commit f0ba6130c2988a9d06da9270bedf2ca2020088cb
parent bf43cd5047c2819d10d42f3a1e480593ba72dac7
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Wed, 25 Jun 2014 00:18:47 +0200
add libcap (and binaries)
Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org>
Diffstat:
7 files changed, 235 insertions(+), 0 deletions(-)
diff --git a/libcap/checksums b/libcap/checksums
@@ -0,0 +1 @@
+c062bab936d651a50efa66dcfa51ab3ce4b0881195d23bb32142b5c8044d30e0e2152f3497844ce90c04f909aeffe2d41203efff41972e38758dcca7b653884b libcap-2.24.tar.xz
diff --git a/libcap/depsinc.mk b/libcap/depsinc.mk
@@ -0,0 +1,11 @@
+<$libcap_DEPDIR/v.mk
+
+libcap_bindir = ${libcap_DEPDIR}/libcap-$v/lib/bin
+libcap_libdir = ${libcap_DEPDIR}/libcap-$v/lib/lib
+libcap_includedir = ${libcap_DEPDIR}/libcap-$v/lib/include
+
+libcap_CFLAGS = -I${libcap_includedir}
+libcap_LDFLAGS = -L${libcap_libdir} -lcap
+
+DEPS_CFLAGS = $DEPS_CFLAGS ${libcap_CFLAGS}
+DEPS_LDFLAGS = $DEPS_LDFLAGS ${libcap_LDFLAGS}
diff --git a/libcap/libcap.mk b/libcap/libcap.mk
@@ -0,0 +1,38 @@
+# make deps: perl.
+# TODO: use libattr, for libpcap/cap_file.c ?
+TARG = libcap
+# DEPS = libattr?
+
+INSTALL_BIN = \
+ progs/capsh \
+ progs/getcap \
+ progs/getpcaps \
+ progs/setcap
+
+INSTALL_MAN3 = \
+ `{ ls doc/*.3 }
+
+INSTALL_MAN8 = \
+ `{ ls doc/*.8 }
+
+<$mkbuild/mk.common
+
+libcap:QV:
+ cp ../make.rules Make.Rules
+ cp ../libcap_makefile libcap/Makefile
+ sed 's@/bin/bash@/bin/sh@g' -i progs/capsh.c
+ # install lib for use as a dependency.
+ make -j$nprocs install \
+ prefix="/" \
+ lib="/lib" \
+ BUILD_CC="$HOSTCC" \
+ CFLAGS="$CFLAGS" \
+ LDFLAGS="$LDFLAGS" \
+ FAKEROOT="`pwd`/lib" \
+ DESTDIR="`pwd`/lib" \
+ PAM_CAP="no" \
+ RAISE_SETFCAP="no" \
+ CC="$CC -static" \
+ LD="$LD"
+ AR="$AR" \
+ RANLIB="$RANLIB"
diff --git a/libcap/libcap_makefile b/libcap/libcap_makefile
@@ -0,0 +1,91 @@
+#
+# defines
+#
+topdir=$(shell pwd)/..
+include ../Make.Rules
+#
+# Library version
+#
+#LIBNAME=$(LIBTITLE).so
+STALIBNAME=$(LIBTITLE).a
+#
+
+FILES=cap_alloc cap_proc cap_extint cap_flag cap_text
+
+# make including file support something you can override (no libattr
+# no support).
+ifeq ($(LIBATTR),yes)
+FILES += cap_file
+LDFLAGS += -lattr
+DEPS = -lattr
+endif
+
+INCLS=libcap.h cap_names.h $(INCS)
+OBJS=$(addsuffix .o, $(FILES))
+#MAJLIBNAME=$(LIBNAME).$(VERSION)
+#MINLIBNAME=$(MAJLIBNAME).$(MINOR)
+GPERF_OUTPUT = _caps_output.gperf
+
+all: $(STALIBNAME)
+
+ifeq ($(shell gperf --version > /dev/null 2>&1 && echo yes),yes)
+USE_GPERF_OUTPUT = $(GPERF_OUTPUT)
+INCLUDE_GPERF_OUTPUT = -include $(GPERF_OUTPUT)
+endif
+
+libcap.pc: libcap.pc.in
+ sed -e 's,@prefix@,$(prefix),' \
+ -e 's,@exec_prefix@,$(exec_prefix),' \
+ -e 's,@libdir@,$(lib_prefix)/$(lib),' \
+ -e 's,@includedir@,$(inc_prefix)/include,' \
+ -e 's,@VERSION@,$(VERSION).$(MINOR),' \
+ -e 's,@deps@,$(DEPS),' \
+ $< >$@
+
+_makenames: _makenames.c cap_names.list.h
+ $(BUILD_CC) $(BUILD_CFLAGS) $< -o $@
+
+cap_names.h: _makenames
+ ./_makenames > cap_names.h
+
+$(GPERF_OUTPUT): cap_names.list.h
+ perl -e 'print "struct __cap_token_s { const char *name; int index; };\n%{\nconst struct __cap_token_s *__cap_lookup_name(const char *, unsigned int);\n%}\n%%\n"; while ($$l = <>) { $$l =~ s/[\{\"]//g; $$l =~ s/\}.*// ; print $$l; }' < $< | gperf --ignore-case --language=ANSI-C --readonly --null-strings --global-table --hash-function-name=__cap_hash_name --lookup-function-name="__cap_lookup_name" -c -t -m20 $(INDENT) > $@
+
+cap_names.list.h: Makefile $(KERNEL_HEADERS)/linux/capability.h
+ @echo "=> making $@ from $(KERNEL_HEADERS)/linux/capability.h"
+ perl -e 'while ($$l=<>) { if ($$l =~ /^\#define[ \t](CAP[_A-Z]+)[ \t]+([0-9]+)\s+$$/) { $$tok=$$1; $$val=$$2; $$tok =~ tr/A-Z/a-z/; print "{\"$$tok\",$$val},\n"; } }' $(KERNEL_HEADERS)/linux/capability.h | fgrep -v 0x > $@
+
+$(STALIBNAME): $(OBJS)
+ $(AR) rc $@ $^
+ $(RANLIB) $@
+
+#$(MINLIBNAME): $(OBJS)
+# $(LD) $(CFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJLIBNAME) -o $@ $^
+# ln -sf $(MINLIBNAME) $(MAJLIBNAME)
+# ln -sf $(MAJLIBNAME) $(LIBNAME)
+
+%.o: %.c $(INCLS)
+ $(CC) $(CFLAGS) $(IPATH) -c $< -o $@
+
+cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS)
+ $(CC) $(CFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
+
+install: all
+ mkdir -p -m 0755 $(INCDIR)/sys
+ install -m 0644 include/sys/capability.h $(INCDIR)/sys
+ mkdir -p -m 0755 $(LIBDIR)
+ install -m 0644 $(STALIBNAME) $(LIBDIR)/$(STALIBNAME)
+# install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME)
+# ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME)
+# ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME)
+ifeq ($(FAKEROOT),)
+ -/sbin/ldconfig
+endif
+# mkdir -p -m 0755 $(PKGCONFIGDIR)
+# install -m 0644 libcap.pc $(PKGCONFIGDIR)/libcap.pc
+
+clean:
+ $(LOCALCLEAN)
+ rm -f $(OBJS) $(LIBNAME)* $(STALIBNAME) libcap.pc
+ rm -f cap_names.h cap_names.list.h _makenames $(GPERF_OUTPUT)
+ cd include/sys && $(LOCALCLEAN)
diff --git a/libcap/make.rules b/libcap/make.rules
@@ -0,0 +1,87 @@
+#
+## Optional prefixes:
+#
+
+# common 'packaging' directoty
+
+FAKEROOT=$(DESTDIR)
+
+# Autoconf-style prefixes are activated when $(prefix) is defined.
+# Otherwise binaries and libraries are installed in /{lib,sbin}/,
+# header files in /usr/include/ and documentation in /usr/man/man?/.
+# These choices are motivated by the fact that getcap and setcap are
+# administrative operations that could be needed to recover a system.
+
+ifndef lib
+lib=$(shell ldd /usr/bin/ld|egrep "ld-linux|ld.so"|cut -d/ -f2)
+endif
+
+ifdef prefix
+exec_prefix=$(prefix)
+lib_prefix=$(exec_prefix)
+inc_prefix=$(lib_prefix)
+man_prefix=$(prefix)/share
+else
+prefix=/usr
+exec_prefix=
+lib_prefix=$(exec_prefix)
+inc_prefix=$(prefix)
+man_prefix=$(prefix)/share
+endif
+
+# Target directories
+
+MANDIR=$(FAKEROOT)$(man_prefix)/man
+SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin
+INCDIR=$(FAKEROOT)$(inc_prefix)/include
+LIBDIR=$(FAKEROOT)$(lib_prefix)/$(lib)
+PKGCONFIGDIR=$(FAKEROOT)$(prefix)/$(lib)/pkgconfig
+
+# common defines for libcap
+LIBTITLE=libcap
+VERSION=2
+MINOR=24
+#
+
+# Compilation specifics
+
+KERNEL_HEADERS := $(topdir)/libcap/include/uapi
+IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
+
+#CC := gcc
+CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+BUILD_CC := $(CC)
+BUILD_CFLAGS := $(CFLAGS) $(IPATH)
+#AR := ar
+#RANLIB := ranlib
+DEBUG = #-DDEBUG
+WARNINGS=-Wall -Wwrite-strings \
+ -Wpointer-arith -Wcast-qual -Wcast-align \
+ -Wstrict-prototypes -Wmissing-prototypes \
+ -Wnested-externs -Winline -Wshadow
+#LD=$(CC) -Wl,-x -shared
+#LDFLAGS := #-g
+
+SYSTEM_HEADERS = /usr/include
+INCS=$(topdir)/libcap/include/sys/capability.h
+LDFLAGS += -L$(topdir)/libcap
+CFLAGS += -Dlinux $(WARNINGS) $(DEBUG)
+PAM_CAP := $(shell if [ -f /usr/include/security/pam_modules.h ]; then echo yes ; else echo no ; fi)
+INDENT := $(shell if [ -n "$(which indent 2>/dev/null)" ]; then echo "| indent -kr" ; fi)
+DYNAMIC := $(shell if [ ! -d "$(topdir)/.git" ]; then echo yes; fi)
+LIBATTR := yes
+
+# When installing setcap, set its inheritable bit to be able to place
+# capabilities on files. It can be used in conjunction with pam_cap
+# (associated with su and certain users say) to make it useful for
+# specially blessed users. If you wish to drop this install feature,
+# use this command when running install
+#
+# make RAISE_SETFCAP=no install
+#
+RAISE_SETFCAP := $(LIBATTR)
+
+# Global cleanup stuff
+
+LOCALCLEAN=rm -f *~ core
+DISTCLEAN=@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f
diff --git a/libcap/mkfile b/libcap/mkfile
@@ -0,0 +1,6 @@
+<$mkbuild/mk.3rdparty
+
+<v.mk
+src = libcap-$v
+url = https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-$v.tar.xz
+mkfile = ../libcap.mk
diff --git a/libcap/v.mk b/libcap/v.mk
@@ -0,0 +1 @@
+v = 2.24
