129 lines
5.2 KiB
Makefile
129 lines
5.2 KiB
Makefile
# Building the libcap/{cap.psx} Go packages, and examples.
|
|
#
|
|
# Note, we use symlinks to construct a GOPATH friendly src tree. The
|
|
# packages themselves are intended to be (ultimately) found via proxy
|
|
# as "kernel.org/pub/linux/libs/security/libcap/cap" and
|
|
# "kernel.org/pub/linux/libs/security/libcap/psx". However, to
|
|
# validate their use on these paths, we fake such a structure in the
|
|
# build tree with symlinks.
|
|
|
|
topdir=$(realpath ..)
|
|
include $(topdir)/Make.Rules
|
|
|
|
GOPATH=$(realpath .)
|
|
IMPORTDIR=kernel.org/pub/linux/libs/security/libcap
|
|
PKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR)
|
|
PSXGOPACKAGE=$(PKGDIR)/psx.a
|
|
CAPGOPACKAGE=$(PKGDIR)/cap.a
|
|
|
|
DEPS=../libcap/libcap.a ../libcap/libpsx.a
|
|
|
|
all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web setid gowns compare-cap try-launching psx-signals
|
|
|
|
$(DEPS):
|
|
make -C ../libcap all
|
|
|
|
../progs/tcapsh-static:
|
|
make -C ../progs tcapsh-static
|
|
|
|
src/$(IMPORTDIR)/psx:
|
|
mkdir -p "src/$(IMPORTDIR)"
|
|
ln -s $(topdir)/psx $@
|
|
|
|
src/$(IMPORTDIR)/cap:
|
|
mkdir -p "src/$(IMPORTDIR)"
|
|
ln -s $(topdir)/cap $@
|
|
|
|
$(topdir)/libcap/cap_names.h: $(DEPS)
|
|
make -C $(topdir)/libcap all
|
|
|
|
good-names.go: $(topdir)/libcap/cap_names.h src/$(IMPORTDIR)/cap mknames.go
|
|
$(GO) run mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@
|
|
diff -u ../cap/names.go $@
|
|
|
|
$(PSXGOPACKAGE): src/$(IMPORTDIR)/psx ../psx/*.go $(DEPS)
|
|
mkdir -p pkg
|
|
GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) install $(IMPORTDIR)/psx
|
|
|
|
$(CAPGOPACKAGE): src/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
|
|
GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) install $(IMPORTDIR)/cap
|
|
|
|
# Compiles something with this package to compare it to libcap. This
|
|
# tests more when run under sudotest (see ../progs/quicktest.sh for that).
|
|
compare-cap: compare-cap.go $(CAPGOPACKAGE)
|
|
GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
|
|
|
|
web: ../goapps/web/web.go $(CAPGOPACKAGE)
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
|
|
ifeq ($(RAISE_GO_FILECAP),yes)
|
|
make -C ../progs setcap
|
|
sudo ../progs/setcap cap_setpcap,cap_net_bind_service=p web
|
|
@echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary"
|
|
endif
|
|
|
|
setid: ../goapps/setid/setid.go $(CAPGOPACKAGE) $(PSXGOPACKAGE)
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
|
|
|
|
gowns: ../goapps/gowns/gowns.go $(CAPGOPACKAGE)
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
|
|
|
|
ok: ok.go
|
|
GO111MODULE=off CGO_ENABLED=0 GOPATH=$(GOPATH) $(GO) build $<
|
|
|
|
try-launching: try-launching.go $(CAPGOPACKAGE) ok
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build $<
|
|
ifeq ($(CGO_REQUIRED),0)
|
|
GO111MODULE=off CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
|
|
endif
|
|
|
|
psx-signals: psx-signals.go $(PSXGOPACKAGE)
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
|
|
ifeq ($(CGO_REQUIRED),0)
|
|
GO111MODULE=off CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
|
|
endif
|
|
|
|
b210613: b210613.go $(CAPGOPACKAGE)
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
|
|
|
|
test: all
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
|
|
GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
|
|
LD_LIBRARY_PATH=../libcap ./compare-cap
|
|
./psx-signals
|
|
ifeq ($(CGO_REQUIRED),0)
|
|
./psx-signals-cgo
|
|
endif
|
|
./setid --caps=false
|
|
./gowns -- -c "echo gowns runs"
|
|
|
|
# Note, the user namespace doesn't require sudo, but I wanted to avoid
|
|
# requiring that the hosting kernel supports user namespaces for the
|
|
# regular test case.
|
|
sudotest: test ../progs/tcapsh-static b210613
|
|
./gowns --ns -- -c "echo gowns runs with user namespace"
|
|
./try-launching
|
|
ifeq ($(CGO_REQUIRED),0)
|
|
./try-launching-cgo
|
|
endif
|
|
sudo ./try-launching
|
|
ifeq ($(CGO_REQUIRED),0)
|
|
sudo ./try-launching-cgo
|
|
endif
|
|
sudo ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
|
|
|
|
install: all
|
|
rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
|
|
mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
|
|
install -m 0644 src/$(IMPORTDIR)/psx/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
|
|
mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
|
|
rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap/*
|
|
install -m 0644 src/$(IMPORTDIR)/cap/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
|
|
|
|
clean:
|
|
rm -f *.o *.so *~ mknames ok good-names.go
|
|
rm -f web setid gowns
|
|
rm -f compare-cap try-launching try-launching-cgo
|
|
rm -f $(topdir)/cap/*~ $(topdir)/psx/*~
|
|
rm -f b210613 psx-signals psx-signals-cgo
|
|
rm -fr pkg src
|