diff --git a/debian_pkg_dirs b/debian_pkg_dirs index b5542d652..8c4386446 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -59,6 +59,7 @@ kubernetes/plugins/isolcpus-device-plugin kubernetes/runc ldap/ldapscripts ldap/openldap +livepatch/kpatch networking/lldpd networking/net-tools ostree/initramfs-ostree diff --git a/livepatch/kpatch/debian/deb_folder/changelog b/livepatch/kpatch/debian/deb_folder/changelog new file mode 100644 index 000000000..21664ee94 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +kpatch (0.9.5-1) stable; urgency=medium + + * Initial release. + + -- Zhixiong Chi Tue, 22 Feb 2022 07:47:56 +0000 diff --git a/livepatch/kpatch/debian/deb_folder/compat b/livepatch/kpatch/debian/deb_folder/compat new file mode 100644 index 000000000..b1bd38b62 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/compat @@ -0,0 +1 @@ +13 diff --git a/livepatch/kpatch/debian/deb_folder/control b/livepatch/kpatch/debian/deb_folder/control new file mode 100644 index 000000000..d480978d3 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/control @@ -0,0 +1,46 @@ +# Copyright (c) 2022 Wind River Systems, Inc. +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. The ASF licenses this +# file to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +Source: kpatch +Section: kernel +Priority: optional +Maintainer: Zhixiong Chi +Build-Depends: libelf-dev, debhelper (>= 13) +Standards-Version: 4.5.1 +Homepage: http://github.com/dynup/kpatch + + +Package: kpatch +Architecture: linux-amd64 +Multi-Arch: foreign +Depends: ${misc:Depends}, ${shlibs:Depends}, linux-headers-5.10.0-6-amd64 +Description: Runtime tools for Kpatch + kpatch is a Linux dynamic kernel patching tool which allows you to patch a + running kernel without rebooting or restarting any processes. It enables + sysadmins to apply critical security patches to the kernel immediately, without + having to wait for long-running tasks to complete, users to log off, or + for scheduled reboot windows. It gives more control over up-time without + sacrificing security or stability. + +Package: kpatch-build +Architecture: linux-amd64 +Depends: ${shlibs:Depends}, ${misc:Depends}, dpkg-dev, linux-source-5.10, kernel-wedge, gawk, bc +Suggests: ccache +Description: Build Tools for Kpatch and Livepatch + kpatch-build is a tool that can build both kpatch and livepatch modules from + a given patch. + diff --git a/livepatch/kpatch/debian/deb_folder/copyright b/livepatch/kpatch/debian/deb_folder/copyright new file mode 100644 index 000000000..211c4a61b --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/copyright @@ -0,0 +1,767 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: kpatch +Source: http://github.com/dynup/kpatch + +Files: debian/* +Copyright: (c) 2022 Wind River Systems, Inc. +License: Apache-2 + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. The ASF licenses this + file to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +Files: .github/workflows/unit.yml + .gitignore + .gitmodules + .travis.yml + Makefile + Makefile.inc + contrib/Makefile + contrib/kpatch.service + contrib/kpatch.spec + doc/patch-author-guide.md + examples/* + kmod/Makefile + kmod/core/Makefile + kmod/patch/Makefile + kmod/patch/kpatch-macros.h + kmod/patch/kpatch.lds.S + kpatch-build/Makefile + kpatch-build/gcc-plugins/* + kpatch-build/insn/inat-tables.c + kpatch-build/kpatch-cc + kpatch-build/kpatch.h + kpatch-build/log.h + kpatch-build/lookup.h + kpatch/Makefile + man/Makefile + test/* +Copyright: __NO_COPYRIGHT_NOR_LICENSE__ +License: __NO_COPYRIGHT_NOR_LICENSE__ + +Files: kmod/patch/kpatch-patch-hook.c + kmod/patch/livepatch-patch-hook.c + kmod/patch/patch-hook.c + kpatch-build/create-klp-module.c + kpatch-build/create-kpatch-module.c + kpatch-build/kpatch-elf.h + kpatch-build/kpatch-intermediate.h + kpatch-build/list.h + kpatch-build/lookup.c +Copyright: 2013-2014 Josh Poimboeuf + 2014-2015 Seth Jennings + __NO_COPYRIGHT__ in: kpatch-build/create-klp-module.c + __NO_COPYRIGHT__ in: kpatch-build/create-kpatch-module.c + __NO_COPYRIGHT__ in: kpatch-build/kpatch-elf.h + __NO_COPYRIGHT__ in: kpatch-build/kpatch-intermediate.h +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kpatch-build/insn/asm/inat.h + kpatch-build/insn/asm/insn.h + kpatch-build/insn/inat.c + kpatch-build/insn/insn.c +Copyright: 2002-2009 IBM Corporation, + __NO_COPYRIGHT__ in: kpatch-build/insn/asm/inat.h + __NO_COPYRIGHT__ in: kpatch-build/insn/inat.c +License: GPL-2.0+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + . + The FSF address in the above text is the old one. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: man/kpatch-build.1 + man/kpatch.1 +Copyright: 2013-2014 Josh Poimboeuf + 2014 Seth Jennings and Josh Poimboeuf + 2014 Seth Jennings , Copyright (C) +License: __NO_LICENSE__ + +Files: kpatch/kpatch +Copyright: 2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + This is the kpatch user script that manages installing, loading, and + displaying information about kernel patch modules installed on the system. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kpatch-build/kpatch-build +Copyright: 2013-2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + This script takes a patch based on the version of the kernel + currently running and creates a kernel module that will + replace modified functions in the kernel such that the + patched code takes effect. + . + This script: + - Either uses a specified kernel source directory or downloads the kernel + source package for the currently running kernel + - Unpacks and prepares the source package for building if necessary + - Builds the base kernel or module + - Builds the patched kernel/module and monitors changed objects + - Builds the patched objects with gcc flags -f[function|data]-sections + - Runs kpatch tools to create and link the patch kernel module + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kpatch-build/insn/asm/inat_types.h +Copyright: __NO_COPYRIGHT__ in: kpatch-build/insn/asm/inat_types.h +License: GPL-2.0+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + . + Instruction attributes + . + The FSF address in the above text is the old one. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kmod/core/shadow.c +Copyright: 2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + kpatch shadow variables + . + These functions can be used to add new "shadow" fields to existing data + structures. For example, to allocate a "newpid" variable associated with an + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kmod/core/core.c +Copyright: 2013-2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + kpatch core module + . + Patch modules register with this module to redirect old functions to new + functions. + . + For each function patched by the module we must: + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kmod/core/kpatch.h +Copyright: 2013-2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + Contains the API for the core kpatch module used by the patch modules + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: README.md +Copyright: __NO_COPYRIGHT__ in: README.md +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kpatch-build/kpatch-elf.c +Copyright: __NO_COPYRIGHT__ in: kpatch-build/kpatch-elf.c +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + This file provides a common api to create, inspect, and manipulate + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kmod/patch/kpatch-patch.h +Copyright: 2014 Josh Poimboeuf +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, see . + . + Contains the structs used for the patch module special sections + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: kpatch-build/create-diff-object.c +Copyright: 2013-2014 Josh Poimboeuf + 2014 Seth Jennings +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + This file contains the heart of the ELF object differencing engine. + . + The tool takes two ELF objects from two versions of the same source + file; a "orig" object and a "patched" object. These object need to have + been compiled with the -ffunction-sections and -fdata-sections GCC options. + . + The tool compares the objects at a section level to determine what + sections have changed. Once a list of changed sections has been generated, + various rules are applied to determine any object local sections that + are dependencies of the changed section and also need to be included in + the output object. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: test/integration/kpatch-test +Copyright: 2014 Josh Poimboeuf +License: GPL-2.0+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, + 02110-1301, USA. + . + This is a basic integration test framework for kpatch, which tests building, + loading, and unloading patches, as well as any other related custom tests. + . + This script looks for test input files in the current directory. It expects + certain file naming conventions: + . + - foo.patch: patch that should build successfully + . + - bar-FAIL.patch: patch that should fail to build + . + - foo-LOADED.test: executable which tests whether the foo.patch module is + loaded. It will be used to test that loading/unloading the patch module + works as expected. + . + Any other *.test files will be executed after all the patch modules have been + built from the *.patch files. They can be used for more custom tests above + and beyond the simple loading and unloading tests. + . + On Debian systems, the complete text of the GNU General Public License + Version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +Files: contrib/kpatch.conf +Copyright: 2018 Amazon.com, Inc. or its affiliates. +License: __UNKNOWN__ + This upstart version lacks the ability of unloading modules with + the "stop" directive, as upstart does not support a feature like + systemd's RemainAfterExit option. + +#---------------------------------------------------------------------------- +# Files marked as NO_LICENSE_TEXT_FOUND may be covered by the following +# license/copyright files. + +#---------------------------------------------------------------------------- +# License file: COPYING + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + . + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + . + Preamble + . + The licenses for most software are designed to take away your + freedom to share and change it. By contrast, the GNU General Public + License is intended to guarantee your freedom to share and change free + software--to make sure the software is free for all its users. This + General Public License applies to most of the Free Software + Foundation's software and to any other program whose authors commit to + using it. (Some other Free Software Foundation software is covered by + the GNU Lesser General Public License instead.) You can apply it to + your programs, too. + . + When we speak of free software, we are referring to freedom, not + price. Our General Public Licenses are designed to make sure that you + have the freedom to distribute copies of free software (and charge for + this service if you wish), that you receive source code or can get it + if you want it, that you can change the software or use pieces of it + in new free programs; and that you know you can do these things. + . + To protect your rights, we need to make restrictions that forbid + anyone to deny you these rights or to ask you to surrender the rights. + These restrictions translate to certain responsibilities for you if you + distribute copies of the software, or if you modify it. + . + For example, if you distribute copies of such a program, whether + gratis or for a fee, you must give the recipients all the rights that + you have. You must make sure that they, too, receive or can get the + source code. And you must show them these terms so they know their + rights. + . + We protect your rights with two steps: (1) copyright the software, and + (2) offer you this license which gives you legal permission to copy, + distribute and/or modify the software. + . + Also, for each author's protection and ours, we want to make certain + that everyone understands that there is no warranty for this free + software. If the software is modified by someone else and passed on, we + want its recipients to know that what they have is not the original, so + that any problems introduced by others will not reflect on the original + authors' reputations. + . + Finally, any free program is threatened constantly by software + patents. We wish to avoid the danger that redistributors of a free + program will individually obtain patent licenses, in effect making the + program proprietary. To prevent this, we have made it clear that any + patent must be licensed for everyone's free use or not licensed at all. + . + The precise terms and conditions for copying, distribution and + modification follow. + . + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + . + 0. This License applies to any program or other work which contains + a notice placed by the copyright holder saying it may be distributed + under the terms of this General Public License. The "Program", below, + refers to any such program or work, and a "work based on the Program" + means either the Program or any derivative work under copyright law: + that is to say, a work containing the Program or a portion of it, + either verbatim or with modifications and/or translated into another + language. (Hereinafter, translation is included without limitation in + the term "modification".) Each licensee is addressed as "you". + . + Activities other than copying, distribution and modification are not + covered by this License; they are outside its scope. The act of + running the Program is not restricted, and the output from the Program + is covered only if its contents constitute a work based on the + Program (independent of having been made by running the Program). + Whether that is true depends on what the Program does. + . + 1. You may copy and distribute verbatim copies of the Program's + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an appropriate + copyright notice and disclaimer of warranty; keep intact all the + notices that refer to this License and to the absence of any warranty; + and give any other recipients of the Program a copy of this License + along with the Program. + . + You may charge a fee for the physical act of transferring a copy, and + you may at your option offer warranty protection in exchange for a fee. + . + 2. You may modify your copy or copies of the Program or any portion + of it, thus forming a work based on the Program, and copy and + distribute such modifications or work under the terms of Section 1 + above, provided that you also meet all of these conditions: + . + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + . + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + . + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + . + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the Program, + and can be reasonably considered independent and separate works in + themselves, then this License, and its terms, do not apply to those + sections when you distribute them as separate works. But when you + distribute the same sections as part of a whole which is a work based + on the Program, the distribution of the whole must be on the terms of + this License, whose permissions for other licensees extend to the + entire whole, and thus to each and every part regardless of who wrote it. + . + Thus, it is not the intent of this section to claim rights or contest + your rights to work written entirely by you; rather, the intent is to + exercise the right to control the distribution of derivative or + collective works based on the Program. + . + In addition, mere aggregation of another work not based on the Program + with the Program (or with a work based on the Program) on a volume of + a storage or distribution medium does not bring the other work under + the scope of this License. + . + 3. You may copy and distribute the Program (or a work based on it, + under Section 2) in object code or executable form under the terms of + Sections 1 and 2 above provided that you also do one of the following: + . + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + . + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + . + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + . + The source code for a work means the preferred form of the work for + making modifications to it. For an executable work, complete source + code means all the source code for all modules it contains, plus any + associated interface definition files, plus the scripts used to + control compilation and installation of the executable. However, as a + special exception, the source code distributed need not include + anything that is normally distributed (in either source or binary + form) with the major components (compiler, kernel, and so on) of the + operating system on which the executable runs, unless that component + itself accompanies the executable. + . + If distribution of executable or object code is made by offering + access to copy from a designated place, then offering equivalent + access to copy the source code from the same place counts as + distribution of the source code, even though third parties are not + compelled to copy the source along with the object code. + . + 4. You may not copy, modify, sublicense, or distribute the Program + except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense or distribute the Program is + void, and will automatically terminate your rights under this License. + However, parties who have received copies, or rights, from you under + this License will not have their licenses terminated so long as such + parties remain in full compliance. + . + 5. You are not required to accept this License, since you have not + signed it. However, nothing else grants you permission to modify or + distribute the Program or its derivative works. These actions are + prohibited by law if you do not accept this License. Therefore, by + modifying or distributing the Program (or any work based on the + Program), you indicate your acceptance of this License to do so, and + all its terms and conditions for copying, distributing or modifying + the Program or works based on it. + . + 6. Each time you redistribute the Program (or any work based on the + Program), the recipient automatically receives a license from the + original licensor to copy, distribute or modify the Program subject to + these terms and conditions. You may not impose any further + restrictions on the recipients' exercise of the rights granted herein. + You are not responsible for enforcing compliance by third parties to + this License. + . + 7. If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot + distribute so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you + may not distribute the Program at all. For example, if a patent + license would not permit royalty-free redistribution of the Program by + all those who receive copies directly or indirectly through you, then + the only way you could satisfy both it and this License would be to + refrain entirely from distribution of the Program. + . + If any portion of this section is held invalid or unenforceable under + any particular circumstance, the balance of the section is intended to + apply and the section as a whole is intended to apply in other + circumstances. + . + It is not the purpose of this section to induce you to infringe any + patents or other property right claims or to contest validity of any + such claims; this section has the sole purpose of protecting the + integrity of the free software distribution system, which is + implemented by public license practices. Many people have made + generous contributions to the wide range of software distributed + through that system in reliance on consistent application of that + system; it is up to the author/donor to decide if he or she is willing + to distribute software through any other system and a licensee cannot + impose that choice. + . + This section is intended to make thoroughly clear what is believed to + be a consequence of the rest of this License. + . + 8. If the distribution and/or use of the Program is restricted in + certain countries either by patents or by copyrighted interfaces, the + original copyright holder who places the Program under this License + may add an explicit geographical distribution limitation excluding + those countries, so that distribution is permitted only in or among + countries not thus excluded. In such case, this License incorporates + the limitation as if written in the body of this License. + . + 9. The Free Software Foundation may publish revised and/or new versions + of the General Public License from time to time. Such new versions will + be similar in spirit to the present version, but may differ in detail to + address new problems or concerns. + . + Each version is given a distinguishing version number. If the Program + specifies a version number of this License which applies to it and "any + later version", you have the option of following the terms and conditions + either of that version or of any later version published by the Free + Software Foundation. If the Program does not specify a version number of + this License, you may choose any version ever published by the Free Software + Foundation. + . + 10. If you wish to incorporate parts of the Program into other free + programs whose distribution conditions are different, write to the author + to ask for permission. For software which is copyrighted by the Free + Software Foundation, write to the Free Software Foundation; we sometimes + make exceptions for this. Our decision will be guided by the two goals + of preserving the free status of all derivatives of our free software and + of promoting the sharing and reuse of software generally. + . + NO WARRANTY + . + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN + OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED + OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS + TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE + PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, + REPAIR OR CORRECTION. + . + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, + INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING + OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED + TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY + YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER + PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE + POSSIBILITY OF SUCH DAMAGES. + . + END OF TERMS AND CONDITIONS + . + How to Apply These Terms to Your New Programs + . + If you develop a new program, and you want it to be of the greatest + possible use to the public, the best way to achieve this is to make it + free software which everyone can redistribute and change under these terms. + . + To do so, attach the following notices to the program. It is safest + to attach them to the start of each source file to most effectively + convey the exclusion of warranty; and each file should have at least + the "copyright" line and a pointer to where the full notice is found. + . + + Copyright (C) + . + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + . + Also add information on how to contact you by electronic and paper mail. + . + If the program is interactive, make it output a short notice like this + when it starts in an interactive mode: + . + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + . + The hypothetical commands `show w' and `show c' should show the appropriate + parts of the General Public License. Of course, the commands you use may + be called something other than `show w' and `show c'; they could even be + mouse-clicks or menu items--whatever suits your program. + . + You should also get your employer (if you work as a programmer) or your + school, if any, to sign a "copyright disclaimer" for the program, if + necessary. Here is a sample; alter the names: + . + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + . + , 1 April 1989 + Ty Coon, President of Vice + . + This General Public License does not permit incorporating your program into + proprietary programs. If your program is a subroutine library, you may + consider it more useful to permit linking proprietary applications with the + library. If this is what you want to do, use the GNU Lesser General + Public License instead of this License. diff --git a/livepatch/kpatch/debian/deb_folder/kpatch-build.install b/livepatch/kpatch/debian/deb_folder/kpatch-build.install new file mode 100644 index 000000000..393985b61 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/kpatch-build.install @@ -0,0 +1,4 @@ +usr/bin/* +usr/libexec/kpatch/* +usr/share/kpatch/* +usr/share/man/man1/kpatch-build.1* diff --git a/livepatch/kpatch/debian/deb_folder/kpatch.install b/livepatch/kpatch/debian/deb_folder/kpatch.install new file mode 100644 index 000000000..e9decaa68 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/kpatch.install @@ -0,0 +1,5 @@ +usr/sbin/kpatch +usr/share/man/man1/kpatch.1* +usr/lib/systemd/system/kpatch.service lib/systemd/system/ +etc/init/kpatch.conf +var/lib/kpatch/* diff --git a/livepatch/kpatch/debian/deb_folder/rules b/livepatch/kpatch/debian/deb_folder/rules new file mode 100755 index 000000000..4ce6c23e8 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/rules @@ -0,0 +1,26 @@ +#!/usr/bin/make -f +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. The ASF licenses this +# file to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +#export DH_VERBOSE = 1 + +%: + dh $@ + +override_dh_auto_install: + dh_auto_install -- PREFIX=/usr diff --git a/livepatch/kpatch/debian/deb_folder/source/format b/livepatch/kpatch/debian/deb_folder/source/format new file mode 100644 index 000000000..163aaf8d8 --- /dev/null +++ b/livepatch/kpatch/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/livepatch/kpatch/debian/meta_data.yaml b/livepatch/kpatch/debian/meta_data.yaml new file mode 100644 index 000000000..849f30d2d --- /dev/null +++ b/livepatch/kpatch/debian/meta_data.yaml @@ -0,0 +1,9 @@ +--- +debver: 0.9.5-1 +dl_path: + name: kpatch.tar.gz + url: https://github.com/dynup/kpatch/archive/refs/tags/v0.9.5.tar.gz + md5sum: 0b0bf29ef3962ab2e1ac31b2b0e05181 +revision: + dist: $STX_DIST + PKG_GITREVCOUNT: True diff --git a/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch b/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch new file mode 100644 index 000000000..c0c0d537b --- /dev/null +++ b/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch @@ -0,0 +1,190 @@ +From 5637fee8b42fbe7eed1b4957c670e868c60ed24c Mon Sep 17 00:00:00 2001 +From: Zhixiong Chi +Date: Wed, 6 Apr 2022 11:18:07 +0800 +Subject: [PATCH] kpatch: Support for WRCP + +Adjust the kpatch-build workflow for WRCP platform, and add the example +patch for livepatch function for WRCP. + +Signed-off-by: Zhixiong Chi +--- + Makefile | 2 +- + Makefile.inc | 1 + + contrib/kpatch.service | 1 + + kpatch-build/kpatch-build | 28 ++++++++++++++++++---- + kpatch/Makefile | 1 + + kpatch/kpatch | 3 ++- + test/Makefile | 12 ++++++++++ + test/integration/wrcp/meminfo-string.patch | 11 +++++++++ + 8 files changed, 53 insertions(+), 6 deletions(-) + create mode 100644 test/Makefile + create mode 100644 test/integration/wrcp/meminfo-string.patch + +diff --git a/Makefile b/Makefile +index 1153492..1f0e921 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + include Makefile.inc + +-SUBDIRS = kpatch-build kpatch kmod man contrib ++SUBDIRS = kpatch-build kpatch kmod man contrib test + BUILD_DIRS = $(SUBDIRS:%=build-%) + INSTALL_DIRS = $(SUBDIRS:%=install-%) + UNINSTALL_DIRS = $(SUBDIRS:%=uninstall-%) +diff --git a/Makefile.inc b/Makefile.inc +index 15049f3..259127c 100644 +--- a/Makefile.inc ++++ b/Makefile.inc +@@ -16,6 +16,7 @@ DATADIR = $(DESTDIR)$(PREFIX)/share/kpatch + MANDIR = $(DESTDIR)$(PREFIX)/share/man/man1 + SYSTEMDDIR = $(DESTDIR)$(PREFIX)/lib/systemd/system + UPSTARTDIR = $(DESTDIR)/etc/init ++LOCALSTATEDIR = $(DESTDIR)/var + + .PHONY: all install clean + .DEFAULT: all +diff --git a/contrib/kpatch.service b/contrib/kpatch.service +index 6240256..ede0382 100644 +--- a/contrib/kpatch.service ++++ b/contrib/kpatch.service +@@ -8,6 +8,7 @@ Wants=network-pre.target + Type=oneshot + RemainAfterExit=yes + ExecStart=PREFIX/sbin/kpatch load --all ++ExecStop=PREFIX/sbin/kpatch unload --all + + [Install] + WantedBy=multi-user.target +diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build +index eedf383..0cabe74 100755 +--- a/kpatch-build/kpatch-build ++++ b/kpatch-build/kpatch-build +@@ -48,6 +48,7 @@ TEMPDIR="$CACHEDIR/tmp" + ENVFILE="$TEMPDIR/kpatch-build.env" + LOGFILE="$CACHEDIR/build.log" + RELEASE_FILE=/etc/os-release ++LINUXSRCDIR=/usr/src + DEBUG=0 + SKIPCLEANUP=0 + SKIPCOMPILERCHECK=0 +@@ -741,6 +742,7 @@ if [[ -n "$USERSRCDIR" ]]; then + elif [[ -e "$SRCDIR"/.config ]] && [[ -e "$VERSIONFILE" ]] && [[ "$(cat "$VERSIONFILE")" = "$ARCHVERSION" ]]; then + echo "Using cache at $SRCDIR" + ++ + else + if [[ "$DISTRO" = fedora ]] || [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = ol ]] || [[ "$DISTRO" = centos ]]; then + +@@ -793,7 +795,7 @@ else + + # url may be changed for a different mirror + url="http://ftp.debian.org/debian/pool/main/l" +- sublevel="SUBLEVEL =" ++ sublevel="SUBLEVEL = 0" + fi + + pkgname="$(dpkg-query -W -f='${Source}' "linux-image-$ARCHVERSION" | sed s/-signed//)" +@@ -805,9 +807,25 @@ else + cd "$TEMPDIR" || die + echo "Downloading and unpacking the kernel source for $ARCHVERSION" + # Download source deb pkg +- (dget -u "$url/${pkgname}/${dscname}" 2>&1) | logger || die "dget: Could not fetch/unpack $url/${pkgname}/${dscname}" +- mv "${pkgname}-$KVER" "$SRCDIR" || die +- [[ -z "$CONFIGFILE" ]] && CONFIGFILE="/boot/config-${ARCHVERSION}" ++ # (dget -u "$url/${pkgname}/${dscname}" 2>&1) | logger || die "dget: Could not fetch/unpack $url/${pkgname}/${dscname}" ++ # mv "${pkgname}-$KVER" "$SRCDIR" || die ++ ++ # Since the linux-yocto kernel version is used for wrcp project now, so need to ensure the linux-source package had ++ # already been installed. We don't dowanload the kernel source from the debian any more. ++ KSRCVER="${KVER%.*}" ++ KSRCNAME="$LINUXSRCDIR/linux-source-$KSRCVER.tar.xz" ++ if [[ -e "$KSRCNAME" ]]; then ++ tar xvf $KSRCNAME ++ mv "linux-source-$KSRCVER" "$SRCDIR" || die ++ fi ++ # Due to the ostree mechanism, we need add the prefix for kernel config here ++ CMDLINE="$(cat /proc/cmdline)" ++ TMP_PREFIX_CONFIG="${CMDLINE##*ostree=}" ++ PREFIX_CONFIG="${TMP_PREFIX_CONFIG%% *}" ++ [[ -z "$CONFIGFILE" ]] && CONFIGFILE="$PREFIX_CONFIG/boot/config-${ARCHVERSION}" ++ cp "$CONFIGFILE" "$SRCDIR/.config" || die ++ CONFIGFILE="$SRCDIR/.config" ++ + if [[ "$ARCHVERSION" == *-* ]]; then + echo "-${ARCHVERSION#*-}" > "$SRCDIR/localversion" || die + fi +@@ -869,6 +886,9 @@ else + KBUILD_EXTRA_SYMBOLS="$SYMVERSFILE" + fi + ++# Fix the module signing configuration to work for building kernels. ++sed -i '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' "$CONFIGFILE" || die ++ + # optional kernel configs: + grep -q "CONFIG_PARAVIRT=y" "$CONFIGFILE" && CONFIG_PARAVIRT=1 + grep -q "CONFIG_UNWINDER_ORC=y" "$CONFIGFILE" && CONFIG_UNWINDER_ORC=1 +diff --git a/kpatch/Makefile b/kpatch/Makefile +index 448968f..067792a 100644 +--- a/kpatch/Makefile ++++ b/kpatch/Makefile +@@ -5,6 +5,7 @@ all: + install: all + $(INSTALL) -d $(SBINDIR) + $(INSTALL) kpatch $(SBINDIR) ++ $(INSTALL) -d $(LOCALSTATEDIR)/lib/kpatch + + uninstall: + $(RM) $(SBINDIR)/kpatch +diff --git a/kpatch/kpatch b/kpatch/kpatch +index 7fecb23..e4624f5 100755 +--- a/kpatch/kpatch ++++ b/kpatch/kpatch +@@ -584,7 +584,8 @@ case "$1" in + echo "uninstalling $PATCH ($KVER)" + rm -f "$MODULE" || die "failed to uninstall module $PATCH" + rmdir --ignore-fail-on-non-empty "$INSTALLDIR/$KVER" || die "failed to remove directory $INSTALLDIR/$KVER" +- rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR" ++ # keep $INSTALLDIR directory for kpatch test build. ++ # rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR" + + ;; + +diff --git a/test/Makefile b/test/Makefile +new file mode 100644 +index 0000000..4ab6b23 +--- /dev/null ++++ b/test/Makefile +@@ -0,0 +1,12 @@ ++include ../Makefile.inc ++ ++all: ++ ++install: all ++ $(INSTALL) -d $(LOCALSTATEDIR)/lib/kpatch/test ++ $(INSTALL) integration/wrcp/*.patch $(LOCALSTATEDIR)/lib/kpatch/test ++ ++uninstall: ++ $(RM) $(LOCALSTATEDIR)/lib/kpatch/test/*.patch ++ ++clean: +diff --git a/test/integration/wrcp/meminfo-string.patch b/test/integration/wrcp/meminfo-string.patch +new file mode 100644 +index 0000000..5047a2e +--- /dev/null ++++ b/test/integration/wrcp/meminfo-string.patch +@@ -0,0 +1,11 @@ ++--- src.orig/fs/proc/meminfo.c 2021-10-19 03:09:04.000000000 +0000 +++++ src/fs/proc/meminfo.c 2022-03-22 10:21:30.686845582 +0000 ++@@ -119,7 +119,7 @@ ++ seq_printf(m, "VmallocTotal: %8lu kB\n", ++ (unsigned long)VMALLOC_TOTAL >> 10); ++ show_val_kb(m, "VmallocUsed: ", vmalloc_nr_pages()); ++- show_val_kb(m, "VmallocChunk: ", 0ul); +++ show_val_kb(m, "VMALLOCChunk: ", 0ul); ++ show_val_kb(m, "Percpu: ", pcpu_nr_pages()); ++ ++ #ifdef CONFIG_MEMORY_FAILURE +-- +2.25.1 + diff --git a/livepatch/kpatch/debian/patches/series b/livepatch/kpatch/debian/patches/series new file mode 100644 index 000000000..b33f05697 --- /dev/null +++ b/livepatch/kpatch/debian/patches/series @@ -0,0 +1 @@ +0001-kpatch-Support-for-WRCP.patch