* [Buildroot] [pull request] provide and install libssp
@ 2014-12-30 22:22 Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp Yann E. MORIN
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:22 UTC (permalink / raw)
To: buildroot
Hello All!
This series attempts to cover the cases where libssp might:
- be needed by some packages (mostly proprietary stuff), such as
pre-built binaries that are dynamically linked to libssp.so.1
- source but proprietary packages for which it is not possible to
update/fix the build system, and which unconditionally want to
link at build time against -lssp or -lssp_nonshared
So, this series:
- adds a package that installs a fake, empty libssp.so.1 in target
(for pre-built stuff) and a fake libssp.a and libssp_nonshared.a
in staging (for unfixable proprietary source); this package is
always built and installed, even if not doing SSP builds, because
of pre-built proprietary stuff;
- adds an option to external libs to specify whether they implement
SSP via libssp or not (default: no, as previously).
This is not fool-proof tested, and only casual testing was done:
- using an external toolchain without libssp.so
- using the same toolchain with an empty file has libssp.so (just so
as to trigger the mechanism)
Regards,
Yann E. MORIN.
The following changes since commit 4fc5f4a644029d2d15e2fb7907f8ad6ae45ed249:
package/libiio: fix static build (2014-12-30 11:19:12 +0100)
are available in the git repository at:
git://git.busybox.net/~ymorin/git/buildroot yem/libssp
for you to fetch changes up to 15e521114fdad342030ec2a699e44190188a3cd2:
toolchain/external: add option to install libssp (2014-12-30 23:11:16 +0100)
----------------------------------------------------------------
Yann E. MORIN (4):
toolchain: add hidden option to specify it has libssp
package/libssp-fake: new package
toolchain: add dependency to fake libssp if needed
toolchain/external: add option to install libssp
package/Config.in | 1 +
package/libssp-fake/Config.in | 12 ++++++
package/libssp-fake/libssp-fake.mk | 47 ++++++++++++++++++++++
toolchain/helpers.mk | 25 +++++++++++-
toolchain/toolchain-common.in | 3 ++
toolchain/toolchain-external/Config.in | 13 ++++++
toolchain/toolchain-external/toolchain-external.mk | 3 ++
toolchain/toolchain/toolchain.mk | 4 ++
8 files changed, 106 insertions(+), 2 deletions(-)
create mode 100644 package/libssp-fake/Config.in
create mode 100644 package/libssp-fake/libssp-fake.mk
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
@ 2014-12-30 22:22 ` Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 2/4] package/libssp-fake: new package Yann E. MORIN
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:22 UTC (permalink / raw)
To: buildroot
Although SSP support is usuaaly provided by the C library, some
toolchains may provide it using an alternate libssp implementation, most
notably the one from gcc.
Add a new option a toolchain may select if it provides SSP support using
a separate libssp.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
toolchain/toolchain-common.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/toolchain/toolchain-common.in b/toolchain/toolchain-common.in
index 2ee2019..9be5420 100644
--- a/toolchain/toolchain-common.in
+++ b/toolchain/toolchain-common.in
@@ -44,6 +44,9 @@ config BR2_TOOLCHAIN_HAS_SHADOW_PASSWORDS
config BR2_TOOLCHAIN_HAS_SSP
bool
+config BR2_TOOLCHAIN_HAS_LIBSSP
+ bool
+
config BR2_ENABLE_LOCALE_PURGE
bool "Purge unwanted locales"
help
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 2/4] package/libssp-fake: new package
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp Yann E. MORIN
@ 2014-12-30 22:22 ` Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 3/4] toolchain: add dependency to fake libssp if needed Yann E. MORIN
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:22 UTC (permalink / raw)
To: buildroot
This installs a fake, empty libssp for those packages (mostly
proprietary) that want to link with -lssp or -lssp_nonshared.
This is a prompt-less symbol, because it should only be selected
when the toolchain does not have it (i.e. it is provided by the
C library).
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
package/Config.in | 1 +
package/libssp-fake/Config.in | 12 ++++++++++
package/libssp-fake/libssp-fake.mk | 47 ++++++++++++++++++++++++++++++++++++++
3 files changed, 60 insertions(+)
create mode 100644 package/libssp-fake/Config.in
create mode 100644 package/libssp-fake/libssp-fake.mk
diff --git a/package/Config.in b/package/Config.in
index 3b37bb2..21f34b3 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -914,6 +914,7 @@ menu "Other"
source "package/libseccomp/Config.in"
source "package/libsigc/Config.in"
source "package/libsigsegv/Config.in"
+ source "package/libssp-fake/Config.in"
source "package/libtasn1/Config.in"
source "package/libtpl/Config.in"
source "package/libubox/Config.in"
diff --git a/package/libssp-fake/Config.in b/package/libssp-fake/Config.in
new file mode 100644
index 0000000..cac5269
--- /dev/null
+++ b/package/libssp-fake/Config.in
@@ -0,0 +1,12 @@
+# This is a no-prompt package, because it is automatically selected
+# by the toolchains that need it.
+# We need the sumbol for legal-info.
+config BR2_PACKAGE_LIBSSP_FAKE
+ bool
+ default y if !BR2_TOOLCHAIN_HAS_LIBSSP
+ help
+ This installs a fake (aka empty) libssp.
+
+ Usually, SSP support is provided by the C library, but some
+ programs may insist on linking to libssp, most notably because
+ they also link to a pre-built library that is linked to libssp.
diff --git a/package/libssp-fake/libssp-fake.mk b/package/libssp-fake/libssp-fake.mk
new file mode 100644
index 0000000..2c52a94
--- /dev/null
+++ b/package/libssp-fake/libssp-fake.mk
@@ -0,0 +1,47 @@
+################################################################################
+#
+# libssp
+#
+################################################################################
+
+LIBSSP_FAKE_SOURCE =
+LIBSSP_FAKE_INSTALL_STAGING = YES
+
+# We'll be handling the dependency ourselves, since we want to be built
+# after any toolchain backend, but we are a dependency of the virtual
+# package 'toolchain'.
+LIBSSP_FAKE_ADD_TOOLCHAIN_DEPENDENCY = NO
+
+ifeq ($(BR2_TOOLCHAIN_BUILDROOT),y)
+LIBSSP_FAKE_DEPENDENCIES = toolchain-buildroot
+else ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y)
+LIBSSP_FAKE_DEPENDENCIES = toolchain-external
+endif
+
+# Build both static and shared variants
+define LIBSSP_FAKE_BUILD_CMDS
+ $(TARGET_AR) rcs $(@D)/libssp_nonshared.a /dev/null
+ $(TARGET_CC_NOCCACHE) -shared -fPIC -Wl,-soname,libssp.so.1 -o $(@D)/libssp.so.1 -x c /dev/null
+endef
+
+# Install the non-shared variant in staging, so programs can link to it
+# at build time. Provide a variant without the _nonshared extension for
+# those that are brain-damaged enough to link with -lssp.
+#
+# Since they are really empty libraries, we do not need to condition the
+# install with the usual BR2_STATIC_LIBS or BR2_SHARED_STATIC_LIBS; neither
+# of them would add any code whatsoever to anything that links to either.
+define LIBSSP_FAKE_INSTALL_STAGING_CMDS
+ $(INSTALL) -D -m 0644 $(@D)/libssp_nonshared.a $(STAGING_DIR)/usr/lib/libssp_nonshared.a
+ ln -sf libssp_nonshared.a $(STAGING_DIR)/usr/lib/libssp.a
+endef
+
+# Install the shared variant in target, so pre-built binaries can link to it
+# at runtime, but only if we want shared library support.
+ifeq ($(BR2_SHARED_LIBS)$(BR2_SHARED_STATIC_LIBS),y)
+define LIBSSP_FAKE_INSTALL_TARGET_CMDS
+ $(INSTALL) -D -m 0644 $(@D)/libssp.so.1 $(TARGET_DIR)/usr/lib/libssp.so.1
+endef
+endif
+
+$(eval $(generic-package))
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 3/4] toolchain: add dependency to fake libssp if needed
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 2/4] package/libssp-fake: new package Yann E. MORIN
@ 2014-12-30 22:22 ` Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 4/4] toolchain/external: add option to install libssp Yann E. MORIN
2014-12-30 22:25 ` [Buildroot] [pull request] provide and " Yann E. MORIN
4 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:22 UTC (permalink / raw)
To: buildroot
Some brain-damaged pakages (mostly proprietary) may insist on linking
to it, either at build time, or at runtime (e.g. pre-built binaries).
Add a conditional dependency to the newly-introduced libssp-fake.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
toolchain/toolchain/toolchain.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/toolchain/toolchain/toolchain.mk b/toolchain/toolchain/toolchain.mk
index c22713b..12fa352 100644
--- a/toolchain/toolchain/toolchain.mk
+++ b/toolchain/toolchain/toolchain.mk
@@ -10,6 +10,10 @@ else ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y)
TOOLCHAIN_DEPENDENCIES += toolchain-external
endif
+ifeq ($(BR2_PACKAGE_LIBSSP_FAKE),y)
+TOOLCHAIN_DEPENDENCIES += libssp-fake
+endif
+
TOOLCHAIN_ADD_TOOLCHAIN_DEPENDENCY = NO
$(eval $(virtual-package))
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 4/4] toolchain/external: add option to install libssp
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
` (2 preceding siblings ...)
2014-12-30 22:22 ` [Buildroot] [PATCH 3/4] toolchain: add dependency to fake libssp if needed Yann E. MORIN
@ 2014-12-30 22:22 ` Yann E. MORIN
2014-12-30 22:25 ` [Buildroot] [pull request] provide and " Yann E. MORIN
4 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:22 UTC (permalink / raw)
To: buildroot
While SSP support (guard and handler) is usually provided by the C
library, it is not always true, and can be provided by a third-party
implementation, such as the one from gcc.
Add an option the user can set if their toolchain uses libssp to provide
SSP support.
Also add a sanity check to verify the setting is correct.
Note: we need not add a -lssp or -lssp_nonshared to TARGET_LDFLAGS,
because that is handled automatically by gcc.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
toolchain/helpers.mk | 25 ++++++++++++++++++++--
toolchain/toolchain-external/Config.in | 13 +++++++++++
toolchain/toolchain-external/toolchain-external.mk | 3 +++
3 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/toolchain/helpers.mk b/toolchain/helpers.mk
index 3121da4..067c450 100644
--- a/toolchain/helpers.mk
+++ b/toolchain/helpers.mk
@@ -221,7 +221,8 @@ check_glibc = \
exit -1; \
fi; \
$(call check_glibc_feature,BR2_USE_MMU,MMU support) ;\
- $(call check_glibc_rpc_feature,$${SYSROOT_DIR})
+ $(call check_glibc_rpc_feature,$${SYSROOT_DIR}); \
+ $(call check_libssp,$${SYSROOT_DIR})
#
# Check that the selected C library really is musl
@@ -281,7 +282,27 @@ check_uclibc = \
$(call check_uclibc_feature,__UCLIBC_HAS_THREADS__,BR2_TOOLCHAIN_HAS_THREADS,$${UCLIBC_CONFIG_FILE},Thread support) ;\
$(call check_uclibc_feature,__PTHREADS_DEBUG_SUPPORT__,BR2_TOOLCHAIN_HAS_THREADS_DEBUG,$${UCLIBC_CONFIG_FILE},Thread debugging support) ;\
$(call check_uclibc_feature,__UCLIBC_HAS_THREADS_NATIVE__,BR2_TOOLCHAIN_HAS_THREADS_NPTL,$${UCLIBC_CONFIG_FILE},NPTL thread support) ;\
- $(call check_uclibc_feature,__UCLIBC_HAS_SSP__,BR2_TOOLCHAIN_HAS_SSP,$${UCLIBC_CONFIG_FILE},Stack Smashing Protection support)
+ $(call check_uclibc_feature,__UCLIBC_HAS_SSP__,BR2_TOOLCHAIN_HAS_SSP,$${UCLIBC_CONFIG_FILE},Stack Smashing Protection support); \
+ $(call check_libssp,$${SYSROOT_DIR})
+
+#
+# Check if SSP support is provided by an external libssp
+#
+# $1: sysroot directory
+#
+check_libssp = \
+ if test -n "$(BR2_TOOLCHAIN_HAS_SSP)" ; then \
+ SYSROOT_DIR="${strip $1}"; \
+ has_libssp=`find $${SYSROOT_DIR}/ -name 'libssp.so*' |wc -l`; \
+ if test $${has_libssp} -eq 0 -a -n "$(BR2_TOOLCHAIN_HAS_LIBSSP)" ; then \
+ echo "SSP support is not provided by libssp, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP"; \
+ exit 1; \
+ fi; \
+ if test $${has_libssp} -ne 0 -a -z "$(BR2_TOOLCHAIN_HAS_LIBSSP)"; then \
+ echo "SSP support is provided by libssp, please enable BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP"; \
+ exit 1; \
+ fi; \
+ fi
#
# Check that the Buildroot configuration of the ABI matches the
diff --git a/toolchain/toolchain-external/Config.in b/toolchain/toolchain-external/Config.in
index 50daa66..e2aad19 100644
--- a/toolchain/toolchain-external/Config.in
+++ b/toolchain/toolchain-external/Config.in
@@ -1237,6 +1237,19 @@ config BR2_TOOLCHAIN_EXTERNAL_HAS_SSP
endif # BR2_TOOLCHAIN_EXTERNAL_CUSTOM_UCLIBC
+config BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP
+ bool "SSP support is provided by libssp?"
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ depends on !BR2_TOOLCHAIN_EXTERNAL_UCLIBC
+ select BR2_TOOLCHAIN_HAS_LIBSSP
+ help
+ In most cases, SSP support is provided by the C library.
+ If this is not the case, it is be provided from gcc's libssp,
+ in which case you should say 'y' here.
+
+ If you do not know, leave the default value ('n'), Buildroot
+ will tell you if it's correct or not.
+
config BR2_TOOLCHAIN_EXTERNAL_INET_RPC
bool "Toolchain has RPC support?"
select BR2_TOOLCHAIN_HAS_NATIVE_RPC
diff --git a/toolchain/toolchain-external/toolchain-external.mk b/toolchain/toolchain-external/toolchain-external.mk
index b07b16c..75c356e 100644
--- a/toolchain/toolchain-external/toolchain-external.mk
+++ b/toolchain/toolchain-external/toolchain-external.mk
@@ -74,6 +74,9 @@ ifneq ($(BR2_PACKAGE_GDB)$(BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY),)
LIB_EXTERNAL_LIBS += libthread_db.so.*
endif # gdbserver
endif # ! no threads
+ifeq ($(BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP),y)
+USR_LIB_EXTERNAL_LIBS += libssp.so.*
+endif
endif
ifeq ($(BR2_TOOLCHAIN_EXTERNAL_GLIBC),y)
--
1.9.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [pull request] provide and install libssp
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
` (3 preceding siblings ...)
2014-12-30 22:22 ` [Buildroot] [PATCH 4/4] toolchain/external: add option to install libssp Yann E. MORIN
@ 2014-12-30 22:25 ` Yann E. MORIN
4 siblings, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2014-12-30 22:25 UTC (permalink / raw)
To: buildroot
Hello All,
On 2014-12-30 23:22 +0100, Yann E. MORIN spake thusly:
> This series attempts to cover the cases where libssp might:
Sorry, I made that a pull-request...
I'll fix Patchwork to get rid of the intro mail.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-12-30 22:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-12-30 22:22 [Buildroot] [pull request] provide and install libssp Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 2/4] package/libssp-fake: new package Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 3/4] toolchain: add dependency to fake libssp if needed Yann E. MORIN
2014-12-30 22:22 ` [Buildroot] [PATCH 4/4] toolchain/external: add option to install libssp Yann E. MORIN
2014-12-30 22:25 ` [Buildroot] [pull request] provide and " Yann E. MORIN
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.