[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Sam James]

commit:     00b81b84504c9de0c8bc7c9c9071afaf80cc6042
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Oct  6 14:59:25 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Oct  7 02:39:24 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00b81b84

sys-libs/libseccomp: backport aliasing fix

I thought I'd backported this already, sorry.

Closes: https://bugs.gentoo.org/926648
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.5.5-aliasing.patch          |  30 +++++
 sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild     | 127 +++++++++++++++++++++
 2 files changed, 157 insertions(+)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch b/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch
new file mode 100644
index 000000000000..60190702d381
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch
@@ -0,0 +1,30 @@
+https://github.com/seccomp/libseccomp/commit/2847f10dddca72167309c04cd09f326fd3b78e2f
+
+From 2847f10dddca72167309c04cd09f326fd3b78e2f Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Sun, 24 Dec 2023 20:38:06 +0100
+Subject: [PATCH] scmp_bpf_sim: fix aliasing UB
+
+See https://github.com/seccomp/libseccomp/pull/425.
+
+Punning sys_data_b between uint32_t* and struct* seccomp_data isn't legal,
+use memcpy to fix the testsuite with Clang 17.
+
+Modern compilers recognise this idiom and optimise it out anyway.
+
+Signed-off-by: Sam James <sam@gentoo.org>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+--- a/tools/scmp_bpf_sim.c
++++ b/tools/scmp_bpf_sim.c
+@@ -182,7 +182,8 @@ static void bpf_execute(const struct bpf_program *prg,
+ 		switch (code) {
+ 		case BPF_LD+BPF_W+BPF_ABS:
+ 			if (k < BPF_SYSCALL_MAX) {
+-				uint32_t val = *((uint32_t *)&sys_data_b[k]);
++				uint32_t val;
++				memcpy(&val, &sys_data_b[k], sizeof(val));
+ 				state.acc = ttoh32(arch, val);
+ 			} else
+ 				exit_error(ERANGE, ip_c);
+

diff --git a/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild b/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild
new file mode 100644
index 000000000000..3baf6b3db7a2
--- /dev/null
+++ b/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild
@@ -0,0 +1,127 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DISTUTILS_EXT=1
+DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit distutils-r1 multilib-minimal
+
+DESCRIPTION="High level interface to Linux seccomp filter"
+HOMEPAGE="https://github.com/seccomp/libseccomp"
+
+if [[ ${PV} == *9999 ]] ; then
+	EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git"
+	PRERELEASE="2.6.0"
+	AUTOTOOLS_AUTO_DEPEND=yes
+	inherit autotools git-r3
+else
+	AUTOTOOLS_AUTO_DEPEND=no
+	inherit autotools libtool
+	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz
+		experimental-loong? ( https://github.com/matoro/libseccomp/compare/v${PV}..loongarch-r1.patch
+			-> ${P}-loongarch-r1.patch )"
+	KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86 ~amd64-linux ~x86-linux"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+IUSE="experimental-loong python static-libs test"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+# We need newer kernel headers; we don't keep strict control of the exact
+# version here, just be safe and pull in the latest stable ones. bug #551248
+DEPEND="
+	>=sys-kernel/linux-headers-5.15
+	python? ( ${PYTHON_DEPS} )
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+	${DEPEND}
+	dev-util/gperf
+	experimental-loong? ( ${AUTOTOOLS_DEPEND} )
+	python? (
+		${DISTUTILS_DEPS}
+		dev-python/cython[${PYTHON_USEDEP}]
+	)
+"
+
+PATCHES=(
+	"${FILESDIR}"/libseccomp-python-shared.patch
+	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
+	"${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch
+	"${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch
+	"${FILESDIR}"/libseccomp-2.5.5-aliasing.patch
+)
+
+src_prepare() {
+	if use experimental-loong; then
+		PATCHES+=( "${DISTDIR}/${P}-loongarch-r1.patch" )
+	fi
+
+	default
+
+	if [[ ${PV} == *9999 ]] ; then
+		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
+	fi
+
+	if use experimental-loong; then
+		# touch generated files to avoid activating maintainer mode
+		# remove when loong-fix-build.patch is no longer necessary
+		touch ./aclocal.m4 ./configure ./configure.h.in || die
+		find . -name Makefile.in -exec touch {} + || die
+	fi
+
+	if [[ ${PV} == *9999 ]] || use experimental-loong; then
+		rm -f "include/seccomp.h" || die
+		eautoreconf
+	else
+		elibtoolize
+	fi
+}
+
+multilib_src_configure() {
+	local myeconfargs=(
+		$(use_enable static-libs static)
+		--disable-python
+	)
+
+	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake
+
+	if multilib_is_native_abi && use python ; then
+		# setup.py expects libseccomp.so to live in "../.libs"
+		# Copy the python files to the right place for this.
+		rm -r "${BUILD_DIR}"/src/python || die
+		cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die
+		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+
+		# setup.py reads VERSION_RELEASE from the environment
+		local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+
+		pushd "${BUILD_DIR}/src/python" >/dev/null || die
+		distutils-r1_src_compile
+		popd >/dev/null || die
+	fi
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi && use python ; then
+		distutils-r1_src_install
+	fi
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name "${PN}.la" -delete || die
+
+	einstalldocs
+}

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Sam James]

commit:     f4550304319b5b173d439542be6e27e3d542dcf6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  9 22:18:30 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar  9 22:18:46 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4550304

sys-libs/libseccomp: backport test fix

Bug: https://bugs.gentoo.org/950511
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.6.0-drop-bogus-test.patch   | 31 ++++++++++++++++++++++
 sys-libs/libseccomp/libseccomp-2.6.0.ebuild        |  1 +
 2 files changed, 32 insertions(+)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.6.0-drop-bogus-test.patch b/sys-libs/libseccomp/files/libseccomp-2.6.0-drop-bogus-test.patch
new file mode 100644
index 000000000000..b2466e5e8c01
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.6.0-drop-bogus-test.patch
@@ -0,0 +1,31 @@
+https://github.com/seccomp/libseccomp/commit/2f0f3b0e9121720108431c5d054164016f476230
+
+From 2f0f3b0e9121720108431c5d054164016f476230 Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Sat, 25 Jan 2025 11:12:55 -0500
+Subject: [PATCH] tests: remove the fuzzer from test 62-sim-arch_transactions
+
+We can't reliably run the bpf-sim-fuzz tests on tests which manipulate
+the filters arch/ABIs unless the filter is safe to run on all arch/ABIs,
+which is more or less impossible.  Remove the bpf-sim-fuzz test section
+in test #62 to work around this, just as we do with the other similar
+tests.
+
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>
+(cherry picked from commit 7db46d72f13c172b290818f624c2966bd0db5677)
+--- a/tests/62-sim-arch_transactions.tests
++++ b/tests/62-sim-arch_transactions.tests
+@@ -14,11 +14,6 @@ test type: bpf-sim
+ 62-sim-arch_transactions	+x86_64	open		N	N	N	N	N	N	KILL
+ 62-sim-arch_transactions	+x86_64	close		N	N	N	N	N	N	ALLOW
+ 
+-test type: bpf-sim-fuzz
+-
+-# Testname			StressCount
+-62-sim-arch_transactions	5
+-
+ test type: bpf-valgrind
+ 
+ # Testname
+

diff --git a/sys-libs/libseccomp/libseccomp-2.6.0.ebuild b/sys-libs/libseccomp/libseccomp-2.6.0.ebuild
index 5350ce0adcce..f1413f39da92 100644
--- a/sys-libs/libseccomp/libseccomp-2.6.0.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.6.0.ebuild
@@ -47,6 +47,7 @@ BDEPEND="
 PATCHES=(
 	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
+	"${FILESDIR}"/${P}-drop-bogus-test.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Sam James]

commit:     2b237c4b6a2bee9fd99ec7fe3362c6fc58a90445
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 16 02:33:42 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Dec 16 02:35:53 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2b237c4b

sys-libs/libseccomp: drop use of which for tests

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libseccomp-2.5.5-which-hunt.patch        | 69 ++++++++++++++++++++++
 sys-libs/libseccomp/libseccomp-2.5.5.ebuild        |  1 +
 2 files changed, 70 insertions(+)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch b/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch
new file mode 100644
index 000000000000..90dc25bf4e7c
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch
@@ -0,0 +1,69 @@
+https://github.com/seccomp/libseccomp/pull/424
+
+From 865adeed17cac7063cbbce0c5df225aa35c83621 Mon Sep 17 00:00:00 2001
+From: Sam James <sam@gentoo.org>
+Date: Sat, 16 Dec 2023 02:17:36 +0000
+Subject: [PATCH] tests: avoid use of non-portable `which`
+
+which is not a standard POSIX utility, and indeed, each of these test scripts
+uses #!/bin/bash as its shebang, so we can use `type -P` which has the same
+behaviour as `which` for free.
+
+(If the tests used POSIX shell, we could do `command -v`, its only caveat is
+that it'll pick up functions in the user's shell, which doesn't matter 99% of
+the time anyway.)
+
+Distributions like Debian [0] and Gentoo [1] are looking to remove `which`
+from their base set of packages.
+
+[0] https://lwn.net/Articles/874049/
+[1] https://bugs.gentoo.org/646588
+
+Signed-off-by: Sam James <sam@gentoo.org>
+--- a/tests/38-basic-pfc_coverage.sh
++++ b/tests/38-basic-pfc_coverage.sh
+@@ -18,7 +18,7 @@
+ #
+ function check_deps() {
+ 	[[ -z "$1" ]] && return
+-	which "$1" >& /dev/null
++	type -P "$1" >& /dev/null
+ 	return $?
+ }
+ 
+--- a/tests/55-basic-pfc_binary_tree.sh
++++ b/tests/55-basic-pfc_binary_tree.sh
+@@ -18,7 +18,7 @@
+ #
+ function check_deps() {
+ 	[[ -z "$1" ]] && return
+-	which "$1" >& /dev/null
++	type -P "$1" >& /dev/null
+ 	return $?
+ }
+ 
+--- a/tests/regression
++++ b/tests/regression
+@@ -73,7 +73,7 @@ GLBL_SYS_API="../tools/scmp_api_level"
+ #
+ function check_deps() {
+ 	[[ -z "$1" ]] && return
+-	which "$1" >& /dev/null
++	type -P "$1" >& /dev/null
+ 	return $?
+ }
+ 
+--- a/tests/testgen
++++ b/tests/testgen
+@@ -32,7 +32,7 @@
+ #
+ function verify_deps() {
+ 	[[ -z "$1" ]] && return
+-	if ! which "$1" >& /dev/null; then
++	if ! type -P "$1" >& /dev/null; then
+ 		echo "error: install \"$1\" and include it in your \$PATH"
+ 		exit 1
+ 	fi
+-- 
+2.43.0
+

diff --git a/sys-libs/libseccomp/libseccomp-2.5.5.ebuild b/sys-libs/libseccomp/libseccomp-2.5.5.ebuild
index e65a98cb7fc6..51018de4ccdd 100644
--- a/sys-libs/libseccomp/libseccomp-2.5.5.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.5.5.ebuild
@@ -40,6 +40,7 @@ BDEPEND="${DEPEND}
 PATCHES=(
 	"${FILESDIR}"/libseccomp-python-shared.patch
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
+	"${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch
 )
 
 src_prepare() {

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Sam James]

commit:     d7b7d0c23c6ed894ed37937833dcc50981a514af
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov  5 21:55:50 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Nov  5 22:10:48 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7b7d0c2

sys-libs/libseccomp: add 2.5.3

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-libs/libseccomp/Manifest                                |  1 +
 .../libseccomp/files/libseccomp-2.5.3-skip-valgrind.patch   | 13 +++++++++++++
 .../{libseccomp-9999.ebuild => libseccomp-2.5.3.ebuild}     | 13 +++++++++++--
 sys-libs/libseccomp/libseccomp-9999.ebuild                  | 13 +++++++++++--
 4 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/sys-libs/libseccomp/Manifest b/sys-libs/libseccomp/Manifest
index 55539be93ca..e405158403d 100644
--- a/sys-libs/libseccomp/Manifest
+++ b/sys-libs/libseccomp/Manifest
@@ -1,2 +1,3 @@
 DIST libseccomp-2.5.1.tar.gz 638811 BLAKE2B 683ae7536c0cba36f4d30640b42361171fc34b7cb04985ea56e64369df29c440361a0205385b14580cc0e481e0f9ffd0b0e8ebd4ac98817ed59298db6b274c35 SHA512 2be80a6323f9282dbeae8791724e5778b32e2382b2a3d1b0f77366371ec4072ea28128204f675cce101c091c0420d12c497e1a9ccbb7dc5bcbf61bfd777160af
 DIST libseccomp-2.5.2.tar.gz 640305 BLAKE2B b61214cb9a9a793d1f04ae1de3f62c578cfaec54fcc355947b4c71efb75072bf60497db8c8a0fd34a46764952349027df3f025ddbd276d58be93209170950e89 SHA512 b2a95152cb274d6b35753596fd825406dae20c4a48b2f4076f835f977ecf324de38a3fe02e789dc20b49ecf6b4eb67f03e7733e92d40f5e20f25874307f1c2ac
+DIST libseccomp-2.5.3.tar.gz 637572 BLAKE2B cedf04b3a926f9fe5202e6169ddac6b983e755009c14fc1d645157b9c0bcdf65d4085f8ea7abad90f3a0c13ae4d66b5d8306e725168490863aad15976de1eae7 SHA512 00170fe2360f0c0b33293dccfcc33e98fabb99619f34ecefbcc92bfdaa249ba91e7433226545b842b71542a3b224b6e980ea2ae656c4addf07e84a0def1870a0

diff --git a/sys-libs/libseccomp/files/libseccomp-2.5.3-skip-valgrind.patch b/sys-libs/libseccomp/files/libseccomp-2.5.3-skip-valgrind.patch
new file mode 100644
index 00000000000..baf3ed971fc
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.5.3-skip-valgrind.patch
@@ -0,0 +1,13 @@
+Valgrind isn't supported on all arches (and indeed profiles for older types
+of some arches) so let's just skip the automagic Valgrind dependency entirely.
+--- a/tests/regression
++++ b/tests/regression
+@@ -876,7 +876,7 @@ function run_test() {
+ 		run_test_bpf_sim_fuzz "$1" $2 "$3"
+ 	elif [[ "$4" == "bpf-valgrind" ]]; then
+ 		# only run this test if valgrind is installed
+-		if check_deps valgrind; then
++		if false; then
+ 			run_test_bpf_valgrind "$testnumstr" "$3"
+ 		else
+ 			print_result $testnumstr "SKIPPED" \

diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-2.5.3.ebuild
similarity index 92%
copy from sys-libs/libseccomp/libseccomp-9999.ebuild
copy to sys-libs/libseccomp/libseccomp-2.5.3.ebuild
index eea16fa2bbf..e0277c89c97 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.5.3.ebuild
@@ -22,7 +22,8 @@ fi
 
 LICENSE="LGPL-2.1"
 SLOT="0"
-IUSE="python static-libs"
+IUSE="python static-libs test"
+RESTRICT="!test? ( test )"
 
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
@@ -39,10 +40,14 @@ DEPEND="${DEPEND} >=sys-kernel/linux-headers-4.3"
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/libseccomp-python-shared.patch"
+		"${FILESDIR}/libseccomp-2.5.3-skip-valgrind.patch"
 	)
+
 	default
+
 	if [[ "${PV}" == *9999 ]] ; then
-		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac
+		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
+
 		eautoreconf
 	fi
 }
@@ -52,12 +57,14 @@ multilib_src_configure() {
 		$(use_enable static-libs static)
 		--disable-python
 	)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
 do_python() {
 	# setup.py reads VERSION_RELEASE from the environment
 	local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+
 	pushd "${BUILD_DIR}/src/python" >/dev/null || die
 	"$@"
 	popd >/dev/null || die
@@ -72,6 +79,7 @@ multilib_src_compile() {
 		rm -r "${BUILD_DIR}/src/python" || die
 		cp -r "${S}/src/python" "${BUILD_DIR}/src/python" || die
 		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+
 		do_python distutils-r1_src_compile
 	fi
 }
@@ -86,5 +94,6 @@ multilib_src_install() {
 
 multilib_src_install_all() {
 	find "${ED}" -type f -name "${PN}.la" -delete || die
+
 	einstalldocs
 }

diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-9999.ebuild
index eea16fa2bbf..e0277c89c97 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-9999.ebuild
@@ -22,7 +22,8 @@ fi
 
 LICENSE="LGPL-2.1"
 SLOT="0"
-IUSE="python static-libs"
+IUSE="python static-libs test"
+RESTRICT="!test? ( test )"
 
 REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
@@ -39,10 +40,14 @@ DEPEND="${DEPEND} >=sys-kernel/linux-headers-4.3"
 src_prepare() {
 	local PATCHES=(
 		"${FILESDIR}/libseccomp-python-shared.patch"
+		"${FILESDIR}/libseccomp-2.5.3-skip-valgrind.patch"
 	)
+
 	default
+
 	if [[ "${PV}" == *9999 ]] ; then
-		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac
+		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
+
 		eautoreconf
 	fi
 }
@@ -52,12 +57,14 @@ multilib_src_configure() {
 		$(use_enable static-libs static)
 		--disable-python
 	)
+
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
 do_python() {
 	# setup.py reads VERSION_RELEASE from the environment
 	local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+
 	pushd "${BUILD_DIR}/src/python" >/dev/null || die
 	"$@"
 	popd >/dev/null || die
@@ -72,6 +79,7 @@ multilib_src_compile() {
 		rm -r "${BUILD_DIR}/src/python" || die
 		cp -r "${S}/src/python" "${BUILD_DIR}/src/python" || die
 		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+
 		do_python distutils-r1_src_compile
 	fi
 }
@@ -86,5 +94,6 @@ multilib_src_install() {
 
 multilib_src_install_all() {
 	find "${ED}" -type f -name "${PN}.la" -delete || die
+
 	einstalldocs
 }

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Mike Gilbert]

commit:     0e4b6f02ff363c24df72105616bbad85af62f219
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun May 23 20:49:45 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun May 23 22:26:03 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e4b6f02

sys-libs/libseccomp: rework python support

Apply a patch to link against the shared library.
Eliminate a messy sed expression by copying some files around instead.

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/libseccomp-python-shared.patch           | 25 +++++++++++++++++
 ...comp-9999.ebuild => libseccomp-2.5.1-r1.ebuild} | 32 +++++++++++++---------
 sys-libs/libseccomp/libseccomp-9999.ebuild         | 32 +++++++++++++---------
 3 files changed, 63 insertions(+), 26 deletions(-)

diff --git a/sys-libs/libseccomp/files/libseccomp-python-shared.patch b/sys-libs/libseccomp/files/libseccomp-python-shared.patch
new file mode 100644
index 00000000000..93e1ec8a915
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-python-shared.patch
@@ -0,0 +1,25 @@
+From 763b863c3028f604f16cc6d2de7452dc16458596 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 23 May 2021 16:17:32 -0400
+Subject: [PATCH] Link python module against shared library
+
+---
+ src/python/setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/python/setup.py b/src/python/setup.py
+index 0419111..fb650d0 100755
+--- a/src/python/setup.py
++++ b/src/python/setup.py
+@@ -41,7 +41,7 @@ setup(
+ 	ext_modules = [
+ 		Extension("seccomp", ["seccomp.pyx"],
+ 			# unable to handle libtool libraries directly
+-			extra_objects=["../.libs/libseccomp.a"],
++			extra_objects=["../.libs/libseccomp.so"],
+ 			# fix build warnings, see PEP 3123
+ 			extra_compile_args=["-fno-strict-aliasing"])
+ 	]
+-- 
+2.32.0.rc1
+

diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-2.5.1-r1.ebuild
similarity index 70%
copy from sys-libs/libseccomp/libseccomp-9999.ebuild
copy to sys-libs/libseccomp/libseccomp-2.5.1-r1.ebuild
index 9256faff2b5..c445290913e 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.5.1-r1.ebuild
@@ -25,11 +25,7 @@ LICENSE="LGPL-2.1"
 SLOT="0"
 IUSE="python static-libs"
 
-REQUIRED_USE="
-	python? (
-		static-libs
-		${PYTHON_REQUIRED_USE}
-	)"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
 DEPEND="python? ( ${PYTHON_DEPS} )"
 RDEPEND="${DEPEND}"
@@ -42,6 +38,9 @@ BDEPEND="${DEPEND}
 DEPEND="${DEPEND} >=sys-kernel/linux-headers-4.3"
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/libseccomp-python-shared.patch"
+	)
 	default
 	if [[ "${PV}" == *9999 ]] ; then
 		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac
@@ -57,16 +56,24 @@ multilib_src_configure() {
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
+do_python() {
+	# setup.py reads VERSION_RELEASE from the environment
+	local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+	pushd "${BUILD_DIR}/src/python" >/dev/null || die
+	"$@"
+	popd >/dev/null || die
+}
+
 multilib_src_compile() {
 	emake
 
 	if multilib_is_native_abi && use python ; then
-		cd "${S}/src/python" || die
-		sed -i -e "s/=.*VERSION_RELEASE.*,/=\"${PRERELEASE}\",/" \
-			-e "/extra_objects/s,\.\.,${OLDPWD}/src," \
-			setup.py || die
-		local -x CPPFLAGS="-I${OLDPWD}/include -I../../include"
-		distutils-r1_src_compile
+		# setup.py expects libseccomp.so to live in "../.libs"
+		# Copy the python files to the right place for this.
+		rm -r "${BUILD_DIR}/src/python" || die
+		cp -r "${S}/src/python" "${BUILD_DIR}/src/python" || die
+		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+		do_python distutils-r1_src_compile
 	fi
 }
 
@@ -74,8 +81,7 @@ multilib_src_install() {
 	emake DESTDIR="${D}" install
 
 	if multilib_is_native_abi && use python ; then
-		cd "${S}/src/python" || die
-		distutils-r1_src_install
+		do_python distutils-r1_src_install
 	fi
 }
 

diff --git a/sys-libs/libseccomp/libseccomp-9999.ebuild b/sys-libs/libseccomp/libseccomp-9999.ebuild
index 9256faff2b5..c445290913e 100644
--- a/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sys-libs/libseccomp/libseccomp-9999.ebuild
@@ -25,11 +25,7 @@ LICENSE="LGPL-2.1"
 SLOT="0"
 IUSE="python static-libs"
 
-REQUIRED_USE="
-	python? (
-		static-libs
-		${PYTHON_REQUIRED_USE}
-	)"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
 
 DEPEND="python? ( ${PYTHON_DEPS} )"
 RDEPEND="${DEPEND}"
@@ -42,6 +38,9 @@ BDEPEND="${DEPEND}
 DEPEND="${DEPEND} >=sys-kernel/linux-headers-4.3"
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/libseccomp-python-shared.patch"
+	)
 	default
 	if [[ "${PV}" == *9999 ]] ; then
 		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac
@@ -57,16 +56,24 @@ multilib_src_configure() {
 	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
 }
 
+do_python() {
+	# setup.py reads VERSION_RELEASE from the environment
+	local -x VERSION_RELEASE=${PRERELEASE-${PV}}
+	pushd "${BUILD_DIR}/src/python" >/dev/null || die
+	"$@"
+	popd >/dev/null || die
+}
+
 multilib_src_compile() {
 	emake
 
 	if multilib_is_native_abi && use python ; then
-		cd "${S}/src/python" || die
-		sed -i -e "s/=.*VERSION_RELEASE.*,/=\"${PRERELEASE}\",/" \
-			-e "/extra_objects/s,\.\.,${OLDPWD}/src," \
-			setup.py || die
-		local -x CPPFLAGS="-I${OLDPWD}/include -I../../include"
-		distutils-r1_src_compile
+		# setup.py expects libseccomp.so to live in "../.libs"
+		# Copy the python files to the right place for this.
+		rm -r "${BUILD_DIR}/src/python" || die
+		cp -r "${S}/src/python" "${BUILD_DIR}/src/python" || die
+		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
+		do_python distutils-r1_src_compile
 	fi
 }
 
@@ -74,8 +81,7 @@ multilib_src_install() {
 	emake DESTDIR="${D}" install
 
 	if multilib_is_native_abi && use python ; then
-		cd "${S}/src/python" || die
-		distutils-r1_src_install
+		do_python distutils-r1_src_install
 	fi
 }
 

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Lars Wendler]

commit:     e2e6d6b3716f84594d7a2dd91893cc4fe5fee04e
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 21 08:32:15 2020 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jul 21 08:32:23 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2e6d6b3

sys-libs/libseccomp: Removed old

Package-Manager: Portage-3.0.0, Repoman-2.3.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 sys-libs/libseccomp/Manifest                       |  1 -
 .../libseccomp-2.4.2-missing_SNR_ppoll_defs.patch  | 41 --------------------
 sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild     | 45 ----------------------
 3 files changed, 87 deletions(-)

diff --git a/sys-libs/libseccomp/Manifest b/sys-libs/libseccomp/Manifest
index 59fe8310381..3daeec58da1 100644
--- a/sys-libs/libseccomp/Manifest
+++ b/sys-libs/libseccomp/Manifest
@@ -1,3 +1,2 @@
-DIST libseccomp-2.4.2.tar.gz 601014 BLAKE2B cff2612498a6ff3097809e9e04542e0be12c2c5d80fd51c2abd35fb6ac59f3ef7fce1c5205216876c1f67eb762d31c7df8e0f237f3957b7710148a1298502ae5 SHA512 375a3c7c658be6a08b9bb30963e10bb49e8e066119e0be6d3d97faac3db18b8e2c6938d8b5d3874b2f5331ec8295170112fbae83b5a3b5a5bebc0d6705bdfdbb
 DIST libseccomp-2.4.3.tar.gz 598147 BLAKE2B 272c9f1ca7e4059790f633a79cae8612831aa483d28630fb85b31dc2be0192907a8897819d835b61324e0b3fb0d77b8781e2a85e9750ef8d7974d8680b8cdea3 SHA512 7b7af2e98493243ffe1934fefff5723b24ae9b9bdc4bf039343ee8456c15acb0ea34e81ec292a41143848272aeca794ef92ad38fc3f42c77465170cb540479ef
 DIST libseccomp-2.5.0.tar.gz 638793 BLAKE2B c1f30624e210d632175b734c49411ee3f95e8f0ee68819ad83a342434231baef10c292f23fca0127394365a37efb043f9f24ade9534deecd61f50e7111a6fbc8 SHA512 00ef5aeb4db8dafb546ae680b2d6d9b6aeed008df805d0f28f9dd15c074ff6ea7a5e5131ab503825b8011c59aa23046baedd5849ca040aa73352f43ab2d602ae

diff --git a/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch b/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch
deleted file mode 100644
index 9194706efa0..00000000000
--- a/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From e3647f5b6b52996bf30d0c2c1d1248e4182e1c1c Mon Sep 17 00:00:00 2001
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Wed, 13 Nov 2019 13:36:10 +0100
-Subject: [PATCH] api: define __SNR_ppoll again
-
-Commit bf747eb21e428c2b3ead6ebcca27951b681963a0 accidentally removed the
-__SNR_ppoll definition. Add it back, using a PNR value if disabled in
-the kernel headers.
-
-Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
-Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
----
- include/seccomp-syscalls.h | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
-index 6457592..3c958df 100644
---- a/include/seccomp-syscalls.h
-+++ b/include/seccomp-syscalls.h
-@@ -272,6 +272,7 @@
- #define __PNR_timerfd_gettime64			-10238
- #define __PNR_timerfd_settime64			-10239
- #define __PNR_utimensat_time64			-10240
-+#define __PNR_ppoll				-10241
- 
- /*
-  * libseccomp syscall definitions
-@@ -1359,6 +1360,12 @@
- #define __SNR_poll			__PNR_poll
- #endif
- 
-+#ifdef __NR_ppoll
-+#define __SNR_ppoll			__NR_ppoll
-+#else
-+#define __SNR_ppoll			__PNR_ppoll
-+#endif
-+
- #ifdef __NR_ppoll_time64
- #define __SNR_ppoll_time64		__NR_ppoll_time64
- #else

diff --git a/sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild b/sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild
deleted file mode 100644
index fc6b6775435..00000000000
--- a/sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild
+++ /dev/null
@@ -1,45 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-# TODO: Add python support.
-
-EAPI=7
-
-inherit multilib-minimal
-
-DESCRIPTION="high level interface to Linux seccomp filter"
-HOMEPAGE="https://github.com/seccomp/libseccomp"
-SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="-* amd64 arm arm64 hppa ~mips ppc ppc64 s390 x86 ~amd64-linux ~x86-linux"
-IUSE="static-libs"
-
-# We need newer kernel headers; we don't keep strict control of the exact
-# version here, just be safe and pull in the latest stable ones. #551248
-DEPEND=">=sys-kernel/linux-headers-4.3"
-
-PATCHES=(
-	"${FILESDIR}/${P}-missing_SNR_ppoll_defs.patch"
-)
-
-src_prepare() {
-	default
-	sed -i \
-		-e '/_LDFLAGS/s:-static::' \
-		tools/Makefile.in || die
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		$(use_enable static-libs static)
-		--disable-python
-	)
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name libseccomp.la -delete || die
-	einstalldocs
-}

[gentoo-commits] repo/gentoo:master commit in: sys-libs/libseccomp/files/, sys-libs/libseccomp/

[Lars Wendler]

commit:     e06dfa1a2fc15f638756134f0bedd61a2e4d0836
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 18 11:51:27 2019 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Nov 18 11:51:51 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e06dfa1a

sys-libs/libseccomp: Revbump to add missing SNR ppoll definitions

Bug: https://bugs.gentoo.org/700094
Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 .../libseccomp-2.4.2-missing_SNR_ppoll_defs.patch  | 41 ++++++++++++++++++++++
 ...omp-2.4.2.ebuild => libseccomp-2.4.2-r1.ebuild} |  6 +++-
 2 files changed, 46 insertions(+), 1 deletion(-)

diff --git a/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch b/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch
new file mode 100644
index 00000000000..9194706efa0
--- /dev/null
+++ b/sys-libs/libseccomp/files/libseccomp-2.4.2-missing_SNR_ppoll_defs.patch
@@ -0,0 +1,41 @@
+From e3647f5b6b52996bf30d0c2c1d1248e4182e1c1c Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Wed, 13 Nov 2019 13:36:10 +0100
+Subject: [PATCH] api: define __SNR_ppoll again
+
+Commit bf747eb21e428c2b3ead6ebcca27951b681963a0 accidentally removed the
+__SNR_ppoll definition. Add it back, using a PNR value if disabled in
+the kernel headers.
+
+Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
+Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+---
+ include/seccomp-syscalls.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/include/seccomp-syscalls.h b/include/seccomp-syscalls.h
+index 6457592..3c958df 100644
+--- a/include/seccomp-syscalls.h
++++ b/include/seccomp-syscalls.h
+@@ -272,6 +272,7 @@
+ #define __PNR_timerfd_gettime64			-10238
+ #define __PNR_timerfd_settime64			-10239
+ #define __PNR_utimensat_time64			-10240
++#define __PNR_ppoll				-10241
+ 
+ /*
+  * libseccomp syscall definitions
+@@ -1359,6 +1360,12 @@
+ #define __SNR_poll			__PNR_poll
+ #endif
+ 
++#ifdef __NR_ppoll
++#define __SNR_ppoll			__NR_ppoll
++#else
++#define __SNR_ppoll			__PNR_ppoll
++#endif
++
+ #ifdef __NR_ppoll_time64
+ #define __SNR_ppoll_time64		__NR_ppoll_time64
+ #else

diff --git a/sys-libs/libseccomp/libseccomp-2.4.2.ebuild b/sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild
similarity index 89%
rename from sys-libs/libseccomp/libseccomp-2.4.2.ebuild
rename to sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild
index 6fc6a1ee79e..8e528f0bf02 100644
--- a/sys-libs/libseccomp/libseccomp-2.4.2.ebuild
+++ b/sys-libs/libseccomp/libseccomp-2.4.2-r1.ebuild
@@ -20,6 +20,10 @@ IUSE="static-libs"
 # version here, just be safe and pull in the latest stable ones. #551248
 DEPEND=">=sys-kernel/linux-headers-4.3"
 
+PATCHES=(
+	"${FILESDIR}/${P}-missing_SNR_ppoll_defs.patch"
+)
+
 src_prepare() {
 	default
 	sed -i \
@@ -36,6 +40,6 @@ multilib_src_configure() {
 }
 
 multilib_src_install_all() {
-	find "${ED}" -type f -name libseccomp.la -delete
+	find "${ED}" -type f -name libseccomp.la -delete || die
 	einstalldocs
 }