[Buildroot] [pull request] provide and install libssp

[Buildroot] [pull request] provide and install libssp

[Yann E. MORIN]

Hello All!

This series attempts to cover the cases where libssp might:

  - be needed by some packages (mostly proprietary stuff), such as
    pre-built binaries that are dynamically linked to libssp.so.1

  - source but proprietary packages for which it is not possible to
    update/fix the build system, and which unconditionally want to
    link at build time against -lssp or -lssp_nonshared

So, this series:

  - adds a package that installs a fake, empty libssp.so.1 in target
    (for pre-built stuff) and a fake libssp.a and libssp_nonshared.a
    in staging (for unfixable proprietary source); this package is
    always built and installed, even if not doing SSP builds, because
    of pre-built proprietary stuff;

  - adds an option to external libs to specify whether they implement
    SSP via libssp or not (default: no, as previously).

This is not fool-proof tested, and only casual testing was done:

  - using an external toolchain without libssp.so

  - using the same toolchain with an empty file has libssp.so (just so
    as to trigger the mechanism)

Regards,
Yann E. MORIN.


The following changes since commit 4fc5f4a644029d2d15e2fb7907f8ad6ae45ed249:

  package/libiio: fix static build (2014-12-30 11:19:12 +0100)

are available in the git repository at:

  git://git.busybox.net/~ymorin/git/buildroot yem/libssp

for you to fetch changes up to 15e521114fdad342030ec2a699e44190188a3cd2:

  toolchain/external: add option to install libssp (2014-12-30 23:11:16 +0100)

----------------------------------------------------------------
Yann E. MORIN (4):
      toolchain: add hidden option to specify it has libssp
      package/libssp-fake: new package
      toolchain: add dependency to fake libssp if needed
      toolchain/external: add option to install libssp

 package/Config.in                                  |  1 +
 package/libssp-fake/Config.in                      | 12 ++++++
 package/libssp-fake/libssp-fake.mk                 | 47 ++++++++++++++++++++++
 toolchain/helpers.mk                               | 25 +++++++++++-
 toolchain/toolchain-common.in                      |  3 ++
 toolchain/toolchain-external/Config.in             | 13 ++++++
 toolchain/toolchain-external/toolchain-external.mk |  3 ++
 toolchain/toolchain/toolchain.mk                   |  4 ++
 8 files changed, 106 insertions(+), 2 deletions(-)
 create mode 100644 package/libssp-fake/Config.in
 create mode 100644 package/libssp-fake/libssp-fake.mk

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

[Buildroot] [PATCH 1/4] toolchain: add hidden option to specify it has libssp

[Yann E. MORIN]

Although SSP support is usuaaly provided by the C library, some
toolchains may provide it using an alternate libssp implementation, most
notably the one from gcc.

Add a new option a toolchain may select if it provides SSP support using
a separate libssp.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 toolchain/toolchain-common.in | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/toolchain/toolchain-common.in b/toolchain/toolchain-common.in
index 2ee2019..9be5420 100644
--- a/toolchain/toolchain-common.in
+++ b/toolchain/toolchain-common.in
@@ -44,6 +44,9 @@ config BR2_TOOLCHAIN_HAS_SHADOW_PASSWORDS
 config BR2_TOOLCHAIN_HAS_SSP
 	bool
 
+config BR2_TOOLCHAIN_HAS_LIBSSP
+	bool
+
 config BR2_ENABLE_LOCALE_PURGE
 	bool "Purge unwanted locales"
 	help
-- 
1.9.1

[Buildroot] [PATCH 2/4] package/libssp-fake: new package

[Yann E. MORIN]

This installs a fake, empty libssp for those packages (mostly
proprietary) that want to link with -lssp or -lssp_nonshared.

This is a prompt-less symbol, because it should only be selected
when the toolchain does not have it (i.e. it is provided by the
C library).

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 package/Config.in                  |  1 +
 package/libssp-fake/Config.in      | 12 ++++++++++
 package/libssp-fake/libssp-fake.mk | 47 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 package/libssp-fake/Config.in
 create mode 100644 package/libssp-fake/libssp-fake.mk

diff --git a/package/Config.in b/package/Config.in
index 3b37bb2..21f34b3 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -914,6 +914,7 @@ menu "Other"
 	source "package/libseccomp/Config.in"
 	source "package/libsigc/Config.in"
 	source "package/libsigsegv/Config.in"
+	source "package/libssp-fake/Config.in"
 	source "package/libtasn1/Config.in"
 	source "package/libtpl/Config.in"
 	source "package/libubox/Config.in"
diff --git a/package/libssp-fake/Config.in b/package/libssp-fake/Config.in
new file mode 100644
index 0000000..cac5269
--- /dev/null
+++ b/package/libssp-fake/Config.in
@@ -0,0 +1,12 @@
+# This is a no-prompt package, because it is automatically selected
+# by the toolchains that need it.
+# We need the sumbol for legal-info.
+config BR2_PACKAGE_LIBSSP_FAKE
+	bool
+	default y if !BR2_TOOLCHAIN_HAS_LIBSSP
+	help
+	  This installs a fake (aka empty) libssp.
+
+	  Usually, SSP support is provided by the C library, but some
+	  programs may insist on linking to libssp, most notably because
+	  they also link to a pre-built library that is linked to libssp.
diff --git a/package/libssp-fake/libssp-fake.mk b/package/libssp-fake/libssp-fake.mk
new file mode 100644
index 0000000..2c52a94
--- /dev/null
+++ b/package/libssp-fake/libssp-fake.mk
@@ -0,0 +1,47 @@
+################################################################################
+#
+# libssp
+#
+################################################################################
+
+LIBSSP_FAKE_SOURCE =
+LIBSSP_FAKE_INSTALL_STAGING = YES
+
+# We'll be handling the dependency ourselves, since we want to be built
+# after any toolchain backend, but we are a dependency of the virtual
+# package 'toolchain'.
+LIBSSP_FAKE_ADD_TOOLCHAIN_DEPENDENCY = NO
+
+ifeq ($(BR2_TOOLCHAIN_BUILDROOT),y)
+LIBSSP_FAKE_DEPENDENCIES = toolchain-buildroot
+else ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y)
+LIBSSP_FAKE_DEPENDENCIES = toolchain-external
+endif
+
+# Build both static and shared variants
+define LIBSSP_FAKE_BUILD_CMDS
+	$(TARGET_AR) rcs $(@D)/libssp_nonshared.a /dev/null
+	$(TARGET_CC_NOCCACHE) -shared -fPIC -Wl,-soname,libssp.so.1 -o $(@D)/libssp.so.1 -x c /dev/null
+endef
+
+# Install the non-shared variant in staging, so programs can link to it
+# at build time. Provide a variant without the _nonshared extension for
+# those that are brain-damaged enough to link with -lssp.
+#
+# Since they are really empty libraries, we do not need to condition the
+# install with the usual BR2_STATIC_LIBS or BR2_SHARED_STATIC_LIBS; neither
+# of them would add any code whatsoever to anything that links to either.
+define LIBSSP_FAKE_INSTALL_STAGING_CMDS
+	$(INSTALL) -D -m 0644 $(@D)/libssp_nonshared.a $(STAGING_DIR)/usr/lib/libssp_nonshared.a
+	ln -sf libssp_nonshared.a $(STAGING_DIR)/usr/lib/libssp.a
+endef
+
+# Install the shared variant in target, so pre-built binaries can link to it
+# at runtime, but only if we want shared library support.
+ifeq ($(BR2_SHARED_LIBS)$(BR2_SHARED_STATIC_LIBS),y)
+define LIBSSP_FAKE_INSTALL_TARGET_CMDS
+	$(INSTALL) -D -m 0644 $(@D)/libssp.so.1 $(TARGET_DIR)/usr/lib/libssp.so.1
+endef
+endif
+
+$(eval $(generic-package))
-- 
1.9.1

[Buildroot] [PATCH 3/4] toolchain: add dependency to fake libssp if needed

[Yann E. MORIN]

Some brain-damaged pakages (mostly proprietary) may insist on linking
to it, either at build time, or at runtime (e.g. pre-built binaries).

Add a conditional dependency to the newly-introduced libssp-fake.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 toolchain/toolchain/toolchain.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/toolchain/toolchain/toolchain.mk b/toolchain/toolchain/toolchain.mk
index c22713b..12fa352 100644
--- a/toolchain/toolchain/toolchain.mk
+++ b/toolchain/toolchain/toolchain.mk
@@ -10,6 +10,10 @@ else ifeq ($(BR2_TOOLCHAIN_EXTERNAL),y)
 TOOLCHAIN_DEPENDENCIES += toolchain-external
 endif
 
+ifeq ($(BR2_PACKAGE_LIBSSP_FAKE),y)
+TOOLCHAIN_DEPENDENCIES += libssp-fake
+endif
+
 TOOLCHAIN_ADD_TOOLCHAIN_DEPENDENCY = NO
 
 $(eval $(virtual-package))
-- 
1.9.1

[Buildroot] [PATCH 4/4] toolchain/external: add option to install libssp

[Yann E. MORIN]

While SSP support (guard and handler) is usually provided by the C
library, it is not always true, and can be provided by a third-party
implementation, such as the one from gcc.

Add an option the user can set if their toolchain uses libssp to provide
SSP support.

Also add a sanity check to verify the setting is correct.

Note: we need not add a -lssp or -lssp_nonshared to TARGET_LDFLAGS,
because that is handled automatically by gcc.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
---
 toolchain/helpers.mk                               | 25 ++++++++++++++++++++--
 toolchain/toolchain-external/Config.in             | 13 +++++++++++
 toolchain/toolchain-external/toolchain-external.mk |  3 +++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/toolchain/helpers.mk b/toolchain/helpers.mk
index 3121da4..067c450 100644
--- a/toolchain/helpers.mk
+++ b/toolchain/helpers.mk
@@ -221,7 +221,8 @@ check_glibc = \
 		exit -1; \
 	fi; \
 	$(call check_glibc_feature,BR2_USE_MMU,MMU support) ;\
-	$(call check_glibc_rpc_feature,$${SYSROOT_DIR})
+	$(call check_glibc_rpc_feature,$${SYSROOT_DIR}); \
+	$(call check_libssp,$${SYSROOT_DIR})
 
 #
 # Check that the selected C library really is musl
@@ -281,7 +282,27 @@ check_uclibc = \
 	$(call check_uclibc_feature,__UCLIBC_HAS_THREADS__,BR2_TOOLCHAIN_HAS_THREADS,$${UCLIBC_CONFIG_FILE},Thread support) ;\
 	$(call check_uclibc_feature,__PTHREADS_DEBUG_SUPPORT__,BR2_TOOLCHAIN_HAS_THREADS_DEBUG,$${UCLIBC_CONFIG_FILE},Thread debugging support) ;\
 	$(call check_uclibc_feature,__UCLIBC_HAS_THREADS_NATIVE__,BR2_TOOLCHAIN_HAS_THREADS_NPTL,$${UCLIBC_CONFIG_FILE},NPTL thread support) ;\
-	$(call check_uclibc_feature,__UCLIBC_HAS_SSP__,BR2_TOOLCHAIN_HAS_SSP,$${UCLIBC_CONFIG_FILE},Stack Smashing Protection support)
+	$(call check_uclibc_feature,__UCLIBC_HAS_SSP__,BR2_TOOLCHAIN_HAS_SSP,$${UCLIBC_CONFIG_FILE},Stack Smashing Protection support); \
+	$(call check_libssp,$${SYSROOT_DIR})
+
+#
+# Check if SSP support is provided by an external libssp
+#
+# $1: sysroot directory
+#
+check_libssp = \
+	if test -n "$(BR2_TOOLCHAIN_HAS_SSP)" ; then \
+		SYSROOT_DIR="${strip $1}"; \
+		has_libssp=`find $${SYSROOT_DIR}/ -name 'libssp.so*' |wc -l`; \
+		if test $${has_libssp} -eq 0 -a -n "$(BR2_TOOLCHAIN_HAS_LIBSSP)" ; then \
+			echo "SSP support is not provided by libssp, please disable BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP"; \
+			exit 1; \
+		fi; \
+		if test $${has_libssp} -ne 0 -a -z "$(BR2_TOOLCHAIN_HAS_LIBSSP)"; then \
+			echo "SSP support is provided by libssp, please enable BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP"; \
+			exit 1; \
+		fi; \
+	fi
 
 #
 # Check that the Buildroot configuration of the ABI matches the
diff --git a/toolchain/toolchain-external/Config.in b/toolchain/toolchain-external/Config.in
index 50daa66..e2aad19 100644
--- a/toolchain/toolchain-external/Config.in
+++ b/toolchain/toolchain-external/Config.in
@@ -1237,6 +1237,19 @@ config BR2_TOOLCHAIN_EXTERNAL_HAS_SSP
 
 endif # BR2_TOOLCHAIN_EXTERNAL_CUSTOM_UCLIBC
 
+config BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP
+	bool "SSP support is provided by libssp?"
+	depends on BR2_TOOLCHAIN_HAS_SSP
+	depends on !BR2_TOOLCHAIN_EXTERNAL_UCLIBC
+	select BR2_TOOLCHAIN_HAS_LIBSSP
+	help
+	  In most cases, SSP support is provided by the C library.
+	  If this is not the case, it is be provided from gcc's libssp,
+	  in which case you should say 'y' here.
+
+	  If you do not know, leave the default value ('n'), Buildroot
+	  will tell you if it's correct or not.
+
 config BR2_TOOLCHAIN_EXTERNAL_INET_RPC
 	bool "Toolchain has RPC support?"
 	select BR2_TOOLCHAIN_HAS_NATIVE_RPC
diff --git a/toolchain/toolchain-external/toolchain-external.mk b/toolchain/toolchain-external/toolchain-external.mk
index b07b16c..75c356e 100644
--- a/toolchain/toolchain-external/toolchain-external.mk
+++ b/toolchain/toolchain-external/toolchain-external.mk
@@ -74,6 +74,9 @@ ifneq ($(BR2_PACKAGE_GDB)$(BR2_TOOLCHAIN_EXTERNAL_GDB_SERVER_COPY),)
 LIB_EXTERNAL_LIBS += libthread_db.so.*
 endif # gdbserver
 endif # ! no threads
+ifeq ($(BR2_TOOLCHAIN_EXTERNAL_HAS_LIBSSP),y)
+USR_LIB_EXTERNAL_LIBS += libssp.so.*
+endif
 endif
 
 ifeq ($(BR2_TOOLCHAIN_EXTERNAL_GLIBC),y)
-- 
1.9.1

[Buildroot] [pull request] provide and install libssp

[Yann E. MORIN]

Hello All,

On 2014-12-30 23:22 +0100, Yann E. MORIN spake thusly:
> This series attempts to cover the cases where libssp might:

Sorry, I made that a pull-request...
I'll fix Patchwork to get rid of the intro mail.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'