New Upstream Snapshot - golang-github-seccomp-libseccomp-golang
Ready changes
Summary
Merged new upstream version: 0.10.0+git20220728.1.9006a28 (was: 0.10.0).
Resulting package
Built on 2023-01-19T10:04 (took 2m28s)
The resulting binary packages can be installed (if you have the apt repository enabled) by running one of:
apt install -t fresh-snapshots golang-github-seccomp-libseccomp-golang-dev
Lintian Result
- golang-github-seccomp-libseccomp-golang-dev_0.10.0+git20220728.1.9006a28-1~jan+nus4_all.deb
- golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4.dsc
- golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4_amd64.buildinfo
- golang-github-seccomp-libseccomp-golang_0.10.0+git20220728.1.9006a28-1~jan+nus4_amd64.changes
Diff
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
deleted file mode 100644
index 17a0899..0000000
--- a/.github/workflows/test.yml
+++ /dev/null
@@ -1,76 +0,0 @@
-name: test
-on:
- push:
- tags:
- - v*
- branches:
- - main
- - master
- - release-*
- pull_request:
-
-jobs:
- test:
- runs-on: ubuntu-20.04
- strategy:
- fail-fast: false
- matrix:
- go-version: [1.16.x, 1.17.x, 1.18.x]
- libseccomp: ["v2.3.3", "v2.4.3", "v2.5.4", "HEAD"]
-
- steps:
-
- - name: checkout
- uses: actions/checkout@v3
-
- - name: install go ${{ matrix.go-version }}
- uses: actions/setup-go@v3
- with:
- go-version: ${{ matrix.go-version }}
-
- - name: build libseccomp ${{ matrix.libseccomp }}
- run: |
- set -x
- sudo apt -qq update
- sudo apt -qq install gperf
-
- PREFIX="$(pwd)/seccomp"
- LIBDIR="$PREFIX/lib"
-
- git clone https://github.com/seccomp/libseccomp
- cd libseccomp
- git checkout ${{ matrix.libseccomp }}
- # In main branch, configure.ac sets libseccomp version to 0.0.0, which
- # results in error when compiling libseccomp-golang. While 0.0.0 is
- # there for a reason, here we need to build and test against HEAD, so
- # set it to a suitable value.
- #
- # Version 9.9.9 is used because:
- # - version >= current is needed;
- # - chances are good such version won't ever exist;
- # - it is easy to spot in tests output;
- # - the LIBFILE pattern below expects single digits.
- VER="${{ matrix.libseccomp }}"
- if [ "$VER" == "HEAD" ]; then
- VER=9.9.9
- sed -i "/^AC_INIT(/s/0\.0\.0/$VER/" configure.ac
- fi
- ./autogen.sh
- ./configure --prefix="$PREFIX" --libdir="$LIBDIR"
- make
- sudo make install
- cd -
- rm -rf libseccomp
-
- # For the next steps to build and execute with the compiled library.
- echo "PKG_CONFIG_LIBDIR=$LIBDIR/pkgconfig" >> $GITHUB_ENV
- LIBFILE="$(echo $LIBDIR/libseccomp.so.?.?.?)"
- echo "LD_PRELOAD=$LIBFILE" >> $GITHUB_ENV
- # For TestExpectedSeccompVersion.
- echo "_EXPECTED_LIBSECCOMP_VERSION=$VER" >> $GITHUB_ENV
-
- - name: build
- run: make check-build
-
- - name: test
- run: make test
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
deleted file mode 100644
index 837c400..0000000
--- a/.github/workflows/validate.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: validate
-on:
- push:
- tags:
- - v*
- branches:
- - master
- - main
- - release-*
- pull_request:
-
-jobs:
-
- lint:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v3
- - name: install deps
- run: |
- sudo apt -q update
- sudo apt -q install libseccomp-dev
- - uses: golangci/golangci-lint-action@v3
- with:
- version: v1.45
-
- codespell:
- runs-on: ubuntu-20.04
- steps:
- - uses: actions/checkout@v3
- - name: install deps
- # Version of codespell bundled with Ubuntu is way old, so use pip.
- run: pip install codespell
- - name: run codespell
- run: codespell
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index b482696..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-*~
-*.swp
-*.orig
-tags
diff --git a/debian/changelog b/debian/changelog
index fea1f2c..2e926cd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+golang-github-seccomp-libseccomp-golang (0.10.0+git20220728.1.9006a28-1) UNRELEASED; urgency=low
+
+ * New upstream snapshot.
+
+ -- Debian Janitor <janitor@jelmer.uk> Thu, 19 Jan 2023 10:02:26 -0000
+
golang-github-seccomp-libseccomp-golang (0.10.0-3) unstable; urgency=medium
[ Debian Janitor ]
diff --git a/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch b/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
index 0eb6c24..a6639be 100644
--- a/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
+++ b/debian/patches/0001-Skip-TestRuleAddAndLoad-on-ppc64le-Closes-976943.patch
@@ -6,10 +6,10 @@ Subject: Skip TestRuleAddAndLoad on ppc64le (Closes: #976943)
seccomp_test.go | 4 ++++
1 file changed, 4 insertions(+)
-diff --git a/seccomp_test.go b/seccomp_test.go
-index c65dbf0..408b673 100644
---- a/seccomp_test.go
-+++ b/seccomp_test.go
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp_test.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
@@ -6,6 +6,7 @@ import (
"fmt"
"os"
@@ -18,7 +18,7 @@ index c65dbf0..408b673 100644
"strings"
"syscall"
"testing"
-@@ -579,6 +580,9 @@ func subprocessAddRuleErrors(t *testing.T) {
+@@ -579,6 +580,9 @@ func subprocessAddRuleErrors(t *testing.
}
func TestRuleAddAndLoad(t *testing.T) {
diff --git a/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch b/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
index daf9089..12422c9 100644
--- a/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
+++ b/debian/patches/0002-Skip-TestNotif-on-32bit-system.patch
@@ -6,10 +6,10 @@ Subject: Skip TestNotif on 32bit system
seccomp_test.go | 4 ++++
1 file changed, 4 insertions(+)
-diff --git a/seccomp_test.go b/seccomp_test.go
-index 408b673..171bc23 100644
---- a/seccomp_test.go
-+++ b/seccomp_test.go
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp_test.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp_test.go
@@ -4,6 +4,7 @@ package seccomp
import (
@@ -18,7 +18,7 @@ index 408b673..171bc23 100644
"os"
"os/exec"
"runtime"
-@@ -801,6 +802,9 @@ func notifHandler(ch chan error, fd ScmpFd, tests []notifTest) {
+@@ -800,6 +801,9 @@ func notifHandler(ch chan error, fd Scmp
}
func TestNotif(t *testing.T) {
diff --git a/debian/patches/0003-Add-back-GetApi.patch b/debian/patches/0003-Add-back-GetApi.patch
index c28b608..ba0668a 100644
--- a/debian/patches/0003-Add-back-GetApi.patch
+++ b/debian/patches/0003-Add-back-GetApi.patch
@@ -7,11 +7,11 @@ TODO: removed it when 0008-seccomp-0.9.1.patch is dropped in runc.
seccomp.go | 4 ++++
1 file changed, 4 insertions(+)
-diff --git a/seccomp.go b/seccomp.go
-index c234067..e6de2c3 100644
---- a/seccomp.go
-+++ b/seccomp.go
-@@ -445,6 +445,10 @@ func GetAPI() (uint, error) {
+Index: golang-github-seccomp-libseccomp-golang.git/seccomp.go
+===================================================================
+--- golang-github-seccomp-libseccomp-golang.git.orig/seccomp.go
++++ golang-github-seccomp-libseccomp-golang.git/seccomp.go
+@@ -446,6 +446,10 @@ func GetAPI() (uint, error) {
return getAPI()
}
diff --git a/seccomp.go b/seccomp.go
index c234067..4b31098 100644
--- a/seccomp.go
+++ b/seccomp.go
@@ -33,8 +33,9 @@ type VersionError struct {
func init() {
// This forces the cgo libseccomp to initialize its internal API support state,
- // which is necessary on older versions of libseccomp in order to work
+ // which is necessary on older versions of libseccomp (< 2.5.0) in order to work
// correctly.
+ // TODO: remove once libseccomp < v2.5.0 is not supported.
_, _ = getAPI()
}
diff --git a/seccomp_internal.go b/seccomp_internal.go
index 0a7fd34..9e44a4c 100644
--- a/seccomp_internal.go
+++ b/seccomp_internal.go
@@ -145,11 +145,6 @@ const int C_CMP_GE = (int)SCMP_CMP_GE;
const int C_CMP_GT = (int)SCMP_CMP_GT;
const int C_CMP_MASKED_EQ = (int)SCMP_CMP_MASKED_EQ;
-const int C_VERSION_MAJOR = SCMP_VER_MAJOR;
-const int C_VERSION_MINOR = SCMP_VER_MINOR;
-const int C_VERSION_MICRO = SCMP_VER_MICRO;
-
-#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR >= 3
unsigned int get_major_version()
{
return seccomp_version()->major;
@@ -164,22 +159,6 @@ unsigned int get_micro_version()
{
return seccomp_version()->micro;
}
-#else
-unsigned int get_major_version()
-{
- return (unsigned int)C_VERSION_MAJOR;
-}
-
-unsigned int get_minor_version()
-{
- return (unsigned int)C_VERSION_MINOR;
-}
-
-unsigned int get_micro_version()
-{
- return (unsigned int)C_VERSION_MICRO;
-}
-#endif
// The libseccomp API level functions were added in v2.4.0
#if SCMP_VER_MAJOR == 2 && SCMP_VER_MINOR < 4
diff --git a/seccomp_test.go b/seccomp_test.go
index c65dbf0..98f1a6d 100644
--- a/seccomp_test.go
+++ b/seccomp_test.go
@@ -590,9 +590,14 @@ func subprocessRuleAddAndLoad(t *testing.T) {
}
defer filter1.Release()
- call, err := GetSyscallFromName("getpid")
+ const expErr = 28 // ENOSPC, but can be anything not usually returned by listen(2).
+ call, err := GetSyscallFromName("listen")
if err != nil {
- t.Errorf("Error getting syscall number of getpid: %s", err)
+ t.Errorf("Error getting syscall number of listen: %s", err)
+ }
+ err = filter1.AddRule(call, ActErrno.SetReturnCode(expErr))
+ if err != nil {
+ t.Errorf("Error adding rule to restrict syscall: %s", err)
}
call2, err := GetSyscallFromName("setreuid")
@@ -608,11 +613,6 @@ func subprocessRuleAddAndLoad(t *testing.T) {
uid := syscall.Getuid()
euid := syscall.Geteuid()
- err = filter1.AddRule(call, ActErrno.SetReturnCode(0x1))
- if err != nil {
- t.Errorf("Error adding rule to restrict syscall: %s", err)
- }
-
cond, err := MakeCondition(1, CompareEqual, uint64(euid))
if err != nil {
t.Errorf("Error making rule to restrict syscall: %s", err)
@@ -640,10 +640,9 @@ func subprocessRuleAddAndLoad(t *testing.T) {
t.Errorf("Error loading filter: %s", err)
}
- // Try making a simple syscall, it should error
- pid := syscall.Getpid()
- if pid != -1 {
- t.Errorf("Syscall should have returned error code!")
+ // Try making a simple syscall which should return an error.
+ if err := syscall.Listen(0, 0); err != syscall.Errno(expErr) {
+ t.Errorf("Syscall listen: want %v, got %v", syscall.Errno(expErr), err)
}
// Try making a Geteuid syscall that should normally succeed
Debdiff
File lists identical (after any substitutions)
No differences were encountered in the control files