New Upstream Snapshot - golang-github-seccomp-libseccomp-golang

• QA Page
• Maintainer email: team+pkg-go@tracker.debian.org
• Automatic publish policy: main: push-derived , pristine-tar: push-derived , upstream: push-derived
• Last processed: 2023-11-06T22:49 (took 20m1s)
• Branch URL: https://salsa.debian.org/go-team/packages/golang-github-seccomp-libseccomp-golang.git -b master (taken from version 0.10.0-3)
• Queue position: 128983 (a 54w2d wait)

Schedule a new run

Ready changes

Publish now

Summary

Merged new upstream version: 0.10.0+git20220728.1.9006a28 (was: 0.10.0).

Resulting package

Built on 2023-01-19T10:04 (took 2m28s)

The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:

apt install -t fresh-snapshots golang-github-seccomp-libseccomp-golang-dev

Lintian Result

• golang-github-seccomp-libseccomp-golang-dev_0.10.0+git20220728.1.9006a28-1~jan+nus4_all.deb
• golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4.dsc
• golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4_amd64.buildinfo
• golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4_amd64.changes

Diff

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
deleted file mode 100644
index 17a0899..0000000
--- a/.github/workflows/test.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-name: test
-on:
-  push:
-    tags:
-      - v*
-    branches:
-      - main
-      - master
-      - release-*
-  pull_request:
-
-jobs:
-  test:
-    runs-on: ubuntu-20.04
-    strategy:
-      fail-fast: false
-      matrix:
-        go-version: [1.16.x, 1.17.x, 1.18.x]
-        libseccomp: ["v2.3.3", "v2.4.3", "v2.5.4", "HEAD"]
-
-    steps:
-
-    - name: checkout
-      uses: actions/checkout@v3
-
-    - name: install go ${{ matrix.go-version }}
-      uses: actions/setup-go@v3
-      with:
-        go-version: ${{ matrix.go-version }}
-
-    - name: build libseccomp ${{ matrix.libseccomp }}
-      run: |
-        set -x
-        sudo apt -qq update
-        sudo apt -qq install gperf
-
-        PREFIX="$(pwd)/seccomp"
-        LIBDIR="$PREFIX/lib"
-
-        git clone https://github.com/seccomp/libseccomp
-        cd libseccomp
-        git checkout ${{ matrix.libseccomp }}
-        # In main branch, configure.ac sets libseccomp version to 0.0.0, which
-        # results in error when compiling libseccomp-golang. While 0.0.0 is
-        # there for a reason, here we need to build and test against HEAD, so
-        # set it to a suitable value.
-        #
-        # Version 9.9.9 is used because:
-        #  - version >= current is needed;
-        #  - chances are good such version won't ever exist;
-        #  - it is easy to spot in tests output;
-        #  - the LIBFILE pattern below expects single digits.
-        VER="${{ matrix.libseccomp }}"
-        if [ "$VER" == "HEAD" ]; then
-          VER=9.9.9
-          sed -i "/^AC_INIT(/s/0\.0\.0/$VER/" configure.ac
-        fi
-        ./autogen.sh
-        ./configure --prefix="$PREFIX" --libdir="$LIBDIR"
-        make
-        sudo make install
-        cd -
-        rm -rf libseccomp
-
-        # For the next steps to build and execute with the compiled library.
-        echo "PKG_CONFIG_LIBDIR=$LIBDIR/pkgconfig" >> $GITHUB_ENV
-        LIBFILE="$(echo $LIBDIR/libseccomp.so.?.?.?)"
-        echo "LD_PRELOAD=$LIBFILE" >> $GITHUB_ENV
-        # For TestExpectedSeccompVersion.
-        echo "_EXPECTED_LIBSECCOMP_VERSION=$VER" >> $GITHUB_ENV
-
-    - name: build
-      run: make check-build
-
-    - name: test
-      run: make test
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
deleted file mode 100644
index 837c400..0000000
--- a/.github/workflows/validate.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: validate
-on:
-  push:
-    tags:
-      - v*
-    branches:
-      - master
-      - main
-      - release-*
-  pull_request:
-
-jobs:
-
-  lint:
-    runs-on: ubuntu-20.04
-    steps:
-      - uses: actions/checkout@v3
-      - name: install deps
-        run: |
-          sudo apt -q update
-          sudo apt -q install libseccomp-dev
-      - uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.45
-
-  codespell:
-    runs-on: ubuntu-20.04
-    steps:
-    - uses: actions/checkout@v3
-    - name: install deps
-      # Version of codespell bundled with Ubuntu is way old, so use pip.
-      run: pip install codespell
-    - name: run codespell
-      run: codespell
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index b482696..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*~
-*.swp
-*.orig
-tags
diff --git a/debian/changelog b/debian/changelog
index fea1f2c..2e926cd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+golang-github-seccomp-libseccomp-golang (0.10.0+git20220728.1.9006a28-1) UNRELEASED; urgency=low
+
+  * New upstream snapshot.
+
+ -- Debian Janitor <janitor@jelmer.uk>  Thu, 19 Jan 2023 10:02:26 -0000
+
 golang-github-seccomp-libseccomp-golang (0.10.0-3) unstable; urgency=medium
 
   [ Debian Janitor ]
diff --git a/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch b/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
index 0eb6c24..a6639be 100644
--- a/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
+++ b/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
@@ -6,10 +6,10 @@ Subject: Skip TestRuleAddAndLoad on ppc64le (Closes: #976943)
  seccomp_test.go | 4 ++++
  1 file changed, 4 insertions(+)
 
-diff --git a/seccomp_test.go b/seccomp_test.go
-index c65dbf0..408b673 100644
---- a/seccomp_test.go
-+++ b/seccomp_test.go
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp_test.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
 @@ -6,6 +6,7 @@ import (
  	"fmt"
  	"os"
@@ -18,7 +18,7 @@ index c65dbf0..408b673 100644
  	"strings"
  	"syscall"
  	"testing"
-@@ -579,6 +580,9 @@ func subprocessAddRuleErrors(t *testing.T) {
+@@ -579,6 +580,9 @@ func subprocessAddRuleErrors(t *testing.
  }
  
  func TestRuleAddAndLoad(t *testing.T) {
diff --git a/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch b/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
index daf9089..12422c9 100644
--- a/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
+++ b/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
@@ -6,10 +6,10 @@ Subject: Skip TestNotif on 32bit system
  seccomp_test.go | 4 ++++
  1 file changed, 4 insertions(+)
 
-diff --git a/seccomp_test.go b/seccomp_test.go
-index 408b673..171bc23 100644
---- a/seccomp_test.go
-+++ b/seccomp_test.go
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp_test.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
 @@ -4,6 +4,7 @@ package seccomp
  
  import (
@@ -18,7 +18,7 @@ index 408b673..171bc23 100644
  	"os"
  	"os/exec"
  	"runtime"
-@@ -801,6 +802,9 @@ func notifHandler(ch chan error, fd ScmpFd, tests []notifTest) {
+@@ -800,6 +801,9 @@ func notifHandler(ch chan error, fd Scmp
  }
  
  func TestNotif(t *testing.T) {
diff --git a/debian/patches/0003-Add-back-GetApi.patch b/debian/patches/0003-Add-back-GetApi.patch
index c28b608..ba0668a 100644
--- a/debian/patches/0003-Add-back-GetApi.patch
+++ b/debian/patches/0003-Add-back-GetApi.patch
@@ -7,11 +7,11 @@ TODO: removed it when 0008-seccomp-0.9.1.patch is dropped in runc.
  seccomp.go | 4 ++++
  1 file changed, 4 insertions(+)
 
-diff --git a/seccomp.go b/seccomp.go
-index c234067..e6de2c3 100644
---- a/seccomp.go
-+++ b/seccomp.go
-@@ -445,6 +445,10 @@ func GetAPI() (uint, error) {
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp.go
+@@ -446,6 +446,10 @@ func GetAPI() (uint, error) {
  	return getAPI()
  }
  
diff --git a/seccomp.go b/seccomp.go
index c234067..4b31098 100644
--- a/seccomp.go
+++ b/seccomp.go
@@ -33,8 +33,9 @@ type VersionError struct {
 
 func init() {
 	// This forces the cgo libseccomp to initialize its internal API support state,
-	// which is necessary on older versions of libseccomp in order to work
+	// which is necessary on older versions of libseccomp (< 2.5.0) in order to work
 	// correctly.
+	// TODO: remove once libseccomp < v2.5.0 is not supported.
 	_, _ = getAPI()
 }
 
diff --git a/seccomp_internal.go b/seccomp_internal.go
index 0a7fd34..9e44a4c 100644
--- a/seccomp_internal.go
+++ b/seccomp_internal.go
@@ -145,11 +145,6 @@ const int      C_CMP_GE            = (int)SCMP_CMP_GE;
 const int      C_CMP_GT            = (int)SCMP_CMP_GT;
 const int      C_CMP_MASKED_EQ     = (int)SCMP_CMP_MASKED_EQ;
 
-const int      C_VERSION_MAJOR     = SCMP_VER_MAJOR;
-const int      C_VERSION_MINOR     = SCMP_VER_MINOR;
-const int      C_VERSION_MICRO     = SCMP_VER_MICRO;
-
-#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
 unsigned int get_major_version()
 {
         return seccomp_version()->major;
@@ -164,22 +159,6 @@ unsigned int get_micro_version()
 {
         return seccomp_version()->micro;
 }
-#else
-unsigned int get_major_version()
-{
-        return (unsigned int)C_VERSION_MAJOR;
-}
-
-unsigned int get_minor_version()
-{
-        return (unsigned int)C_VERSION_MINOR;
-}
-
-unsigned int get_micro_version()
-{
-        return (unsigned int)C_VERSION_MICRO;
-}
-#endif
 
 // The libseccomp API level functions were added in v2.4.0
 #if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4
diff --git a/seccomp_test.go b/seccomp_test.go
index c65dbf0..98f1a6d 100644
--- a/seccomp_test.go
+++ b/seccomp_test.go
@@ -590,9 +590,14 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 	}
 	defer filter1.Release()
 
-	call, err := GetSyscallFromName("getpid")
+	const expErr = 28 // ENOSPC, but can be anything not usually returned by listen(2).
+	call, err := GetSyscallFromName("listen")
 	if err != nil {
-		t.Errorf("Error getting syscall number of getpid: %s", err)
+		t.Errorf("Error getting syscall number of listen: %s", err)
+	}
+	err = filter1.AddRule(call, ActErrno.SetReturnCode(expErr))
+	if err != nil {
+		t.Errorf("Error adding rule to restrict syscall: %s", err)
 	}
 
 	call2, err := GetSyscallFromName("setreuid")
@@ -608,11 +613,6 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 	uid := syscall.Getuid()
 	euid := syscall.Geteuid()
 
-	err = filter1.AddRule(call, ActErrno.SetReturnCode(0x1))
-	if err != nil {
-		t.Errorf("Error adding rule to restrict syscall: %s", err)
-	}
-
 	cond, err := MakeCondition(1, CompareEqual, uint64(euid))
 	if err != nil {
 		t.Errorf("Error making rule to restrict syscall: %s", err)
@@ -640,10 +640,9 @@ func subprocessRuleAddAndLoad(t *testing.T) {
 		t.Errorf("Error loading filter: %s", err)
 	}
 
-	// Try making a simple syscall, it should error
-	pid := syscall.Getpid()
-	if pid != -1 {
-		t.Errorf("Syscall should have returned error code!")
+	// Try making a simple syscall which should return an error.
+	if err := syscall.Listen(0, 0); err != syscall.Errno(expErr) {
+		t.Errorf("Syscall listen: want %v, got %v", syscall.Errno(expErr), err)
 	}
 
 	// Try making a Geteuid syscall that should normally succeed

Debdiff

File lists identical (after any substitutions)

No differences were encountered in the control files

More details

Full run details