diff --git a/0001-build-use-ac-variables-in-pkgconfig-file.patch b/0001-build-use-ac-variables-in-pkgconfig-file.patch deleted file mode 100644 index 239572e..0000000 --- a/0001-build-use-ac-variables-in-pkgconfig-file.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 788415e60f153bdf438c70ada9d294da95ef16e0 Mon Sep 17 00:00:00 2001 -From: Jan Engelhardt -Date: Sat, 8 Sep 2012 05:55:42 +0200 -Subject: [PATCH] build: use ac variables in pkgconfig file - -Signed-off-by: Jan Engelhardt ---- - libseccomp.pc.in | 9 +++++---- - 1 files changed, 5 insertions(+), 4 deletions(-) - -diff --git a/libseccomp.pc.in b/libseccomp.pc.in -index c195831..a863351 100644 ---- a/libseccomp.pc.in -+++ b/libseccomp.pc.in -@@ -19,13 +19,14 @@ - # along with this library; if not, see . - # - --prefix=%%INSTALL_PREFIX%% --libdir=%%INSTALL_LIBDIR%% --includedir=${prefix}/include -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ - - Name: libseccomp - Description: The enhanced seccomp library - URL: http://libseccomp.sf.net --Version: %%VERSION_RELEASE%% -+Version: @PACKAGE_VERSION@ - Cflags: -I${includedir} - Libs: -L${libdir} -lseccomp --- -1.7.7 - diff --git a/0001-build-use-autotools-as-build-system.patch b/0001-build-use-autotools-as-build-system.patch index 4438bf5..d16429d 100644 --- a/0001-build-use-autotools-as-build-system.patch +++ b/0001-build-use-autotools-as-build-system.patch @@ -1,97 +1,89 @@ -From 239b65fde203011208ad63f9f63ef85ddec49ca9 Mon Sep 17 00:00:00 2001 +From c22e0366049884637b6f92e0f39c0d6579c7ca1f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Wed, 14 Nov 2012 21:30:16 +0100 Subject: [PATCH] build: use autotools as build system Signed-off-by: Jan Engelhardt --- - Makefile.am | 27 - autogen.sh | 5 - configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++- - Makefile.am | 27 - autogen.sh | 5 - configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++- - Makefile.am | 27 - autogen.sh | 5 - configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++- - Makefile | 1078 +++ - Makefile.am | 23 - autogen.sh | 5 - configure |14281 ++++++++++++++++++++++++++++++++++++++++++++++++- - Makefile.am | 23 +++++++++++++++++++++++ - autogen.sh | 5 +++++ - configure.ac | 28 ++++++++++++++++++++++++++++ - m4/.gitignore | 2 ++ - src/Makefile.am | 9 +++++++++ - src/system.h | 4 ++-- - tests/Makefile.am | 29 +++++++++++++++++++++++++++++ - tools/Makefile.am | 6 ++++++ - 8 files changed, 104 insertions(+), 2 deletions(-) - delete mode 100644 Makefile + .gitignore | 25 +++++++++++++++++-------- + Makefile.am | 31 +++++++++++++++++++++++++++++++ + autogen.sh | 5 +++++ + configure.ac | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ + include/seccomp.h.in | 6 +++--- + libseccomp.pc.in | 9 +++++---- + m4/.gitignore | 2 ++ + src/Makefile.am | 16 ++++++++++++++++ + src/python/.gitignore | 5 +++-- + src/python/Makefile.am | 24 ++++++++++++++++++++++++ + src/python/setup.py | 2 +- + src/system.h | 4 ++-- + tests/Makefile.am | 44 ++++++++++++++++++++++++++++++++++++++++++++ + tools/Makefile.am | 9 +++++++++ + 14 files changed, 211 insertions(+), 20 deletions(-) create mode 100644 Makefile.am create mode 100755 autogen.sh - delete mode 100755 configure create mode 100644 configure.ac - delete mode 100644 doc/Makefile - delete mode 100644 include/Makefile - delete mode 100644 install.mk create mode 100644 m4/.gitignore - delete mode 100644 macros.mk - delete mode 100644 src/.gitignore - delete mode 100644 src/Makefile create mode 100644 src/Makefile.am - delete mode 100644 src/python/Makefile create mode 100644 src/python/Makefile.am - delete mode 100644 tests/Makefile create mode 100644 tests/Makefile.am - delete mode 100644 tools/Makefile create mode 100644 tools/Makefile.am - delete mode 100644 version_info -Index: libseccomp-1.0.1/Makefile.am -=================================================================== +diff --git a/Makefile.am b/Makefile.am +new file mode 100644 +index 0000000..bf0a4ea --- /dev/null -+++ libseccomp-1.0.1/Makefile.am -@@ -0,0 +1,23 @@ ++++ b/Makefile.am +@@ -0,0 +1,31 @@ +# -*- Makefile -*- + -+SUBDIRS = src tools tests -+ +ACLOCAL_AMFLAGS = -I m4 ++SUBDIRS = src tools tests + +pkgconfdir = ${libdir}/pkgconfig +pkgconf_DATA = libseccomp.pc + -+include_HEADERS = include/seccomp.h ++nodist_include_HEADERS = include/seccomp.h + -+man_MANS = \ ++dist_man_MANS = \ ++ doc/man/man1/scmp_sys_resolver.1 \ ++ doc/man/man3/seccomp_arch_add.3 \ ++ doc/man/man3/seccomp_arch_exist.3 \ ++ doc/man/man3/seccomp_arch_native.3 \ ++ doc/man/man3/seccomp_arch_remove.3 \ + doc/man/man3/seccomp_attr_get.3 \ + doc/man/man3/seccomp_attr_set.3 \ + doc/man/man3/seccomp_export_bpf.3 \ + doc/man/man3/seccomp_export_pfc.3 \ + doc/man/man3/seccomp_init.3 \ + doc/man/man3/seccomp_load.3 \ ++ doc/man/man3/seccomp_merge.3 \ + doc/man/man3/seccomp_release.3 \ + doc/man/man3/seccomp_reset.3 \ + doc/man/man3/seccomp_rule_add.3 \ + doc/man/man3/seccomp_rule_add_exact.3 \ -+ doc/man/man3/seccomp_syscall_priority.3 -Index: libseccomp-1.0.1/autogen.sh -=================================================================== ++ doc/man/man3/seccomp_syscall_priority.3 \ ++ doc/man/man3/seccomp_syscall_resolve_name.3 \ ++ doc/man/man3/seccomp_syscall_resolve_name_arch.3 \ ++ doc/man/man3/seccomp_syscall_resolve_num_arch.3 +diff --git a/autogen.sh b/autogen.sh +new file mode 100755 +index 0000000..37e4b23 --- /dev/null -+++ libseccomp-1.0.1/autogen.sh ++++ b/autogen.sh @@ -0,0 +1,5 @@ +#!/bin/sh -e + +autoreconf -fi; +rm -Rf autom4te.cache; +# do not call configure - this is unexpected -Index: libseccomp-1.0.1/configure.ac -=================================================================== +diff --git a/configure.ac b/configure.ac +new file mode 100644 +index 0000000..fa7bd5b --- /dev/null -+++ libseccomp-1.0.1/configure.ac -@@ -0,0 +1,28 @@ -+AC_INIT([libseccomp], [1.0.0]) ++++ b/configure.ac +@@ -0,0 +1,49 @@ ++AC_INIT([libseccomp], [2.1.0]) +AC_CONFIG_AUX_DIR([build-aux]) +AC_CONFIG_HEADERS([configure.h]) +AC_CONFIG_MACRO_DIR([m4]) @@ -112,38 +104,150 @@ Index: libseccomp-1.0.1/configure.ac +AC_SUBST([AM_CFLAGS]) +AC_SUBST([AM_LDFLAGS]) + -+AC_ARG_ENABLE([python], -+ [AS_HELP_STRING([build the python bindings, requires cython])]) -+AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) ++VERSION_MAJOR="${VERSION%%.*}" ++VERSION_MINOR="${VERSION#*.}" ++VERSION_MICRO="${VERSION_MINOR#*.}" ++VERSION_MINOR="${VERSION_MINOR%%.*}" ++VERSION_MICRO="${VERSION_MICRO%%.*}" ++AC_SUBST([VERSION_MAJOR]) ++AC_SUBST([VERSION_MINOR]) ++AC_SUBST([VERSION_MICRO]) + -+AC_CONFIG_FILES([Makefile src/Makefile tools/Makefile -+ tests/Makefile libseccomp.pc]) ++dnl AC_ARG_ENABLE([python], ++dnl [AS_HELP_STRING([--enable-python], [build the python bindings, requires cython])]) ++enable_python=no ++AM_CONDITIONAL([ENABLE_PYTHON], [test "$enable_python" = yes]) ++cython_ver=$(which cython >/dev/null 2>/dev/null && cython -V 2>&1 | cut -d' ' -f3) ++cython_maj=$(echo "$cython_ver" | cut -d'.' -f1) ++cython_min=$(echo "$cython_ver" | cut -d'.' -f2) ++AS_IF([test "$enable_python" = yes], [ ++ recent="" ++ AS_IF([test -n "$cython_maj" -a -n "$cython_min" && ++ ! test "$cython_maj" -eq 0 -a "$cython_min" -lt 16], [recent=yes]) ++ AS_IF([test -z "$recent"], [ ++ AC_MSG_ERROR([python bindings require cython 0.16 or higher]) ++ ]) ++]) ++ ++AC_CONFIG_FILES([Makefile src/Makefile src/python/Makefile tools/Makefile ++ tests/Makefile include/seccomp.h libseccomp.pc]) +AC_OUTPUT -Index: libseccomp-1.0.1/m4/.gitignore -=================================================================== +diff --git a/include/seccomp.h.in b/include/seccomp.h.in +index 7897cbf..e14c1f5 100644 +--- a/include/seccomp.h.in ++++ b/include/seccomp.h.in +@@ -35,9 +35,9 @@ extern "C" { + * version information + */ + +-#define SCMP_VER_MAJOR %%VERSION_MAJOR%% +-#define SCMP_VER_MINOR %%VERSION_MINOR%% +-#define SCMP_VER_MICRO %%VERSION_MICRO%% ++#define SCMP_VER_MAJOR @VERSION_MAJOR@ ++#define SCMP_VER_MINOR @VERSION_MINOR@ ++#define SCMP_VER_MICRO @VERSION_MICRO@ + + /* + * types +diff --git a/libseccomp.pc.in b/libseccomp.pc.in +index c195831..a863351 100644 +--- a/libseccomp.pc.in ++++ b/libseccomp.pc.in +@@ -19,13 +19,14 @@ + # along with this library; if not, see . + # + +-prefix=%%INSTALL_PREFIX%% +-libdir=%%INSTALL_LIBDIR%% +-includedir=${prefix}/include ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ + + Name: libseccomp + Description: The enhanced seccomp library + URL: http://libseccomp.sf.net +-Version: %%VERSION_RELEASE%% ++Version: @PACKAGE_VERSION@ + Cflags: -I${includedir} + Libs: -L${libdir} -lseccomp +diff --git a/m4/.gitignore b/m4/.gitignore +new file mode 100644 +index 0000000..64d9bbc --- /dev/null -+++ libseccomp-1.0.1/m4/.gitignore ++++ b/m4/.gitignore @@ -0,0 +1,2 @@ +/libtool.m4 +/lt*.m4 -Index: libseccomp-1.0.1/src/Makefile.am -=================================================================== +diff --git a/src/Makefile.am b/src/Makefile.am +new file mode 100644 +index 0000000..91b1519 --- /dev/null -+++ libseccomp-1.0.1/src/Makefile.am -@@ -0,0 +1,9 @@ ++++ b/src/Makefile.am +@@ -0,0 +1,16 @@ +# -*- Makefile -*- + +SUBDIRS = . ++if ENABLE_PYTHON ++SUBDIRS += python ++endif + +lib_LTLIBRARIES = libseccomp.la + -+libseccomp_la_SOURCES = api.c arch.c arch-i386.c arch-i386-syscalls.c \ -+ arch-x86_64.c arch-x86_64-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c -+libseccomp_la_LDFLAGS = -version-info 1:0:0 -Index: libseccomp-1.0.1/src/system.h -=================================================================== ---- libseccomp-1.0.1.orig/src/system.h -+++ libseccomp-1.0.1/src/system.h ++libseccomp_la_SOURCES = api.c arch.c arch-x86.c arch-x86-syscalls.c \ ++ arch-x86_64.c arch-x86_64-syscalls.c arch-x32.c arch-x32-syscalls.c \ ++ arch-arm.c arch-arm-syscalls.c db.c hash.c gen_pfc.c gen_bpf.c \ ++ \ ++ arch-arm.h arch-x32.h arch-x86.h arch-x86_64.h arch.h \ ++ db.h gen_bpf.h gen_pfc.h hash.h system.h ++libseccomp_la_LDFLAGS = -version-number 2:1:0 +diff --git a/src/python/Makefile.am b/src/python/Makefile.am +new file mode 100644 +index 0000000..400b354 +--- /dev/null ++++ b/src/python/Makefile.am +@@ -0,0 +1,24 @@ ++# -*- Makefile -*- ++ ++PYTHON = /usr/bin/env python ++pyverbose_0 = -q ++pyverbose_ = ${pyverbose_0} ++ ++PY_DISTUTILS = \ ++ VERSION_RELEASE="${VERSION_RELEASE}" \ ++ CFLAGS="-I\${top_srcdir}/include ${CFLAGS} ${CPPFLAGS}" \ ++ LDFLAGS="${LDFLAGS}" \ ++ ${PYTHON} ./setup.py ++PY_BUILD = ${PY_DISTUTILS} build ${pyverbose_${V}} ++PY_INSTALL = ${PY_DISTUTILS} install ${pyverbose_${V}} ++ ++all-local: python-build ++ ++python-build: ../libseccomp.la libseccomp.pxd seccomp.pyx ++ ${AM_V_GEN}${PY_DISTUTILS} build && touch $@ ++ ++install-exec-local: ++ ${PY_DISTUTILS} install --prefix=${DESTDIR}/${prefix} ++ ++clean-local: ++ rm -Rf python-build seccomp.c +diff --git a/src/python/setup.py b/src/python/setup.py +index 872642e..62ba24a 100644 +--- a/src/python/setup.py ++++ b/src/python/setup.py +@@ -40,6 +40,6 @@ setup( + cmdclass = {'build_ext': build_ext}, + ext_modules = [ + Extension("seccomp", ["seccomp.pyx"], +- extra_objects=["../libseccomp.a"]) ++ extra_objects=["../.libs/libseccomp.so"]) + ] + ) +diff --git a/src/system.h b/src/system.h +index cb14f65..11303cf 100644 +--- a/src/system.h ++++ b/src/system.h @@ -25,9 +25,9 @@ #include #include @@ -156,48 +260,71 @@ Index: libseccomp-1.0.1/src/system.h /* system header file */ #include -Index: libseccomp-1.0.1/tests/Makefile.am -=================================================================== +diff --git a/tests/Makefile.am b/tests/Makefile.am +new file mode 100644 +index 0000000..236abee --- /dev/null -+++ libseccomp-1.0.1/tests/Makefile.am -@@ -0,0 +1,29 @@ ++++ b/tests/Makefile.am +@@ -0,0 +1,44 @@ +# -*- Makefile -*- + +AM_LDFLAGS = -static +LDADD = util.la ../src/libseccomp.la + +check_LTLIBRARIES = util.la -+util_la_SOURCES = util.c ++util_la_SOURCES = util.c util.h +util_la_LDFLAGS = -module + +TESTS = regression + ++EXTRA_DIST = regression *.tests ++BUILT_SOURCES = 00-test.c ++ +check_PROGRAMS = \ -+ 01-allow \ -+ 02-basic \ -+ 03-basic-chains \ -+ 04-multilevel-chains \ -+ 05-long-jumps \ -+ 06-actions \ -+ 07-db-bug-looping \ -+ 08-subtree-checks \ -+ 09-syscall-priority-pre \ -+ 10-syscall-priority-post \ -+ 11-basic-errors \ -+ 12-basic-masked-ops \ -+ 13-attrs \ -+ 14-reset \ -+ 15-resolver \ -+ 16-arch-basic \ -+ 17-arch-merge -Index: libseccomp-1.0.1/tools/Makefile.am -=================================================================== ++ 00-test \ ++ 01-sim-allow \ ++ 02-sim-basic \ ++ 03-sim-basic_chains \ ++ 04-sim-multilevel_chains \ ++ 05-sim-long_jumps \ ++ 06-sim-actions \ ++ 07-sim-db_bug_looping \ ++ 08-sim-subtree_checks \ ++ 09-sim-syscall_priority_pre \ ++ 10-sim-syscall_priority_post \ ++ 11-basic-basic_errors \ ++ 12-sim-basic_masked_ops \ ++ 13-basic-attrs \ ++ 14-sim-reset \ ++ 15-basic-resolver \ ++ 16-sim-arch_basic \ ++ 17-sim-arch_merge \ ++ 18-sim-basic_whitelist \ ++ 19-sim-missing_syscalls \ ++ 20-live-basic_die \ ++ 21-live-basic_allow \ ++ 22-sim-basic_chains_array \ ++ 23-sim-arch_all_basic \ ++ 24-live-arg_allow \ ++ 25-sim-multilevel_chains_adv ++ ++00-test.c: ++ if ! test -e $@; then echo "int main(void) { return 0; }" >$@; fi +diff --git a/tools/Makefile.am b/tools/Makefile.am +new file mode 100644 +index 0000000..ed74f39 --- /dev/null -+++ libseccomp-1.0.1/tools/Makefile.am -@@ -0,0 +1,6 @@ ++++ b/tools/Makefile.am +@@ -0,0 +1,9 @@ +# -*- Makefile -*- + -+noinst_PROGRAMS = bpf_disasm bpf_sim ++bin_PROGRAMS = scmp_sys_resolver ++noinst_PROGRAMS = scmp_arch_detect scmp_bpf_disasm scmp_bpf_sim + -+bpf_disasm_SOURCES = bpf_disasm.c -+bpf_sim_SOURCES = bpf_sim.c ++scmp_sys_resolver_LDADD = ../src/libseccomp.la ++scmp_arch_detect_LDADD = ../src/libseccomp.la ++ ++EXTRA_DIST = bpf.h +-- +1.8.2 + diff --git a/libseccomp-1.0.1.tar.gz b/libseccomp-1.0.1.tar.gz deleted file mode 100644 index c7b7c69..0000000 --- a/libseccomp-1.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7c38fa4bcb92ec48179132e9532feee65f9dc3a00b733328a21551f028b62966 -size 129602 diff --git a/libseccomp-2.1.0.tar.gz b/libseccomp-2.1.0.tar.gz new file mode 100644 index 0000000..2cde45c --- /dev/null +++ b/libseccomp-2.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b0d6e4f0984e6632a04f0cf33c6babdb011674ba15ff208e196f037e0e09905e +size 216834 diff --git a/libseccomp.changes b/libseccomp.changes index 9258f1a..fab7820 100644 --- a/libseccomp.changes +++ b/libseccomp.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Tue Jun 18 01:14:06 UTC 2013 - jengelh@inai.de + +- Update to new upstream release 2.1.0 +* Add support for the x32 and ARM architectures +* More verbose PFC output, including translation of syscall + numbers to names +* Several assorted bugfixes affecting the seccomp BPF generation +* The syscall number/name resolver tool is now installed +* Fixes for the x86 multiplexed syscalls +* Additions to the API to better support non-native architecures +* Additions to the API to support multiple architecures in one filter +* Additions to the API to resolve syscall name/number mappings +- Remove 0001-build-use-ac-variables-in-pkgconfig-file.patch + (merged into 0001-build-use-autotools-as-build-system.patch) + ------------------------------------------------------------------- Fri Dec 21 05:47:29 UTC 2012 - jengelh@inai.de diff --git a/libseccomp.spec b/libseccomp.spec index dbacafe..4228c37 100644 --- a/libseccomp.spec +++ b/libseccomp.spec @@ -1,7 +1,7 @@ # # spec file for package libseccomp # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,28 +17,25 @@ Name: libseccomp -%define lname libseccomp1 -Version: 1.0.1 +%define lname libseccomp2 +Version: 2.1.0 Release: 0 Summary: An enhanced Seccomp (mode 2) helper library License: LGPL-2.1 Group: Development/Libraries/C and C++ -Url: http://sf.net/projects/seccomp/ +Url: http://sf.net/projects/libseccomp/ -#DL-URL: http://downloads.sf.net/libseccomp/libseccomp-1.0.1.tar.gz #Git-Clone: git://git.code.sf.net/p/libseccomp/libseccomp #Git-Clone: git://git.inai.de/libseccomp Source: http://downloads.sf.net/libseccomp/libseccomp-%{version}.tar.gz -Patch1: 0001-build-use-ac-variables-in-pkgconfig-file.patch -Patch2: 0001-build-use-autotools-as-build-system.patch +Patch1: 0001-build-use-autotools-as-build-system.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: autoconf BuildRequires: automake >= 1.10 +BuildRequires: fdupes BuildRequires: libtool >= 2 BuildRequires: pkgconfig -BuildRequires: python-Cython -BuildRequires: python-devel -ExclusiveArch: %ix86 x86_64 +ExclusiveArch: %ix86 x86_64 x32 %arm %description The libseccomp library provides and easy to use, platform @@ -87,37 +84,54 @@ familiar to, and easily adopted by application developers. This package contains the development files for libseccomp. +%package tools +Summary: Utilities for the seccomp API +Group: Development/Tools/Debuggers + +%description tools +The libseccomp library provides and easy to use, platform +independent, interface to the Linux Kernel's syscall filtering +mechanism: seccomp. + +This subpackage contains debug utilities for the seccomp interface. + %prep %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -p1 %build chmod a+x autogen.sh; ./autogen.sh; -%configure --includedir="%_includedir/%name-%version" --enable-python +%configure --includedir="%_includedir/pkg/%name" make %{?_smp_mflags}; %install b="%buildroot"; make install DESTDIR="$b"; find "$b/%_libdir" -type f -name "*.la" -delete; +%fdupes %buildroot/%_prefix %check make check || :; -%post -n %lname -p /sbin/ldconfig - +%post -n %lname -p /sbin/ldconfig %postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-,root,root) -%_libdir/%name.so.* +%_libdir/%name.so.2* +%doc LICENSE %files devel %defattr(-,root,root) %_mandir/man3/seccomp_*.3* -%_includedir/%name-%version +%_includedir/pkg/ %_libdir/%name.so %_libdir/pkgconfig/%name.pc +%files tools +%defattr(-,root,root) +%_bindir/scmp_sys_resolver +%_mandir/man1/scmp_sys_resolver.1* + %changelog