From c22321a5fbd93e0a82bec343a8a4667b6eaaec0a Mon Sep 17 00:00:00 2001 From: Flatcar Buildbot Date: Mon, 2 Mar 2026 07:30:05 +0000 Subject: [PATCH] sys-libs/libseccomp: Sync with Gentoo It's from Gentoo commit 70db06723e73ae0b00458866e8b2913945b7a6f6. Signed-off-by: Flatcar Buildbot --- .../sys-libs/libseccomp/Manifest | 3 +- .../files/libseccomp-2.5.5-aliasing.patch | 30 ----- .../libseccomp-2.5.5-arch-syscall-check.patch | 45 ------- .../files/libseccomp-2.5.5-which-hunt.patch | 69 ---------- .../files/libseccomp-python-shared.patch | 25 ---- .../libseccomp/libseccomp-2.5.5-r2.ebuild | 127 ------------------ .../libseccomp/libseccomp-2.6.0-r3.ebuild | 30 ++++- .../libseccomp/libseccomp-2.6.0.ebuild | 107 --------------- .../libseccomp/libseccomp-9999.ebuild | 30 ++++- .../sys-libs/libseccomp/metadata.xml | 3 - 10 files changed, 53 insertions(+), 416 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest index 6d14610d13..cb80334dbe 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/Manifest @@ -1,3 +1,2 @@ -DIST libseccomp-2.5.5-loongarch-r1.patch 119822 BLAKE2B 4aa75c1ac87b2ca25cf6be38dfd760879c7255ca8e6cf86be3ac6e354f76cdaf3c8e2f59b646254414ffb0f1ffe6b7c50478f4db895a6ce632db8782c9807e91 SHA512 f7cd768d672a25448b2a3ceda27db52e0d62b5d9ab3eeb906226b6ebc19332c89332e0b870aaf82d4ffcfd642c2deb6029a30ae9a6bd702ebad9fdd40622b582 -DIST libseccomp-2.5.5.tar.gz 642445 BLAKE2B d770cee1f3e02fbbcd9f25655b360ab38160ad800e2829a67f2b9da62b095a90be99ac851a67344cf95bd6810a6268da4655dc1d37d996e58239c4999eb41998 SHA512 f630e7a7e53a21b7ccb4d3e7b37616b89aeceba916677c8e3032830411d77a14c2d74dcf594cd193b1acc11f52595072e28316dc44300e54083d5d7b314a38da DIST libseccomp-2.6.0.tar.gz 685655 BLAKE2B 45c4f4dd67db5848bb536613e8929633f95cfbeb8738525381a76631187e7b0fc2c02f1a103579cd0f4135e9c175250fe2d784b85cc85424ec3125b4dafcf11c SHA512 9039478656d9b670af2ff4cb67b6b1fa315821e59d2f82ba6247e988859ddc7e3d15fea159eccca161bf2890828bb62aa6ab4d6b7ff55f27a9d6bd9532eeee1b +DIST libseccomp-2.6.0.tar.gz.asc 833 BLAKE2B 3bec3fc850bcd631018f152ee8a81d89ad3e7b15d91a559048400a07efe1b1787d1cdc1b056dca62bbf8134ad81ad1b4bf53f3230e24bf94a39296b2b1562e64 SHA512 973b69c58085a1567f860e621e3a197be02c0ca71dad664234418cf5c00c39767efd37a7c4016f1be5bd588262617b6603855262db2ee6f31bc16061bc130e0f diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch deleted file mode 100644 index 60190702d3..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-aliasing.patch +++ /dev/null @@ -1,30 +0,0 @@ -https://github.com/seccomp/libseccomp/commit/2847f10dddca72167309c04cd09f326fd3b78e2f - -From 2847f10dddca72167309c04cd09f326fd3b78e2f Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Sun, 24 Dec 2023 20:38:06 +0100 -Subject: [PATCH] scmp_bpf_sim: fix aliasing UB - -See https://github.com/seccomp/libseccomp/pull/425. - -Punning sys_data_b between uint32_t* and struct* seccomp_data isn't legal, -use memcpy to fix the testsuite with Clang 17. - -Modern compilers recognise this idiom and optimise it out anyway. - -Signed-off-by: Sam James -Acked-by: Tom Hromatka -Signed-off-by: Paul Moore ---- a/tools/scmp_bpf_sim.c -+++ b/tools/scmp_bpf_sim.c -@@ -182,7 +182,8 @@ static void bpf_execute(const struct bpf_program *prg, - switch (code) { - case BPF_LD+BPF_W+BPF_ABS: - if (k < BPF_SYSCALL_MAX) { -- uint32_t val = *((uint32_t *)&sys_data_b[k]); -+ uint32_t val; -+ memcpy(&val, &sys_data_b[k], sizeof(val)); - state.acc = ttoh32(arch, val); - } else - exit_error(ERANGE, ip_c); - diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch deleted file mode 100644 index 238098ad4c..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-arch-syscall-check.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 744c9a897b74ad66d065791593e25a05e4b6f6a1 Mon Sep 17 00:00:00 2001 -From: Michal Privoznik -Date: Tue, 1 Nov 2022 11:59:51 +0100 -Subject: [PATCH] src: Make arch-syscall-check work in VPATH build - -The aim of arch-syscall-check test is to check for syscalls -missing implementation. It does so by comparing two files: - - 1) src/syscalls.csv - 2) include/seccomp-syscalls.h - -However, due to use of relative paths these files are not found -when doing a VPATH build. But, we can re-use an idea from GNU -coreutils and get an absolute path to the source dir. All that's -needed then is to prefix those two paths with the source dir -path. - -Signed-off-by: Michal Privoznik -Acked-by: Tom Hromatka -Signed-off-by: Paul Moore ---- - src/arch-syscall-check | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/arch-syscall-check b/src/arch-syscall-check -index ae67daa..9c7fd41 100755 ---- a/src/arch-syscall-check -+++ b/src/arch-syscall-check -@@ -22,8 +22,11 @@ - # along with this library; if not, see . - # - --SYSCALL_CSV="./syscalls.csv" --SYSCALL_HDR="../include/seccomp-syscalls.h" -+# Based on an idea from GNU coreutils -+abs_topsrcdir="$(unset CDPATH; cd $(dirname $0)/.. && pwd)" -+ -+SYSCALL_CSV="$abs_topsrcdir/src/syscalls.csv" -+SYSCALL_HDR="$abs_topsrcdir/include/seccomp-syscalls.h" - - function check_snr() { - (export LC_ALL=C; diff \ --- -2.44.0 - diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch deleted file mode 100644 index 90dc25bf4e..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-2.5.5-which-hunt.patch +++ /dev/null @@ -1,69 +0,0 @@ -https://github.com/seccomp/libseccomp/pull/424 - -From 865adeed17cac7063cbbce0c5df225aa35c83621 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Sat, 16 Dec 2023 02:17:36 +0000 -Subject: [PATCH] tests: avoid use of non-portable `which` - -which is not a standard POSIX utility, and indeed, each of these test scripts -uses #!/bin/bash as its shebang, so we can use `type -P` which has the same -behaviour as `which` for free. - -(If the tests used POSIX shell, we could do `command -v`, its only caveat is -that it'll pick up functions in the user's shell, which doesn't matter 99% of -the time anyway.) - -Distributions like Debian [0] and Gentoo [1] are looking to remove `which` -from their base set of packages. - -[0] https://lwn.net/Articles/874049/ -[1] https://bugs.gentoo.org/646588 - -Signed-off-by: Sam James ---- a/tests/38-basic-pfc_coverage.sh -+++ b/tests/38-basic-pfc_coverage.sh -@@ -18,7 +18,7 @@ - # - function check_deps() { - [[ -z "$1" ]] && return -- which "$1" >& /dev/null -+ type -P "$1" >& /dev/null - return $? - } - ---- a/tests/55-basic-pfc_binary_tree.sh -+++ b/tests/55-basic-pfc_binary_tree.sh -@@ -18,7 +18,7 @@ - # - function check_deps() { - [[ -z "$1" ]] && return -- which "$1" >& /dev/null -+ type -P "$1" >& /dev/null - return $? - } - ---- a/tests/regression -+++ b/tests/regression -@@ -73,7 +73,7 @@ GLBL_SYS_API="../tools/scmp_api_level" - # - function check_deps() { - [[ -z "$1" ]] && return -- which "$1" >& /dev/null -+ type -P "$1" >& /dev/null - return $? - } - ---- a/tests/testgen -+++ b/tests/testgen -@@ -32,7 +32,7 @@ - # - function verify_deps() { - [[ -z "$1" ]] && return -- if ! which "$1" >& /dev/null; then -+ if ! type -P "$1" >& /dev/null; then - echo "error: install \"$1\" and include it in your \$PATH" - exit 1 - fi --- -2.43.0 - diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch deleted file mode 100644 index 93e1ec8a91..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/files/libseccomp-python-shared.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 763b863c3028f604f16cc6d2de7452dc16458596 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Sun, 23 May 2021 16:17:32 -0400 -Subject: [PATCH] Link python module against shared library - ---- - src/python/setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/python/setup.py b/src/python/setup.py -index 0419111..fb650d0 100755 ---- a/src/python/setup.py -+++ b/src/python/setup.py -@@ -41,7 +41,7 @@ setup( - ext_modules = [ - Extension("seccomp", ["seccomp.pyx"], - # unable to handle libtool libraries directly -- extra_objects=["../.libs/libseccomp.a"], -+ extra_objects=["../.libs/libseccomp.so"], - # fix build warnings, see PEP 3123 - extra_compile_args=["-fno-strict-aliasing"]) - ] --- -2.32.0.rc1 - diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild deleted file mode 100644 index 4eb2728435..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.5.5-r2.ebuild +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_EXT=1 -DISTUTILS_OPTIONAL=1 -DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{10..12} ) - -inherit distutils-r1 multilib-minimal - -DESCRIPTION="High level interface to Linux seccomp filter" -HOMEPAGE="https://github.com/seccomp/libseccomp" - -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git" - PRERELEASE="2.6.0" - AUTOTOOLS_AUTO_DEPEND=yes - inherit autotools git-r3 -else - AUTOTOOLS_AUTO_DEPEND=no - inherit autotools libtool - SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz - experimental-loong? ( https://github.com/matoro/libseccomp/compare/v${PV}..loongarch-r1.patch - -> ${P}-loongarch-r1.patch )" - KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86" -fi - -LICENSE="LGPL-2.1" -SLOT="0" -IUSE="experimental-loong python static-libs test" -RESTRICT="!test? ( test )" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -# We need newer kernel headers; we don't keep strict control of the exact -# version here, just be safe and pull in the latest stable ones. bug #551248 -DEPEND=" - >=sys-kernel/linux-headers-5.15 - python? ( ${PYTHON_DEPS} ) -" -RDEPEND="${DEPEND}" -BDEPEND=" - ${DEPEND} - dev-util/gperf - experimental-loong? ( ${AUTOTOOLS_DEPEND} ) - python? ( - ${DISTUTILS_DEPS} - dev-python/cython[${PYTHON_USEDEP}] - ) -" - -PATCHES=( - "${FILESDIR}"/libseccomp-python-shared.patch - "${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch - "${FILESDIR}"/libseccomp-2.5.5-which-hunt.patch - "${FILESDIR}"/libseccomp-2.5.5-arch-syscall-check.patch - "${FILESDIR}"/libseccomp-2.5.5-aliasing.patch -) - -src_prepare() { - if use experimental-loong; then - PATCHES+=( "${DISTDIR}/${P}-loongarch-r1.patch" ) - fi - - default - - if [[ ${PV} == *9999 ]] ; then - sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die - fi - - if use experimental-loong; then - # touch generated files to avoid activating maintainer mode - # remove when loong-fix-build.patch is no longer necessary - touch ./aclocal.m4 ./configure ./configure.h.in || die - find . -name Makefile.in -exec touch {} + || die - fi - - if [[ ${PV} == *9999 ]] || use experimental-loong; then - rm -f "include/seccomp.h" || die - eautoreconf - else - elibtoolize - fi -} - -multilib_src_configure() { - local myeconfargs=( - $(use_enable static-libs static) - --disable-python - ) - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake - - if multilib_is_native_abi && use python ; then - # setup.py expects libseccomp.so to live in "../.libs" - # Copy the python files to the right place for this. - rm -r "${BUILD_DIR}"/src/python || die - cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die - local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}" - - # setup.py reads VERSION_RELEASE from the environment - local -x VERSION_RELEASE=${PRERELEASE-${PV}} - - pushd "${BUILD_DIR}/src/python" >/dev/null || die - distutils-r1_src_compile - popd >/dev/null || die - fi -} - -multilib_src_install() { - emake DESTDIR="${D}" install - - if multilib_is_native_abi && use python ; then - distutils-r1_src_install - fi -} - -multilib_src_install_all() { - find "${ED}" -type f -name "${PN}.la" -delete || die - - einstalldocs -} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild index 4f22c8f8ac..184b1f109d 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0-r3.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -18,8 +18,16 @@ if [[ ${PV} == *9999 ]] ; then PRERELEASE="2.6.0" inherit autotools git-r3 else - SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libseccomp.asc + inherit verify-sig + + SRC_URI=" + https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz + verify-sig? ( https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz.asc ) + " KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libseccomp )" fi LICENSE="LGPL-2.1" @@ -33,10 +41,11 @@ RDEPEND=" " # We need newer kernel headers; we don't keep strict control of the exact # version here, just be safe and pull in the latest stable ones. bug #551248 -DEPEND="${RDEPEND} +DEPEND=" + ${RDEPEND} >=sys-kernel/linux-headers-5.15 " -BDEPEND=" +BDEPEND+=" ${DEPEND} dev-util/gperf python? ( @@ -53,6 +62,19 @@ PATCHES=( "${FILESDIR}"/${P}-bounds.patch ) +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + return + fi + + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + src_prepare() { default diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild deleted file mode 100644 index f28f3459eb..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-2.6.0.ebuild +++ /dev/null @@ -1,107 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_EXT=1 -DISTUTILS_OPTIONAL=1 -DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{10..13} ) - -inherit distutils-r1 multilib-minimal - -DESCRIPTION="High level interface to Linux seccomp filter" -HOMEPAGE="https://github.com/seccomp/libseccomp" - -if [[ ${PV} == *9999 ]] ; then - EGIT_REPO_URI="https://github.com/seccomp/libseccomp.git" - PRERELEASE="2.6.0" - inherit autotools git-r3 -else - SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz" - KEYWORDS="-* amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 x86" -fi - -LICENSE="LGPL-2.1" -SLOT="0" -IUSE="python static-libs test" -RESTRICT="!test? ( test )" -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -# We need newer kernel headers; we don't keep strict control of the exact -# version here, just be safe and pull in the latest stable ones. bug #551248 -DEPEND=" - >=sys-kernel/linux-headers-5.15 - python? ( ${PYTHON_DEPS} ) -" -RDEPEND="${DEPEND}" -BDEPEND=" - ${DEPEND} - dev-util/gperf - python? ( - ${DISTUTILS_DEPS} - dev-python/cython[${PYTHON_USEDEP}] - ) -" - -PATCHES=( - "${FILESDIR}"/libseccomp-2.6.0-python-shared.patch - "${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch - "${FILESDIR}"/${P}-drop-bogus-test.patch -) - -src_prepare() { - default - - if [[ ${PV} == *9999 ]] ; then - sed -i -e "s/0.0.0/${PRERELEASE}/" configure.ac || die - - eautoreconf - fi -} - -multilib_src_configure() { - local myeconfargs=( - $(use_enable static-libs static) - --disable-python - ) - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake - - if multilib_is_native_abi && use python ; then - # setup.py expects libseccomp.so to live in "../.libs" - # Copy the python files to the right place for this. - rm -r "${BUILD_DIR}"/src/python || die - cp -r "${S}"/src/python "${BUILD_DIR}"/src/python || die - local -x CPPFLAGS="-I\"${BUILD_DIR}/include\" -I\"${S}/include\" ${CPPFLAGS}" - - # setup.py reads VERSION_RELEASE from the environment - local -x VERSION_RELEASE=${PRERELEASE-${PV}} - - pushd "${BUILD_DIR}/src/python" >/dev/null || die - distutils-r1_src_compile - popd >/dev/null || die - fi -} - -multilib_src_test() { - emake -Onone check -} - -multilib_src_install() { - emake DESTDIR="${D}" install - - if multilib_is_native_abi && use python ; then - distutils-r1_src_install - fi -} - -multilib_src_install_all() { - find "${ED}" -type f -name "${PN}.la" -delete || die - - einstalldocs -} diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild index b3a5119c28..2c33eca85c 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/libseccomp-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2025 Gentoo Authors +# Copyright 1999-2026 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -18,8 +18,16 @@ if [[ ${PV} == *9999 ]] ; then PRERELEASE="2.6.0" inherit autotools git-r3 else - SRC_URI="https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz" + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/libseccomp.asc + inherit verify-sig + + SRC_URI=" + https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz + verify-sig? ( https://github.com/seccomp/libseccomp/releases/download/v${PV}/${P}.tar.gz.asc ) + " KEYWORDS="-* ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~x86" + + BDEPEND="verify-sig? ( sec-keys/openpgp-keys-libseccomp )" fi LICENSE="LGPL-2.1" @@ -33,10 +41,11 @@ RDEPEND=" " # We need newer kernel headers; we don't keep strict control of the exact # version here, just be safe and pull in the latest stable ones. bug #551248 -DEPEND="${RDEPEND} +DEPEND=" + ${RDEPEND} >=sys-kernel/linux-headers-5.15 " -BDEPEND=" +BDEPEND+=" ${DEPEND} dev-util/gperf python? ( @@ -50,6 +59,19 @@ PATCHES=( "${FILESDIR}"/libseccomp-2.5.3-skip-valgrind.patch ) +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + return + fi + + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + src_prepare() { default diff --git a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml index 72ee48a1f8..9b5a229350 100644 --- a/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/sys-libs/libseccomp/metadata.xml @@ -5,9 +5,6 @@ base-system@gentoo.org Gentoo Base System - - Add experimental LoongArch patchset - seccomp/libseccomp cpe:/a:libseccomp_project:libseccomp