diff --git a/generate_package.sh b/generate_package.sh new file mode 100755 index 0000000000000000000000000000000000000000..ec90a54436ab853a7ce2b7c7de55e9d3991e7238 --- /dev/null +++ b/generate_package.sh @@ -0,0 +1,35 @@ +#!/bin/bash -e + +readonly REPO_NAME="syscare" +readonly REPO_URL="https://gitee.com/openeuler/$REPO_NAME" + +# Prepare +repo_version=$(grep "Version" "$REPO_NAME.spec" | head -n 1 | awk -F ' ' '{print $NF}') +repo_dir="$REPO_NAME-$repo_version" + +rm -rf "$REPO_NAME" "$repo_dir" +git clone "$REPO_URL" + +# Prepare package build requirements +pushd "$REPO_NAME" + +cargo vendor --respect-source-config + +mkdir -p .cargo +cat << EOF > .cargo/config.toml +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "vendor" +EOF + +popd + +# Create tarball +mv "$REPO_NAME" "$repo_dir" +tar -czvf "$repo_dir.tar.gz" "$repo_dir" + +# Clean up +rm -rf "$repo_dir" + diff --git a/get-version.sh b/get-version.sh deleted file mode 100755 index 0cbf7163c8647c999c753ae4f7541be226dc2724..0000000000000000000000000000000000000000 --- a/get-version.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -set -e - -REPO=$1 -VERSION=$2 - -if [ -z "${REPO}" ]; then - echo "Please assign a directory of syscare repo." - exit 1 -fi - -if [ -z "${VERSION}" ]; then - VERSION=HEAD -fi - -cd ${REPO} -REPO=$(pwd) -REPO=${REPO##*/} -cd - -cp -r ${REPO} ${REPO}-${VERSION} -cd ${REPO}-${VERSION} - -git checkout ${VERSION} - -for file in `find . -name Cargo.toml` -do - dir=${file%/Cargo.toml*} - - if [ -n "${dir}" ]; then - cd ${dir} - cargo vendor - mkdir -p .cargo - - cat > .cargo/config << EOF -[source.crates-io] -replace-with = "local-registry" - -[source.local-registry] -directory = "vendor" -EOF - - cd - - fi -done - -cd .. - -rm -rf ${REPO}-${VERSION}/.git -tar -zcf ${REPO}-${VERSION}.tar.gz ${REPO}-${VERSION} -echo "Output: ${REPO}-${VERSION}.tar.gz" - diff --git a/syscare-0.1.1.tar.gz b/syscare-1.1.0.tar.gz similarity index 37% rename from syscare-0.1.1.tar.gz rename to syscare-1.1.0.tar.gz index 8eaabf1eb11840d2a82689ecd48f80b486dcce28..70c14a1bc2a0b9e941686505ecc0ff42d247feb9 100644 Binary files a/syscare-0.1.1.tar.gz and b/syscare-1.1.0.tar.gz differ diff --git a/syscare.spec b/syscare.spec index 65b0a405e70f525a158711eedb9031e718dc65b2..f0af0e37fd07cbc4c2a94998a9609d23b3e441ed 100644 --- a/syscare.spec +++ b/syscare.spec @@ -1,69 +1,301 @@ -%global debug_package %{nil} +%define build_version %{version}-%{release} +%define kernel_devel_rpm %(echo $(rpm -q kernel-devel | head -n 1)) +%define kernel_version %(echo $(rpm -q --qf "\%%{VERSION}" %{kernel_devel_rpm})) +%define kernel_name %(echo $(rpm -q --qf "\%%{VERSION}-\%%{RELEASE}.\%%{ARCH}" %{kernel_devel_rpm})) -Name: syscare -Version: 0.1.1 -Release: 1 -Summary: system hot-fix service +%define pkg_kmod %{name}-kmod +%define pkg_build %{name}-build +%define pkg_build_kmod %{pkg_build}-kmod +%define pkg_build_ebpf %{pkg_build}-ebpf -License: MulanPSL-2.0, GPLv2 -URL: https://gitee.com/openeuler/syscare -Source0: %{name}-%{version}.tar.gz - -ExclusiveArch: x86_64 - -BuildRequires: rust cargo gcc gcc-g++ cmake make -BuildRequires: elfutils-libelf-devel - -Requires: kpatch-runtime +############################################ +############ Package syscare ############### +############################################ +Name: syscare +Version: 1.1.0 +Release: 1 +Summary: System hot-fix service +License: MulanPSL-2.0 and GPL-2.0-only +URL: https://gitee.com/openeuler/syscare +Source0: %{name}-%{version}.tar.gz +BuildRequires: cmake >= 3.14 make +BuildRequires: rust >= 1.60 cargo >= 1.60 +BuildRequires: gcc gcc-c++ +Requires: %{pkg_kmod} >= %{build_version} +Requires: coreutils systemd +Requires: kpatch-runtime +############### Description ################ %description -SysCare is a system-level hot-fix software that provides single-machine-level and cluster-level security patches and system error hot-fixes for the operating system. +SysCare is a system-level hot-fix service that provides security patches and system error hot-fixes for the operating system. The host can fix the system problem without rebooting. -%package build -Summary: Tools for build syscare patch. -Requires: %{name} = %{version}-%{release} -Requires: kpatch make gcc openssl-devel dwarves python3-devel bison flex -Requires: rpm-build - -%description build -Syscare build tools. - +############## BuildPreparare ############## %prep %autosetup -p1 +################## Build ################### %build -cmake . +mkdir -p build +cd build + +cmake -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_VERSION=%{build_version} -DKERNEL_VERSION=%{kernel_name} .. make +################# Install ################## %install +cd build %make_install -mkdir -p %{buildroot}/usr/lib/systemd/system -install -m 0644 %{_builddir}/%{name}-%{version}/misc/%{name}-restore.service %{buildroot}/usr/lib/systemd/system -install -m 0644 %{_builddir}/%{name}-%{version}/misc/%{name}-pre.service %{buildroot}/usr/lib/systemd/system +mkdir -p %{buildroot}/lib/modules/%{kernel_name}/extra/syscare +mv -f %{buildroot}/usr/libexec/syscare/upatch.ko %{buildroot}/lib/modules/%{kernel_name}/extra/syscare +mv -f %{buildroot}/usr/libexec/syscare/upatch_hijacker.ko %{buildroot}/lib/modules/%{kernel_name}/extra/syscare +############### PostInstall ################ %post -%systemd_post %{name}-restore.service -%systemd_post %{name}-pre.service +mkdir -p /usr/lib/syscare/patches + +systemctl daemon-reload +systemctl enable syscare +systemctl start syscare +############### PreUninstall ############### +%preun +systemctl stop syscare +systemctl disable syscare +systemctl daemon-reload + +############## PostUninstall ############### +%postun +if [ "$1" -eq 0 ] || { [ -n "$2" ] && [ "$2" -eq 0 ]; }; then + rm -rf /usr/lib/syscare + rm -f /var/log/syscare/syscared*.log* + if [ -z "$(ls -A /var/log/syscare)" ]; then + rm -rf /var/log/syscare + fi +fi + +################## Files ################### %files %defattr(-,root,root,-) +%dir /usr/libexec/syscare +%attr(644,root,root) /usr/lib/systemd/system/syscare.service %attr(755,root,root) /usr/bin/syscare -%attr(755,root,root) /usr/libexec/%{name}/upatch-tool -%attr(755,root,root) /usr/libexec/%{name}/auto-recovery.sh -%attr(644,root,root) /usr/lib/systemd/system/%{name}-restore.service -%attr(644,root,root) /usr/lib/systemd/system/%{name}-pre.service +%attr(755,root,root) /usr/bin/syscared +%attr(755,root,root) /usr/libexec/syscare/upatch-tool + +############################################ +########## Package syscare-kmod ############ +############################################ +%package kmod +Summary: Syscare kernel module. +BuildRequires: make gcc +BuildRequires: kernel-devel = %{kernel_version} +Requires: kernel >= %{kernel_version} + +############### Description ################ +%description kmod +Syscare dependency - kernel module. + +############### PostInstall ################ +%post kmod +echo "/lib/modules/%{kernel_name}/extra/syscare/upatch.ko" | /sbin/weak-modules --add-module --no-initramfs + +############### PreUninstall ############### +%preun kmod +# Nothing + +############## PostUninstall ############### +%postun kmod +echo "/lib/modules/%{kernel_name}/extra/syscare/upatch.ko" | /sbin/weak-modules --remove-module --no-initramfs + +################## Files ################### +%files kmod +%dir /lib/modules/%{kernel_name}/extra/syscare +%attr(640,root,root) /lib/modules/%{kernel_name}/extra/syscare/upatch.ko + +############################################ +########## Package syscare-build ########### +############################################ +%package build +Summary: Syscare build tools. +BuildRequires: elfutils-libelf-devel +Requires: (%{pkg_build_kmod} >= %{build_version} or %{pkg_build_ebpf} >= %{build_version}) +Requires: coreutils +Requires: patch +Requires: kpatch +Requires: tar gzip +Requires: rpm rpm-build + +############### Description ################ +%description build +Syscare patch building toolset. + +############### PostInstall ################ +%post build +mkdir -p /etc/syscare +systemctl daemon-reload +systemctl enable syscare-upatch +systemctl start syscare-upatch + +############### PreUninstall ############### +%preun build +systemctl stop syscare-upatch +systemctl disable syscare-upatch +systemctl daemon-reload +############## PostUninstall ############### +%postun build +if [ "$1" -eq 0 ] || { [ -n "$2" ] && [ "$2" -eq 0 ]; }; then + rm -rf /etc/syscare + rm -f /var/log/syscare/upatchd*.log* + if [ -z "$(ls -A /var/log/syscare)" ]; then + rm -rf /var/log/syscare + fi +fi + +################## Files ################### %files build %defattr(-,root,root,-) -%dir /usr/libexec/%{name} -%attr(755,root,root) /usr/libexec/%{name}/upatch-diff -%attr(755,root,root) /usr/libexec/%{name}/upatch-build -%attr(755,root,root) /usr/libexec/%{name}/syscare-build +%dir /usr/libexec/syscare +%attr(644,root,root) /usr/lib/systemd/system/syscare-upatch.service +%attr(755,root,root) /usr/bin/upatchd +%attr(755,root,root) /usr/libexec/syscare/syscare-build +%attr(755,root,root) /usr/libexec/syscare/upatch-build +%attr(755,root,root) /usr/libexec/syscare/upatch-diff +%attr(755,root,root) /usr/libexec/syscare/as-hijacker +%attr(755,root,root) /usr/libexec/syscare/cc-hijacker +%attr(755,root,root) /usr/libexec/syscare/c++-hijacker +%attr(755,root,root) /usr/libexec/syscare/gcc-hijacker +%attr(755,root,root) /usr/libexec/syscare/g++-hijacker + +############################################ +######## Package syscare-build-kmod ######## +############################################ +%package build-kmod +Summary: Kernel module for syscare patch build tools. +BuildRequires: make gcc +BuildRequires: kernel-devel = %{kernel_version} +Requires: kernel >= %{kernel_version} +Conflicts: %{pkg_build_ebpf} + +############### Description ################ +%description build-kmod +Syscare build dependency - kernel module. + +############### PostInstall ################ +%post build-kmod +echo "/lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko" | /sbin/weak-modules --add-module --no-initramfs + +############### PreUninstall ############### +%preun build-kmod +# Nothing + +############## PostUninstall ############### +%postun build-kmod +echo "/lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko" | /sbin/weak-modules --remove-module --no-initramfs + +################## Files ################### +%files build-kmod +%dir /lib/modules/%{kernel_name}/extra/syscare +%attr(640,root,root) /lib/modules/%{kernel_name}/extra/syscare/upatch_hijacker.ko + +############################################ +######## Package syscare-build-ebpf ######## +############################################ +%package build-ebpf +Summary: eBPF for syscare patch build tools. +BuildRequires: make llvm clang bpftool +BuildRequires: libbpf libbpf-devel libbpf-static +Conflicts: %{pkg_build_kmod} + +############### Description ################ +%description build-ebpf +Syscare build dependency - eBPF. + +############### PostInstall ################ +%post build-ebpf + +############### PreUninstall ############### +%preun build-ebpf +# Nothing + +############## PostUninstall ############### +%postun build-ebpf +# Nothing + +################## Files ################### +%files build-ebpf +%attr(755,root,root) /usr/libexec/syscare/upatch_hijacker +############################################ +################ Change log ################ +############################################ %changelog -* Mon Nov 28 2022 snoweay - 0.1.1-1 -- First version for test. Support patches restore, remove, insmod upatch.ko. -* Mon Nov 21 2022 snoweay - 0.1.0-1 -- init version for 0.1.1-1. +* Mon Aug 28 2023 renoseven - 1.1.0-1 +- Support build patch without kernel module +- Add syscare daemon +- Add syscare-build daemon +- Improve syscare cli +* Wed Jun 28 2023 renoseven - 1.0.2-4 +- Fix builder check failure issue +* Sun Jun 25 2023 renoseven - 1.0.2-3 +- Fix various issue +* Mon Jun 19 2023 renoseven - 1.0.2-2 +- Fix various issue +- Update dependencies +* Fri Jun 09 2023 renoseven - 1.0.2-1 +- Fix 'rpmpbuild getcwd failed' issue +- Fix 'upatch ko prints redundant log' issue +* Fri Jun 09 2023 renoseven - 1.0.1-9 +- Fix 'patch file is not checked' issue +- Rename patched source package +- Update dependencies +* Tue Jun 06 2023 renoseven - 1.0.1-8 +- Fix 'kernel patch sys interface collision' issue +- Fix 'patch GOT table jump fails' issue +- Fix 'patch TLS variable relocation fails' issue +* Fri Jun 02 2023 renoseven - 1.0.1-7 +- Various bugfix +- Support multiple compiler +* Wed May 31 2023 renoseven - 1.0.1-6 +- Various bugfix +- Support multiple debuginfo package +* Mon May 15 2023 renoseven - 1.0.1-5 +- Fix aarch64 kmod patch jump instruction error issue +- Add ifunc support +- Add 'syscare accept' command +- Add patch 'ACCEPT' state +* Tue Apr 04 2023 renoseven - 1.0.1-4 +- Enable aarch64 +- Fix syscare-upatch service may start failed issue +* Thu Mar 30 2023 renoseven - 1.0.1-3 +- Fix upatch may not contain all symbols issue +- Add syscare-kmod package +* Wed Mar 29 2023 renoseven - 1.0.1-2 +- Fix rpm install & remove script issue +* Wed Mar 15 2023 renoseven - 1.0.1-1 +- New syscare cli +- Support building patch for C++ code +- Support patch version verification +- Support elf name derivation +- Support fast reboot +* Wed Dec 21 2022 snoweay - 1.0.0-7 +- Fix 42 relocation caused by gcc 11. +* Tue Dec 20 2022 snoweay - 1.0.0-6 +- Fix patch open failure by reading patches at attach instead of load. +- Support epoch in spec. +* Sat Dec 17 2022 snoweay - 1.0.0-5 +- Check version-release of source pkg & debuginfo pkg. +* Fri Dec 16 2022 snoweay - 1.0.0-4 +- Avoid duplicate elfs by not following symlinks at build. +* Thu Dec 15 2022 snoweay - 1.0.0-3 +- Change kernel patches' scontext before apply not at rpm-post. +* Wed Dec 14 2022 snoweay - 1.0.0-2 +- Fix some issues: +- manager: Allow apply to actived kernel patch +- build: only 'NOT-APPLIED' patch package can be removed +- build: fix 'kernel patch cannot be insmod during system start' issue +- kmod: unregister when rmmod upatch +* Tue Dec 13 2022 snoweay - 1.0.0-1 +- Release the first version 1.0.0.