Name:           process-snoop
Version:        1.0
Release:        1%{?dist}
Summary:        A pure CO-RE eBPF process monitor

License:        GPLv2
Source0:        %{name}-%{version}.tar.gz

# --- BUILD DEPENDENCIES ---
# compilers for C and BPF
BuildRequires:  clang
BuildRequires:  llvm
BuildRequires:  gcc
# tools to generate vmlinux.h and skeleton
BuildRequires:  bpftool
# library headers
BuildRequires:  libbpf-devel
# THE SECRET SAUCE: Provides BTF for the target distro kernel
BuildRequires:  kernel-devel

# --- RUNTIME DEPENDENCIES ---
# Notice: NO clang/llvm here! Just the library.
Requires:       libbpf

%description
A demonstration of a Pure CO-RE eBPF tool packaged for Fedora.

%prep
%setup -q

%build
# 1. GENERATE VMLINUX.H
# We query the INSTALLED kernel-devel package for its version
# We use %% to escape the macros so they evaluate at shell time
KVER=$(rpm -q --qf '%%{VERSION}-%%{RELEASE}.%%{ARCH}' kernel-devel | head -n 1)

# Dump BTF from the static file, NOT /sys/kernel/btf/vmlinux
bpftool btf dump file /usr/lib/modules/$KVER/vmlinux format c > vmlinux.h

# 2. COMPILE BPF (KERNEL SIDE)
# -g: debug info (needed for BTF)
# -O2: required by verifier
# -target bpf: output BPF bytecode
clang -g -O2 -target bpf -D__TARGET_ARCH_x86 -c agent.bpf.c -o agent.bpf.o

# 3. GENERATE SKELETON
bpftool gen skeleton agent.bpf.o > agent.skel.h

# 4. COMPILE LOADER (USER SIDE)
gcc -O2 -g -Wall main.c -o process-snoop -lbpf -lelf -lz

%install
mkdir -p %{buildroot}%{_bindir}
install -m 755 process-snoop %{buildroot}%{_bindir}/

%files
%{_bindir}/process-snoop
%license LICENSE

%changelog
* Fri Jan 30 2026 FOSDEM Demo - 1.0.0-1
- Initial CO-RE package