!69 [sync] PR-68: update syscare to 1.1.0-1

From: @openeuler-sync-bot Reviewed-by: @snoweay Signed-off-by: @snoweay
2023-08-29 12:28:54 +00:00 · 2023-08-29 12:28:54 +00:00 · 4648340f20
commit 4648340f20
parent 697719add3 afcc12912c
5 changed files with 310 additions and 94 deletions
--- a/generate_package.sh
+++ b/generate_package.sh
@ -0,0 +1,35 @@
+#!/bin/bash -e
+
+readonly REPO_NAME="syscare"
+readonly REPO_URL="https://gitee.com/openeuler/$REPO_NAME"
+
+# Prepare
+repo_version=$(grep "Version" "$REPO_NAME.spec" | head -n 1 | awk -F ' ' '{print $NF}')
+repo_dir="$REPO_NAME-$repo_version"
+
+rm -rf "$REPO_NAME" "$repo_dir"
+git clone "$REPO_URL"
+
+# Prepare package build requirements 
+pushd "$REPO_NAME"
+
+cargo vendor --respect-source-config
+
+mkdir -p .cargo
+cat << EOF > .cargo/config.toml
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
+EOF
+
+popd
+
+# Create tarball
+mv "$REPO_NAME" "$repo_dir"
+tar -czvf "$repo_dir.tar.gz" "$repo_dir"
+
+# Clean up
+rm -rf "$repo_dir"
+
--- a/get-version.sh
+++ b/get-version.sh
@ -1,51 +0,0 @@
-#!/bin/bash
-set -e
-
-REPO=$1
-VERSION=$2
-
-if [ -z "${REPO}" ]; then
-	echo "Please assign a directory of syscare repo."
-	exit 1
-fi
-
-if [ -z "${VERSION}" ]; then
-	VERSION=HEAD
-fi
-
-cd ${REPO}
-REPO=$(pwd)
-REPO=${REPO##*/}
-cd -
-cp -r ${REPO}  ${REPO}-${VERSION}
-cd ${REPO}-${VERSION}
-
-git checkout ${VERSION}
-
-for file in `find . -name Cargo.toml`
-do 
-	dir=${file%/Cargo.toml*}
-	
-	if [ -n "${dir}" ]; then
-		cd ${dir}
-		cargo vendor
-		mkdir -p .cargo
-
-		cat > .cargo/config << EOF
-[source.crates-io]
-replace-with = "local-registry"
-
-[source.local-registry]
-directory = "vendor"
-EOF
-
-		cd -
-	fi
-done
-
-cd ..
-
-rm -rf ${REPO}-${VERSION}/.git
-tar -zcf ${REPO}-${VERSION}.tar.gz ${REPO}-${VERSION}
-echo "Output: ${REPO}-${VERSION}.tar.gz"
-
--- a/syscare-0.1.1.tar.gz
+++ b/syscare-0.1.1.tar.gz
--- a/syscare-1.1.0.tar.gz
+++ b/syscare-1.1.0.tar.gz
--- a/syscare.spec
+++ b/syscare.spec
@ -1,69 +1,301 @@
-%global debug_package %{nil}
+%define build_version    %{version}-%{release}
+%define kernel_devel_rpm %(echo $(rpm -q kernel-devel | head -n 1))
+%define kernel_version   %(echo $(rpm -q --qf "\%%{VERSION}" %{kernel_devel_rpm}))
+%define kernel_name      %(echo $(rpm -q --qf "\%%{VERSION}-\%%{RELEASE}.\%%{ARCH}" %{kernel_devel_rpm}))

-Name:           syscare
-Version:        0.1.1
-Release:        1
-Summary:        system hot-fix service
+%define pkg_kmod       %{name}-kmod
+%define pkg_build      %{name}-build
+%define pkg_build_kmod %{pkg_build}-kmod
+%define pkg_build_ebpf %{pkg_build}-ebpf

-License:        MulanPSL-2.0, GPLv2
-URL:            https://gitee.com/openeuler/syscare
-Source0:        %{name}-%{version}.tar.gz
-
-ExclusiveArch:  x86_64
-
-BuildRequires:  rust cargo gcc gcc-g++ cmake make
-BuildRequires:  elfutils-libelf-devel
-
-Requires:       kpatch-runtime
+############################################
+############ Package syscare ###############
+############################################
+Name:          syscare
+Version:       1.1.0
+Release:       1
+Summary:       System hot-fix service
+License:       MulanPSL-2.0 and GPL-2.0-only
+URL:           https://gitee.com/openeuler/syscare
+Source0:       %{name}-%{version}.tar.gz
+BuildRequires: cmake >= 3.14 make
+BuildRequires: rust >= 1.60 cargo >= 1.60
+BuildRequires: gcc gcc-c++
+Requires:      %{pkg_kmod} >= %{build_version}
+Requires:      coreutils systemd
+Requires:      kpatch-runtime

+############### Description ################
 %description
-SysCare is a system-level hot-fix software that provides single-machine-level and cluster-level security patches and system error hot-fixes for the operating system.
+SysCare is a system-level hot-fix service that provides security patches and system error hot-fixes for the operating system.
 The host can fix the system problem without rebooting.

-%package build
-Summary:        Tools for build syscare patch.
-Requires:       %{name} = %{version}-%{release}
-Requires:       kpatch make gcc openssl-devel dwarves python3-devel bison flex
-Requires:       rpm-build
-
-%description build
-Syscare build tools.
-
+############## BuildPreparare ##############
 %prep
 %autosetup -p1

+################## Build ###################
 %build
-cmake .
+mkdir -p build
+cd build
+
+cmake -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_VERSION=%{build_version} -DKERNEL_VERSION=%{kernel_name} ..
 make

+################# Install ##################
 %install
+cd build
 %make_install

-mkdir -p %{buildroot}/usr/lib/systemd/system
-install -m 0644 %{_builddir}/%{name}-%{version}/misc/%{name}-restore.service %{buildroot}/usr/lib/systemd/system
-install -m 0644 %{_builddir}/%{name}-%{version}/misc/%{name}-pre.service %{buildroot}/usr/lib/systemd/system
+mkdir -p %{buildroot}/lib/modules/%{kernel_name}/extra/syscare
+mv -f %{buildroot}/usr/libexec/syscare/upatch.ko %{buildroot}/lib/modules/%{kernel_name}/extra/syscare
+mv -f %{buildroot}/usr/libexec/syscare/upatch_hijacker.ko %{buildroot}/lib/modules/%{kernel_name}/extra/syscare

+############### PostInstall ################
 %post
-%systemd_post %{name}-restore.service
-%systemd_post %{name}-pre.service
+mkdir -p /usr/lib/syscare/patches

+systemctl daemon-reload
+systemctl enable syscare
+systemctl start syscare
+
+############### PreUninstall ###############
+%preun
+systemctl stop syscare
+systemctl disable syscare
+systemctl daemon-reload
+
+############## PostUninstall ###############
+%postun
+if [ "$1" -eq 0 ] || { [ -n "$2" ] && [ "$2" -eq 0 ]; }; then
+    rm -rf /usr/lib/syscare
+    rm -f /var/log/syscare/syscared*.log*
+    if [ -z "$(ls -A /var/log/syscare)" ]; then
+        rm -rf /var/log/syscare
+    fi
+fi
+
+################## Files ###################
 %files
 %defattr(-,root,root,-)
+%dir /usr/libexec/syscare
+%attr(644,root,root) /usr/lib/systemd/system/syscare.service
 %attr(755,root,root) /usr/bin/syscare
-%attr(755,root,root) /usr/libexec/%{name}/upatch-tool
-%attr(755,root,root) /usr/libexec/%{name}/auto-recovery.sh
-%attr(644,root,root) /usr/lib/systemd/system/%{name}-restore.service
-%attr(644,root,root) /usr/lib/systemd/system/%{name}-pre.service
+%attr(755,root,root) /usr/bin/syscared
+%attr(755,root,root) /usr/libexec/syscare/upatch-tool

+############################################
+########## Package syscare-kmod ############
+############################################
+%package kmod
+Summary: Syscare kernel module.
+BuildRequires: make gcc
+BuildRequires: kernel-devel = %{kernel_version}
+Requires: kernel >= %{kernel_version}
+
+############### Description ################
+%description kmod
+Syscare dependency - kernel module.
+
+############### PostInstall ################
+%post kmod
+echo "/lib/modules/%{kernel_name}/extra/syscare/upatch.ko" | /sbin/weak-modules --add-module --no-initramfs
+
+############### PreUninstall ###############
+%preun kmod
+# Nothing
+
+############## PostUninstall ###############
+%postun kmod
+echo "/lib/modules/%{kernel_name}/extra/syscare/upatch.ko" | /sbin/weak-modules --remove-module --no-initramfs
+
+################## Files ###################
+%files kmod
+%dir /lib/modules/%{kernel_name}/extra/syscare
+%attr(640,root,root) /lib/modules/%{kernel_name}/extra/syscare/upatch.ko
+
+############################################
+########## Package syscare-build ###########
+############################################
+%package build
+Summary: Syscare build tools.
+BuildRequires: elfutils-libelf-devel
+Requires: (%{pkg_build_kmod} >= %{build_version} or %{pkg_build_ebpf} >= %{build_version})
+Requires: coreutils
+Requires: patch
+Requires: kpatch
+Requires: tar gzip
+Requires: rpm rpm-build
+
+############### Description ################
+%description build
+Syscare patch building toolset.
+
+############### PostInstall ################
+%post build
+mkdir -p /etc/syscare
+systemctl daemon-reload
+systemctl enable syscare-upatch
+systemctl start syscare-upatch
+
+############### PreUninstall ###############
+%preun build
+systemctl stop syscare-upatch
+systemctl disable syscare-upatch
+systemctl daemon-reload
+
+############## PostUninstall ###############
+%postun build
+if [ "$1" -eq 0 ] || { [ -n "$2" ] && [ "$2" -eq 0 ]; }; then
+    rm -rf /etc/syscare
+    rm -f /var/log/syscare/upatchd*.log*
+    if [ -z "$(ls -A /var/log/syscare)" ]; then
+        rm -rf /var/log/syscare
+    fi
+fi
+
+################## Files ###################
 %files build
 %defattr(-,root,root,-)
-%dir /usr/libexec/%{name}
-%attr(755,root,root) /usr/libexec/%{name}/upatch-diff
-%attr(755,root,root) /usr/libexec/%{name}/upatch-build
-%attr(755,root,root) /usr/libexec/%{name}/syscare-build
+%dir /usr/libexec/syscare
+%attr(644,root,root) /usr/lib/systemd/system/syscare-upatch.service
+%attr(755,root,root) /usr/bin/upatchd
+%attr(755,root,root) /usr/libexec/syscare/syscare-build
+%attr(755,root,root) /usr/libexec/syscare/upatch-build
+%attr(755,root,root) /usr/libexec/syscare/upatch-diff
+%attr(755,root,root) /usr/libexec/syscare/as-hijacker
+%attr(755,root,root) /usr/libexec/syscare/cc-hijacker
+%attr(755,root,root) /usr/libexec/syscare/c++-hijacker
+%attr(755,root,root) /usr/libexec/syscare/gcc-hijacker
+%attr(755,root,root) /usr/libexec/syscare/g++-hijacker

+############################################
+######## Package syscare-build-kmod ########
+############################################
+%package build-kmod
+Summary: Kernel module for syscare patch build tools.
+BuildRequires: make gcc
+BuildRequires: kernel-devel = %{kernel_version}
+Requires: kernel >= %{kernel_version}
+Conflicts: %{pkg_build_ebpf}
+
+############### Description ################
+%description build-kmod
+Syscare build dependency - kernel module.
+
+############### PostInstall ################
+%post build-kmod
+echo "/lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko" | /sbin/weak-modules --add-module --no-initramfs
+
+############### PreUninstall ###############
+%preun build-kmod
+# Nothing
+
+############## PostUninstall ###############
+%postun build-kmod
+echo "/lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko" | /sbin/weak-modules --remove-module --no-initramfs
+
+################## Files ###################
+%files build-kmod
+%dir /lib/modules/%{kernel_name}/extra/syscare
+%attr(640,root,root) /lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko
+
+############################################
+######## Package syscare-build-ebpf ########
+############################################
+%package build-ebpf
+Summary: eBPF for syscare patch build tools.
+BuildRequires: make llvm clang bpftool
+BuildRequires: libbpf libbpf-devel libbpf-static
+Conflicts: %{pkg_build_kmod}
+
+############### Description ################
+%description build-ebpf
+Syscare build dependency - eBPF.
+
+############### PostInstall ################
+%post build-ebpf
+
+############### PreUninstall ###############
+%preun build-ebpf
+# Nothing
+
+############## PostUninstall ###############
+%postun build-ebpf
+# Nothing
+
+################## Files ###################
+%files build-ebpf
+%attr(755,root,root) /usr/libexec/syscare/upatch_hijacker
+
+############################################
+################ Change log ################
+############################################
 %changelog
-* Mon Nov 28 2022 snoweay<snoweay@163.com> - 0.1.1-1
- First version for test. Support patches restore, remove, insmod upatch.ko.
-* Mon Nov 21 2022 snoweay<snoweay@163.com> - 0.1.0-1
- init version for 0.1.1-1.
+* Mon Aug 28 2023 renoseven<dev@renoseven.net> - 1.1.0-1
+- Support build patch without kernel module
+- Add syscare daemon
+- Add syscare-build daemon
+- Improve syscare cli
+* Wed Jun 28 2023 renoseven<dev@renoseven.net> - 1.0.2-4
+- Fix builder check failure issue
+* Sun Jun 25 2023 renoseven<dev@renoseven.net> - 1.0.2-3
+- Fix various issue
+* Mon Jun 19 2023 renoseven<dev@renoseven.net> - 1.0.2-2
+- Fix various issue
+- Update dependencies
+* Fri Jun 09 2023 renoseven<dev@renoseven.net> - 1.0.2-1
+- Fix 'rpmpbuild getcwd failed' issue
+- Fix 'upatch ko prints redundant log' issue
+* Fri Jun 09 2023 renoseven<dev@renoseven.net> - 1.0.1-9
+- Fix 'patch file is not checked' issue
+- Rename patched source package
+- Update dependencies
+* Tue Jun 06 2023 renoseven<dev@renoseven.net> - 1.0.1-8
+- Fix 'kernel patch sys interface collision' issue
+- Fix 'patch GOT table jump fails' issue
+- Fix 'patch TLS variable relocation fails' issue
+* Fri Jun 02 2023 renoseven<dev@renoseven.net> - 1.0.1-7
+- Various bugfix
+- Support multiple compiler
+* Wed May 31 2023 renoseven<dev@renoseven.net> - 1.0.1-6
+- Various bugfix
+- Support multiple debuginfo package
+* Mon May 15 2023 renoseven<dev@renoseven.net> - 1.0.1-5
+- Fix aarch64 kmod patch jump instruction error issue
+- Add ifunc support
+- Add 'syscare accept' command
+- Add patch 'ACCEPT' state
+* Tue Apr 04 2023 renoseven<dev@renoseven.net> - 1.0.1-4
+- Enable aarch64
+- Fix syscare-upatch service may start failed issue
+* Thu Mar 30 2023 renoseven<dev@renoseven.net> - 1.0.1-3
+- Fix upatch may not contain all symbols issue
+- Add syscare-kmod package
+* Wed Mar 29 2023 renoseven<dev@renoseven.net> - 1.0.1-2
+- Fix rpm install & remove script issue
+* Wed Mar 15 2023 renoseven<dev@renoseven.net> - 1.0.1-1
+- New syscare cli
+- Support building patch for C++ code
+- Support patch version verification
+- Support elf name derivation
+- Support fast reboot
+* Wed Dec 21 2022 snoweay<snoweay@163.com> - 1.0.0-7
+- Fix 42 relocation caused by gcc 11.
+* Tue Dec 20 2022 snoweay<snoweay@163.com> - 1.0.0-6
+- Fix patch open failure by reading patches at attach instead of load.
+- Support epoch in spec.
+* Sat Dec 17 2022 snoweay<snoweay@163.com> - 1.0.0-5
+- Check version-release of source pkg & debuginfo pkg.
+* Fri Dec 16 2022 snoweay<snoweay@163.com> - 1.0.0-4
+- Avoid duplicate elfs by not following symlinks at build.
+* Thu Dec 15 2022 snoweay<snoweay@163.com> - 1.0.0-3
+- Change kernel patches' scontext before apply not at rpm-post.
+* Wed Dec 14 2022 snoweay<snoweay@163.com> - 1.0.0-2
+- Fix some issues:
+- manager: Allow apply to actived kernel patch
+- build: only 'NOT-APPLIED' patch package can be removed
+- build: fix 'kernel patch cannot be insmod during system start' issue
+- kmod: unregister when rmmod upatch
+* Tue Dec 13 2022 snoweay<snoweay@163.com> - 1.0.0-1
+- Release the first version 1.0.0.