From b0799e0d72231a9e9a0930bf3c7cb0b5eadf104755adcbc9788ef5cd2ea28358 Mon Sep 17 00:00:00 2001
From: Valentin Lefebvre <valentin.lefebvre@suse.com>
Date: Wed, 15 Mar 2023 09:05:09 +0000
Subject: [PATCH] Accepting request 1070768 from home:gbelinassi

- Enable livepatching support on x86_64.

OBS-URL: https://build.opensuse.org/request/show/1070768
OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=272
---
 pam.changes |  5 +++++
 pam.spec    | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 56 insertions(+)

diff --git a/pam.changes b/pam.changes
index e855161..b1fb24e 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Mar 10 18:27:09 UTC 2023 - Giuliano Belinassi <giuliano.belinassi@suse.com>
+
+- Enable livepatching support on x86_64.
+
 -------------------------------------------------------------------
 Tue Jan 24 08:38:04 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>
 
diff --git a/pam.spec b/pam.spec
index 464ce23..b47f650 100644
--- a/pam.spec
+++ b/pam.spec
@@ -15,6 +15,26 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
+%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
+# Enable livepatching support for SLE15-SP4 onwards. It requires
+# compiler support introduced there.
+%define livepatchable 1
+
+# Set variables for livepatching.
+%define _other %{_topdir}/OTHER
+%define tar_basename pam-livepatch-%{version}-%{release}
+%define tar_package_name %{tar_basename}.%{_arch}.tar.xz
+%define clones_dest_dir %{tar_basename}/%{_arch}
+%else
+# Unsupported operating system.
+%define livepatchable 0
+%endif
+
+%ifnarch x86_64
+# Unsupported architectures must have livepatch disabled.
+%define livepatchable 0
+%endif
+
 %bcond_with debug
 
 %define flavor @BUILD_FLAVOR@%{nil}
@@ -184,6 +204,9 @@ export CFLAGS="%{optflags}"
 %if !%{with debug}
 CFLAGS="$CFLAGS -DNDEBUG"
 %endif
+%if %{livepatchable}
+CFLAGS="$CFLAGS -fpatchable-function-entry=16,14 -fdump-ipa-clones"
+%endif
 %configure \
 	--includedir=%{_includedir}/security \
 	--docdir=%{_docdir}/pam \
@@ -197,6 +220,33 @@ CFLAGS="$CFLAGS -DNDEBUG"
 %endif
 
 %make_build
+
+%if %{livepatchable}
+
+# Ipa-clones are files generated by gcc which logs changes made across
+# functions, and we need to know such changes to build livepatches
+# correctly. These files are intended to be used by the livepatch
+# developers and may be retrieved by using `osc getbinaries`.
+#
+# Create list of ipa-clones.
+find . -name "*.ipa-clones" ! -empty | sed 's/^\.\///g' | sort > ipa-clones.list
+
+# Create ipa-clones destination folder and move clones there.
+mkdir -p ipa-clones/%{clones_dest_dir}
+while read f; do
+  _dest=ipa-clones/%{clones_dest_dir}/$f
+  mkdir -p ${_dest%/*}
+  cp $f $_dest
+done < ipa-clones.list
+
+# Create tar package with the clone files.
+tar cfJ %{tar_package_name} -C ipa-clones %{tar_basename}
+
+# Copy tar package to the OTHERS folder
+cp %{tar_package_name} %{_other}
+
+%endif # livepatchable
+
 gcc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I%{_builddir}/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o %{_builddir}/unix2_chkpwd -L%{_builddir}/Linux-PAM-%{version}/libpam/.libs -lpam
 
 %if %{build_main}
@@ -213,6 +263,7 @@ mkdir -p %{buildroot}/sbin
 mkdir -p -m 755 %{buildroot}%{_libdir}
 # For compat reasons
 mkdir -p %{buildroot}%{_distconfdir}/pam.d
+
 %make_install
 /sbin/ldconfig -n %{buildroot}%{libdir}
 # Install documentation