xref: /aosp_15_r20/external/libcap/go/Makefile (revision 2810ac1b38eead2603277920c78344c84ddf3aff) 
1*2810ac1bSKiyoung Kim# Building the libcap/{cap.psx} Go packages, and examples.
2*2810ac1bSKiyoung Kim#
3*2810ac1bSKiyoung Kim# Note, we use symlinks to construct a go.mod build friendly tree. The
4*2810ac1bSKiyoung Kim# packages themselves are intended to be (ultimately) found via proxy
5*2810ac1bSKiyoung Kim# as "kernel.org/pub/linux/libs/security/libcap/cap" and
6*2810ac1bSKiyoung Kim# "kernel.org/pub/linux/libs/security/libcap/psx". However, to
7*2810ac1bSKiyoung Kim# validate their use on these paths, we fake such a structure in the
8*2810ac1bSKiyoung Kim# build tree with symlinks and a vendor directory.
9*2810ac1bSKiyoung Kim
10*2810ac1bSKiyoung Kimtopdir=$(realpath ..)
11*2810ac1bSKiyoung Kiminclude $(topdir)/Make.Rules
12*2810ac1bSKiyoung Kim
13*2810ac1bSKiyoung KimIMPORTDIR=kernel.org/pub/linux/libs/security/libcap
14*2810ac1bSKiyoung KimPKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR)
15*2810ac1bSKiyoung Kim
16*2810ac1bSKiyoung KimDEPS=../libcap/libcap.a ../libcap/libpsx.a
17*2810ac1bSKiyoung KimTESTS=compare-cap try-launching psx-signals mismatch
18*2810ac1bSKiyoung Kim
19*2810ac1bSKiyoung Kimall: PSXGOPACKAGE CAPGOPACKAGE web setid gowns captree captrace
20*2810ac1bSKiyoung Kim
21*2810ac1bSKiyoung Kim$(DEPS):
22*2810ac1bSKiyoung Kim	$(MAKE) -C ../libcap all
23*2810ac1bSKiyoung Kim
24*2810ac1bSKiyoung Kim../progs/tcapsh-static:
25*2810ac1bSKiyoung Kim	$(MAKE) -C ../progs tcapsh-static
26*2810ac1bSKiyoung Kim
27*2810ac1bSKiyoung Kimvendor/$(IMPORTDIR):
28*2810ac1bSKiyoung Kim	mkdir -p "vendor/$(IMPORTDIR)"
29*2810ac1bSKiyoung Kim
30*2810ac1bSKiyoung Kimvendor/modules.txt: vendor/$(IMPORTDIR)
31*2810ac1bSKiyoung Kim	echo "# $(IMPORTDIR)/psx v$(GOMAJOR).$(VERSION).$(MINOR)" > vendor/modules.txt
32*2810ac1bSKiyoung Kim	echo "$(IMPORTDIR)/psx" >> vendor/modules.txt
33*2810ac1bSKiyoung Kim	echo "# $(IMPORTDIR)/cap v$(GOMAJOR).$(VERSION).$(MINOR)" >> vendor/modules.txt
34*2810ac1bSKiyoung Kim	echo "$(IMPORTDIR)/cap" >> vendor/modules.txt
35*2810ac1bSKiyoung Kim
36*2810ac1bSKiyoung Kimvendor/$(IMPORTDIR)/psx: vendor/modules.txt
37*2810ac1bSKiyoung Kim	ln -sf $(topdir)/psx vendor/$(IMPORTDIR)
38*2810ac1bSKiyoung Kim	touch ../psx
39*2810ac1bSKiyoung Kim
40*2810ac1bSKiyoung Kimvendor/$(IMPORTDIR)/cap: vendor/modules.txt
41*2810ac1bSKiyoung Kim	ln -sf $(topdir)/cap vendor/$(IMPORTDIR)
42*2810ac1bSKiyoung Kim	touch ../cap
43*2810ac1bSKiyoung Kim
44*2810ac1bSKiyoung Kim$(topdir)/libcap/cap_names.h:
45*2810ac1bSKiyoung Kim	$(MAKE) -C $(topdir)/libcap cap_names.h
46*2810ac1bSKiyoung Kim
47*2810ac1bSKiyoung Kimgood-names.go: $(topdir)/libcap/cap_names.h vendor/$(IMPORTDIR)/cap mknames.go
48*2810ac1bSKiyoung Kim	CC="$(CC)" $(GO) run -mod=vendor mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@
49*2810ac1bSKiyoung Kim	diff -u ../cap/names.go $@
50*2810ac1bSKiyoung Kim
51*2810ac1bSKiyoung KimPSXGOPACKAGE: vendor/$(IMPORTDIR)/psx ../psx/*.go $(DEPS)
52*2810ac1bSKiyoung Kim	touch $@
53*2810ac1bSKiyoung Kim
54*2810ac1bSKiyoung KimCAPGOPACKAGE: vendor/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
55*2810ac1bSKiyoung Kim	touch $@
56*2810ac1bSKiyoung Kim
57*2810ac1bSKiyoung Kim# Compiles something with this package to compare it to libcap. This
58*2810ac1bSKiyoung Kim# tests more when run under sudotest (see ../progs/quicktest.sh for that).
59*2810ac1bSKiyoung Kimcompare-cap: compare-cap.go CAPGOPACKAGE
60*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
61*2810ac1bSKiyoung Kim
62*2810ac1bSKiyoung Kimweb: ../goapps/web/web.go CAPGOPACKAGE
63*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
64*2810ac1bSKiyoung Kimifeq ($(RAISE_GO_FILECAP),yes)
65*2810ac1bSKiyoung Kim	$(MAKE) -C ../progs setcap
66*2810ac1bSKiyoung Kim	$(SUDO) ../progs/setcap cap_setpcap,cap_net_bind_service=p web
67*2810ac1bSKiyoung Kim	@echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary"
68*2810ac1bSKiyoung Kimendif
69*2810ac1bSKiyoung Kim
70*2810ac1bSKiyoung Kimsetid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE
71*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
72*2810ac1bSKiyoung Kim
73*2810ac1bSKiyoung Kimgowns: ../goapps/gowns/gowns.go CAPGOPACKAGE
74*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
75*2810ac1bSKiyoung Kim
76*2810ac1bSKiyoung Kimcaptree: ../goapps/captree/captree.go CAPGOPACKAGE
77*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
78*2810ac1bSKiyoung Kim
79*2810ac1bSKiyoung Kimcaptrace: ../goapps/captrace/captrace.go CAPGOPACKAGE
80*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
81*2810ac1bSKiyoung Kim
82*2810ac1bSKiyoung Kimok: ok.go vendor/modules.txt
83*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS)  -mod=vendor $<
84*2810ac1bSKiyoung Kim
85*2810ac1bSKiyoung Kimtry-launching: try-launching.go CAPGOPACKAGE ok
86*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
87*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
88*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@-cgo $<
89*2810ac1bSKiyoung Kimendif
90*2810ac1bSKiyoung Kim
91*2810ac1bSKiyoung Kim# This is a test case developed from the deadlock investigation,
92*2810ac1bSKiyoung Kim# https://github.com/golang/go/issues/50113 . Note the psx-fd.go code
93*2810ac1bSKiyoung Kim# works when compiled CGO_ENABLED=1, but deadlocks when compiled
94*2810ac1bSKiyoung Kim# CGO_ENABLED=0. This is true for go1.16 and go1.17. The go1.18
95*2810ac1bSKiyoung Kim# release fixed this by rewriting the AllThreadsSyscall support, but
96*2810ac1bSKiyoung Kim# the large change was not backported. (See noted bug for a much
97*2810ac1bSKiyoung Kim# smaller patch for this issue on those older releases.)
98*2810ac1bSKiyoung Kimpsx-fd: psx-fd.go PSXGOPACKAGE
99*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
100*2810ac1bSKiyoung Kim
101*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
102*2810ac1bSKiyoung Kimpsx-fd-cgo: psx-fd.go PSXGOPACKAGE
103*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
104*2810ac1bSKiyoung Kimendif
105*2810ac1bSKiyoung Kim
106*2810ac1bSKiyoung Kimpsx-signals: psx-signals.go PSXGOPACKAGE
107*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
108*2810ac1bSKiyoung Kim
109*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
110*2810ac1bSKiyoung Kimpsx-signals-cgo: psx-signals.go PSXGOPACKAGE
111*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
112*2810ac1bSKiyoung Kimendif
113*2810ac1bSKiyoung Kim
114*2810ac1bSKiyoung Kimb210613: b210613.go CAPGOPACKAGE
115*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
116*2810ac1bSKiyoung Kim
117*2810ac1bSKiyoung Kimb215283: b215283.go CAPGOPACKAGE
118*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
119*2810ac1bSKiyoung Kim
120*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
121*2810ac1bSKiyoung Kimb215283-cgo: b215283.go CAPGOPACKAGE
122*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
123*2810ac1bSKiyoung Kimendif
124*2810ac1bSKiyoung Kim
125*2810ac1bSKiyoung Kimmismatch: mismatch.go PSXGOPACKAGE
126*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
127*2810ac1bSKiyoung Kim
128*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
129*2810ac1bSKiyoung Kimmismatch-cgo: mismatch.go CAPGOPACKAGE
130*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
131*2810ac1bSKiyoung Kimendif
132*2810ac1bSKiyoung Kim
133*2810ac1bSKiyoung Kimtest: setid gowns captree psx-fd $(TESTS)
134*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/psx
135*2810ac1bSKiyoung Kim	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/cap
136*2810ac1bSKiyoung Kim	LD_LIBRARY_PATH=../libcap ./compare-cap
137*2810ac1bSKiyoung Kim	./psx-signals
138*2810ac1bSKiyoung Kim	./mismatch || exit 0 ; exit 1
139*2810ac1bSKiyoung Kim	timeout 5 ./psx-fd || echo "this is a known Go bug"
140*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
141*2810ac1bSKiyoung Kim	$(MAKE) psx-signals-cgo mismatch-cgo psx-fd-cgo
142*2810ac1bSKiyoung Kim	./psx-signals-cgo
143*2810ac1bSKiyoung Kim	./mismatch-cgo || exit 0 ; exit 1
144*2810ac1bSKiyoung Kim	./psx-fd-cgo
145*2810ac1bSKiyoung Kimendif
146*2810ac1bSKiyoung Kim	./setid --caps=false
147*2810ac1bSKiyoung Kim	./gowns -- -c "echo gowns runs"
148*2810ac1bSKiyoung Kim	./captree 0
149*2810ac1bSKiyoung Kim
150*2810ac1bSKiyoung Kim# Note, the user namespace doesn't require sudo, but I wanted to avoid
151*2810ac1bSKiyoung Kim# requiring that the hosting kernel supports user namespaces for the
152*2810ac1bSKiyoung Kim# regular test case.
153*2810ac1bSKiyoung Kimsudotest: test ../progs/tcapsh-static b210613 b215283
154*2810ac1bSKiyoung Kim	../progs/tcapsh-static --has-b=cap_sys_admin || exit 0 && ./gowns --ns -- -c "echo gowns runs with user namespace"
155*2810ac1bSKiyoung Kim	./try-launching
156*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
157*2810ac1bSKiyoung Kim	./try-launching-cgo
158*2810ac1bSKiyoung Kimendif
159*2810ac1bSKiyoung Kim	$(SUDO) ./try-launching
160*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
161*2810ac1bSKiyoung Kim	$(SUDO) ./try-launching-cgo
162*2810ac1bSKiyoung Kimendif
163*2810ac1bSKiyoung Kim	$(SUDO) ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
164*2810ac1bSKiyoung Kim	$(SUDO) ./b215283
165*2810ac1bSKiyoung Kimifeq ($(CGO_REQUIRED),0)
166*2810ac1bSKiyoung Kim	$(MAKE) b215283-cgo
167*2810ac1bSKiyoung Kim	$(SUDO) ./b215283-cgo
168*2810ac1bSKiyoung Kimendif
169*2810ac1bSKiyoung Kim
170*2810ac1bSKiyoung Kim
171*2810ac1bSKiyoung Kim# As of libcap-2.55 We stopped installing the cap and psx packages as
172*2810ac1bSKiyoung Kim# part of the install.  Most distribution's packagers skip the Go
173*2810ac1bSKiyoung Kim# builds, so it was not well used any way. The new hotness is to just
174*2810ac1bSKiyoung Kim# use Go modules and download the packages from a tagged release in
175*2810ac1bSKiyoung Kim# the git repository. For an example of how to do this from scratch:
176*2810ac1bSKiyoung Kim#
177*2810ac1bSKiyoung Kim#   https://sites.google.com/site/fullycapable/getting-started-with-go/building-go-programs-that-manipulate-capabilities
178*2810ac1bSKiyoung Kim#
179*2810ac1bSKiyoung Kim# For those brave souls that do include the Go build (testing) as part
180*2810ac1bSKiyoung Kim# of their packaging, we reward them with a copy of the captree
181*2810ac1bSKiyoung Kim# utility!
182*2810ac1bSKiyoung Kiminstall: all
183*2810ac1bSKiyoung Kim	mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
184*2810ac1bSKiyoung Kim	install -m 0755 captree $(FAKEROOT)$(SBINDIR)
185*2810ac1bSKiyoung Kim
186*2810ac1bSKiyoung Kimclean:
187*2810ac1bSKiyoung Kim	rm -f *.o *.so *~ mknames ok good-names.go
188*2810ac1bSKiyoung Kim	rm -f web setid gowns captree captrace
189*2810ac1bSKiyoung Kim	rm -f compare-cap try-launching try-launching-cgo
190*2810ac1bSKiyoung Kim	rm -f $(topdir)/cap/*~ $(topdir)/psx/*~
191*2810ac1bSKiyoung Kim	rm -f b210613 b215283 b215283-cgo psx-signals psx-signals-cgo
192*2810ac1bSKiyoung Kim	rm -f mismatch mismatch-cgo psx-fd psx-fd-cgo
193*2810ac1bSKiyoung Kim	rm -fr vendor CAPGOPACKAGE PSXGOPACKAGE go.sum
194