microsoft.genpolicy: 3.2.0.azl3.genpolicy2 -> 3.2.0.azl3.genpolicy3

katexochen · katexochen · commit 4648470cc6d5 · 2025-01-22T10:53:53.000+01:00
Signed-off-by: Paul Meyer &lt;katexochen0@gmail.com&gt;
diff --git a/packages/by-name/microsoft/genpolicy/0001-genpolicy-add-rules-and-types-for-volumeDevices.patch b/packages/by-name/microsoft/genpolicy/0001-genpolicy-add-rules-and-types-for-volumeDevices.patch
@@ -14,18 +14,18 @@ Signed-off-by: Markus Rudy <mr@edgeless.systems>
  6 files changed, 85 insertions(+)
 
 diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
-index a5208cf9d3b38edfe6ab777ce0bafb81bf3b84dc..aa0488ae2dffc63780967ca706ea2c8ffcfb1391 100644
+index 4e4c3b3e03ddf173ebfcf07915f3f16a6801627b..b904391af531327d7def819cb9da47cd04d7124e 100644
 --- a/src/tools/genpolicy/rules.rego
 +++ b/src/tools/genpolicy/rules.rego
-@@ -62,6 +62,7 @@ CreateContainerRequest {
+@@ -63,6 +63,7 @@ CreateContainerRequest {
  
      i_oci := input.OCI
      i_storages := input.storages
 +    i_devices := input.devices
  
      # Check if any element from the policy_data.containers array allows the input request.
      some p_container in policy_data.containers
-@@ -85,6 +86,9 @@ CreateContainerRequest {
+@@ -86,6 +87,9 @@ CreateContainerRequest {
      p_storages := p_container.storages
      allow_by_anno(p_oci, i_oci, p_storages, i_storages)
  
@@ -35,7 +35,7 @@ index a5208cf9d3b38edfe6ab777ce0bafb81bf3b84dc..aa0488ae2dffc63780967ca706ea2c8f
      allow_linux(p_oci, i_oci)
  
      print("CreateContainerRequest: true")
-@@ -361,6 +365,16 @@ allow_log_directory(p_oci, i_oci) {
+@@ -362,6 +366,16 @@ allow_log_directory(p_oci, i_oci) {
      print("allow_log_directory: true")
  }
  
@@ -52,15 +52,15 @@ index a5208cf9d3b38edfe6ab777ce0bafb81bf3b84dc..aa0488ae2dffc63780967ca706ea2c8f
  allow_linux(p_oci, i_oci) {
      p_namespaces := p_oci.Linux.Namespaces
      print("allow_linux: p namespaces =", p_namespaces)
-@@ -372,6 +386,7 @@ allow_linux(p_oci, i_oci) {
+@@ -373,6 +387,7 @@ allow_linux(p_oci, i_oci) {
  
      allow_masked_paths(p_oci, i_oci)
      allow_readonly_paths(p_oci, i_oci)
 +    allow_linux_devices(p_oci.Linux.Devices, i_oci.Linux.Devices)
  
      print("allow_linux: true")
  }
-@@ -460,6 +475,13 @@ allow_readonly_path(p_elem, i_array, masked_paths) {
+@@ -461,6 +476,13 @@ allow_readonly_path(p_elem, i_array, masked_paths) {
      print("allow_readonly_path 2: true")
  }
  
diff --git a/packages/by-name/microsoft/genpolicy/0004-genpolicy-regex-check-contrast-specific-layer-src-pr.patch b/packages/by-name/microsoft/genpolicy/0004-genpolicy-regex-check-contrast-specific-layer-src-pr.patch
@@ -9,10 +9,10 @@ Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/tools/genpolicy/rules.rego b/src/tools/genpolicy/rules.rego
-index aa0488ae2dffc63780967ca706ea2c8ffcfb1391..38171ac667d6084b085633aedf669ed381c10e22 100644
+index b904391af531327d7def819cb9da47cd04d7124e..33c44fd4c8d20dcc4c13cbd12fcd9e577994ee97 100644
 --- a/src/tools/genpolicy/rules.rego
 +++ b/src/tools/genpolicy/rules.rego
-@@ -944,7 +944,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) {
+@@ -948,7 +948,7 @@ allow_storage_options(p_storage, i_storage, layer_ids, root_hashes) {
      i_count == p_count + 3
  
      print("allow_storage_options 2: i_storage.options[0] =", i_storage.options[0])
diff --git a/packages/by-name/microsoft/genpolicy/package.nix b/packages/by-name/microsoft/genpolicy/package.nix
@@ -17,14 +17,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "genpolicy";
-  version = "3.2.0.azl3.genpolicy2";
+  version = "3.2.0.azl3.genpolicy3";
 
   src = applyPatches {
     src = fetchFromGitHub {
       owner = "microsoft";
       repo = "kata-containers";
       rev = "refs/tags/${version}";
-      hash = "sha256-kdXCwiDQSs9K70KCgvYjglQrU80PgjHFYXWPM/1+1/I=";
+      hash = "sha256-1LodjolEG45EcYVoV07TlAb6ym4GR1bOiS7A5Bib8jY=";
     };
 
     patches = [
@@ -82,7 +82,7 @@ rustPlatform.buildRustPackage rec {
 
   sourceRoot = "${src.name}/src/tools/genpolicy";
 
-  cargoHash = "sha256-/s8D6uHVU6iao6Jq/pyiK1inXPlousICoYaqbyzH/II=";
+  cargoHash = "sha256-gmO8DYMcNjkHWXJlGEJcD9qgilfJ3HFDeF/UPEshqwk=";
 
   OPENSSL_NO_VENDOR = 1;
 
