1# Building the libcap/{cap.psx} Go packages, and examples. 2# 3# Note, we use symlinks to construct a go.mod build friendly tree. The 4# packages themselves are intended to be (ultimately) found via proxy 5# as "kernel.org/pub/linux/libs/security/libcap/cap" and 6# "kernel.org/pub/linux/libs/security/libcap/psx". However, to 7# validate their use on these paths, we fake such a structure in the 8# build tree with symlinks and a vendor directory. 9 10topdir=$(realpath ..) 11include $(topdir)/Make.Rules 12 13IMPORTDIR=kernel.org/pub/linux/libs/security/libcap 14PKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR) 15 16DEPS=../libcap/libcap.a ../libcap/libpsx.a 17 18all: PSXGOPACKAGE CAPGOPACKAGE web setid gowns compare-cap try-launching psx-signals 19 20$(DEPS): 21 make -C ../libcap all 22 23../progs/tcapsh-static: 24 make -C ../progs tcapsh-static 25 26vendor/$(IMPORTDIR) vendor/modules.txt: 27 mkdir -p "vendor/$(IMPORTDIR)" 28 echo "# $(IMPORTDIR)/psx v$(GOMAJOR).$(VERSION).$(MINOR)" > vendor/modules.txt 29 echo "$(IMPORTDIR)/psx" >> vendor/modules.txt 30 echo "# $(IMPORTDIR)/cap v$(GOMAJOR).$(VERSION).$(MINOR)" >> vendor/modules.txt 31 echo "$(IMPORTDIR)/cap" >> vendor/modules.txt 32 33vendor/$(IMPORTDIR)/psx: vendor/modules.txt 34 ln -sf $(topdir)/psx vendor/$(IMPORTDIR) 35 touch ../psx 36 37vendor/$(IMPORTDIR)/cap: vendor/modules.txt 38 ln -sf $(topdir)/cap vendor/$(IMPORTDIR) 39 touch ../cap 40 41$(topdir)/libcap/cap_names.h: 42 make -C $(topdir)/libcap cap_names.h 43 44good-names.go: $(topdir)/libcap/cap_names.h vendor/$(IMPORTDIR)/cap mknames.go 45 CC="$(CC)" $(GO) run -mod=vendor mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@ 46 diff -u ../cap/names.go $@ 47 48PSXGOPACKAGE: vendor/$(IMPORTDIR)/psx ../psx/*.go $(DEPS) 49 touch $@ 50 51CAPGOPACKAGE: vendor/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE) 52 touch $@ 53 54# Compiles something with this package to compare it to libcap. This 55# tests more when run under sudotest (see ../progs/quicktest.sh for that). 56compare-cap: compare-cap.go CAPGOPACKAGE 57 CC="$(CC)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $< 58 59web: ../goapps/web/web.go CAPGOPACKAGE 60 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $< 61ifeq ($(RAISE_GO_FILECAP),yes) 62 make -C ../progs setcap 63 sudo ../progs/setcap cap_setpcap,cap_net_bind_service=p web 64 @echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary" 65endif 66 67setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE 68 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $< 69 70gowns: ../goapps/gowns/gowns.go CAPGOPACKAGE 71 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $< 72 73ok: ok.go 74 CC="$(CC)" CGO_ENABLED=0 $(GO) build -mod=vendor $< 75 76try-launching: try-launching.go CAPGOPACKAGE ok 77 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor $< 78ifeq ($(CGO_REQUIRED),0) 79 CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@-cgo $< 80endif 81 82psx-signals: psx-signals.go PSXGOPACKAGE 83 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $< 84 85ifeq ($(CGO_REQUIRED),0) 86psx-signals-cgo: psx-signals.go PSXGOPACKAGE 87 CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor -o $@ $< 88endif 89 90b210613: b210613.go CAPGOPACKAGE 91 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $< 92 93test: all 94 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/psx 95 CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/cap 96 LD_LIBRARY_PATH=../libcap ./compare-cap 97 ./psx-signals 98ifeq ($(CGO_REQUIRED),0) 99 $(MAKE) psx-signals-cgo 100 ./psx-signals-cgo 101endif 102 ./setid --caps=false 103 ./gowns -- -c "echo gowns runs" 104 105# Note, the user namespace doesn't require sudo, but I wanted to avoid 106# requiring that the hosting kernel supports user namespaces for the 107# regular test case. 108sudotest: test ../progs/tcapsh-static b210613 109 ./gowns --ns -- -c "echo gowns runs with user namespace" 110 ./try-launching 111ifeq ($(CGO_REQUIRED),0) 112 ./try-launching-cgo 113endif 114 sudo ./try-launching 115ifeq ($(CGO_REQUIRED),0) 116 sudo ./try-launching-cgo 117endif 118 sudo ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613 119 120install: all 121 rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx 122 mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx 123 install -m 0644 vendor/$(IMPORTDIR)/psx/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx 124 mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap 125 rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap/* 126 install -m 0644 vendor/$(IMPORTDIR)/cap/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap 127 128clean: 129 rm -f *.o *.so *~ mknames ok good-names.go 130 rm -f web setid gowns 131 rm -f compare-cap try-launching try-launching-cgo 132 rm -f $(topdir)/cap/*~ $(topdir)/psx/*~ 133 rm -f b210613 psx-signals psx-signals-cgo 134 rm -fr vendor CAPGOPACKAGE PSXGOPACKAGE go.sum 135