package rosa

import "hakurei.app/internal/pkg"

func (t Toolchain) newLibseccomp() (pkg.Artifact, string) {
	const (
		version  = "2.6.0"
		checksum = "mMu-iR71guPjFbb31u-YexBaanKE_nYPjPux-vuBiPfS_0kbwJdfCGlkofaUm-EY"
	)
	return t.NewPackage("libseccomp", version, pkg.NewHTTPGetTar(
		nil, "https://github.com/seccomp/libseccomp/releases/download/"+
			"v"+version+"/libseccomp-"+version+".tar.gz",
		mustDecode(checksum),
		pkg.TarGzip,
	), &PackageAttr{
		ScriptEarly: `
ln -s ../system/bin/bash /bin/
`,

		Patches: []KV{
			{"fix-export-oob-read", `diff --git a/src/api.c b/src/api.c
index adccef3..65a277a 100644
--- a/src/api.c
+++ b/src/api.c
@@ -786,7 +786,7 @@ API int seccomp_export_bpf_mem(const scmp_filter_ctx ctx, void *buf,
                if (BPF_PGM_SIZE(program) > *len)
                        rc = _rc_filter(-ERANGE);
                else
-                       memcpy(buf, program->blks, *len);
+                       memcpy(buf, program->blks, BPF_PGM_SIZE(program));
        }
        *len = BPF_PGM_SIZE(program);
 
`},
		},
	}, (*MakeHelper)(nil),
		Bash,
		Diffutils,
		Gperf,

		KernelHeaders,
	), version
}
func init() {
	artifactsM[Libseccomp] = Metadata{
		f: Toolchain.newLibseccomp,

		Name:        "libseccomp",
		Description: "an interface to the Linux Kernel's syscall filtering mechanism",
		Website:     "https://github.com/seccomp/libseccomp/",

		ID: 13823,
	}
}