import oci-seccomp-bpf-hook-1.2.5-2.module+el8.8.0+18083+cd85596b

2 years ago · 9b25fcb28b
commit 9b25fcb28b
4 changed files with 243 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/v1.2.5.tar.gz
--- a/.oci-seccomp-bpf-hook.metadata
+++ b/.oci-seccomp-bpf-hook.metadata
@ -0,0 +1 @@
+d73e189532884c786d0074ad92a30cf11c209395 SOURCES/v1.2.5.tar.gz
--- a/SOURCES/245cc45ad45f8024c602696f58ae163d0dc745d5.patch
+++ b/SOURCES/245cc45ad45f8024c602696f58ae163d0dc745d5.patch
@ -0,0 +1,60 @@
+From 245cc45ad45f8024c602696f58ae163d0dc745d5 Mon Sep 17 00:00:00 2001
+From: Dominique Martinet <asmadeus@codewreck.org>
+Date: Tue, 11 Oct 2022 22:39:28 +0900
+Subject: [PATCH] update gobpf: fix compatibility with bcc v0.25.0
+
+bcc v0.25.0 broke compatibility with bcc_func_load and requires updating
+the gobpf wrapper.
+
+Fixes: #100
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+---
+ go.mod                                        |  2 +-
+ go.sum                                        |  4 +--
+ vendor/github.com/iovisor/gobpf/bcc/module.go | 25 ++++++++++++++++++-
+ vendor/modules.txt                            |  2 +-
+ 4 files changed, 28 insertions(+), 5 deletions(-)
+
+diff --git a/vendor/github.com/iovisor/gobpf/bcc/module.go b/vendor/github.com/iovisor/gobpf/bcc/module.go
+index 98a1c93..67d43eb 100644
+--- a/vendor/github.com/iovisor/gobpf/bcc/module.go
+++ b/vendor/github.com/iovisor/gobpf/bcc/module.go
+@@ -31,6 +31,29 @@ import (
+ #cgo LDFLAGS: -lbcc
+ #include <bcc/bcc_common.h>
+ #include <bcc/libbpf.h>
+#include <bcc/bcc_version.h>
+
+#ifndef LIBBCC_VERSION_GEQ
+#define LIBBCC_VERSION_GEQ(a, b, c) 0
+#endif
+
+int bcc_func_load_wrapper(void *program, int prog_type, const char *name,
+						  const struct bpf_insn *insns, int prog_len,
+						  const char *license, unsigned kern_version,
+						  int log_level, char *log_buf, unsigned log_buf_size,
+						  const char *dev_name, int attach_type){
+
+#if LIBBCC_VERSION_GEQ(0, 25, 0)
+    return bcc_func_load(program, prog_type, name, insns, prog_len, license,
+						 kern_version, log_level, log_buf, log_buf_size,
+						 dev_name, attach_type);
+#else
+    return bcc_func_load(program, prog_type, name, insns, prog_len, license,
+						 kern_version, log_level, log_buf, log_buf_size,
+						 dev_name);
+#endif
+}
+
+ */
+ import "C"
+ 
+@@ -227,7 +250,7 @@ func (bpf *Module) load(name string, progType int, logLevel, logSize uint) (int,
+ 		logBuf = make([]byte, logSize)
+ 		logBufP = (*C.char)(unsafe.Pointer(&logBuf[0]))
+ 	}
+-	fd, err := C.bcc_func_load(bpf.p, C.int(uint32(progType)), nameCS, start, size, license, version, C.int(logLevel), logBufP, C.uint(len(logBuf)), nil)
+	fd, err := C.bcc_func_load_wrapper(bpf.p, C.int(uint32(progType)), nameCS, start, size, license, version, C.int(logLevel), logBufP, C.uint(len(logBuf)), nil, C.int(-1))
+ 	if fd < 0 {
+ 		return -1, fmt.Errorf("error loading BPF program: %v", err)
+ 	}
--- a/SPECS/oci-seccomp-bpf-hook.spec
+++ b/SPECS/oci-seccomp-bpf-hook.spec
@ -0,0 +1,181 @@
+%global with_check 0
+
+%global _find_debuginfo_dwz_opts %{nil}
+%global _dwz_low_mem_die_limit 0
+
+%if 0%{?rhel} > 7 && ! 0%{?fedora}
+%define gobuild(o:) \
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v %{?**};
+%else
+%if ! 0%{?gobuild:1}
+%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -linkmode=external -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v %{?**};
+%endif
+%endif
+
+%global provider github
+%global provider_tld com
+%global project containers
+%global repo oci-seccomp-bpf-hook
+# https://github.com/containers/oci-seccomp-bpf-hook
+%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo}
+%global import_path %{provider_prefix}
+%global git0 https://%{provider}.%{provider_tld}/%{project}/%{repo}
+
+# https://fedoraproject.org/wiki/PackagingDrafts/Go#Go_Language_Architectures
+ExclusiveArch: %{go_arches}
+
+Name: oci-seccomp-bpf-hook
+Version: 1.2.5
+Release: 2%{?dist}
+Summary: OCI Hook to generate seccomp json files based on EBF syscalls used by container
+License: ASL 2.0
+URL: %{git0}
+Source0: %{git0}/archive/v%{version}.tar.gz
+Patch0: https://github.com/containers/oci-seccomp-bpf-hook/commit/245cc45ad45f8024c602696f58ae163d0dc745d5.patch
+BuildRequires: golang
+BuildRequires: go-md2man
+BuildRequires: glib2-devel
+BuildRequires: glibc-devel
+BuildRequires: bcc-devel
+BuildRequires: git
+BuildRequires: gpgme-devel
+BuildRequires: libseccomp-devel
+BuildRequires: make
+Conflicts: crun < 0.17
+Enhances: podman
+Enhances: cri-o
+
+%description
+%{summary}
+%{repo} provides a library for applications looking to use
+the Container Pod concept popularized by Kubernetes.
+
+%prep
+%autosetup -Sgit
+sed -i '/$(MAKE) -C docs install/d' Makefile
+sed -i 's/HOOK_BIN_DIR/\%{_usr}\/libexec\/oci\/hooks.d/' %{name}.json
+sed -i '/$(HOOK_DIR)\/%{name}.json/d' Makefile
+
+%build
+export GO111MODULE=off
+export GOPATH=$(pwd):$(pwd)/_build
+export CGO_CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
+
+mkdir _build
+pushd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path}
+popd
+ln -s vendor src
+
+export GOPATH=$(pwd)/_build:$(pwd)
+export LDFLAGS="-X main.version=%{version}"
+%gobuild -o bin/%{name} %{import_path}
+
+pushd docs
+go-md2man -in %{name}.md -out %{name}.1
+popd
+
+%install
+%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} install-nobuild
+%{__make} DESTDIR=%{buildroot} PREFIX=%{_prefix} GOMD2MAN=go-md2man -C docs install-nobuild
+
+%check
+%if 0%{?with_check}
+# Since we aren't packaging up the vendor directory we need to link
+# back to it somehow. Hack it up so that we can add the vendor
+# directory from BUILD dir as a gopath to be searched when executing
+# tests from the BUILDROOT dir.
+ln -s ./ ./vendor/src # ./vendor/src -> ./vendor
+
+export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
+
+%if ! 0%{?gotest:1}
+%global gotest go test
+%endif
+
+%gotest %{import_path}/src/%{name}
+%endif
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files
+%license LICENSE
+%doc README.md
+%dir %{_libexecdir}/oci/hooks.d
+%{_libexecdir}/oci/hooks.d/%{name}
+%{_datadir}/containers/oci/hooks.d/%{name}.json
+%{_mandir}/man1/%{name}.1*
+
+%changelog
+* Mon Feb 06 2023 Jindrich Novy <jnovy@redhat.com> - 1.2.5-2
+- fix compatibility with the new bcc
+- Related: #2123641
+
+* Wed Mar 16 2022 Jindrich Novy <jnovy@redhat.com> - 1.2.5-1
+- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.5
+- Related: #2061390
+
+* Wed May 26 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.3-3
+- change runc dependency to conflict
+- Related: #1934415
+
+* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.3-2
+- remove unneeded patch
+- Related: #1934415
+
+* Wed May 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.3-1
+- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.3
+- fix build
+- Related: #1934415
+
+* Mon Feb 22 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-2
+- revert back to 1.2.0 - build issues
+- Related: #1883490
+
+* Fri Feb 19 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.1-1
+- update to
+  https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
+- require crun >= 0.17
+- Related: #1883490
+
+* Thu Jan 28 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.0-1
+- revert back to 1.2.0 due to build issues
+- Related: #1883490
+
+* Thu Jan 28 2021 Jindrich Novy <jnovy@redhat.com> - 1.2.1-1
+- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.1
+- Related: #1883490
+
+* Tue Dec 08 2020 Jindrich Novy <jnovy@redhat.com> - 1.2.0-2
+- sync with RHEL8 devel branch
+- Related: #1883490
+
+* Wed Oct 21 2020 Jindrich Novy <jnovy@redhat.com> - 1.2.0-1
+- synchronize with stream-container-tools-rhel8
+- Related: #1883490
+
+* Tue Aug 11 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.2-3
+- propagate proper CFLAGS to CGO_CFLAGS to assure code hardening and optimization
+- Related: #1821193
+
+* Thu Jul 23 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.1.2-2
+- Resolves: #1857606
+
+* Fri Jul 17 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.2-1
+- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.1.2
+- Related: #1821193
+
+* Thu Jun 18 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.1-1
+- update to https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.1.1
+- Related: #1821193
+
+* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.0-2
+- exclude i686 arch as bcc, the build dependency is not built
+  for it
+- Related: #1821193
+
+* Tue May 12 2020 Jindrich Novy <jnovy@redhat.com> - 1.1.0-1
+- initial build for container-tools-rhel8
+- Related: #1821193
				`@ -0,0 +1 @@`
				`d73e189532884c786d0074ad92a30cf11c209395 SOURCES/v1.2.5.tar.gz`