diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2019-12-13 17:30:23 -0800 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2019-12-13 17:30:23 -0800 |
| commit | 2b5f5635be6131d7e89b4c6244b29f32ebd163c1 (patch) | |
| tree | 496b977ac4a94ee632eeece27946660d127878ea /go | |
| parent | 2bd8e293982acc034554b7f66d6b969f24199876 (diff) | |
| download | platform_external_libcap-2b5f5635be6131d7e89b4c6244b29f32ebd163c1.tar.gz platform_external_libcap-2b5f5635be6131d7e89b4c6244b29f32ebd163c1.tar.bz2 platform_external_libcap-2b5f5635be6131d7e89b4c6244b29f32ebd163c1.zip | |
Restructure the make files into build vs. test
Also install the Go packages if built.
Remove a default behavior of installing an inheritable bit on setcap.
I'm getting alarmed that some distributions are setting the inheritable
set to full for all users. So, I don't want to provide a vector for
a trivial exploit, and hope they are not reinventing this:
https://sites.google.com/site/fullycapable/Home/thesendmailcapabilitiesissue
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'go')
| -rw-r--r-- | go/Makefile | 61 |
1 files changed, 38 insertions, 23 deletions
diff --git a/go/Makefile b/go/Makefile index a8b3dc0..ce22f78 100644 --- a/go/Makefile +++ b/go/Makefile @@ -1,4 +1,4 @@ -# Building the libcap/cap Go package. Note, we use symlinks to +# Building the libcap/{cap.psx} Go packages. Note, we use symlinks to # construct a go friendly src tree. topdir=$(realpath ..) @@ -8,11 +8,12 @@ GOPATH=$(realpath .) PSXGOPACKAGE=pkg/$(GOOSARCH)/libcap/psx.a CAPGOPACKAGE=pkg/$(GOOSARCH)/libcap/cap.a +DEPS=../libcap/libcap.a ../libcap/libpsx.a + all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web compare-cap -# $(MAKE) compare-cap -# $(MAKE) web -# ./compare-cap +$(DEPS): + make -C ../libcap all src/libcap/psx: mkdir -p src/libcap @@ -22,20 +23,8 @@ src/libcap/cap: mkdir -p src/libcap ln -s $(topdir)/cap src/libcap/ -$(PSXGOPACKAGE): src/libcap/psx $(topdir)/psx/psx.go $(topdir)/psx/psx_test.go - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go test libcap/psx - mkdir -p pkg - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go build libcap/psx - -$(CAPGOPACKAGE): src/libcap/cap/syscalls.go src/libcap/cap/names.go src/libcap/cap/cap.go src/libcap/cap/text.go - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go test libcap/cap - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build libcap/cap - -install: all -# TODO - install the Go package somewhere useful (ex. /usr/share/gocode/src/libcap/cap/ ) - -$(topdir)/libcap/cap_names.h: - make -C $(topdir)/libcap +$(topdir)/libcap/cap_names.h: $(DEPS) + make -C $(topdir)/libcap all src/libcap/cap/names.go: $(topdir)/libcap/cap_names.h src/libcap/cap mknames.go go run mknames.go --header=$< | gofmt > $@ || rm -f $@ @@ -43,16 +32,42 @@ src/libcap/cap/names.go: $(topdir)/libcap/cap_names.h src/libcap/cap mknames.go src/libcap/cap/syscalls.go: ./syscalls.sh src/libcap/cap ./syscalls.sh src/libcap/cap -# Compile and run something with this package and compare it to libcap. +$(PSXGOPACKAGE): src/libcap/psx src/libcap/psx/psx.go src/libcap/psx/psx_test.go $(DEPS) + mkdir -p pkg + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go install libcap/psx + +$(CAPGOPACKAGE): src/libcap/cap/syscalls.go src/libcap/cap/names.go src/libcap/cap/cap.go src/libcap/cap/text.go $(PSXGOPACKAGE) + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go install libcap/cap + +# Compiles something with this package to compare it to libcap. This +# tests more when run under sudo (see ../progs/quicktest.sh for that). compare-cap: compare-cap.go $(CAPGOPACKAGE) - CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build $< + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go build $< web: web.go $(CAPGOPACKAGE) - CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(realpath .) go build $< + CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go build $< +ifeq ($(RAISE_GO_FILECAP),yes) + make -C ../progs setcap + sudo ../progs/setcap cap_net_bind_service=p web + @echo "NOTE: RAISED cap_net_bind_service ON web binary" +endif + +test: all + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH="$(GOPATH)" go test libcap/psx + CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) go test libcap/cap + ./compare-cap + +install: all + mkdir -p $(FAKEROOT)$(GOPKGDIR)/libcap/psx + rm -f $(FAKEROOT)$(GOPKGDIR)/libcap/psx/* + install -m 0644 src/libcap/psx/* $(FAKEROOT)$(GOPKGDIR)/libcap/psx/ + mkdir -p $(FAKEROOT)$(GOPKGDIR)/libcap/cap + rm -f $(FAKEROOT)$(GOPKGDIR)/libcap/cap/* + install -m 0644 src/libcap/cap/* $(FAKEROOT)$(GOPKGDIR)/libcap/cap/ clean: - GOPATH=$(realpath .) go clean -x -i libcap/cap 2> /dev/null || exit 0 - GOPATH=$(realpath .) go clean -x -i libcap/psx 2> /dev/null || exit 0 + GOPATH=$(GOPATH) go clean -x -i libcap/cap 2> /dev/null || exit 0 + GOPATH=$(GOPATH) go clean -x -i libcap/psx 2> /dev/null || exit 0 rm -f *.o *.so mknames web compare-cap *~ rm -f $(topdir)/cap/*~ $(topdir)/cap/names.go $(topdir)/cap/syscalls*.go rm -f $(topdir)/psx/*~ |