From abedd3c42100a636ae14a5c860ee2ed236af66ab Mon Sep 17 00:00:00 2001 From: Sam James Date: Mon, 30 Aug 2021 07:04:15 +0100 Subject: [PATCH] Build system fixes Summary: - Respect tool choices: CC/AR/OBJCOPY/RANLIB - Respect *FLAGS: CFLAGS/CPPFLAGS - Use existing make process to spawn new jobs - Only build tests conditionally (when we're going to run them) Much smaller version of patches from before thanks to upstream incorporating some of our changes. See < 2.55 patches for some more context/history; the original patch was from Mike Frysinger and was forward-ported by Lars Wendler . Bug: https://bugs.gentoo.org/808807 (given this is where discussion occurred) Bug: https://bugzilla.kernel.org/show_bug.cgi?id=214085 Signed-off-by: Sam James --- a/Make.Rules +++ b/Make.Rules @@ -64,24 +64,20 @@ KERNEL_HEADERS := $(topdir)/libcap/include/uapi LIBCAP_INCLUDES = -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include DEFINES := -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -CC := $(CROSS_COMPILE)gcc LD=$(CC) -Wl,-x -shared SUDO := sudo COPTS ?= -O2 -CFLAGS ?= $(COPTS) $(DEFINES) +CFLAGS ?= $(COPTS) LDFLAGS ?= #-g -CPPFLAGS += $(LIBCAP_INCLUDES) +CPPFLAGS += $(LIBCAP_INCLUDES) $(DEFINES) BUILD_CC ?= $(CC) BUILD_LD ?= $(BUILD_CC) -Wl,-x -shared BUILD_COPTS ?= $(COPTS) -BUILD_CFLAGS ?= $(BUILD_COPTS) $(DEFINES) +BUILD_CFLAGS ?= $(CFLAGS) BUILD_LDFLAGS ?= $(LDFLAGS) BUILD_CPPFLAGS += $(LIBCAP_INCLUDES) -AR := $(CROSS_COMPILE)ar -RANLIB := $(CROSS_COMPILE)ranlib -OBJCOPY := $(CROSS_COMPILE)objcopy DEBUG = -g #-DDEBUG WARNINGS=-Wall -Wwrite-strings \ -Wpointer-arith -Wcast-qual -Wcast-align \ @@ -95,7 +91,8 @@ BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes) SYSTEM_HEADERS = /usr/include INCS=$(topdir)/libcap/include/sys/capability.h -CFLAGS += -Dlinux $(WARNINGS) $(DEBUG) +CPPFLAGS += -Dlinux +CFLAGS += $(WARNINGS) $(DEBUG) INDENT := $(shell if [ -n "$$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi) # SHARED tracks whether or not the SHARED libraries (libcap.so, --- a/Makefile +++ b/Makefile @@ -17,7 +17,6 @@ ifeq ($(GOLANG),yes) $(MAKE) -C go $@ rm -f cap/go.sum endif - $(MAKE) -C tests $@ $(MAKE) -C progs $@ $(MAKE) -C doc $@ $(MAKE) -C kdebug $@ --- a/libcap/Makefile +++ b/libcap/Makefile @@ -111,7 +111,7 @@ loader.txt: empty $(OBJCOPY) --dump-section .interp=$@ $< /dev/null cap_magic.o: execable.h execable.c loader.txt - $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBRARY_VERSION=\"$(LIBTITLE)-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat loader.txt)\" -c execable.c -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBRARY_VERSION=\"$(LIBTITLE)-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat loader.txt)\" $(LDFLAGS) -c execable.c -o $@ $(CAPLIBNAME) $(MAJCAPLIBNAME) $(MINCAPLIBNAME): $(CAPOBJS) $(CAPMAGICOBJ) $(LD) $(CFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJCAPLIBNAME) -o $(MINCAPLIBNAME) $^ $(MAGIC) @@ -119,22 +119,22 @@ $(CAPLIBNAME) $(MAJCAPLIBNAME) $(MINCAPLIBNAME): $(CAPOBJS) $(CAPMAGICOBJ) ln -sf $(MAJCAPLIBNAME) $(CAPLIBNAME) psx_magic.o: execable.h execable.c loader.txt - $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBRARY_VERSION=\"$(PSXTITLE)-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat loader.txt)\" -c execable.c -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBRARY_VERSION=\"$(PSXTITLE)-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat loader.txt)\" $(LDFLAGS) -c execable.c -o $@ $(PSXLIBNAME) $(MAJPSXLIBNAME) $(MINPSXLIBNAME): $(PSXOBJS) include/sys/psx_syscall.h $(PSXMAGICOBJ) - $(LD) $(CFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJPSXLIBNAME) -o $(MINPSXLIBNAME) $(PSXOBJS) $(PSXMAGICOBJ) $(MAGIC) $(PSXLINKFLAGS) + $(LD) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJPSXLIBNAME) -o $(MINPSXLIBNAME) $(PSXOBJS) $(PSXMAGICOBJ) $(MAGIC) $(PSXLINKFLAGS) ln -sf $(MINPSXLIBNAME) $(MAJPSXLIBNAME) ln -sf $(MAJPSXLIBNAME) $(PSXLIBNAME) endif %.o: %.c $(INCLS) - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -c $< -o $@ cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS) - $(CC) $(CFLAGS) $(CPPFLAGS) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@ cap_test: cap_test.c libcap.h $(CAPOBJS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< $(CAPOBJS) -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< $(CAPOBJS) -o $@ libcapsotest: $(CAPLIBNAME) ./$(CAPLIBNAME) --- a/pam_cap/Makefile +++ b/pam_cap/Makefile @@ -17,10 +17,10 @@ install: all $(MAKE) -C ../libcap loader.txt execable.o: execable.c ../libcap/execable.h ../libcap/loader.txt - $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBCAP_VERSION=\"libcap-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" -c execable.c -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) -DLIBCAP_VERSION=\"libcap-$(VERSION).$(MINOR)\" -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" $(LDFLAGS) -c execable.c -o $@ pam_cap.so: pam_cap.o execable.o pam_cap_linkopts - cat pam_cap_linkopts | xargs -e $(LD) -o $@ pam_cap.o execable.o $(LIBCAPLIB) $(LDFLAGS) + cat pam_cap_linkopts | xargs -e $(LD) $(LDFLAGS) -o $@ pam_cap.o execable.o $(LIBCAPLIB) # Some distributions force link everything at compile time, and don't # take advantage of libpam's dlopen runtime options to resolve ill @@ -51,21 +51,21 @@ pam_cap_linkopts: lazylink.so ./lazylink.so || echo "-lpam" >> $@ lazylink.so: lazylink.c ../libcap/execable.h ../libcap/loader.txt - $(LD) -o $@ $(CFLAGS) $(CPPFLAGS) lazylink.c -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" $(LDFLAGS) -Wl,-e,__so_start + $(LD) -o $@ $(CFLAGS) $(CPPFLAGS) -DSHARED_LOADER=\"$(shell cat ../libcap/loader.txt)\" $(LDFLAGS) lazylink.c -Wl,-e,__so_start endif endif pam_cap.o: pam_cap.c - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -c $< -o $@ ../libcap/libcap.a: $(MAKE) -C ../libcap libcap.a test_pam_cap: test_pam_cap.c pam_cap.c ../libcap/libcap.a - $(CC) $(CFLAGS) $(CPPFLAGS) -o $@ test_pam_cap.c $(LIBCAPLIB) $(LDFLAGS) --static + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ test_pam_cap.c $(LIBCAPLIB) --static testlink: test.c pam_cap.o - $(CC) $(CFLAGS) -o $@ $+ -lpam -ldl $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $+ -lpam -ldl $(LIBCAPLIB) test: testlink test_pam_cap pam_cap.so $(MAKE) testlink --- a/progs/Makefile +++ b/progs/Makefile @@ -22,16 +22,16 @@ DEPS = ../libcap/libcap.a endif ../libcap/libcap.a: - make -C ../libcap libcap.a + $(MAKE) -C ../libcap libcap.a ../libcap/libcap.so: - make -C ../libcap libcap.so + $(MAKE) -C ../libcap libcap.so $(BUILD): %: %.o $(DEPS) - $(CC) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LIBCAPLIB) %.o: %.c $(INCS) - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -c $< -o $@ install: all mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR) @@ -49,10 +49,10 @@ capshdoc.h.cf: capshdoc.h ./mkcapshdoc.sh diff -u capshdoc.h $@ || (rm $@ ; exit 1) capsh: capsh.c capshdoc.h.cf $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $(CAPSH_SHELL) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(CAPSH_SHELL) -o $@ $< $(LIBCAPLIB) tcapsh-static: capsh.c capshdoc.h.cf $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $(CAPSH_SHELL) -o $@ $< $(LIBCAPLIB) --static + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $(CAPSH_SHELL) -o $@ $< $(LIBCAPLIB) --static uns_test: ../tests/uns_test.c $(MAKE) -C ../tests uns_test --- a/tests/Makefile +++ b/tests/Makefile @@ -66,17 +66,17 @@ run_psx_test: psx_test ./psx_test psx_test: psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) run_libcap_psx_test: libcap_psx_test ./libcap_psx_test libcap_psx_test: libcap_psx_test.c $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) # privileged uns_test: uns_test.c $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) run_uns_test: uns_test echo exit | $(SUDO) ./uns_test @@ -88,13 +88,13 @@ run_libcap_psx_launch_test: libcap_psx_launch_test ../progs/tcapsh-static $(SUDO) ./libcap_psx_launch_test libcap_launch_test: libcap_launch_test.c $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) # This varies only slightly from the above insofar as it currently # only links in the pthreads fork support. TODO() we need to change # the source to do something interesting with pthreads. libcap_psx_launch_test: libcap_launch_test.c $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) -DWITH_PTHREADS $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) -DWITH_PTHREADS $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) # This test demonstrates that libpsx is needed to secure multithreaded @@ -109,12 +109,12 @@ exploit.o: exploit.c $(CC) $(CFLAGS) $(CPPFLAGS) -c $< exploit: exploit.o $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) -lpthread # Note, for some reason, the order of libraries is important to avoid # the exploit working for dynamic linking. noexploit: exploit.o $(DEPS) - $(CC) $(CFLAGS) $(CPPFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) $(LDFLAGS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LIBCAPLIB) # This one runs in a chroot with no shared library files. noop: noop.c