xref: /aosp_15_r20/external/libcap/go/Makefile (revision 2810ac1b38eead2603277920c78344c84ddf3aff) 
1# Building the libcap/{cap.psx} Go packages, and examples.
2#
3# Note, we use symlinks to construct a go.mod build friendly tree. The
4# packages themselves are intended to be (ultimately) found via proxy
5# as "kernel.org/pub/linux/libs/security/libcap/cap" and
6# "kernel.org/pub/linux/libs/security/libcap/psx". However, to
7# validate their use on these paths, we fake such a structure in the
8# build tree with symlinks and a vendor directory.
9
10topdir=$(realpath ..)
11include $(topdir)/Make.Rules
12
13IMPORTDIR=kernel.org/pub/linux/libs/security/libcap
14PKGDIR=pkg/$(GOOSARCH)/$(IMPORTDIR)
15
16DEPS=../libcap/libcap.a ../libcap/libpsx.a
17TESTS=compare-cap try-launching psx-signals mismatch
18
19all: PSXGOPACKAGE CAPGOPACKAGE web setid gowns captree captrace
20
21$(DEPS):
22	$(MAKE) -C ../libcap all
23
24../progs/tcapsh-static:
25	$(MAKE) -C ../progs tcapsh-static
26
27vendor/$(IMPORTDIR):
28	mkdir -p "vendor/$(IMPORTDIR)"
29
30vendor/modules.txt: vendor/$(IMPORTDIR)
31	echo "# $(IMPORTDIR)/psx v$(GOMAJOR).$(VERSION).$(MINOR)" > vendor/modules.txt
32	echo "$(IMPORTDIR)/psx" >> vendor/modules.txt
33	echo "# $(IMPORTDIR)/cap v$(GOMAJOR).$(VERSION).$(MINOR)" >> vendor/modules.txt
34	echo "$(IMPORTDIR)/cap" >> vendor/modules.txt
35
36vendor/$(IMPORTDIR)/psx: vendor/modules.txt
37	ln -sf $(topdir)/psx vendor/$(IMPORTDIR)
38	touch ../psx
39
40vendor/$(IMPORTDIR)/cap: vendor/modules.txt
41	ln -sf $(topdir)/cap vendor/$(IMPORTDIR)
42	touch ../cap
43
44$(topdir)/libcap/cap_names.h:
45	$(MAKE) -C $(topdir)/libcap cap_names.h
46
47good-names.go: $(topdir)/libcap/cap_names.h vendor/$(IMPORTDIR)/cap mknames.go
48	CC="$(CC)" $(GO) run -mod=vendor mknames.go --header=$< --textdir=$(topdir)/doc/values | gofmt > $@ || rm -f $@
49	diff -u ../cap/names.go $@
50
51PSXGOPACKAGE: vendor/$(IMPORTDIR)/psx ../psx/*.go $(DEPS)
52	touch $@
53
54CAPGOPACKAGE: vendor/$(IMPORTDIR)/cap ../cap/*.go good-names.go $(PSXGOPACKAGE)
55	touch $@
56
57# Compiles something with this package to compare it to libcap. This
58# tests more when run under sudotest (see ../progs/quicktest.sh for that).
59compare-cap: compare-cap.go CAPGOPACKAGE
60	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
61
62web: ../goapps/web/web.go CAPGOPACKAGE
63	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
64ifeq ($(RAISE_GO_FILECAP),yes)
65	$(MAKE) -C ../progs setcap
66	$(SUDO) ../progs/setcap cap_setpcap,cap_net_bind_service=p web
67	@echo "NOTE: RAISED cap_setpcap,cap_net_bind_service ON web binary"
68endif
69
70setid: ../goapps/setid/setid.go CAPGOPACKAGE PSXGOPACKAGE
71	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
72
73gowns: ../goapps/gowns/gowns.go CAPGOPACKAGE
74	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
75
76captree: ../goapps/captree/captree.go CAPGOPACKAGE
77	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
78
79captrace: ../goapps/captrace/captrace.go CAPGOPACKAGE
80	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
81
82ok: ok.go vendor/modules.txt
83	CC="$(CC)" CGO_ENABLED="0" $(GO) build $(GO_BUILD_FLAGS)  -mod=vendor $<
84
85try-launching: try-launching.go CAPGOPACKAGE ok
86	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
87ifeq ($(CGO_REQUIRED),0)
88	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@-cgo $<
89endif
90
91# This is a test case developed from the deadlock investigation,
92# https://github.com/golang/go/issues/50113 . Note the psx-fd.go code
93# works when compiled CGO_ENABLED=1, but deadlocks when compiled
94# CGO_ENABLED=0. This is true for go1.16 and go1.17. The go1.18
95# release fixed this by rewriting the AllThreadsSyscall support, but
96# the large change was not backported. (See noted bug for a much
97# smaller patch for this issue on those older releases.)
98psx-fd: psx-fd.go PSXGOPACKAGE
99	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
100
101ifeq ($(CGO_REQUIRED),0)
102psx-fd-cgo: psx-fd.go PSXGOPACKAGE
103	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
104endif
105
106psx-signals: psx-signals.go PSXGOPACKAGE
107	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
108
109ifeq ($(CGO_REQUIRED),0)
110psx-signals-cgo: psx-signals.go PSXGOPACKAGE
111	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
112endif
113
114b210613: b210613.go CAPGOPACKAGE
115	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
116
117b215283: b215283.go CAPGOPACKAGE
118	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
119
120ifeq ($(CGO_REQUIRED),0)
121b215283-cgo: b215283.go CAPGOPACKAGE
122	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
123endif
124
125mismatch: mismatch.go PSXGOPACKAGE
126	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor $<
127
128ifeq ($(CGO_REQUIRED),0)
129mismatch-cgo: mismatch.go CAPGOPACKAGE
130	CC="$(CC)" CGO_ENABLED="1" $(CGO_LDFLAGS_ALLOW) CGO_CFLAGS="$(CGO_CFLAGS)" CGO_LDFLAGS="$(CGO_LDFLAGS)" $(GO) build $(GO_BUILD_FLAGS) -mod=vendor -o $@ $<
131endif
132
133test: setid gowns captree psx-fd $(TESTS)
134	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/psx
135	CC="$(CC)" CGO_ENABLED="$(CGO_REQUIRED)" $(CGO_LDFLAGS_ALLOW) $(GO) test -mod=vendor $(IMPORTDIR)/cap
136	LD_LIBRARY_PATH=../libcap ./compare-cap
137	./psx-signals
138	./mismatch || exit 0 ; exit 1
139	timeout 5 ./psx-fd || echo "this is a known Go bug"
140ifeq ($(CGO_REQUIRED),0)
141	$(MAKE) psx-signals-cgo mismatch-cgo psx-fd-cgo
142	./psx-signals-cgo
143	./mismatch-cgo || exit 0 ; exit 1
144	./psx-fd-cgo
145endif
146	./setid --caps=false
147	./gowns -- -c "echo gowns runs"
148	./captree 0
149
150# Note, the user namespace doesn't require sudo, but I wanted to avoid
151# requiring that the hosting kernel supports user namespaces for the
152# regular test case.
153sudotest: test ../progs/tcapsh-static b210613 b215283
154	../progs/tcapsh-static --has-b=cap_sys_admin || exit 0 && ./gowns --ns -- -c "echo gowns runs with user namespace"
155	./try-launching
156ifeq ($(CGO_REQUIRED),0)
157	./try-launching-cgo
158endif
159	$(SUDO) ./try-launching
160ifeq ($(CGO_REQUIRED),0)
161	$(SUDO) ./try-launching-cgo
162endif
163	$(SUDO) ../progs/tcapsh-static --cap-uid=$$(id -u) --caps="cap_setpcap=ep" --iab="^cap_setpcap" -- -c ./b210613
164	$(SUDO) ./b215283
165ifeq ($(CGO_REQUIRED),0)
166	$(MAKE) b215283-cgo
167	$(SUDO) ./b215283-cgo
168endif
169
170
171# As of libcap-2.55 We stopped installing the cap and psx packages as
172# part of the install.  Most distribution's packagers skip the Go
173# builds, so it was not well used any way. The new hotness is to just
174# use Go modules and download the packages from a tagged release in
175# the git repository. For an example of how to do this from scratch:
176#
177#   https://sites.google.com/site/fullycapable/getting-started-with-go/building-go-programs-that-manipulate-capabilities
178#
179# For those brave souls that do include the Go build (testing) as part
180# of their packaging, we reward them with a copy of the captree
181# utility!
182install: all
183	mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
184	install -m 0755 captree $(FAKEROOT)$(SBINDIR)
185
186clean:
187	rm -f *.o *.so *~ mknames ok good-names.go
188	rm -f web setid gowns captree captrace
189	rm -f compare-cap try-launching try-launching-cgo
190	rm -f $(topdir)/cap/*~ $(topdir)/psx/*~
191	rm -f b210613 b215283 b215283-cgo psx-signals psx-signals-cgo
192	rm -f mismatch mismatch-cgo psx-fd psx-fd-cgo
193	rm -fr vendor CAPGOPACKAGE PSXGOPACKAGE go.sum
194