sys-libs/libseccomp: Sync with Gentoo

It's from Gentoo commit 70db06723e73ae0b00458866e8b2913945b7a6f6. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-05-04 19:56:32 +02:00 · 2026-03-02 07:30:05 +00:00 · 2026-03-02 07:30:05 +00:00 · c22321a5fb
commit c22321a5fb
parent e0a27658c8
10 changed files with 53 additions and 416 deletions
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest
@ -1,3 +1,2 @@
-DIST libseccomp-2.5.5-loongarch-r1.patch 119822 BLAKE2B 4aa75c1ac87b2ca25cf6be38dfd760879c7255ca8e6cf86be3ac6e354f76cdaf3c8e2f59b646254414ffb0f1ffe6b7c50478f4db895a6ce632db8782c9807e91 SHA512 f7cd768d672a25448b2a3ceda27db52e0d62b5d9ab3eeb906226b6ebc19332c89332e0b870aaf82d4ffcfd642c2deb6029a30ae9a6bd702ebad9fdd40622b582
-DIST libseccomp-2.5.5.tar.gz 642445 BLAKE2B d770cee1f3e02fbbcd9f25655b360ab38160ad800e2829a67f2b9da62b095a90be99ac851a67344cf95bd6810a6268da4655dc1d37d996e58239c4999eb41998 SHA512 f630e7a7e53a21b7ccb4d3e7b37616b89aeceba916677c8e3032830411d77a14c2d74dcf594cd193b1acc11f52595072e28316dc44300e54083d5d7b314a38da
 DIST libseccomp-2.6.0.tar.gz 685655 BLAKE2B 45c4f4dd67db5848bb536613e8929633f95cfbeb8738525381a76631187e7b0fc2c02f1a103579cd0f4135e9c175250fe2d784b85cc85424ec3125b4dafcf11c SHA512 9039478656d9b670af2ff4cb67b6b1fa315821e59d2f82ba6247e988859ddc7e3d15fea159eccca161bf2890828bb62aa6ab4d6b7ff55f27a9d6bd9532eeee1b
+DIST libseccomp-2.6.0.tar.gz.asc 833 BLAKE2B 3bec3fc850bcd631018f152ee8a81d89ad3e7b15d91a559048400a07efe1b1787d1cdc1b056dca62bbf8134ad81ad1b4bf53f3230e24bf94a39296b2b1562e64 SHA512 973b69c58085a1567f860e621e3a197be02c0ca71dad664234418cf5c00c39767efd37a7c4016f1be5bd588262617b6603855262db2ee6f31bc16061bc130e0f
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch
@ -1,30 +0,0 @@
-https://github.com/seccomp/libseccomp/commit/2847f10dddca72167309c04cd09f326fd3b78e2f
-
-From 2847f10dddca72167309c04cd09f326fd3b78e2f Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Sun, 24 Dec 2023 20:38:06 +0100
-Subject: [PATCH] scmp_bpf_sim: fix aliasing UB
-
-See https://github.com/seccomp/libseccomp/pull/425.
-
-Punning sys_data_b between uint32_t* and struct* seccomp_data isn't legal,
-use memcpy to fix the testsuite with Clang 17.
-
-Modern compilers recognise this idiom and optimise it out anyway.
-
-Signed-off-by: Sam James <sam@gentoo.org>
-Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
--- a/tools/scmp_bpf_sim.c
-+++ b/tools/scmp_bpf_sim.c
-@@ -182,7 +182,8 @@ static void bpf_execute(const struct bpf_program *prg,
- 		switch (code) {
- 		case BPF_LD+BPF_W+BPF_ABS:
- 			if (k < BPF_SYSCALL_MAX) {
-				uint32_t val = *((uint32_t *)&sys_data_b[k]);
-+				uint32_t val;
-+				memcpy(&val, &sys_data_b[k], sizeof(val));
- 				state.acc = ttoh32(arch, val);
- 			} else
- 				exit_error(ERANGE, ip_c);
-
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch
@ -1,45 +0,0 @@
-From 744c9a897b74ad66d065791593e25a05e4b6f6a1 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 1 Nov 2022 11:59:51 +0100
-Subject: [PATCH] src: Make arch-syscall-check work in VPATH build
-
-The aim of arch-syscall-check test is to check for syscalls
-missing implementation. It does so by comparing two files:
-
-  1) src/syscalls.csv
-  2) include/seccomp-syscalls.h
-
-However, due to use of relative paths these files are not found
-when doing a VPATH build. But, we can re-use an idea from GNU
-coreutils and get an absolute path to the source dir. All that's
-needed then is to prefix those two paths with the source dir
-path.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Acked-by: Tom Hromatka <tom.hromatka@oracle.com>
-Signed-off-by: Paul Moore <paul@paul-moore.com>
---
- src/arch-syscall-check | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/src/arch-syscall-check b/src/arch-syscall-check
-index ae67daa..9c7fd41 100755
--- a/src/arch-syscall-check
-+++ b/src/arch-syscall-check
-@@ -22,8 +22,11 @@
- # along with this library; if not, see <http://www.gnu.org/licenses>.
- #
- 
-SYSCALL_CSV="./syscalls.csv"
-SYSCALL_HDR="../include/seccomp-syscalls.h"
-+# Based on an idea from GNU coreutils
-+abs_topsrcdir="$(unset CDPATH; cd $(dirname $0)/.. && pwd)"
-+
-+SYSCALL_CSV="$abs_topsrcdir/src/syscalls.csv"
-+SYSCALL_HDR="$abs_topsrcdir/include/seccomp-syscalls.h"
- 
- function check_snr() {
- 	(export LC_ALL=C; diff \
-- 
-2.44.0
-
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch
@ -1,69 +0,0 @@
-https://github.com/seccomp/libseccomp/pull/424
-
-From 865adeed17cac7063cbbce0c5df225aa35c83621 Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Sat, 16 Dec 2023 02:17:36 +0000
-Subject: [PATCH] tests: avoid use of non-portable `which`
-
-which is not a standard POSIX utility, and indeed, each of these test scripts
-uses #!/bin/bash as its shebang, so we can use `type -P` which has the same
-behaviour as `which` for free.
-
-(If the tests used POSIX shell, we could do `command -v`, its only caveat is
-that it'll pick up functions in the user's shell, which doesn't matter 99% of
-the time anyway.)
-
-Distributions like Debian [0] and Gentoo [1] are looking to remove `which`
-from their base set of packages.
-
-[0] https://lwn.net/Articles/874049/
-[1] https://bugs.gentoo.org/646588
-
-Signed-off-by: Sam James <sam@gentoo.org>
--- a/tests/38-basic-pfc_coverage.sh
-+++ b/tests/38-basic-pfc_coverage.sh
-@@ -18,7 +18,7 @@
- #
- function check_deps() {
- 	[[ -z "$1" ]] && return
-	which "$1" >& /dev/null
-+	type -P "$1" >& /dev/null
- 	return $?
- }
- 
--- a/tests/55-basic-pfc_binary_tree.sh
-+++ b/tests/55-basic-pfc_binary_tree.sh
-@@ -18,7 +18,7 @@
- #
- function check_deps() {
- 	[[ -z "$1" ]] && return
-	which "$1" >& /dev/null
-+	type -P "$1" >& /dev/null
- 	return $?
- }
- 
--- a/tests/regression
-+++ b/tests/regression
-@@ -73,7 +73,7 @@ GLBL_SYS_API="../tools/scmp_api_level"
- #
- function check_deps() {
- 	[[ -z "$1" ]] && return
-	which "$1" >& /dev/null
-+	type -P "$1" >& /dev/null
- 	return $?
- }
- 
--- a/tests/testgen
-+++ b/tests/testgen
-@@ -32,7 +32,7 @@
- #
- function verify_deps() {
- 	[[ -z "$1" ]] && return
-	if ! which "$1" >& /dev/null; then
-+	if ! type -P "$1" >& /dev/null; then
- 		echo "error: install \"$1\" and include it in your \$PATH"
- 		exit 1
- 	fi
-- 
-2.43.0
-
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch
@ -1,25 +0,0 @@
-From 763b863c3028f604f16cc6d2de7452dc16458596 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 23 May 2021 16:17:32 -0400
-Subject: [PATCH] Link python module against shared library
-
---
- src/python/setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/python/setup.py b/src/python/setup.py
-index 0419111..fb650d0 100755
--- a/src/python/setup.py
-+++ b/src/python/setup.py
-@@ -41,7 +41,7 @@ setup(
- 	ext_modules = [
- 		Extension("seccomp", ["seccomp.pyx"],
- 			# unable to handle libtool libraries directly
-			extra_objects=["../.libs/libseccomp.a"],
-+			extra_objects=["../.libs/libseccomp.so"],
- 			# fix build warnings, see PEP 3123
- 			extra_compile_args=["-fno-strict-aliasing"])
- 	]
-- 
-2.32.0.rc1
-
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild
@ -1,127 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_EXT=1
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..12} )
-
-inherit distutils-r1 multilib-minimal
-
-DESCRIPTION="High level interface to Linux seccomp filter"
-HOMEPAGE="https://github.com/seccomp/libseccomp"
-
-if [[ ${PV} == *9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git"
-	PRERELEASE="2.6.0"
-	AUTOTOOLS_AUTO_DEPEND=yes
-	inherit autotools git-r3
-else
-	AUTOTOOLS_AUTO_DEPEND=no
-	inherit autotools libtool
-	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz
-		experimental-loong? ( https://github.com/matoro/libseccomp/compare/v${PV}..loongarch-r1.patch
-			-> ${P}-loongarch-r1.patch )"
-	KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86"
-fi
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="experimental-loong python static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# We need newer kernel headers; we don't keep strict control of the exact
-# version here, just be safe and pull in the latest stable ones. bug #551248
-DEPEND="
-	>=sys-kernel/linux-headers-5.15
-	python? ( ${PYTHON_DEPS} )
-"
-RDEPEND="${DEPEND}"
-BDEPEND="
-	${DEPEND}
-	dev-util/gperf
-	experimental-loong? ( ${AUTOTOOLS_DEPEND} )
-	python? (
-		${DISTUTILS_DEPS}
-		dev-python/cython[${PYTHON_USEDEP}]
-	)
-"
-
-PATCHES=(
-	"${FILESDIR}"/libseccomp-python-shared.patch
-	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
-	"${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch
-	"${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch
-	"${FILESDIR}"/libseccomp-2.5.5-aliasing.patch
-)
-
-src_prepare() {
-	if use experimental-loong; then
-		PATCHES+=( "${DISTDIR}/${P}-loongarch-r1.patch" )
-	fi
-
-	default
-
-	if [[ ${PV} == *9999 ]] ; then
-		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
-	fi
-
-	if use experimental-loong; then
-		# touch generated files to avoid activating maintainer mode
-		# remove when loong-fix-build.patch is no longer necessary
-		touch ./aclocal.m4 ./configure ./configure.h.in || die
-		find . -name Makefile.in -exec touch {} + || die
-	fi
-
-	if [[ ${PV} == *9999 ]] || use experimental-loong; then
-		rm -f "include/seccomp.h" || die
-		eautoreconf
-	else
-		elibtoolize
-	fi
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		$(use_enable static-libs static)
-		--disable-python
-	)
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake
-
-	if multilib_is_native_abi && use python ; then
-		# setup.py expects libseccomp.so to live in "../.libs"
-		# Copy the python files to the right place for this.
-		rm -r "${BUILD_DIR}"/src/python || die
-		cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die
-		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
-
-		# setup.py reads VERSION_RELEASE from the environment
-		local -x VERSION_RELEASE=${PRERELEASE-${PV}}
-
-		pushd "${BUILD_DIR}/src/python" >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi && use python ; then
-		distutils-r1_src_install
-	fi
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name "${PN}.la" -delete || die
-
-	einstalldocs
-}
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=8
@ -18,8 +18,16 @@ if [[ ${PV} == *9999 ]] ; then
 	PRERELEASE="2.6.0"
 	inherit autotools git-r3
 else
-	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libseccomp.asc
+	inherit verify-sig
+
+	SRC_URI="
+		https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz
+		verify-sig? ( https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz.asc )
+	"
 	KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86"
+
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libseccomp )"
 fi

 LICENSE="LGPL-2.1"
@ -33,10 +41,11 @@ RDEPEND="
 "
 # We need newer kernel headers; we don't keep strict control of the exact
 # version here, just be safe and pull in the latest stable ones. bug #551248
-DEPEND="${RDEPEND}
+DEPEND="
+	${RDEPEND}
 	>=sys-kernel/linux-headers-5.15
 "
-BDEPEND="
+BDEPEND+="
 	${DEPEND}
 	dev-util/gperf
 	python? (
@ -53,6 +62,19 @@ PATCHES=(
 	"${FILESDIR}"/${P}-bounds.patch
 )

+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+		return
+	fi
+
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
 src_prepare() {
 	default

--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild
@ -1,107 +0,0 @@
-# Copyright 1999-2025 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_EXT=1
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..13} )
-
-inherit distutils-r1 multilib-minimal
-
-DESCRIPTION="High level interface to Linux seccomp filter"
-HOMEPAGE="https://github.com/seccomp/libseccomp"
-
-if [[ ${PV} == *9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git"
-	PRERELEASE="2.6.0"
-	inherit autotools git-r3
-else
-	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
-	KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86"
-fi
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="python static-libs test"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# We need newer kernel headers; we don't keep strict control of the exact
-# version here, just be safe and pull in the latest stable ones. bug #551248
-DEPEND="
-	>=sys-kernel/linux-headers-5.15
-	python? ( ${PYTHON_DEPS} )
-"
-RDEPEND="${DEPEND}"
-BDEPEND="
-	${DEPEND}
-	dev-util/gperf
-	python? (
-		${DISTUTILS_DEPS}
-		dev-python/cython[${PYTHON_USEDEP}]
-	)
-"
-
-PATCHES=(
-	"${FILESDIR}"/libseccomp-2.6.0-python-shared.patch
-	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
-	"${FILESDIR}"/${P}-drop-bogus-test.patch
-)
-
-src_prepare() {
-	default
-
-	if [[ ${PV} == *9999 ]] ; then
-		sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die
-
-		eautoreconf
-	fi
-}
-
-multilib_src_configure() {
-	local myeconfargs=(
-		$(use_enable static-libs static)
-		--disable-python
-	)
-
-	ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake
-
-	if multilib_is_native_abi && use python ; then
-		# setup.py expects libseccomp.so to live in "../.libs"
-		# Copy the python files to the right place for this.
-		rm -r "${BUILD_DIR}"/src/python || die
-		cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die
-		local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}"
-
-		# setup.py reads VERSION_RELEASE from the environment
-		local -x VERSION_RELEASE=${PRERELEASE-${PV}}
-
-		pushd "${BUILD_DIR}/src/python" >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-multilib_src_test() {
-	emake -Onone check
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-
-	if multilib_is_native_abi && use python ; then
-		distutils-r1_src_install
-	fi
-}
-
-multilib_src_install_all() {
-	find "${ED}" -type f -name "${PN}.la" -delete || die
-
-	einstalldocs
-}
--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2025 Gentoo Authors
+# Copyright 1999-2026 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI=8
@ -18,8 +18,16 @@ if [[ ${PV} == *9999 ]] ; then
 	PRERELEASE="2.6.0"
 	inherit autotools git-r3
 else
-	SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz"
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libseccomp.asc
+	inherit verify-sig
+
+	SRC_URI="
+		https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz
+		verify-sig? ( https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz.asc )
+	"
 	KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86"
+
+	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libseccomp )"
 fi

 LICENSE="LGPL-2.1"
@ -33,10 +41,11 @@ RDEPEND="
 "
 # We need newer kernel headers; we don't keep strict control of the exact
 # version here, just be safe and pull in the latest stable ones. bug #551248
-DEPEND="${RDEPEND}
+DEPEND="
+	${RDEPEND}
 	>=sys-kernel/linux-headers-5.15
 "
-BDEPEND="
+BDEPEND+="
 	${DEPEND}
 	dev-util/gperf
 	python? (
@ -50,6 +59,19 @@ PATCHES=(
 	"${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch
 )

+src_unpack() {
+	if [[ ${PV} == 9999 ]] ; then
+		git-r3_src_unpack
+		return
+	fi
+
+	if use verify-sig; then
+		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+	fi
+
+	default
+}
+
 src_prepare() {
 	default

--- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml
@ -5,9 +5,6 @@
 		<email>base-system@gentoo.org</email>
 		<name>Gentoo Base System</name>
 	</maintainer>
-	<use>
-		<flag name="experimental-loong">Add experimental LoongArch patchset</flag>
-	</use>
 	<upstream>
 		<remote-id type="github">seccomp/libseccomp</remote-id>
 		<remote-id type="cpe">cpe:/a:libseccomp_project:libseccomp</remote-id>