Control: tags -1 patch Dead maintainer(s),
On Mon, 11 Jan 2016 13:45:02 +0100 VA <[email protected]> wrote: > Package: src:libseccomp > Version: 2.2.3-2 > Severity: wishlist > > libseccomp provides Python bindings > (https://github.com/seccomp/libseccomp/tree/master/src/python), so it > would be nice to have a debian package python-seccomp out of the > libseccomp source package. Attached is a diff to build the python bindings. It also contains the update to upstream version 2.3.2 which is necessary for Python 3 support. If you wish I can push the individual commits to the Git repo. Cheers, Felix
diff -Nur libseccomp-2.3.1/debian/changelog libseccomp-2.3.2/debian/changelog --- libseccomp-2.3.1/debian/changelog 2016-11-17 10:16:44.000000000 +0100 +++ libseccomp-2.3.2/debian/changelog 2017-07-30 21:04:57.910191085 +0200 @@ -1,3 +1,10 @@ +libseccomp (2.3.2-1) UNRELEASED; urgency=medium + + * New upstream release. + * Build python bindings. + + -- Felix Geyer <[email protected]> Sat, 29 Jul 2017 12:26:43 +0200 + libseccomp (2.3.1-2.1) unstable; urgency=medium [ Martin Pitt ] diff -Nur libseccomp-2.3.1/debian/control libseccomp-2.3.2/debian/control --- libseccomp-2.3.1/debian/control 2016-11-17 10:16:44.000000000 +0100 +++ libseccomp-2.3.2/debian/control 2017-07-29 14:05:36.784397696 +0200 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Kees Cook <[email protected]> Uploaders: Luca Bruno <[email protected]> -Build-Depends: debhelper (>= 9), dh-autoreconf, linux-libc-dev +Build-Depends: debhelper (>= 9), dh-autoreconf, linux-libc-dev, dh-python, python-all-dev, python3-all-dev, cython, cython3 Standards-Version: 3.9.7 Homepage: https://github.com/seccomp/libseccomp Vcs-Git: https://anonscm.debian.org/git/collab-maint/libseccomp.git @@ -42,3 +42,23 @@ Provides helper tools for interacting with libseccomp. Currently, only a single tool exists, providing a way to easily enumerate syscalls across the supported architectures. + +Package: python-seccomp +Architecture: linux-any +Multi-Arch: same +Section: python +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} +Description: high level interface to Linux seccomp filter (Python 2 bindings) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. + +Package: python3-seccomp +Architecture: linux-any +Multi-Arch: same +Section: python +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python3:Depends} +Description: high level interface to Linux seccomp filter (Python 3 bindings) + This library provides a high level interface to constructing, analyzing + and installing seccomp filters via a BPF passed to the Linux Kernel's + prctl() syscall. diff -Nur libseccomp-2.3.1/debian/patches/28-parisc_support.patch libseccomp-2.3.2/debian/patches/28-parisc_support.patch --- libseccomp-2.3.1/debian/patches/28-parisc_support.patch 2016-11-17 10:16:44.000000000 +0100 +++ libseccomp-2.3.2/debian/patches/28-parisc_support.patch 2017-07-29 13:34:13.275976433 +0200 @@ -594,10 +594,10 @@ + * should only ever be used internally by libseccomp. + * + */ -+const char *parisc_syscall_iterate_name(unsigned int spot) ++const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot) +{ + /* XXX - no safety checks here */ -+ return parisc_syscall_table[spot].name; ++ return &parisc_syscall_table[spot]; +} Index: libseccomp/src/arch-parisc.c =================================================================== @@ -666,7 +666,7 @@ +int parisc_syscall_resolve_name(const char *name); +const char *parisc_syscall_resolve_num(int num); + -+const char *parisc_syscall_iterate_name(unsigned int spot); ++const struct arch_syscall_def *parisc_syscall_iterate(unsigned int spot); + +#endif Index: libseccomp/src/arch-parisc64.c @@ -717,23 +717,23 @@ int i_ppc64 = 0; int i_s390 = 0; @@ -101,6 +103,8 @@ - mips64_syscall_iterate_name(i_mips64)); + mips64_syscall_iterate(i_mips64)); syscall_check(str_miss, sys_name, "mips64n32", - mips64n32_syscall_iterate_name(i_mips64n32)); + mips64n32_syscall_iterate(i_mips64n32)); + syscall_check(str_miss, sys_name, "parisc", -+ parisc_syscall_iterate_name(i_parisc)); ++ parisc_syscall_iterate(i_parisc)); syscall_check(str_miss, sys_name, "ppc", - ppc_syscall_iterate_name(i_ppc)); + ppc_syscall_iterate(i_ppc)); syscall_check(str_miss, sys_name, "ppc64", @@ -135,6 +139,8 @@ i_mips64 = -1; - if (!mips64n32_syscall_iterate_name(++i_mips64n32)) + if (!mips64n32_syscall_iterate(++i_mips64n32)->name) i_mips64n32 = -1; -+ if (!parisc_syscall_iterate_name(++i_parisc)) ++ if (!parisc_syscall_iterate(++i_parisc)->name) + i_parisc = -1; - if (!ppc_syscall_iterate_name(++i_ppc)) + if (!ppc_syscall_iterate(++i_ppc)->name) i_ppc = -1; - if (!ppc64_syscall_iterate_name(++i_ppc64)) + if (!ppc64_syscall_iterate(++i_ppc64)->name) @@ -146,6 +152,7 @@ } while (i_x86_64 >= 0 && i_x32 >= 0 && i_arm >= 0 && i_aarch64 >= 0 && @@ -743,16 +743,16 @@ i_s390 >= 0 && i_s390x >= 0); @@ -190,6 +197,10 @@ - mips64n32_syscall_iterate_name(i_mips64n32)); + printf("ERROR, mips64n32 has additional syscalls\n"); return 1; } + if (i_parisc >= 0) { -+ printf("%s: ERROR, parisc has additional syscalls\n", -+ parisc_syscall_iterate_name(i_parisc)); ++ printf("ERROR, parisc has additional syscalls\n"); ++ return 1; + } if (i_ppc >= 0) { - printf("%s: ERROR, ppc has additional syscalls\n", - ppc_syscall_iterate_name(i_ppc)); + printf("ERROR, ppc has additional syscalls\n"); + return 1; Index: libseccomp/src/arch-syscall-dump.c =================================================================== --- libseccomp.orig/src/arch-syscall-dump.c 2016-05-28 19:57:02.050592727 +0200 @@ -767,14 +767,14 @@ #include "arch-s390.h" @@ -116,6 +117,10 @@ case SCMP_ARCH_MIPSEL64N32: - sys_name = mips64n32_syscall_iterate_name(iter); + sys = mips64n32_syscall_iterate(iter); break; + case SCMP_ARCH_PARISC: + case SCMP_ARCH_PARISC64: -+ sys_name = parisc_syscall_iterate_name(iter); ++ sys = parisc_syscall_iterate(iter); + break; case SCMP_ARCH_PPC: - sys_name = ppc_syscall_iterate_name(iter); + sys = ppc_syscall_iterate(iter); break; Index: libseccomp/src/arch.c =================================================================== diff -Nur libseccomp-2.3.1/debian/patches/29-parisc_syscalls_linux49.patch libseccomp-2.3.2/debian/patches/29-parisc_syscalls_linux49.patch --- libseccomp-2.3.1/debian/patches/29-parisc_syscalls_linux49.patch 1970-01-01 01:00:00.000000000 +0100 +++ libseccomp-2.3.2/debian/patches/29-parisc_syscalls_linux49.patch 2017-07-29 14:14:57.275314185 +0200 @@ -0,0 +1,40 @@ +Description: update syscalls for Linux 4.9 +Origin: cherry-picked parts from d9102f12fd39bd77151a1f630fcfc8c80f86c55c + +diff --git a/src/arch-parisc-syscalls.c b/src/arch-parisc-syscalls.c +index ad50820..4690577 100644 +--- a/src/arch-parisc-syscalls.c ++++ b/src/arch-parisc-syscalls.c +@@ -10,7 +10,7 @@ + #include "arch.h" + #include "arch-parisc.h" + +-/* NOTE: based on Linux 4.5-rc4 */ ++/* NOTE: based on Linux 4.9 */ + const struct arch_syscall_def parisc_syscall_table[] = { \ + { "_llseek", 140 }, + { "_newselect", 142 }, +@@ -238,11 +238,15 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ + { "pipe", 42 }, + { "pipe2", 313 }, + { "pivot_root", 67 }, ++ { "pkey_alloc", __PNR_pkey_alloc }, ++ { "pkey_free", __PNR_pkey_free }, ++ { "pkey_mprotect", __PNR_pkey_mprotect }, + { "poll", 168 }, + { "ppoll", 274 }, + { "prctl", 172 }, + { "pread64", 108 }, + { "preadv", 315 }, ++ { "preadv2", 347 }, + { "prlimit64", 321 }, + { "process_vm_readv", 330 }, + { "process_vm_writev", 331 }, +@@ -253,6 +257,7 @@ const struct arch_syscall_def parisc_syscall_table[] = { \ + { "putpmsg", 197 }, + { "pwrite64", 109 }, + { "pwritev", 316 }, ++ { "pwritev2", 348 }, + { "query_module", 167 }, + { "quotactl", 131 }, + { "read", 3 }, diff -Nur libseccomp-2.3.1/debian/patches/series libseccomp-2.3.2/debian/patches/series --- libseccomp-2.3.1/debian/patches/series 2016-11-17 10:16:44.000000000 +0100 +++ libseccomp-2.3.2/debian/patches/series 2017-07-29 14:15:28.539208581 +0200 @@ -1 +1,2 @@ 28-parisc_support.patch +29-parisc_syscalls_linux49.patch diff -Nur libseccomp-2.3.1/debian/python3-seccomp.install libseccomp-2.3.2/debian/python3-seccomp.install --- libseccomp-2.3.1/debian/python3-seccomp.install 1970-01-01 01:00:00.000000000 +0100 +++ libseccomp-2.3.2/debian/python3-seccomp.install 2017-07-29 14:01:05.623938190 +0200 @@ -0,0 +1 @@ +usr/lib/python3.*/site-packages/seccomp.cpython-*.so diff -Nur libseccomp-2.3.1/debian/python-seccomp.install libseccomp-2.3.2/debian/python-seccomp.install --- libseccomp-2.3.1/debian/python-seccomp.install 1970-01-01 01:00:00.000000000 +0100 +++ libseccomp-2.3.2/debian/python-seccomp.install 2017-07-29 14:02:59.240249417 +0200 @@ -0,0 +1 @@ +usr/lib/python2.*/site-packages/seccomp.so diff -Nur libseccomp-2.3.1/debian/rules libseccomp-2.3.2/debian/rules --- libseccomp-2.3.1/debian/rules 2016-11-17 10:16:44.000000000 +0100 +++ libseccomp-2.3.2/debian/rules 2017-07-30 21:15:09.162654572 +0200 @@ -12,12 +12,28 @@ export V=1 %: - dh $@ --parallel --with autoreconf + dh $@ --parallel --with autoreconf,python2,python3 override_dh_auto_clean: dh_auto_clean rm -f regression.out + +override_dh_auto_configure: + dh_auto_configure -- --enable-python + +override_dh_auto_build: + dh_auto_build + set -e && for pyver in `py3versions -s`; do \ + dh_auto_build --sourcedirectory=src/python -- PYTHON=$$pyver; \ + done + +override_dh_auto_install: + dh_auto_install + set -e && for pyver in `py3versions -s`; do \ + dh_auto_install --sourcedirectory=src/python -- PYTHON=$$pyver; \ + done + override_dh_link: dh_link -p$(DEVPKG) \ lib/$(DEB_HOST_MULTIARCH)/$$(basename $$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libseccomp.so)) \
