aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStijn Tintel <stijn@linux-ipv6.be>2021-03-12 01:03:22 +0200
committerStijn Tintel <stijn@linux-ipv6.be>2021-04-05 18:20:29 +0300
commit427acb71fc8574406a70d41a1f775c0354768cf5 (patch)
tree32e7f24d9bf926ed05e10a6f9e036de6989dcb7c
parent180c4635265b4907221a62b3068ac89447cd83d7 (diff)
downloadupstream-427acb71fc8574406a70d41a1f775c0354768cf5.tar.gz
upstream-427acb71fc8574406a70d41a1f775c0354768cf5.tar.bz2
upstream-427acb71fc8574406a70d41a1f775c0354768cf5.zip
libcap: import from packages feed
Having libcap in OpenWrt base allows us to enable libcap support in other packages in base. In lldpd, this would allow the monitor process to drop its privileges instead of running as root, improving security. It will also allow us to drop our patch to disable libcap. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
-rw-r--r--package/libs/libcap/Makefile116
-rw-r--r--package/libs/libcap/patches/300-disable-tests.patch10
2 files changed, 126 insertions, 0 deletions
diff --git a/package/libs/libcap/Makefile b/package/libs/libcap/Makefile
new file mode 100644
index 0000000000..0206bd9d1d
--- /dev/null
+++ b/package/libs/libcap/Makefile
@@ -0,0 +1,116 @@
+#
+# Copyright (C) 2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libcap
+PKG_VERSION:=2.43
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE_URL:=@KERNEL/linux/libs/security/linux-privs/libcap2
+PKG_HASH:=512a0e5fc4c1e06d472a20da26aa96a9b9bf2a26b23f094f77f1b8da56cc427f
+
+PKG_MAINTAINER:=Paul Wassi <p.wassi@gmx.at>
+PKG_LICENSE:=GPL-2.0-only
+PKG_LICENSE_FILES:=License
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+define Package/libcap/Default
+ TITLE:=Linux capabilities library
+ SECTION:=libs
+ CATEGORY:=Libraries
+ URL:=https://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
+endef
+
+define Package/libcap/description/Default
+ Linux capabilities
+endef
+
+define Package/libcap
+ $(call Package/libcap/Default)
+ TITLE += library
+endef
+
+define Package/libcap-bin
+ $(call Package/libcap/Default)
+ TITLE += binaries
+ DEPENDS += libcap
+endef
+
+define Package/libcap-bin/description
+ $(call Package/libcap/description/Default)
+ .
+ This package contains the libcap utilities.
+endef
+
+define Package/libcap-bin/config
+ if PACKAGE_libcap-bin
+ config PACKAGE_libcap-bin-capsh-shell
+ string "capsh shell"
+ help
+ Set the capsh shell.
+ default "/bin/sh"
+ endif
+endef
+
+MAKE_FLAGS += \
+ BUILD_CC="$(CC)" \
+ BUILD_CFLAGS="$(FPIC) -I$(PKG_BUILD_DIR)/libcap/include" \
+ CFLAGS="$(TARGET_CFLAGS)" \
+ LD="$(TARGET_CC) -Wl,-x -shared" \
+ LDFLAGS="$(TARGET_LDFLAGS)" \
+ INDENT="| true" \
+ GOLANG="no" \
+ PAM_CAP="no" \
+ RAISE_SETFCAP="no" \
+ DYNAMIC="yes" \
+ lib="lib"
+
+ifneq ($(CONFIG_PACKAGE_libcap-bin-capsh-shell),)
+TARGET_CFLAGS += -DSHELL='\"$(CONFIG_PACKAGE_libcap-bin-capsh-shell)\"'
+endif
+
+TARGET_CFLAGS += $(if $(CONFIG_USE_MUSL),-Dpthread_yield=sched_yield)
+
+define Build/InstallDev
+ $(INSTALL_DIR) $(1)/usr/include/sys
+ $(CP) $(PKG_INSTALL_DIR)/usr/include/sys/*.h $(1)/usr/include/sys/
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/lib/libcap.{so*,a} $(1)/usr/lib/
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/libpsx.a $(1)/usr/lib/
+ $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/pkgconfig/libcap.pc $(1)/usr/lib/pkgconfig/
+ $(SED) 's,exec_prefix=,exec_prefix=/usr,g' $(1)/usr/lib/pkgconfig/libcap.pc
+ $(SED) 's,/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libcap.pc
+ $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libcap.pc
+ $(INSTALL_DATA) $(PKG_INSTALL_DIR)/lib/pkgconfig/libpsx.pc $(1)/usr/lib/pkgconfig/
+ $(SED) 's,exec_prefix=,exec_prefix=/usr,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+ $(SED) 's,/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+ $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/libpsx.pc
+endef
+
+define Package/libcap/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/lib/libcap.so* $(1)/usr/lib/
+endef
+
+define Package/libcap-bin/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(CP) $(PKG_INSTALL_DIR)/sbin/capsh $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/sbin/getcap $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/sbin/getpcaps $(1)/usr/sbin/
+ $(CP) $(PKG_INSTALL_DIR)/sbin/setcap $(1)/usr/sbin/
+endef
+
+$(eval $(call BuildPackage,libcap))
+$(eval $(call BuildPackage,libcap-bin))
diff --git a/package/libs/libcap/patches/300-disable-tests.patch b/package/libs/libcap/patches/300-disable-tests.patch
new file mode 100644
index 0000000000..c1779e28ec
--- /dev/null
+++ b/package/libs/libcap/patches/300-disable-tests.patch
@@ -0,0 +1,10 @@
+--- a/Makefile
++++ b/Makefile
+@@ -17,7 +17,6 @@ ifeq ($(GOLANG),yes)
+ $(MAKE) -C go $@
+ rm -f cap/go.sum
+ endif
+- $(MAKE) -C tests $@
+ $(MAKE) -C progs $@
+ $(MAKE) -C doc $@
+ $(MAKE) -C kdebug $@