[1/4] libcap: import from packages feed

Message ID	20210311232528.338648-2-stijn@linux-ipv6.be
State	Accepted
Delegated to:	Stijn Tintel
Headers	show Return-Path: <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org> From: Stijn Tintel <stijn@linux-ipv6.be> To: openwrt-devel@lists.openwrt.org Cc: John Crispin <john@phrozen.org>, Paul Wassi <p.wassi@gmx.at>, =?utf-8?q?Petr_=C5=A0tetiar?= <ynezz@true.cz> Subject: [PATCH 1/4] libcap: import from packages feed Date: Fri, 12 Mar 2021 01:25:25 +0200 Message-Id: <20210311232528.338648-2-stijn@linux-ipv6.be> In-Reply-To: <20210311232528.338648-1-stijn@linux-ipv6.be> References: <20210311232528.338648-1-stijn@linux-ipv6.be> MIME-Version: 1.0 preview: Having libcap in OpenWrt base allows us to enable libcap support in other packages in base. In lldpd, this would allow the monitor process to drop its privileges instead of running as root, improving security. It will also allow us to drop our patch to disable libcap. Content analysis details: (0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org> Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org
Series	import libcap from packages feed \| expand [0/4] import libcap from packages feed [1/4] libcap: import from packages feed [2/4] libcap: drop invalid copyright header [3/4] libcap: bump to 2.48 [4/4] lldpd: add libcap dependency

Message ID

20210311232528.338648-2-stijn@linux-ipv6.be

State

Accepted

Delegated to:

Stijn Tintel

Headers

From: Stijn Tintel <stijn@linux-ipv6.be>
To: openwrt-devel@lists.openwrt.org
Cc: John Crispin <john@phrozen.org>, Paul Wassi <p.wassi@gmx.at>,
	=?utf-8?q?Petr_=C5=A0tetiar?= <ynezz@true.cz>
Subject: [PATCH 1/4] libcap: import from packages feed
Date: Fri, 12 Mar 2021 01:25:25 +0200
Message-Id: <20210311232528.338648-2-stijn@linux-ipv6.be>
In-Reply-To: <20210311232528.338648-1-stijn@linux-ipv6.be>
References: <20210311232528.338648-1-stijn@linux-ipv6.be>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Series

import libcap from packages feed | expand

Commit Message

Stijn Tintel March 11, 2021, 11:25 p.m. UTC

Having libcap in OpenWrt base allows us to enable libcap support in
other packages in base.

In lldpd, this would allow the monitor process to drop its privileges
instead of running as root, improving security. It will also allow us to
drop our patch to disable libcap.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
---
 package/libs/libcap/Makefile                  | 116 ++++++++++++++++++
 .../libcap/patches/300-disable-tests.patch    |  10 ++
 2 files changed, 126 insertions(+)
 create mode 100644 package/libs/libcap/Makefile
 create mode 100644 package/libs/libcap/patches/300-disable-tests.patch

diff --git a/package/libs/libcap/Makefile b/package/libs/libcap/Makefile
new file mode 100644
index 0000000000..0206bd9d1d
--- /dev/null
+++ b/package/libs/libcap/Makefile
@@ -0,0 +1,116 @@ 
+#
+# Copyright (C) 2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libcap
+PKG_VERSION:=2.43
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@KERNEL/linux/libs/security/linux-privs/libcap2
+PKG_HASH:=512a0e5fc4c1e06d472a20da26aa96a9b9bf2a26b23f094f77f1b8da56cc427f
+
+PKG_MAINTAINER:=Paul Wassi <p.wassi@gmx.at>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=License
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/libcap/Default
+  TITLE:=Linux capabilities library
+  SECTION:=libs
+  CATEGORY:=Libraries
+  URL:=https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
+endef
+
+define Package/libcap/description/Default
+  Linux capabilities
+endef
+
+define Package/libcap
+  $(call Package/libcap/Default)
+  TITLE += library
+endef
+
+define Package/libcap-bin
+  $(call Package/libcap/Default)
+  TITLE += binaries
+  DEPENDS += libcap
+endef
+
+define Package/libcap-bin/description
+  $(call Package/libcap/description/Default)
+  .
+  This package contains the libcap utilities.
+endef
+
+define Package/libcap-bin/config
+  if PACKAGE_libcap-bin
+  config PACKAGE_libcap-bin-capsh-shell
+    string "capsh shell"
+    help
+      Set the capsh shell.
+    default "/bin/sh"
+  endif
+endef
+
+MAKE_FLAGS += \
+    BUILD_CC="$(CC)" \
+    BUILD_CFLAGS="$(FPIC) -I$(PKG_BUILD_DIR)/libcap/include" \
+    CFLAGS="$(TARGET_CFLAGS)" \
+    LD="$(TARGET_CC) -Wl,-x -shared" \
+    LDFLAGS="$(TARGET_LDFLAGS)" \
+    INDENT="| true" \
+    GOLANG="no" \
+    PAM_CAP="no" \
+    RAISE_SETFCAP="no" \
+    DYNAMIC="yes" \
+    lib="lib"
+
+ifneq ($(CONFIG_PACKAGE_libcap-bin-capsh-shell),)
+TARGET_CFLAGS += -DSHELL='\"$(CONFIG_PACKAGE_libcap-bin-capsh-shell)\"'
+endif
+
+TARGET_CFLAGS += $(if $(CONFIG_USE_MUSL),-Dpthread_yield=sched_yield)
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/sys
+	$(CP) $(PKG_INSTALL_DIR)/usr/include/sys/*.h $(1)/usr/include/sys/
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/lib/libcap.{so*,a} $(1)/usr/lib/
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/libpsx.a $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/pkgconfig/libcap.pc $(1)/usr/lib/pkgconfig/
+	$(SED) 's,exec_prefix=,exec_prefix=/usr,g' $(1)/usr/lib/pkgconfig/libcap.pc
+	$(SED) 's,/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libcap.pc
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libcap.pc
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/pkgconfig/libpsx.pc $(1)/usr/lib/pkgconfig/
+	$(SED) 's,exec_prefix=,exec_prefix=/usr,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+	$(SED) 's,/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+endef
+
+define Package/libcap/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/lib/libcap.so* $(1)/usr/lib/
+endef
+
+define Package/libcap-bin/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(CP) $(PKG_INSTALL_DIR)/sbin/capsh     $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/sbin/getcap    $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/sbin/getpcaps  $(1)/usr/sbin/
+	$(CP) $(PKG_INSTALL_DIR)/sbin/setcap    $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,libcap))
+$(eval $(call BuildPackage,libcap-bin))
diff --git a/package/libs/libcap/patches/300-disable-tests.patch b/package/libs/libcap/patches/300-disable-tests.patch
new file mode 100644
index 0000000000..c1779e28ec
--- /dev/null
+++ b/package/libs/libcap/patches/300-disable-tests.patch
@@ -0,0 +1,10 @@ 
+--- a/Makefile
++++ b/Makefile
+@@ -17,7 +17,6 @@ ifeq ($(GOLANG),yes)
+ 	$(MAKE) -C go $@
+ 	rm -f cap/go.sum
+ endif
+-	$(MAKE) -C tests $@
+ 	$(MAKE) -C progs $@
+ 	$(MAKE) -C doc $@
+ 	$(MAKE) -C kdebug $@

[1/4] libcap: import from packages feed

Commit Message

Patch