• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Building the libcap/{cap.psx} Go packages, and examples.
2#
3# Note, we use symlinks to construct a GOPATH friendly src tree. The
4# packages themselves are intended to be (ultimately) found via proxy
5# as "kernel.org/pub/linux/libs/security/libcap/cap" and
6# "kernel.org/pub/linux/libs/security/libcap/psx". However, to
7# validate their use on these paths, we fake such a structure in the
8# build tree with symlinks.
9
10topdir=$(realpath ..)
11include $(topdir)/Make.Rules
12
13GOPATH=$(realpath .)
14IMPORTDIR=kernel.org/pub/linux/libs/security/libcap
15PKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR)
16PSXGOPACKAGE=$(PKGDIR)/psx.a
17CAPGOPACKAGE=$(PKGDIR)/cap.a
18
19DEPS=../libcap/libcap.a ../libcap/libpsx.a
20
21all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web setid gowns compare-cap try-launching psx-signals
22
23$(DEPS):
24	make -C ../libcap all
25
26../progs/tcapsh-static:
27	make -C ../progs tcapsh-static
28
29src/$(IMPORTDIR)/psx:
30	mkdir -p "src/$(IMPORTDIR)"
31	ln -s $(topdir)/psx $@
32
33src/$(IMPORTDIR)/cap:
34	mkdir -p "src/$(IMPORTDIR)"
35	ln -s $(topdir)/cap $@
36
37$(topdir)/libcap/cap_names.h: $(DEPS)
38	make -C $(topdir)/libcap all
39
40good-names.go: $(topdir)/libcap/cap_names.h src/$(IMPORTDIR)/cap  mknames.go
41	$(GO) run mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@
42	diff -u ../cap/names.go $@
43
44$(PSXGOPACKAGE): src/$(IMPORTDIR)/psx ../psx/*.go $(DEPS)
45	mkdir -p pkg
46	GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) install $(IMPORTDIR)/psx
47
48$(CAPGOPACKAGE): src/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
49	GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) install $(IMPORTDIR)/cap
50
51# Compiles something with this package to compare it to libcap. This
52# tests more when run under sudotest (see ../progs/quicktest.sh for that).
53compare-cap: compare-cap.go $(CAPGOPACKAGE)
54	GO111MODULE=off CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
55
56web: ../goapps/web/web.go $(CAPGOPACKAGE)
57	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
58ifeq ($(RAISE_GO_FILECAP),yes)
59	make -C ../progs setcap
60	sudo ../progs/setcap cap_setpcap,cap_net_bind_service=p web
61	@echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary"
62endif
63
64setid: ../goapps/setid/setid.go $(CAPGOPACKAGE) $(PSXGOPACKAGE)
65	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
66
67gowns: ../goapps/gowns/gowns.go $(CAPGOPACKAGE)
68	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@ $<
69
70ok: ok.go
71	GO111MODULE=off CGO_ENABLED=0 GOPATH=$(GOPATH) $(GO) build $<
72
73try-launching: try-launching.go $(CAPGOPACKAGE) ok
74	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build $<
75ifeq ($(CGO_REQUIRED),0)
76	GO111MODULE=off CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
77endif
78
79psx-signals: psx-signals.go $(PSXGOPACKAGE)
80	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
81ifeq ($(CGO_REQUIRED),0)
82	GO111MODULE=off CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
83endif
84
85b210613: b210613.go $(CAPGOPACKAGE)
86	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" GOPATH=$(GOPATH) $(GO) build $<
87
88test: all
89	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
90	GO111MODULE=off CGO_ENABLED="$(CGO_REQUIRED)" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
91	LD_LIBRARY_PATH=../libcap ./compare-cap
92	./psx-signals
93ifeq ($(CGO_REQUIRED),0)
94	./psx-signals-cgo
95endif
96	./setid --caps=false
97	./gowns -- -c "echo gowns runs"
98
99# Note, the user namespace doesn't require sudo, but I wanted to avoid
100# requiring that the hosting kernel supports user namespaces for the
101# regular test case.
102sudotest: test ../progs/tcapsh-static b210613
103	./gowns --ns -- -c "echo gowns runs with user namespace"
104	./try-launching
105ifeq ($(CGO_REQUIRED),0)
106	./try-launching-cgo
107endif
108	sudo ./try-launching
109ifeq ($(CGO_REQUIRED),0)
110	sudo ./try-launching-cgo
111endif
112	sudo ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
113
114install: all
115	rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
116	mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
117	install -m 0644 src/$(IMPORTDIR)/psx/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
118	mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
119	rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap/*
120	install -m 0644 src/$(IMPORTDIR)/cap/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
121
122clean:
123	rm -f *.o *.so *~ mknames ok good-names.go
124	rm -f web setid gowns
125	rm -f compare-cap try-launching try-launching-cgo
126	rm -f $(topdir)/cap/*~ $(topdir)/psx/*~
127	rm -f b210613 psx-signals psx-signals-cgo
128	rm -fr pkg src
129