Accepting request 1230819 from server:monitoring

OBS-URL: https://build.opensuse.org/request/show/1230819
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tetragon?expand=0&rev=5

_service

@@ -3,10 +3,11 @@
     <param name="url">https://github.com/cilium/tetragon</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.1.2</param>
+    <param name="revision">v1.3.0</param>
+    <param name="match-tag">v1.3.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">enable</param>
   </service>
   <service name="set_version" mode="manual">
   </service>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/cilium/tetragon</param>
-              <param name="changesrevision">2d8f9438b18dff2ec496fda8af65e1620ca68f11</param></service></servicedata>
+              <param name="changesrevision">4a6643e71e2357324ab8ab73ecb7286d73e96ef8</param></service></servicedata>

tetragon-1.1.2.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1950e676ca0e469eb0270a7a0d97b5c9f098413d1bd115eb42a9e02d337ee833
-size 178684430

tetragon-1.3.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8b52fe495a79de564a52fc89e5589747d69e20aef7c7f37a32807c105487e99f
+size 178766862

tetragon.changes

@@ -1,3 +1,166 @@
+-------------------------------------------------------------------
+Fri Dec 13 10:00:07 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.3.0:
+  Large changelog, please find the full changelog here:
+  https://github.com/cilium/tetragon/releases
+  * Upgrade notes
+    Depending on your setup, changes listed here might require a
+    manual intervention.
+    - Behavior of export-file-perm flag (and corresponding Helm
+      value tetragon.exportFilePerm) changed. In case the export
+      file exists, but has different permissions than specified in
+      the option, Tetragon will change the file permissions on the
+      next log rotation. In older versions, log rotation preserved
+      permissions of the existing file. Before upgrading check if
+      permissions of the existing export file match the option (600
+      by default), and set the agent flag or Helm value to the
+      desired value if needed.
+    - Events (protobuf API)
+      New events for syscall64 type
+      Previous versions of Tetragon did not distinguish between
+      different ABIs when using the syscall64 type because the
+      output was just a size_arg with the id. When executing the
+      getcpu syscall, for example, the JSON for 64- and 32-bits
+      would be:
+      "args":[{"size_arg":"309"}]
+      "args":[{"size_arg":"318"}]
+      Note that id 318 for x86_64 is a different syscall: getrandom
+      so we cannot distinguish between a getrandom syscall on
+      x86_64 and a getcpu call on 32-bit (i386). To address this
+      issue, the output of syscall64 was changed to a SyscallId
+      object that also includes the ABI. So the JSON for 64- and
+      32-bits getcpu now is:
+      "args":[{"syscall_id":{"id":309,"abi":"x64"}}]
+      "args":[{"syscall_id":{"id":318,"abi":"i386"}}]
+      Users that want to maintain the old behavior can use the
+      --enable-compatibility-syscall64-size-type flag for this
+      version.
+      The flag will be removed in v1.4.
+    - Metrics
+      tetragon_ratelimit_dropped_total metric is renamed to
+      tetragon_export_ratelimit_events_dropped_total
+  * Major Changes:
+    - IMA hashes in LSM events (#2818) by @anfedotoff
+    - tetragon: add support for associating pod information when
+      nested cgroups are used (#3170) by @kkourt
+  * - Bugfixes:
+    - Fix clone event eventcache retry handler when missing pod
+      info. (#2899) by @tpapagian
+    - pkg/sensors: fix memory use of unloaded sensors (#3021) by
+      @mtardy
+    - tetragon: fix the process exit signal when core dumped
+      (#3039) by @justin0u0
+    - tetragon: improve how we handle cgroupv1 and cgroupv2 (#3053)
+      by @tixxdz
+    - [metrics] Fix overhead_program metrics for return probes
+      (#3074) by @tpapagian
+    - exec: fix tracking of matchBinary children (#3186) by @kkourt
+
+-------------------------------------------------------------------
+Wed Nov 27 11:11:43 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.2.1:
+  * Prepare for v1.2.1 release
+  * filters: implement parent_arguments_regex
+  * chore(deps): update go to v1.22.9
+  * chore(deps): update docker.io/library/alpine:3.20.3 docker
+    digest to 1e42bbe
+  * tetragon: probe_read usage may cause issues with newer kernels
+  * e2e tests: skip label test on ARM
+  * workflows: use GitHub arm64 runners instead of actuated
+  * Add support to exclude valid processes from dump processCache
+  * tetra: add max-recv-size to processcache dump cmd
+  * tetra: rewrite dump processcache cmd for correct error code
+  * tetra: use consistent case in dump cmd and api
+  * Add support to dump processLRU
+  * [btf] Flush kernel spec (BTF) after loading a sensor
+  * [ksyms] Do not cache ksyms to reduce memory consumption
+  * fix(deps): update module github.com/cilium/cilium to v1.15.10
+    [security]
+  * chore(deps): update docker.io/library/golang:1.22.8 docker
+    digest to 0ca97f4
+  * chore(deps): update docker.io/library/alpine docker tag to
+    v3.20.3
+  * chore(deps): update go to v1.22.8
+  * fix(deps): update module github.com/containers/common to
+    v0.60.4 [security]
+  * chore(deps): update docker.io/library/golang:1.22.6 docker
+    digest to a632201
+  * chore: update containers/common
+  * Remove const from parameters
+  * bpf: allow all operations for syscall64 type
+  * watcher: add metrics for deleted pod cache
+  * watcher: add a deleted pod cache
+  * watcher: add test for "fast" k8s API server
+  * watcher: change FindContainer function
+  * watcher: add a containerIDKey function
+  * watcher: refactor watcher
+  * Export EventCache tunables in the Helm Chart
+  * Reduce the delay in GRPC gotests
+  * Make EventCache configurable
+  * helm: Set rthooks.podSecurityContext to empty by default
+  * helm: Remove deprecated tetragon.skipCRDCreation value
+  * [bugfix] Fix clone event caching due to missing pod info
+
+-------------------------------------------------------------------
+Fri Sep 13 18:27:13 UTC 2024 - opensuse_buildservice@ojkastl.de
+
+- Update to version 1.2.0:
+  Full changelog see
+  https://github.com/cilium/tetragon/releases/tag/v1.2.0
+  * Major Changes
+    - feat: Username for process_exec events (#2369) by @anfedotoff
+    - tetragon: Allow persistent enforcement during tetragon
+      restart (#2600) by @olsajiri
+    - LSM sensor (#2566) by @anfedotoff
+  * Bugfixes
+    - bpf: use CORE for execve hook (#2399) by @kkourt
+    - Don't create PodInfo if the pod is being deleted (#2431) by
+      @michi-covalent
+    - tetragon: allow namespaced and non-namespaced policies to
+      have the same name (#2337) by @joshuajorel
+    - operator: Don't start metrics server if Helm value
+      tetragonOperator.prometheus.enabled is set to false. (#2484)
+      by @yukinakanaka
+    - enforcer: fix issue when using multiple calls with fmod_ret
+      (#2524) by @kkourt
+    - Reduce the kernel memory footprint (accounted by the cgroup
+      memory controller) of the stack trace feature when unused.
+      (#2546) by @mtardy
+    - Reduce the kernel memory footprint (accounted by the cgroup
+      memory controller) of the ratelimit feature when unused
+      (around ~10MB per kprobe). (#2551) by @mtardy
+    - Reduce the kernel memory footprint (accounted by the cgroup
+      memory controller) of the fdinstall feature when unused
+      (around ~11MB per kprobe). (#2563) by @mtardy
+    - Do not increase the reference count when we cannot find a
+      parent in kthreads. (#2620) by @tpapagian
+    - Reduce the kernel memory footprint (accounted by the cgroup
+      v2 memory controller) of the override feature when unused
+      (around ~3MB per kprobe). (#2692) by @mtardy
+    - Fix a bug related to the matchBinaries Prefix operator by
+      increasing the buffer size used by our dentry walk. Now the
+      matchBinaries Prefix operator can correctly trigger a match
+      on any path above 255 chars. (#2764) by @mtardy
+    - Fix a bug where the tetra getevents command would timeout
+      even if the connection was successful. (#2765) by @mtardy
+    - Fix missing cases in the compact encoder for tetra. (#2819)
+      by @willfindlay
+    - add support for pod association via cgroup id (#2776) by
+      @kkourt
+    - Allow disabling gRPC either by selecting 'enabled:false' in
+      the helm chart or by passing an empty address to the agent
+      (#2826) by @kkourt
+    - Fix tetragon_process_cache_size metric (#2827) by @lambdanis
+
+-------------------------------------------------------------------
+Mon Jul 29 18:36:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- exclude architectures that fail to build due to
+  'pkg/syscallinfo/syscallinfo.go:39:34: undefined: syscallNames'
+  errors
+
 -------------------------------------------------------------------
 Wed Jun 12 16:18:43 UTC 2024 - opensuse_buildservice@ojkastl.de
 

tetragon.obsinfo

@@ -1,4 +1,4 @@
 name: tetragon
-version: 1.1.2
-mtime: 1718190407
-commit: 2d8f9438b18dff2ec496fda8af65e1620ca68f11
+version: 1.3.0
+mtime: 1734081089
+commit: 4a6643e71e2357324ab8ab73ecb7286d73e96ef8

tetragon.spec

@@ -16,23 +16,25 @@
 #
 
 
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
-
 %define cli_binary_name tetra
 %define cli_package_name tetragon-cli
 
 Name:           tetragon
-Version:        1.1.2
+Version:        1.3.0
 Release:        0
 Summary:        eBPF-based Security Observability and Runtime Enforcement
 License:        Apache-2.0
 URL:            https://github.com/cilium/tetragon
 Source:         tetragon-%{version}.tar.gz
 Source1:        vendor.tar.gz
-BuildRequires:  clang
+BuildRequires:  bash-completion
+BuildRequires:  clang >= 15
+BuildRequires:  fish
 BuildRequires:  go >= 1.22
 BuildRequires:  llvm
 BuildRequires:  make
+BuildRequires:  zsh
+ExcludeArch:    i586 ppc64le s390x armv7l armv7hl
 
 %description
 Cilium’s new Tetragon component enables powerful real-time, eBPF-based Security
@@ -94,7 +96,7 @@ zsh command line completion support for %{cli_package_name}.
 #
 # tetragon
 #
-CGO_ENABLED=0 go build \
+go build \
    -mod=vendor \
    -buildmode=pie \
    -ldflags="-X github.com/cilium/tetragon/pkg/version.Version=%{version}" \
@@ -108,7 +110,7 @@ make -C ./bpf BPF_TARGET_ARCH=x86 %{?_smp_mflags}
 #
 # tetra cli
 #
-CGO_ENABLED=0 go build \
+go build \
    -mod=vendor \
    -buildmode=pie \
    -ldflags="-X github.com/cilium/tetragon/pkg/version.Version=%{version}" \
@@ -147,8 +149,8 @@ mkdir -p %{buildroot}%{_datarootdir}/fish/vendor_completions.d/
 %{buildroot}/%{_bindir}/%{cli_binary_name} completion fish > %{buildroot}%{_datarootdir}/fish/vendor_completions.d/%{cli_binary_name}.fish
 
 # create the zsh completion file
-mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
-%{buildroot}/%{_bindir}/%{cli_binary_name} completion zsh > %{buildroot}%{_datarootdir}/zsh_completion.d/_%{cli_binary_name}
+mkdir -p %{buildroot}%{_datarootdir}/zsh/site-functions/
+%{buildroot}/%{_bindir}/%{cli_binary_name} completion zsh > %{buildroot}%{_datarootdir}/zsh/site-functions/_%{cli_binary_name}
 
 %pre
 %service_add_pre %{name}.service
@@ -183,16 +185,12 @@ mkdir -p %{buildroot}%{_datarootdir}/zsh_completion.d/
 %{_bindir}/%{cli_binary_name}
 
 %files -n %{cli_package_name}-bash-completion
-%dir %{_datarootdir}/bash-completion/completions/
 %{_datarootdir}/bash-completion/completions/%{cli_binary_name}
 
 %files -n %{cli_package_name}-fish-completion
-%dir %{_datarootdir}/fish
-%dir %{_datarootdir}/fish/vendor_completions.d
 %{_datarootdir}/fish/vendor_completions.d/%{cli_binary_name}.fish
 
 %files -n %{cli_package_name}-zsh-completion
-%dir %{_datarootdir}/zsh_completion.d/
-%{_datarootdir}/zsh_completion.d/_%{cli_binary_name}
+%{_datarootdir}/zsh/site-functions/_%{cli_binary_name}
 
 %changelog

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f180e8b2d905bbdf53026da189b19c30d1f1424856ab02770c447ef2bc1a577e
-size 13888794
+oid sha256:84f2613ed4a842eb2a9dca9bedc0984aff795e75c95652a01023e94f9b4a0ce8
+size 12643824