aboutsummaryrefslogtreecommitdiff
path: root/go/Makefile
diff options
context:
space:
mode:
Diffstat (limited to 'go/Makefile')
-rw-r--r--go/Makefile125
1 files changed, 92 insertions, 33 deletions
diff --git a/go/Makefile b/go/Makefile
index 6b69cbe..38c1cf3 100644
--- a/go/Makefile
+++ b/go/Makefile
@@ -14,17 +14,20 @@ IMPORTDIR=kernel.org/pub/linux/libs/security/libcap
PKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR)
DEPS=../libcap/libcap.a ../libcap/libpsx.a
+TESTS=compare-cap try-launching psx-signals mismatch
-all: PSXGOPACKAGE CAPGOPACKAGE web setid gowns compare-cap try-launching psx-signals
+all: PSXGOPACKAGE CAPGOPACKAGE web setid gowns captree captrace
$(DEPS):
- make -C ../libcap all
+ $(MAKE) -C ../libcap all
../progs/tcapsh-static:
- make -C ../progs tcapsh-static
+ $(MAKE) -C ../progs tcapsh-static
-vendor/$(IMPORTDIR) vendor/modules.txt:
+vendor/$(IMPORTDIR):
mkdir -p "vendor/$(IMPORTDIR)"
+
+vendor/modules.txt: vendor/$(IMPORTDIR)
echo "# $(IMPORTDIR)/psx v$(GOMAJOR).$(VERSION).$(MINOR)" > vendor/modules.txt
echo "$(IMPORTDIR)/psx" >> vendor/modules.txt
echo "# $(IMPORTDIR)/cap v$(GOMAJOR).$(VERSION).$(MINOR)" >> vendor/modules.txt
@@ -39,7 +42,7 @@ vendor/$(IMPORTDIR)/cap: vendor/modules.txt
touch ../cap
$(topdir)/libcap/cap_names.h:
- make -C $(topdir)/libcap cap_names.h
+ $(MAKE) -C $(topdir)/libcap cap_names.h
good-names.go: $(topdir)/libcap/cap_names.h vendor/$(IMPORTDIR)/cap mknames.go
CC="$(CC)" $(GO) run -mod=vendor mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@
@@ -54,81 +57,137 @@ CAPGOPACKAGE: vendor/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
# Compiles something with this package to compare it to libcap. This
# tests more when run under sudotest (see ../progs/quicktest.sh for that).
compare-cap: compare-cap.go CAPGOPACKAGE
- CC="$(CC)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
web: ../goapps/web/web.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
ifeq ($(RAISE_GO_FILECAP),yes)
- make -C ../progs setcap
- sudo ../progs/setcap cap_setpcap,cap_net_bind_service=p web
+ $(MAKE) -C ../progs setcap
+ $(SUDO) ../progs/setcap cap_setpcap,cap_net_bind_service=p web
@echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary"
endif
setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
gowns: ../goapps/gowns/gowns.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+
+captree: ../goapps/captree/captree.go CAPGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+
+captrace: ../goapps/captrace/captrace.go CAPGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
-ok: ok.go
- CC="$(CC)" CGO_ENABLED=0 $(GO) build -mod=vendor $<
+ok: ok.go vendor/modules.txt
+ CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
try-launching: try-launching.go CAPGOPACKAGE ok
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+ifeq ($(CGO_REQUIRED),0)
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@-cgo $<
+endif
+
+# This is a test case developed from the deadlock investigation,
+# https://github.com/golang/go/issues/50113 . Note the psx-fd.go code
+# works when compiled CGO_ENABLED=1, but deadlocks when compiled
+# CGO_ENABLED=0. This is true for go1.16 and go1.17. The go1.18
+# release fixed this by rewriting the AllThreadsSyscall support, but
+# the large change was not backported. (See noted bug for a much
+# smaller patch for this issue on those older releases.)
+psx-fd: psx-fd.go PSXGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+
ifeq ($(CGO_REQUIRED),0)
- CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build -mod=vendor -o $@-cgo $<
+psx-fd-cgo: psx-fd.go PSXGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
endif
psx-signals: psx-signals.go PSXGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
ifeq ($(CGO_REQUIRED),0)
psx-signals-cgo: psx-signals.go PSXGOPACKAGE
- CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor -o $@ $<
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
endif
b210613: b210613.go CAPGOPACKAGE
- CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build -mod=vendor $<
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+
+b215283: b215283.go CAPGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+
+ifeq ($(CGO_REQUIRED),0)
+b215283-cgo: b215283.go CAPGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+endif
+
+mismatch: mismatch.go PSXGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
+
+ifeq ($(CGO_REQUIRED),0)
+mismatch-cgo: mismatch.go CAPGOPACKAGE
+ CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
+endif
-test: all
+test: setid gowns captree psx-fd $(TESTS)
CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/psx
CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/cap
LD_LIBRARY_PATH=../libcap ./compare-cap
./psx-signals
+ ./mismatch || exit 0 ; exit 1
+ timeout 5 ./psx-fd || echo "this is a known Go bug"
ifeq ($(CGO_REQUIRED),0)
- $(MAKE) psx-signals-cgo
+ $(MAKE) psx-signals-cgo mismatch-cgo psx-fd-cgo
./psx-signals-cgo
+ ./mismatch-cgo || exit 0 ; exit 1
+ ./psx-fd-cgo
endif
./setid --caps=false
./gowns -- -c "echo gowns runs"
+ ./captree 0
# Note, the user namespace doesn't require sudo, but I wanted to avoid
# requiring that the hosting kernel supports user namespaces for the
# regular test case.
-sudotest: test ../progs/tcapsh-static b210613
- ./gowns --ns -- -c "echo gowns runs with user namespace"
+sudotest: test ../progs/tcapsh-static b210613 b215283
+ ../progs/tcapsh-static --has-b=cap_sys_admin || exit 0 && ./gowns --ns -- -c "echo gowns runs with user namespace"
./try-launching
ifeq ($(CGO_REQUIRED),0)
./try-launching-cgo
endif
- sudo ./try-launching
+ $(SUDO) ./try-launching
ifeq ($(CGO_REQUIRED),0)
- sudo ./try-launching-cgo
+ $(SUDO) ./try-launching-cgo
endif
- sudo ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
+ $(SUDO) ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
+ $(SUDO) ./b215283
+ifeq ($(CGO_REQUIRED),0)
+ $(MAKE) b215283-cgo
+ $(SUDO) ./b215283-cgo
+endif
+
+# As of libcap-2.55 We stopped installing the cap and psx packages as
+# part of the install. Most distribution's packagers skip the Go
+# builds, so it was not well used any way. The new hotness is to just
+# use Go modules and download the packages from a tagged release in
+# the git repository. For an example of how to do this from scratch:
+#
+# https://sites.google.com/site/fullycapable/getting-started-with-go/building-go-programs-that-manipulate-capabilities
+#
+# For those brave souls that do include the Go build (testing) as part
+# of their packaging, we reward them with a copy of the captree
+# utility!
install: all
- rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
- mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
- install -m 0644 vendor/$(IMPORTDIR)/psx/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/psx
- mkdir -p $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
- rm -rf $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap/*
- install -m 0644 vendor/$(IMPORTDIR)/cap/* $(FAKEROOT)$(GOPKGDIR)/$(IMPORTDIR)/cap
+ mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
+ install -m 0755 captree $(FAKEROOT)$(SBINDIR)
clean:
rm -f *.o *.so *~ mknames ok good-names.go
- rm -f web setid gowns
+ rm -f web setid gowns captree captrace
rm -f compare-cap try-launching try-launching-cgo
rm -f $(topdir)/cap/*~ $(topdir)/psx/*~
- rm -f b210613 psx-signals psx-signals-cgo
+ rm -f b210613 b215283 b215283-cgo psx-signals psx-signals-cgo
+ rm -f mismatch mismatch-cgo psx-fd psx-fd-cgo
rm -fr vendor CAPGOPACKAGE PSXGOPACKAGE go.sum
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 17:36:17 +0000