From 23496f94be6dd4c6964b54a563b4e22aa6b87611 Mon Sep 17 00:00:00 2001 From: Manabu Sugimoto Date: Thu, 28 Oct 2021 18:21:40 +0900 Subject: [PATCH] release: Upload libseccomp sources with notice to release page The `kata-agent` binaries inside the Kata Containers images provided with release are statically linked with the GNU LGPL-2.1 licensed libseccomp library by default. Therefore, we attach the complete source code of the libseccomp to the release page in order to comply with the LGPL-2.1 (6(a)). In addition, we add the description about the libseccomp license to the release page. Fixes: #2922 Signed-off-by: Manabu Sugimoto --- .github/workflows/release.yaml | 27 ++++++++++++++++++++++++ tools/packaging/release/release-notes.sh | 19 +++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ee6ec5e71a..5aed5e4f17 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -149,3 +149,30 @@ jobs: tar -cvzf "${tarball}" src/agent/.cargo/config src/agent/vendor GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" popd + + upload-libseccomp-tarball: + needs: upload-cargo-vendored-tarball + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: download-and-upload-tarball + env: + GITHUB_TOKEN: ${{ secrets.GIT_UPLOAD_TOKEN }} + run: | + pushd $GITHUB_WORKSPACE + ./ci/install_yq.sh + tag=$(echo $GITHUB_REF | cut -d/ -f3-) + versions_yaml="versions.yaml" + version=$(yq read ${versions_yaml} "externals.libseccomp.version") + repo_url=$(yq read ${versions_yaml} "externals.libseccomp.url") + download_url="${repo_url}/releases/download/v${version}" + tarball="libseccomp-${version}.tar.gz" + asc="${tarball}.asc" + curl -sSLO "${download_url}/${tarball}" + curl -sSLO "${download_url}/${asc}" + # "-m" option should be empty to re-use the existing release title + # without opening a text editor. + # For the details, check https://hub.github.com/hub-release.1.html. + hub release edit -m "" -a "${tarball}" "${tag}" + hub release edit -m "" -a "${asc}" "${tag}" + popd diff --git a/tools/packaging/release/release-notes.sh b/tools/packaging/release/release-notes.sh index e890c671d4..b80c899eb8 100755 --- a/tools/packaging/release/release-notes.sh +++ b/tools/packaging/release/release-notes.sh @@ -53,6 +53,9 @@ get_release_info() { kubernetes_version=$(get_from_kata_deps "externals.kubernetes.version") oci_spec_version=$(get_from_kata_deps "specs.oci.version") + libseccomp_version=$(get_from_kata_deps "externals.libseccomp.version") + libseccomp_url=$(get_from_kata_deps "externals.libseccomp.url") + #Image information image_info=$(get_from_kata_deps "assets.image") @@ -110,6 +113,19 @@ Kata Containers ${runtime_version} support the OCI Runtime Specification [${oci_ ## Compatibility with Kubernetes Kata Containers ${runtime_version} is compatible with Kubernetes ${kubernetes_version} +## Libseccomp Notices +The `kata-agent` binaries inside the Kata Containers images provided with this release are +statically linked with the following [GNU LGPL-2.1][lgpl-2.1] licensed libseccomp library. + +* [`libseccomp`][libseccomp] + +The `kata-agent` uses the libseccomp v${libseccomp_version} which is not modified from the upstream version. +However, in order to comply with the LGPL-2.1 (ยง6(a)), we attach the complete source code for the library. + +If you want to use the `kata-agent` which is not statically linked with the library, you can build +a custom `kata-agent` that does not use the library from sources. +For the details, please check the [developer guide][custom-agent-doc]. + ## Kata Linux Containers image Agent version: ${new_release} @@ -136,6 +152,9 @@ More information [Limitations][limitations] [kernel-patches]: https://github.com/kata-containers/kata-containers/tree/${new_release}/tools/packaging/kernel/patches [kernel-config]: https://github.com/kata-containers/kata-containers/tree/${new_release}/tools/packaging/kernel/configs [ocispec]: https://github.com/opencontainers/runtime-spec/releases/tag/${oci_spec_version} +[libseccomp]: ${libseccomp_url} +[lgpl-2.1]: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html +[custom-agent-doc]: https://github.com/kata-containers/kata-containers/blob/main/docs/Developer-Guide.md#build-a-custom-kata-agent---optional [limitations]: https://github.com/kata-containers/kata-containers/blob/${new_release}/docs/Limitations.md [installation]: https://github.com/kata-containers/kata-containers/blob/${new_release}/docs/install EOT