v0.2.0

bpfcompat v0.2.0

The biggest release since the project went public: a new embeddable library API, a new OS family (OpenShift/CoreOS), and aarch64 VM support.

Highlights

• Embeddable library mode — pkg/bpfcompat. ValidateBeforeLoad does a real bpf() load against the node's own running kernel (no VM, no network) for a pre-load gate such as bpfman's; Validate exposes the full VM matrix engine. Host loading is gated behind the hostload build tag with an embedded static validator. See pkg/bpfcompat/README.md. (Pre-1.0 / experimental.)
• OpenShift / CoreOS support (Ignition boot). Fedora CoreOS is runnable out of the box (make vm-image-fcos); RHEL CoreOS is opt-in with an operator-supplied image (BPFCOMPAT_ENABLE_RHCOS=1). Backed by a real, recorded evidence matrix — 3 OpenShift releases × 6 artifacts on x86_64 plus a real aarch64 boot (docs/evidence-rhcos.md), including a BPF-LSM backport boundary (rejected on RHEL 9.2, loads+attaches on 9.4).
• aarch64 VM boot fixed. The executor now supplies aarch64 UEFI firmware (AAVMF pflash) and uses TCG when the guest arch differs from the host — so aarch64 cloud-image profiles actually boot.
• Zero-config gadget validation. --artifact accepts an OCI gadget reference; --quick needs no matrix file; runtime-sized maps are auto-sized; programs libbpf can't classify are auto-typed, with a manifest program-type override; generic inner-map (map-in-map) fixup.

Verify the release

cosign verify-blob \
  --certificate SHA256SUMS.crt --signature SHA256SUMS.sig \
  --certificate-identity-regexp 'github.com/Kernel-Guard/bpfcompat' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  SHA256SUMS
sha256sum -c SHA256SUMS --ignore-missing

Full changelog: CHANGELOG.md. SBOM attached (bpfcompat.sbom.cdx.json); build provenance + SBOM attestations via Sigstore.

v0.1.6

bpfcompat v0.1.6 — enterprise/backported-kernel coverage (14/14), SLS…

v0.1.5

v0.1.5: fix invalid action.yml YAML shipped in v0.1.4

v0.1.4

v0.1.4: manifest map fixups, collection-first workflow, prebuilt acti…

v0.1.3

v0.1.3

UX-focused release for the CI-first eBPF compatibility workflow.

Changed

• Added target search/filter and selected-target counts for long kernel catalogs.
• Added live gate readiness for selected targets, BPF input, and expected output.
• Added compatibility matrix filters for all targets, failures, required targets, and passes.
• Improved preset behavior so selected targets are brought into view without moving the whole page.
• Updated README, docs, and generated suite workflow snippets to reference Kernel-Guard/bpfcompat@v0.1.3.

Verification

• Local go test ./...
• Local go test -mod=vendor ./...
• Local golangci-lint run --timeout=5m --new-from-rev=HEAD
• GitHub Actions ci, arm64-build-smoke, and release-artifacts passed on the release commit.

Release assets include the Linux CLI binary, checksum, CycloneDX SBOM, and keyless cosign signatures/certificates.

v0.1.2 - Workflow UX polish

Highlights

• Simplifies the web UI around the core compatibility workflow: select targets, provide BPF, choose intent, run, read matrix.
• Adds clearer pass/fail matrix visuals with required/optional count tiles and status pills.
• Adds CI-first suite guidance and updates generated action snippets to Kernel-Guard/bpfcompat@v0.1.2.
• Keeps history/runtime proof behind an advanced evidence drawer and lazy-loads it only when opened.
• Updates make serve to run the public demo profile without a write API key by default.

Validation

• git diff --check
• go test ./...
• go test -mod=vendor ./...
• golangci-lint run --timeout=5m --new-from-rev=origin/main
• Public-release hygiene scan for private keys/cloud demo URLs/private planning terms

v0.1.1 - Marketplace-ready action

Marketplace-ready action metadata and documentation update.

Changes:

• Renames the GitHub Action to BPFCompat eBPF Compatibility Gate.
• Adds action author and Marketplace branding metadata.
• Updates README and suite docs to use Kernel-Guard/bpfcompat@v0.1.1.
• Documents the self-hosted Linux KVM runner requirement in the quick start.

Scope note:
This remains an OSS MVP/prototype focused on compatibility evidence and CI gating. VM-backed validation requires a self-hosted KVM runner.

v0.1.0 - Initial public release

Initial public release of BPFCompat.

Highlights:

• CI-first eBPF compatibility validation for compiled .bpf.o artifacts.
• QEMU/KVM-backed Linux kernel and distro profile matrix support.
• C/libbpf validator for load, attach, BTF, CO-RE, hook, and capability evidence.
• JSON, Markdown, and GitHub Actions summary reporting.
• Artifact history, regression comparison, signed metadata, and runtime selection proof paths.
• Early guarded runtime agent/selector alpha for probe, select, fetch, and approval-gated execution workflows.

Scope note:
This is an OSS MVP/prototype focused on compatibility evidence and CI gating. It is not yet a production multi-tenant SaaS or production runtime loader.