep 17 00:00:00 2001
From: Enzo Matsumiya <ematsumiya@suse.com>
Date: Mon, 20 Mar 2023 19:59:00 +0000
Subject: [PATCH] Accepting request 1073295 from home:gbelinassi

- Enable livepatching on main library on x86_64.

We are enabling livepatching support on this library because SAP Hana link against it.

OBS-URL: https://build.opensuse.org/request/show/1073295
OBS-URL: https://build.opensuse.org/package/show/security/audit?expand=0&rev=146
---
 audit.changes |  5 +++++
 audit.spec    | 36 ++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/audit.changes b/audit.changes
index 13454bd..20ad631 100644
--- a/audit.changes
+++ b/audit.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Mar 20 14:53:26 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Enable livepatching on main library on x86_64.
+
 -------------------------------------------------------------------
 Mon Feb 20 14:12:55 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
 
diff --git a/audit.spec b/audit.spec
index 402630a..aa32ebd 100644
--- a/audit.spec
+++ b/audit.spec
@@ -16,6 +16,12 @@
 #
 
 
+%ifarch x86_64
+%bcond_without livepatching
+%else
+%bcond_with livepatching
+%endif
+
 Name:           audit
 Version:        3.1
 Release:        0
@@ -79,6 +85,9 @@ libraries.
 %build
 autoreconf -fi
 export CFLAGS="%{optflags} -fno-strict-aliasing"
+%if %{with livepatching}
+export CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
+%endif
 export CXXFLAGS="$CFLAGS"
 export LDFLAGS="-Wl,-z,relro,-z,now"
 # no krb support (omit --enable-gssapi-krb5=yes), see audit-no-gss.patch
@@ -102,6 +111,33 @@ export LDFLAGS="-Wl,-z,relro,-z,now"
 %make_build -C auparse
 %make_build -C docs
 
+%if %{with livepatching}
+# Workaround bsc#1208721: remove _patchable_function_entry from static libs.
+find . -name "*.a" -exec \
+       objcopy --remove-section "__patchable_function_entries" {} \;
+
+%define tar_basename audit-livepatch-%{version}-%{release}
+%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
+%define clones_dest_dir %{tar_basename}/%{_arch}
+
+# Ipa-clones are files generated by gcc which logs changes made across
+# functions, and we need to know such changes to build livepatches
+# correctly. These files are intended to be used by the livepatch
+# developers and may be retrieved by using `osc getbinaries`.
+#
+# Create ipa-clones destination folder and move clones there.
+mkdir -p ipa-clones/%{clones_dest_dir}
+find . -name "*.ipa-clones" ! -empty \
+       -exec cp -t ipa-clones/%{clones_dest_dir} --parents {} +
+
+# Create tarball with ipa-clones.
+tar -cJf %{tar_package_name} -C ipa-clones \
+    --owner root --group root --sort name %{tar_basename}
+
+# Copy tarball to the OTHER folder to store it as artifact.
+cp %{tar_package_name} %{_topdir}/OTHER
+%endif
+
 %install
 %make_install -C common
 %make_install -C lib