diff options
Diffstat (limited to 'meta/recipes-support/libcap')
5 files changed, 143 insertions, 115 deletions
diff --git a/meta/recipes-support/libcap/files/0001-Fix-build-with-gperf-3.1.patch b/meta/recipes-support/libcap/files/0001-Fix-build-with-gperf-3.1.patch deleted file mode 100644 index 110ef902da..0000000000 --- a/meta/recipes-support/libcap/files/0001-Fix-build-with-gperf-3.1.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a05eba68c42222f02465d7ba376015926433c531 Mon Sep 17 00:00:00 2001 -From: Alexander Kanavin <alex.kanavin@gmail.com> -Date: Wed, 26 Jul 2017 13:37:49 +0300 -Subject: [PATCH] Fix build with gperf 3.1 - -The generated gperf file refers to size_t which needs to be -provided by stddef.h include. Also, adjust the makefile -to match the declaration in the gperf file. - -Upstream-Status: Pending -Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> - ---- - libcap/Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libcap/Makefile b/libcap/Makefile -index d189777..1a57206 100644 ---- a/libcap/Makefile -+++ b/libcap/Makefile -@@ -22,7 +22,7 @@ all: $(MINLIBNAME) $(STALIBNAME) libcap.pc - - ifeq ($(BUILD_GPERF),yes) - USE_GPERF_OUTPUT = $(GPERF_OUTPUT) --INCLUDE_GPERF_OUTPUT = -include $(GPERF_OUTPUT) -+INCLUDE_GPERF_OUTPUT = -include stddef.h -include $(GPERF_OUTPUT) - endif - - libcap.pc: libcap.pc.in -@@ -41,7 +41,7 @@ cap_names.h: _makenames - ./_makenames > cap_names.h - - $(GPERF_OUTPUT): cap_names.list.h -- perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *, unsigned int);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@ -+ perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *, register size_t);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@ - - cap_names.list.h: Makefile $(KERNEL_HEADERS)/linux/capability.h - @echo "=> making $@ from $(KERNEL_HEADERS)/linux/capability.h" --- -2.13.2 - diff --git a/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch new file mode 100644 index 0000000000..2ac1e6e560 --- /dev/null +++ b/meta/recipes-support/libcap/files/0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch @@ -0,0 +1,34 @@ +From 709aa8e156415215b0bb034d05b2aa2f44be044e Mon Sep 17 00:00:00 2001 +From: Hongxu Jia <hongxu.jia@windriver.com> +Date: Thu, 14 Oct 2021 15:57:36 +0800 +Subject: [PATCH] nativesdk-libcap: Raise the size of arrays containing dl + paths + +This patch puts the dynamic loader path in the binaries, SYSTEM_DIRS strings +and lengths as well as ld.so.cache path in the dynamic loader to specific +sections in memory. The sections that contain paths have been allocated a 4096 +byte section, which is the maximum path length in linux. This will allow the +relocating script to parse the ELF binary, detect the section and easily replace +the strings in a certain path. + +Upstream-Status: Inappropriate [SDK specific] + +Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> + +--- + libcap/execable.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libcap/execable.h b/libcap/execable.h +index fee17b4..5bb0c55 100644 +--- a/libcap/execable.h ++++ b/libcap/execable.h +@@ -23,7 +23,7 @@ + #endif + #define __EXECABLE_H + +-const char __execable_dl_loader[] __attribute((section(".interp"))) = ++const char __execable_dl_loader[4096] __attribute((section(".interp"))) = + SHARED_LOADER ; + + static void __execable_parse_args(int *argc_p, char ***argv_p) diff --git a/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch new file mode 100644 index 0000000000..20346cf2fb --- /dev/null +++ b/meta/recipes-support/libcap/files/0002-tests-do-not-run-target-executables.patch @@ -0,0 +1,30 @@ +From 10212b6d4e8843feffbeab5336342d97f3a46bb2 Mon Sep 17 00:00:00 2001 +From: Alexander Kanavin <alex.kanavin@gmail.com> +Date: Fri, 20 Dec 2019 16:54:05 +0100 +Subject: [PATCH] tests: do not run target executables + +Upstream-Status: Inappropriate [oe-core specific] +Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> + +--- + tests/Makefile | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/tests/Makefile b/tests/Makefile +index ecb7d1b..8950c73 100644 +--- a/tests/Makefile ++++ b/tests/Makefile +@@ -61,13 +61,11 @@ endif + + # unprivileged + run_psx_test: psx_test +- ./psx_test + + psx_test: psx_test.c $(DEPS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBPSXLIB) + + run_libcap_psx_test: libcap_psx_test +- ./libcap_psx_test + + libcap_psx_test: libcap_psx_test.c $(DEPS) + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ $(LINKEXTRA) $(LIBCAPLIB) $(LIBPSXLIB) diff --git a/meta/recipes-support/libcap/libcap_2.25.bb b/meta/recipes-support/libcap/libcap_2.25.bb deleted file mode 100644 index d619a2eb4c..0000000000 --- a/meta/recipes-support/libcap/libcap_2.25.bb +++ /dev/null @@ -1,74 +0,0 @@ -SUMMARY = "Library for getting/setting POSIX.1e capabilities" -HOMEPAGE = "http://sites.google.com/site/fullycapable/" - -# no specific GPL version required -LICENSE = "BSD | GPLv2" -LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1" - -DEPENDS = "hostperl-runtime-native gperf-native" - -SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ - file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ - file://0001-Fix-build-with-gperf-3.1.patch \ - " -SRC_URI[md5sum] = "6666b839e5d46c2ad33fc8aa2ceb5f77" -SRC_URI[sha256sum] = "693c8ac51e983ee678205571ef272439d83afe62dd8e424ea14ad9790bc35162" - -inherit lib_package - -# do NOT pass target cflags to host compilations -# -do_configure() { - # libcap uses := for compilers, fortunately, it gives us a hint - # on what should be replaced with ?= - sed -e 's,:=,?=,g' -i Make.Rules - sed -e 's,^BUILD_CFLAGS ?= $(.*CFLAGS),BUILD_CFLAGS := $(BUILD_CFLAGS),' -i Make.Rules -} - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" -PACKAGECONFIG_class-native ??= "" - -PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" - -EXTRA_OEMAKE = " \ - INDENT= \ - lib=${@os.path.basename('${libdir}')} \ - RAISE_SETFCAP=no \ - DYNAMIC=yes \ - BUILD_GPERF=yes \ -" - -EXTRA_OEMAKE_append_class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" - -# these are present in the libcap defaults, so include in our CFLAGS too -CFLAGS += "-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" - -do_compile() { - oe_runmake ${PACKAGECONFIG_CONFARGS} -} - -do_install() { - oe_runmake install \ - ${PACKAGECONFIG_CONFARGS} \ - DESTDIR="${D}" \ - prefix="${prefix}" \ - SBINDIR="${sbindir}" -} - -do_install_append() { - # Move the library to base_libdir - install -d ${D}${base_libdir} - if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then - mv ${D}${libdir}/libcap* ${D}${base_libdir} - if [ -d ${D}${libdir}/security ]; then - mv ${D}${libdir}/security ${D}${base_libdir} - fi - fi -} - -FILES_${PN}-dev += "${base_libdir}/*.so" - -# pam files -FILES_${PN} += "${base_libdir}/security/*.so" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/libcap/libcap_2.69.bb b/meta/recipes-support/libcap/libcap_2.69.bb new file mode 100644 index 0000000000..92fa766d37 --- /dev/null +++ b/meta/recipes-support/libcap/libcap_2.69.bb @@ -0,0 +1,79 @@ +SUMMARY = "Library for getting/setting POSIX.1e capabilities" +DESCRIPTION = "A library providing the API to access POSIX capabilities. \ +These allow giving various kinds of specific privileges to individual \ +users, without giving them full root permissions." +HOMEPAGE = "http://sites.google.com/site/fullycapable/" +# no specific GPL version required +LICENSE = "BSD-3-Clause | GPL-2.0-only" +LIC_FILES_CHKSUM_PAM = "file://pam_cap/License;md5=905326f41d3d1f8df21943f9a4ed6b50" +LIC_FILES_CHKSUM = "file://License;md5=2965a646645b72ecee859b43c592dcaa \ + ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${LIC_FILES_CHKSUM_PAM}', '', d)} \ + " + +DEPENDS = "hostperl-runtime-native gperf-native" + +SRC_URI = "${KERNELORG_MIRROR}/linux/libs/security/linux-privs/${BPN}2/${BPN}-${PV}.tar.xz \ + file://0001-ensure-the-XATTR_NAME_CAPS-is-defined-when-it-is-use.patch \ + file://0002-tests-do-not-run-target-executables.patch \ + " +SRC_URI:append:class-nativesdk = " \ + file://0001-nativesdk-libcap-Raise-the-size-of-arrays-containing.patch \ + " +SRC_URI[sha256sum] = "f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb" + +UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/linux/libs/security/linux-privs/${BPN}2/" + +inherit lib_package + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" +PACKAGECONFIG:class-native ??= "" + +PACKAGECONFIG[pam] = "PAM_CAP=yes,PAM_CAP=no,libpam" + +EXTRA_OEMAKE = " \ + INDENT= \ + lib='${baselib}' \ + RAISE_SETFCAP=no \ + DYNAMIC=yes \ + USE_GPERF=yes \ +" + +EXTRA_OEMAKE:append:class-target = " SYSTEM_HEADERS=${STAGING_INCDIR}" + +do_compile() { + unset CFLAGS BUILD_CFLAGS + oe_runmake \ + ${PACKAGECONFIG_CONFARGS} \ + AR="${AR}" \ + CC="${CC}" \ + RANLIB="${RANLIB}" \ + OBJCOPY="${OBJCOPY}" \ + COPTS="${CFLAGS}" \ + BUILD_COPTS="${BUILD_CFLAGS}" +} + +do_install() { + oe_runmake install \ + ${PACKAGECONFIG_CONFARGS} \ + DESTDIR="${D}" \ + prefix="${prefix}" \ + SBINDIR="${sbindir}" +} + +do_install:append() { + # Move the library to base_libdir + install -d ${D}${base_libdir} + if [ ! ${D}${libdir} -ef ${D}${base_libdir} ]; then + mv ${D}${libdir}/libcap* ${D}${base_libdir} + if [ -d ${D}${libdir}/security ]; then + mv ${D}${libdir}/security ${D}${base_libdir} + fi + fi +} + +FILES:${PN}-dev += "${base_libdir}/*.so" + +# pam files +FILES:${PN} += "${base_libdir}/security/*.so" + +BBCLASSEXTEND = "native nativesdk" |