Accepting request 1136511 from home:vulyanov:branches:Virtualization

- Fix seccomp profile for post-copy migration 0004-seccomp-Use-Names-field-to-define-the-syscall.patch - Set ExclusiveArch conditionally depending on the distro - Remove SLE15 SP4 from the distro check (end of general support) OBS-URL: https://build.opensuse.org/request/show/1136511 OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=143
2024-01-03 12:18:09 +00:00 · 2024-01-03 12:18:09 +00:00 · 02f6ab4b61
commit 02f6ab4b61
parent b232061d54
3 changed files with 59 additions and 15 deletions
--- a/0004-seccomp-Use-Names-field-to-define-the-syscall.patch
+++ b/0004-seccomp-Use-Names-field-to-define-the-syscall.patch
@ -0,0 +1,27 @@
+From 0564fc86b7387d2c3b9f16a5f712ed3282c894e5 Mon Sep 17 00:00:00 2001
+From: Vasiliy Ulyanov <vulyanov@suse.de>
+Date: Fri, 15 Dec 2023 13:22:10 +0100
+Subject: [PATCH] seccomp: Use 'Names' field to define the syscall
+
+Apparently, 'Name' has been deprecated in favour of 'Names'. Some
+container runtimes do not handle 'Name' and thus fail to correctly set
+the profile for seccomp.
+
+Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de>
+---
+ pkg/virt-handler/seccomp/seccomp.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pkg/virt-handler/seccomp/seccomp.go b/pkg/virt-handler/seccomp/seccomp.go
+index abc20b24af9e..f2ff71ac0bcc 100644
+--- a/pkg/virt-handler/seccomp/seccomp.go
+++ b/pkg/virt-handler/seccomp/seccomp.go
+@@ -70,7 +70,7 @@ func defaultProfile() *seccomp.Seccomp {
+ 	}
+ 
+ 	profile.Syscalls = append(profile.Syscalls, &seccomp.Syscall{
+-		Name:   "userfaultfd",
+		Names:  []string{"userfaultfd"},
+ 		Action: seccomp.ActAllow,
+ 		Args:   []*seccomp.Arg{},
+ 	})
--- a/kubevirt.changes
+++ b/kubevirt.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jan  3 09:53:18 UTC 2024 - Vasily Ulyanov <vasily.ulyanov@suse.com>
+
+- Fix seccomp profile for post-copy migration
+  0004-seccomp-Use-Names-field-to-define-the-syscall.patch
+- Set ExclusiveArch conditionally depending on the distro
+- Remove SLE15 SP4 from the distro check (end of general support)
+
 -------------------------------------------------------------------
 Tue Nov 14 07:36:17 UTC 2023 - Vasily Ulyanov <vasily.ulyanov@suse.com>

--- a/kubevirt.spec
+++ b/kubevirt.spec
@ -1,7 +1,7 @@
 #
 # spec file for package kubevirt
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,6 +16,19 @@
 #


+%if 0%{?sle_version} && !0%{?is_opensuse}
+# SLE
+%define _exclusive_arch x86_64
+%else
+%if 0%{?suse_version} == 1600
+# ALP
+%define _exclusive_arch x86_64
+%else
+# TW
+%define _exclusive_arch x86_64 aarch64
+%endif
+%endif
+
 Name:           kubevirt
 Version:        1.1.0
 Release:        0
@ -31,6 +44,7 @@ Source100:      %{name}-rpmlintrc
 Patch1:         0001-Update-google.golang.org-grpc-to-1.56.3.patch
 Patch2:         0002-virt-launcher-fix-qemu-non-root-path.patch
 Patch3:         0003-cgroupsv2-reconstruct-device-allowlist.patch
+Patch4:         0004-seccomp-Use-Names-field-to-define-the-syscall.patch
 BuildRequires:  glibc-devel-static
 BuildRequires:  golang-packaging
 BuildRequires:  pkgconfig
@ -38,7 +52,7 @@ BuildRequires:  rsync
 BuildRequires:  sed
 BuildRequires:  golang(API) >= 1.19
 BuildRequires:  pkgconfig(libvirt)
-ExclusiveArch:  x86_64 aarch64
+ExclusiveArch:  %{_exclusive_arch}

 %description
 Kubevirt is a virtual machine management add-on for Kubernetes
@ -165,11 +179,6 @@ the Kubevirt container images.
 #
 distro='%{?sle_version}:%{?is_opensuse}%{!?is_opensuse:0}'
 case "${distro}" in
-150400:0)
-    tagprefix=suse/sles/15.4
-    labelprefix=com.suse.kubevirt
-    registry=registry.suse.com
-    ;;
 150500:0)
    tagprefix=suse/sles/15.5
    labelprefix=com.suse.kubevirt
@ -186,14 +195,14 @@ case "${distro}" in
    registry=registry.opensuse.org
    ;;
 *)
-    %if 0%{?suse_version} == 1600
-        tagprefix=alp/kubevirt
-        labelprefix=com.suse.kubevirt
-        registry=registry.suse.com
-    %else
-        echo "Unsupported distro: ${distro}" >&2
-        exit 1
-    %endif
+%if 0%{?suse_version} == 1600
+    tagprefix=alp/kubevirt
+    labelprefix=com.suse.kubevirt
+    registry=registry.suse.com
+%else
+    echo "Unsupported distro: ${distro}" >&2
+    exit 1
+%endif
    ;;
 esac