aboutsummaryrefslogtreecommitdiff
path: root/package/libcap
diff options
context:
space:
mode:
Diffstat (limited to 'package/libcap')
-rw-r--r--package/libcap/0001-Support-dynamic-test-compilation-and-execution.patch222
-rw-r--r--package/libcap/0002-Migrate-all-uses-of-tcapsh-static-to-sudotest-target.patch55
-rw-r--r--package/libcap/0003-libcap-Makefile-disable-building-installing-shared-l.patch36
-rw-r--r--package/libcap/Config.in2
-rw-r--r--package/libcap/libcap.hash2
-rw-r--r--package/libcap/libcap.mk28
6 files changed, 20 insertions, 325 deletions
diff --git a/package/libcap/0001-Support-dynamic-test-compilation-and-execution.patch b/package/libcap/0001-Support-dynamic-test-compilation-and-execution.patch
deleted file mode 100644
index 66813ccf89..0000000000
--- a/package/libcap/0001-Support-dynamic-test-compilation-and-execution.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From 3613927310c4b46df1d558f6f2c0b1cdf8878dd3 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Mon, 7 Sep 2020 12:24:43 -0700
-Subject: [PATCH] Support dynamic test compilation and execution.
-
- make DYNAMIC=yes test sudotest
-
-works now. Thomas Petazzoni provided a patch that built
-the tests this way, but I've restructured things to
-make the above command line work against the uninstalled
-library builds.
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- Make.Rules | 2 +-
- go/Makefile | 6 +++---
- go/try-launching.go | 2 +-
- progs/.gitignore | 1 +
- progs/Makefile | 15 ++++++++++-----
- progs/quicktest.sh | 8 ++++----
- tests/Makefile | 23 +++++++++++++++--------
- 7 files changed, 35 insertions(+), 22 deletions(-)
-
-diff --git a/Make.Rules b/Make.Rules
-index 8440e18..9a77607 100644
---- a/Make.Rules
-+++ b/Make.Rules
-@@ -69,7 +69,7 @@ WARNINGS=-Wall -Wwrite-strings \
- LD=$(CC) -Wl,-x -shared
- LDFLAGS ?= #-g
- LIBCAPLIB := -L$(topdir)/libcap -lcap
--LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread
-+LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread -Wl,-wrap,pthread_create
-
- BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
-
-diff --git a/go/Makefile b/go/Makefile
-index c5ad7aa..19b3e29 100644
---- a/go/Makefile
-+++ b/go/Makefile
-@@ -23,8 +23,8 @@ all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web compare-cap try-launching
- $(DEPS):
- make -C ../libcap all
-
--../progs/capsh:
-- make -C ../progs capsh
-+../progs/tcapsh-static:
-+ make -C ../progs tcapsh-static
-
- src/$(IMPORTDIR)/psx:
- mkdir -p "src/$(IMPORTDIR)"
-@@ -70,7 +70,7 @@ ifeq ($(CGO_REQUIRED),0)
- CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
- endif
-
--test: all ../progs/capsh
-+test: all ../progs/tcapsh-static
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
- LD_LIBRARY_PATH=../libcap ./compare-cap
-diff --git a/go/try-launching.go b/go/try-launching.go
-index 1c3d477..272fd0a 100644
---- a/go/try-launching.go
-+++ b/go/try-launching.go
-@@ -32,7 +32,7 @@ func tryLaunching() {
- }{
- {args: []string{root + "/go/ok"}},
- {
-- args: []string{root + "/progs/capsh", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
-+ args: []string{root + "/progs/tcapsh-static", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
- iab: "!cap_chown,^cap_setuid,cap_sys_admin",
- uid: 123,
- gid: 456,
-diff --git a/progs/.gitignore b/progs/.gitignore
-index 1c7ff23..978229e 100644
---- a/progs/.gitignore
-+++ b/progs/.gitignore
-@@ -1,4 +1,5 @@
- capsh
-+tcapsh-static
- getcap
- getpcaps
- setcap
-diff --git a/progs/Makefile b/progs/Makefile
-index 076e44f..1b27c41 100644
---- a/progs/Makefile
-+++ b/progs/Makefile
-@@ -8,13 +8,15 @@ PROGS=getpcaps capsh getcap setcap
-
- BUILD=$(PROGS)
-
--ifneq ($(DYNAMIC),yes)
-+ifeq ($(DYNAMIC),yes)
-+LDPATH = LD_LIBRARY_PATH=../libcap
-+else
- LDFLAGS += --static
- endif
-
- DEPS=../libcap/libcap.a ../libcap/libpsx.a
-
--all: $(BUILD)
-+all: $(BUILD) tcapsh-static
-
- $(DEPS):
- make -C ../libcap all
-@@ -36,9 +38,12 @@ endif
-
- test: $(PROGS)
-
--sudotest: test
-- sudo ./quicktest.sh
-+tcapsh-static: capsh.c $(DEPS)
-+ $(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
-+
-+sudotest: test tcapsh-static
-+ sudo $(LDPATH) ./quicktest.sh
-
- clean:
- $(LOCALCLEAN)
-- rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap
-+ rm -f *.o $(BUILD) tcapsh* privileged ping hack.sh compare-cap
-diff --git a/progs/quicktest.sh b/progs/quicktest.sh
-index fbe98a6..5873317 100755
---- a/progs/quicktest.sh
-+++ b/progs/quicktest.sh
-@@ -45,7 +45,7 @@ pass_capsh () {
- pass_capsh --print
-
- # Make a local non-setuid-0 version of capsh and call it privileged
--cp ./capsh ./privileged && /bin/chmod -s ./privileged
-+cp ./tcapsh-static ./privileged && /bin/chmod -s ./privileged
- if [ $? -ne 0 ]; then
- echo "Failed to copy capsh for capability manipulation"
- exit 1
-@@ -77,7 +77,7 @@ pass_capsh --mode=PURE1E --iab='!%cap_chown,cap_sys_admin'
- pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
-
- /bin/rm -f tcapsh
--/bin/cp capsh tcapsh
-+/bin/cp tcapsh-static tcapsh
- /bin/chown root.root tcapsh
- /bin/chmod u+s tcapsh
- /bin/ls -l tcapsh
-@@ -166,7 +166,7 @@ pass_capsh --keep=1 --uid=$nouid --caps=cap_setpcap=ep \
-
- # Verify we can chroot
- pass_capsh --chroot=$(/bin/pwd)
--pass_capsh --chroot=$(/bin/pwd) ==
-+pass_capsh -- -c "./tcapsh-static --chroot=$(/bin/pwd) =="
- fail_capsh --chroot=$(/bin/pwd) -- -c "echo oops"
-
- ./capsh --has-ambient
-@@ -216,7 +216,7 @@ echo "testing namespaced file caps"
- # nsprivileged capsh will have an ns rootid value (this is
- # the same setup as an earlier test but with a ns file cap).
- rm -f nsprivileged
--cp ./capsh ./nsprivileged && /bin/chmod -s ./nsprivileged
-+cp ./tcapsh-static ./nsprivileged && /bin/chmod -s ./nsprivileged
- ./setcap -n 1 all=ep ./nsprivileged
- if [ $? -eq 0 ]; then
- ./getcap -n ./nsprivileged | fgrep "[rootid=1]"
-diff --git a/tests/Makefile b/tests/Makefile
-index bfedbc2..d85d019 100644
---- a/tests/Makefile
-+++ b/tests/Makefile
-@@ -7,6 +7,12 @@ include ../Make.Rules
-
- DEPS=../libcap/libcap.a ../libcap/libpsx.a
-
-+ifeq ($(DYNAMIC),yes)
-+LDPATH = LD_LIBRARY_PATH=../libcap
-+else
-+LDFLAGS += --static
-+endif
-+
- all: psx_test psx_test_wrap libcap_psx_test libcap_launch_test
-
- $(DEPS):
-@@ -19,30 +25,31 @@ sudotest: test run_libcap_launch_test run_libcap_launch_test
- install: all
-
- run_psx_test: psx_test
-- ./psx_test
-+ $(LDPATH) ./psx_test
-
- psx_test: psx_test.c $(DEPS)
-- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB) -Wl,-wrap,pthread_create
-+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB)
-
- run_libcap_psx_test: libcap_psx_test
-- ./libcap_psx_test
-+ $(LDPATH) ./libcap_psx_test
-
- libcap_psx_test: libcap_psx_test.c $(DEPS)
-- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
-+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
-
- run_libcap_launch_test: libcap_launch_test libcap_psx_launch_test noop
-- sudo ./libcap_launch_test
-- sudo ./libcap_psx_launch_test
-+ sudo $(LDPATH) ./libcap_launch_test
-+ sudo $(LDPATH) ./libcap_psx_launch_test
-
- libcap_launch_test: libcap_launch_test.c $(DEPS)
-- $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) --static
-+ $(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LDFLAGS)
-
- # this varies only slightly from the above insofar as it currently
- # only links in the pthreads fork support. TODO() we need to change
- # the source to do something interesting with pthreads.
- libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
-- $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
-+ $(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
-
-+# This one runs in a chroot with no shared library files.
- noop: noop.c
- $(CC) $(CFLAGS) $< -o $@ --static
-
---
-2.26.2
-
diff --git a/package/libcap/0002-Migrate-all-uses-of-tcapsh-static-to-sudotest-target.patch b/package/libcap/0002-Migrate-all-uses-of-tcapsh-static-to-sudotest-target.patch
deleted file mode 100644
index db1b00462f..0000000000
--- a/package/libcap/0002-Migrate-all-uses-of-tcapsh-static-to-sudotest-target.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 159d53d71c7539719b3883bbdc7b113c876a5e55 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Mon, 7 Sep 2020 14:02:03 -0700
-Subject: [PATCH] Migrate all uses of tcapsh-static to sudotest target.
-
-Since sudotest is mostly the reason for using a static binary, force
-all uses to be under this test target.
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- go/Makefile | 6 +++---
- progs/Makefile | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/go/Makefile b/go/Makefile
-index 19b3e29..508b380 100644
---- a/go/Makefile
-+++ b/go/Makefile
-@@ -70,16 +70,16 @@ ifeq ($(CGO_REQUIRED),0)
- CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
- endif
-
--test: all ../progs/tcapsh-static
-+test: all
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
- CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
- LD_LIBRARY_PATH=../libcap ./compare-cap
-+
-+sudotest: test ../progs/tcapsh-static
- ./try-launching
- ifeq ($(CGO_REQUIRED),0)
- ./try-launching-cgo
- endif
--
--sudotest: test
- sudo ./try-launching
- ifeq ($(CGO_REQUIRED),0)
- sudo ./try-launching-cgo
-diff --git a/progs/Makefile b/progs/Makefile
-index 1b27c41..f416e59 100644
---- a/progs/Makefile
-+++ b/progs/Makefile
-@@ -16,7 +16,7 @@ endif
-
- DEPS=../libcap/libcap.a ../libcap/libpsx.a
-
--all: $(BUILD) tcapsh-static
-+all: $(BUILD)
-
- $(DEPS):
- make -C ../libcap all
---
-2.26.2
-
diff --git a/package/libcap/0003-libcap-Makefile-disable-building-installing-shared-l.patch b/package/libcap/0003-libcap-Makefile-disable-building-installing-shared-l.patch
deleted file mode 100644
index d3a8bbec1d..0000000000
--- a/package/libcap/0003-libcap-Makefile-disable-building-installing-shared-l.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From b7ca9dd97bbd9657c541f749ea6baf1f45b7c98a Mon Sep 17 00:00:00 2001
-From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
-Date: Wed, 9 Sep 2020 22:22:18 +0200
-Subject: [PATCH] libcap/Makefile: disable building/installing shared
- library when DYNAMIC is empty
-
-Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
----
- libcap/Makefile | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libcap/Makefile b/libcap/Makefile
-index 81b089e..dfd4dea 100644
---- a/libcap/Makefile
-+++ b/libcap/Makefile
-@@ -22,7 +22,7 @@ MAJLIBNAME=$(LIBNAME).$(VERSION)
- MINLIBNAME=$(MAJLIBNAME).$(MINOR)
- GPERF_OUTPUT = _caps_output.gperf
-
--all: $(MINLIBNAME) $(STACAPLIBNAME) pcs $(STAPSXLIBNAME)
-+all: $(if $(DYNAMIC),$(MINLIBNAME)) $(STACAPLIBNAME) pcs $(STAPSXLIBNAME)
-
- pcs: libcap.pc libpsx.pc
-
-@@ -93,7 +93,7 @@ cap_test: cap_test.c libcap.h
- test: cap_test
- ./cap_test
-
--install: install-shared install-static
-+install: $(if $(DYNAMIC),install-shared) install-static
-
- install-common: pcs
- mkdir -p -m 0755 $(FAKEROOT)$(INCDIR)/sys
---
-2.26.2
-
diff --git a/package/libcap/Config.in b/package/libcap/Config.in
index 1fb2e7caec..e1971b7bb1 100644
--- a/package/libcap/Config.in
+++ b/package/libcap/Config.in
@@ -7,7 +7,7 @@ config BR2_PACKAGE_LIBCAP
capabilities are a partitioning of the all powerful root
privilege into a set of distinct privileges.
- http://sites.google.com/site/fullycapable/
+ https://sites.google.com/site/fullycapable/
if BR2_PACKAGE_LIBCAP
diff --git a/package/libcap/libcap.hash b/package/libcap/libcap.hash
index 19044cab01..7499f2468c 100644
--- a/package/libcap/libcap.hash
+++ b/package/libcap/libcap.hash
@@ -1,5 +1,5 @@
# https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/sha256sums.asc
-sha256 3605a9cb60076547ea9f64989e0ba576da9508e4653e8dc40ae54c0d6f443dfd libcap-2.42.tar.xz
+sha256 4de9590ee09a87c282d558737ffb5b6175ccbfd26d580add10df44d0f047f6c2 libcap-2.48.tar.xz
# Hash for license file:
sha256 088cabde4662b4121258d298b0b2967bc1abffa134457ed9bc4a359685ab92bc License
diff --git a/package/libcap/libcap.mk b/package/libcap/libcap.mk
index 6f1bb8a07f..d3a069e82a 100644
--- a/package/libcap/libcap.mk
+++ b/package/libcap/libcap.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBCAP_VERSION = 2.42
+LIBCAP_VERSION = 2.48
LIBCAP_SITE = https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2
LIBCAP_SOURCE = libcap-$(LIBCAP_VERSION).tar.xz
LIBCAP_LICENSE = GPL-2.0 or BSD-3-Clause
@@ -16,9 +16,13 @@ LIBCAP_INSTALL_STAGING = YES
HOST_LIBCAP_DEPENDENCIES = host-gperf
LIBCAP_MAKE_FLAGS = \
+ CROSS_COMPILE="$(TARGET_CROSS)" \
BUILD_CC="$(HOSTCC)" \
BUILD_CFLAGS="$(HOST_CFLAGS)" \
- DYNAMIC=$(if $(BR2_STATIC_LIBS),,yes)
+ lib=lib \
+ prefix=/usr \
+ SHARED=$(if $(BR2_STATIC_LIBS),,yes) \
+ PTHREADS=$(if $(BR2_TOOLCHAIN_HAS_THREADS),yes,)
LIBCAP_MAKE_DIRS = libcap
@@ -36,27 +40,31 @@ endef
define LIBCAP_INSTALL_STAGING_CMDS
$(foreach d,$(LIBCAP_MAKE_DIRS), \
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/$(d) $(LIBCAP_MAKE_FLAGS) \
- DESTDIR=$(STAGING_DIR) prefix=/usr lib=lib install
+ DESTDIR=$(STAGING_DIR) install
)
endef
define LIBCAP_INSTALL_TARGET_CMDS
$(foreach d,$(LIBCAP_MAKE_DIRS), \
$(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/$(d) $(LIBCAP_MAKE_FLAGS) \
- DESTDIR=$(TARGET_DIR) prefix=/usr lib=lib install
+ DESTDIR=$(TARGET_DIR) install
)
endef
+HOST_LIBCAP_MAKE_FLAGS = \
+ DYNAMIC=yes \
+ GOLANG=no \
+ lib=lib \
+ prefix=$(HOST_DIR) \
+ RAISE_SETFCAP=no
+
define HOST_LIBCAP_BUILD_CMDS
- $(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D)\
- DYNAMIC=yes \
- RAISE_SETFCAP=no GOLANG=no
+ $(HOST_MAKE_ENV) $(HOST_CONFIGURE_OPTS) $(MAKE) -C $(@D) \
+ $(HOST_LIBCAP_MAKE_FLAGS)
endef
define HOST_LIBCAP_INSTALL_CMDS
- $(HOST_MAKE_ENV) $(MAKE) -C $(@D) prefix=$(HOST_DIR) \
- DYNAMIC=yes \
- RAISE_SETFCAP=no GOLANG=no lib=lib install
+ $(HOST_MAKE_ENV) $(MAKE) -C $(@D) $(HOST_LIBCAP_MAKE_FLAGS) install
endef
$(eval $(generic-package))