diff options
Diffstat (limited to 'meta/recipes-support/libcap')
-rw-r--r-- | meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch | 34 | ||||
-rw-r--r-- | meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch | 52 | ||||
-rw-r--r-- | meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch | 10 | ||||
-rw-r--r-- | meta/recipes-support/libcap/libcap_2.69.bb (renamed from meta/recipes-support/libcap/libcap_2.48.bb) | 51 |
4 files changed, 66 insertions, 81 deletions
diff --git a/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch new file mode 100644 index 0000000000..2ac1e6e560 --- /dev/null +++ b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 709aa8e156415215b0bb034d05b2aa2f44be044e Mon Sep 17 00:00:00 2001 | ||
2 | From: Hongxu Jia <hongxu.jia@windriver.com> | ||
3 | Date: Thu, 14 Oct 2021 15:57:36 +0800 | ||
4 | Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl | ||
5 | paths | ||
6 | |||
7 | This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings | ||
8 | and lengths as well as ld.so.cache path in the dynamic loader to specific | ||
9 | sections in memory. The sections that contain paths have been allocated a 4096 | ||
10 | byte section, which is the maximum path length in linux. This will allow the | ||
11 | relocating script to parse the ELF binary, detect the section and easily replace | ||
12 | the strings in a certain path. | ||
13 | |||
14 | Upstream-Status: Inappropriate [SDK specific] | ||
15 | |||
16 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
17 | |||
18 | --- | ||
19 | libcap/execable.h | 2 +- | ||
20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/libcap/execable.h b/libcap/execable.h | ||
23 | index fee17b4..5bb0c55 100644 | ||
24 | --- a/libcap/execable.h | ||
25 | +++ b/libcap/execable.h | ||
26 | @@ -23,7 +23,7 @@ | ||
27 | #endif | ||
28 | #define __EXECABLE_H | ||
29 | |||
30 | -const char __execable_dl_loader[] __attribute((section(".interp"))) = | ||
31 | +const char __execable_dl_loader[4096] __attribute((section(".interp"))) = | ||
32 | SHARED_LOADER ; | ||
33 | |||
34 | static void __execable_parse_args(int *argc_p, char ***argv_p) | ||
diff --git a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch b/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch deleted file mode 100644 index d2653afb75..0000000000 --- a/meta/recipes-support/libcap/files/0001-tests-do-not-statically-link-a-test.patch +++ /dev/null | |||
@@ -1,52 +0,0 @@ | |||
1 | From 6aa15fe548e5b1d6ca3b373779beb7521ea95ba9 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | ||
3 | Date: Wed, 15 Jan 2020 17:16:28 +0100 | ||
4 | Subject: [PATCH] tests: do not statically link a test | ||
5 | |||
6 | This fails on e.g. centos 7 | ||
7 | |||
8 | Upstream-Status: Inappropriate [oe-core specific] | ||
9 | Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | ||
10 | --- | ||
11 | progs/Makefile | 2 +- | ||
12 | tests/Makefile | 4 ++-- | ||
13 | 2 files changed, 3 insertions(+), 3 deletions(-) | ||
14 | |||
15 | diff --git a/progs/Makefile b/progs/Makefile | ||
16 | index 1d7fc7a..37db8f7 100644 | ||
17 | --- a/progs/Makefile | ||
18 | +++ b/progs/Makefile | ||
19 | @@ -42,7 +42,7 @@ endif | ||
20 | test: $(PROGS) | ||
21 | |||
22 | tcapsh-static: capsh.c $(DEPS) | ||
23 | - $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static | ||
24 | + $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) | ||
25 | |||
26 | sudotest: test tcapsh-static | ||
27 | sudo $(LDPATH) ./quicktest.sh | ||
28 | diff --git a/tests/Makefile b/tests/Makefile | ||
29 | index 01f7589..094ec57 100644 | ||
30 | --- a/tests/Makefile | ||
31 | +++ b/tests/Makefile | ||
32 | @@ -22,7 +22,7 @@ ifeq ($(PTHREADS),yes) | ||
33 | DEPS += ../libcap/libpsx.so | ||
34 | endif | ||
35 | else | ||
36 | -LDFLAGS += --static | ||
37 | +LDFLAGS += | ||
38 | DEPS=../libcap/libcap.a | ||
39 | ifeq ($(PTHREADS),yes) | ||
40 | DEPS += ../libcap/libpsx.a | ||
41 | @@ -106,7 +106,7 @@ noexploit: exploit.o $(DEPS) | ||
42 | |||
43 | # This one runs in a chroot with no shared library files. | ||
44 | noop: noop.c | ||
45 | - $(CC) $(CFLAGS) $< -o $@ --static | ||
46 | + $(CC) $(CFLAGS) $< -o $@ | ||
47 | |||
48 | clean: | ||
49 | rm -f psx_test libcap_psx_test libcap_launch_test *~ | ||
50 | -- | ||
51 | 2.17.1 | ||
52 | |||
diff --git a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch index 69287152eb..20346cf2fb 100644 --- a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch +++ b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 652071e430d5eea758965176b7648e79ad404daa Mon Sep 17 00:00:00 2001 | 1 | From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001 |
2 | From: Alexander Kanavin <alex.kanavin@gmail.com> | 2 | From: Alexander Kanavin <alex.kanavin@gmail.com> |
3 | Date: Fri, 20 Dec 2019 16:54:05 +0100 | 3 | Date: Fri, 20 Dec 2019 16:54:05 +0100 |
4 | Subject: [PATCH] tests: do not run target executables | 4 | Subject: [PATCH] tests: do not run target executables |
@@ -11,20 +11,20 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> | |||
11 | 1 file changed, 2 deletions(-) | 11 | 1 file changed, 2 deletions(-) |
12 | 12 | ||
13 | diff --git a/tests/Makefile b/tests/Makefile | 13 | diff --git a/tests/Makefile b/tests/Makefile |
14 | index fc39fee..3431df9 100644 | 14 | index ecb7d1b..8950c73 100644 |
15 | --- a/tests/Makefile | 15 | --- a/tests/Makefile |
16 | +++ b/tests/Makefile | 16 | +++ b/tests/Makefile |
17 | @@ -59,13 +59,11 @@ endif | 17 | @@ -61,13 +61,11 @@ endif |
18 | 18 | ||
19 | # unprivileged | 19 | # unprivileged |
20 | run_psx_test: psx_test | 20 | run_psx_test: psx_test |
21 | - ./psx_test | 21 | - ./psx_test |
22 | 22 | ||
23 | psx_test: psx_test.c $(DEPS) | 23 | psx_test: psx_test.c $(DEPS) |
24 | $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) $(LDFLAGS) | 24 | $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) |
25 | 25 | ||
26 | run_libcap_psx_test: libcap_psx_test | 26 | run_libcap_psx_test: libcap_psx_test |
27 | - ./libcap_psx_test | 27 | - ./libcap_psx_test |
28 | 28 | ||
29 | libcap_psx_test: libcap_psx_test.c $(DEPS) | 29 | libcap_psx_test: libcap_psx_test.c $(DEPS) |
30 | $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS) | 30 | $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) |
diff --git a/meta/recipes-support/libcap/libcap_2.48.bb b/meta/recipes-support/libcap/libcap_2.69.bb index d8bbebdde1..92fa766d37 100644 --- a/meta/recipes-support/libcap/libcap_2.48.bb +++ b/meta/recipes-support/libcap/libcap_2.69.bb | |||
@@ -1,34 +1,32 @@ | |||
1 | SUMMARY = "Library for getting/setting POSIX.1e capabilities" | 1 | SUMMARY = "Library for getting/setting POSIX.1e capabilities" |
2 | DESCRIPTION = "A library providing the API to access POSIX capabilities. \ | ||
3 | These allow giving various kinds of specific privileges to individual \ | ||
4 | users, without giving them full root permissions." | ||
2 | HOMEPAGE = "http://sites.google.com/site/fullycapable/" | 5 | HOMEPAGE = "http://sites.google.com/site/fullycapable/" |
3 | |||
4 | # no specific GPL version required | 6 | # no specific GPL version required |
5 | LICENSE = "BSD | GPLv2" | 7 | LICENSE = "BSD-3-Clause | GPL-2.0-only" |
6 | LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1" | 8 | LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=905326f41d3d1f8df21943f9a4ed6b50" |
9 | LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \ | ||
10 | ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ | ||
11 | " | ||
7 | 12 | ||
8 | DEPENDS = "hostperl-runtime-native gperf-native" | 13 | DEPENDS = "hostperl-runtime-native gperf-native" |
9 | 14 | ||
10 | SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ | 15 | SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ |
11 | file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ | 16 | file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ |
12 | file://0002-tests-do-not-run-target-executables.patch \ | 17 | file://0002-tests-do-not-run-target-executables.patch \ |
13 | file://0001-tests-do-not-statically-link-a-test.patch \ | ||
14 | " | 18 | " |
15 | SRC_URI[sha256sum] = "4de9590ee09a87c282d558737ffb5b6175ccbfd26d580add10df44d0f047f6c2" | 19 | SRC_URI:append:class-nativesdk = " \ |
20 | file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ | ||
21 | " | ||
22 | SRC_URI[sha256sum] = "f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb" | ||
16 | 23 | ||
17 | UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" | 24 | UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" |
18 | 25 | ||
19 | inherit lib_package | 26 | inherit lib_package |
20 | 27 | ||
21 | # do NOT pass target cflags to host compilations | ||
22 | # | ||
23 | do_configure() { | ||
24 | # libcap uses := for compilers, fortunately, it gives us a hint | ||
25 | # on what should be replaced with ?= | ||
26 | sed -e 's,:=,?=,g' -i Make.Rules | ||
27 | sed -e 's,^BUILD_CFLAGS ?= ,BUILD_CFLAGS := $(BUILD_CFLAGS) ,' -i Make.Rules | ||
28 | } | ||
29 | |||
30 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" | 28 | PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" |
31 | PACKAGECONFIG_class-native ??= "" | 29 | PACKAGECONFIG:class-native ??= "" |
32 | 30 | ||
33 | PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" | 31 | PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" |
34 | 32 | ||
@@ -37,16 +35,21 @@ EXTRA_OEMAKE = " \ | |||
37 | lib='${baselib}' \ | 35 | lib='${baselib}' \ |
38 | RAISE_SETFCAP=no \ | 36 | RAISE_SETFCAP=no \ |
39 | DYNAMIC=yes \ | 37 | DYNAMIC=yes \ |
40 | BUILD_GPERF=yes \ | 38 | USE_GPERF=yes \ |
41 | " | 39 | " |
42 | 40 | ||
43 | EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" | 41 | EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" |
44 | |||
45 | # these are present in the libcap defaults, so include in our CFLAGS too | ||
46 | CFLAGS += "-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" | ||
47 | 42 | ||
48 | do_compile() { | 43 | do_compile() { |
49 | oe_runmake ${PACKAGECONFIG_CONFARGS} | 44 | unset CFLAGS BUILD_CFLAGS |
45 | oe_runmake \ | ||
46 | ${PACKAGECONFIG_CONFARGS} \ | ||
47 | AR="${AR}" \ | ||
48 | CC="${CC}" \ | ||
49 | RANLIB="${RANLIB}" \ | ||
50 | OBJCOPY="${OBJCOPY}" \ | ||
51 | COPTS="${CFLAGS}" \ | ||
52 | BUILD_COPTS="${BUILD_CFLAGS}" | ||
50 | } | 53 | } |
51 | 54 | ||
52 | do_install() { | 55 | do_install() { |
@@ -57,7 +60,7 @@ do_install() { | |||
57 | SBINDIR="${sbindir}" | 60 | SBINDIR="${sbindir}" |
58 | } | 61 | } |
59 | 62 | ||
60 | do_install_append() { | 63 | do_install:append() { |
61 | # Move the library to base_libdir | 64 | # Move the library to base_libdir |
62 | install -d ${D}${base_libdir} | 65 | install -d ${D}${base_libdir} |
63 | if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then | 66 | if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then |
@@ -68,9 +71,9 @@ do_install_append() { | |||
68 | fi | 71 | fi |
69 | } | 72 | } |
70 | 73 | ||
71 | FILES_${PN}-dev += "${base_libdir}/*.so" | 74 | FILES:${PN}-dev += "${base_libdir}/*.so" |
72 | 75 | ||
73 | # pam files | 76 | # pam files |
74 | FILES_${PN} += "${base_libdir}/security/*.so" | 77 | FILES:${PN} += "${base_libdir}/security/*.so" |
75 | 78 | ||
76 | BBCLASSEXTEND = "native nativesdk" | 79 | BBCLASSEXTEND = "native nativesdk" |