On 2013-12-24 12:59:34, Steve Beattie wrote:
> By default, statically link against the in-tree libapparmor. If the
> in-tree libapparmor is not yet built, print a helpful error message. To
> build against the system libapparmor, the SYSTEM_LIBAPPARMOR make
> variable can be set on the command line like so:
>
> $ make SYSTEM_LIBAPPARMOR=1
I want the "system" variable used for the parser and the regression test
to be the same and I like USE_SYSTEM better than SYSTEM_LIBAPPARMOR.
Would you mind doing a s/SYSTEM_LIBAPPARMOR/USE_SYSTEM/g on this patch
(including the commit message) prior to pushing to trunk?
Everything else looks good!
Acked-by: Tyler Hicks <tyhicks at canonical.com>
Tyler
>
> This patch also fixes issues around the inclusion of the apparmor.h
> header. Previously, the in-tree apparmor.h was always being included
> even if the parser was being linked against the system libapparmor.
> It modifies the apparmor.h include path based on the previous patch
> separating them out in the libapparmor source. This was needed because
> header file name collisions were already occurring.
>
> For source files needing to include apparmor.h, the make targets were
> also updated to depend on the local apparmor.h when building against
> the in-tree libapparmor. When building against the system libapparmor,
> the variable used in the dependency list is empty. Likewise, a
> libapparmor.a dependency is added to the apparmor_parser target when
> building against the in-tree apparmor.
>
> Patch history:
> v1: from Tyler Hicks <tyhicks at canonical.com>
> - initial version
> v2: revert to altering the include search path rather than including
> the apparmor.h header directly via cpp arguments, alter the
> include statements to <sys/apparmor.h> which will work against
> either in-tree or (default) system paths.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
> Signed-off-by: Steve Beattie <steve at nxnw.org>
> ---
>
> parser/Makefile | 45 +++++++++++++++++++++++++++++++++++----------
> parser/dbus.c | 2 +-
> parser/parser_main.c | 2 +-
> parser/parser_misc.c | 2 +-
> parser/parser_regex.c | 2 +-
> parser/parser_yacc.y | 2 +-
> 6 files changed, 40 insertions(+), 15 deletions(-)
>
> Index: b/parser/Makefile
> ===================================================================
> --- a/parser/Makefile
> +++ b/parser/Makefile
> @@ -56,9 +56,7 @@ CFLAGS = -g -pg -fprofile-arcs -ftest-co
> endif
> endif #CFLAGS
>
> -LIBAPPARMOR_PATH=../libraries/libapparmor/src/
> -LIBAPPARMOR_LDPATH=$(LIBAPPARMOR_PATH)/.libs/
> -EXTRA_CXXFLAGS = ${CFLAGS} ${CXX_WARNINGS} -std=gnu++0x -D_GNU_SOURCE -I$(LIBAPPARMOR_PATH)
> +EXTRA_CXXFLAGS = ${CFLAGS} ${CXX_WARNINGS} -std=gnu++0x -D_GNU_SOURCE
> EXTRA_CFLAGS = ${EXTRA_CXXFLAGS} ${CPP_WARNINGS}
>
> #LEXLIB := -lfl
> @@ -90,9 +88,26 @@ OBJECTS = $(SRCS:.c=.o)
> AAREDIR= libapparmor_re
> AAREOBJECT = ${AAREDIR}/libapparmor_re.a
> AAREOBJECTS = $(AAREOBJECT)
> -AARE_LDFLAGS=-static-libgcc -static-libstdc++ -L. -L$(LIBAPPARMOR_LDPATH)
> +AARE_LDFLAGS = -static-libgcc -static-libstdc++ -L.
> AALIB = -Wl,-Bstatic -lapparmor -Wl,-Bdynamic -lpthread
>
> +ifdef SYSTEM_LIBAPPARMOR
> + # Using the system libapparmor so Makefile dependencies can't be used
> + LIBAPPARMOR_A =
> + INCLUDE_APPARMOR =
> + APPARMOR_H =
> +else
> + LIBAPPARMOR_SRC = ../libraries/libapparmor/
> + LOCAL_LIBAPPARMOR_INCLUDE = $(LIBAPPARMOR_SRC)/include
> + LOCAL_LIBAPPARMOR_LDPATH = $(LIBAPPARMOR_SRC)/src/.libs
> +
> + LIBAPPARMOR_A = $(LOCAL_LIBAPPARMOR_LDPATH)/libapparmor.a
> + INCLUDE_APPARMOR = -I$(LOCAL_LIBAPPARMOR_INCLUDE)
> + AARE_LDFLAGS += -L$(LOCAL_LIBAPPARMOR_LDPATH)
> + APPARMOR_H = $(LOCAL_LIBAPPARMOR_INCLUDE)/sys/apparmor.h
> +endif
> +EXTRA_CFLAGS += $(INCLUDE_APPARMOR)
> +
> LEX_C_FILES = parser_lex.c
> YACC_C_FILES = parser_yacc.c parser_yacc.h
>
> @@ -156,7 +171,17 @@ all: arch indep
> coverage:
> $(MAKE) clean apparmor_parser COVERAGE=1
>
> -apparmor_parser: $(OBJECTS) $(AAREOBJECTS)
> +ifndef SYSTEM_LIBAPPARMOR
> +$(LIBAPPARMOR_A):
> + @if [ ! -f $@ ]; then \
> + echo "error: $@ is missing. Pick one of these possible solutions:" 1>&2; \
> + echo " 1) Build against the in-tree libapparmor by building it first and then trying again. See the top-level README for help." 1>&2; \
> + echo " 2) Build against the system libapparmor by adding SYSTEM_LIBAPPARMOR=1 to your make command." 1>&2;\
> + return 1; \
> + fi
> +endif
> +
> +apparmor_parser: $(OBJECTS) $(AAREOBJECTS) $(LIBAPPARMOR_A)
> $(CXX) $(LDFLAGS) $(EXTRA_CFLAGS) -o $@ $(OBJECTS) $(LIBS) \
> ${LEXLIB} $(AAREOBJECTS) $(AARE_LDFLAGS) $(AALIB)
>
> @@ -169,13 +194,13 @@ parser_lex.c: parser_lex.l parser_yacc.h
> parser_lex.o: parser_lex.c parser.h parser_yacc.h
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> -parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h af_names.h cap_names.h
> +parser_misc.o: parser_misc.c parser.h parser_yacc.h profile.h af_names.h cap_names.h $(APPARMOR_H)
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> -parser_yacc.o: parser_yacc.c parser_yacc.h
> +parser_yacc.o: parser_yacc.c parser_yacc.h $(APPARMOR_H)
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> -parser_main.o: parser_main.c parser.h parser_version.h libapparmor_re/apparmor_re.h
> +parser_main.o: parser_main.c parser.h parser_version.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> parser_interface.o: parser_interface.c parser.h profile.h libapparmor_re/apparmor_re.h
> @@ -187,7 +212,7 @@ parser_include.o: parser_include.c parse
> parser_merge.o: parser_merge.c parser.h profile.h
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> -parser_regex.o: parser_regex.c parser.h profile.h libapparmor_re/apparmor_re.h
> +parser_regex.o: parser_regex.c parser.h profile.h libapparmor_re/apparmor_re.h $(APPARMOR_H)
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> parser_symtab.o: parser_symtab.c parser.h
> @@ -211,7 +236,7 @@ mount.o: mount.c mount.h parser.h immuni
> lib.o: lib.c lib.h parser.h
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> -dbus.o: dbus.c dbus.h parser.h immunix.h parser_yacc.h
> +dbus.o: dbus.c dbus.h parser.h immunix.h parser_yacc.h $(APPARMOR_H)
> $(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
>
> profile.o: profile.cc profile.h parser.h
> Index: b/parser/dbus.c
> ===================================================================
> --- a/parser/dbus.c
> +++ b/parser/dbus.c
> @@ -18,7 +18,7 @@
>
> #include <stdlib.h>
> #include <string.h>
> -#include <apparmor.h>
> +#include <sys/apparmor.h>
>
> #include "parser.h"
> #include "profile.h"
> Index: b/parser/parser_main.c
> ===================================================================
> --- a/parser/parser_main.c
> +++ b/parser/parser_main.c
> @@ -41,7 +41,7 @@
> #include <sys/sysctl.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> -#include <apparmor.h>
> +#include <sys/apparmor.h>
>
> #include "lib.h"
> #include "parser.h"
> Index: b/parser/parser_misc.c
> ===================================================================
> --- a/parser/parser_misc.c
> +++ b/parser/parser_misc.c
> @@ -37,7 +37,7 @@
> #include <sys/stat.h>
> #include <fcntl.h>
> #include <unistd.h>
> -#include <apparmor.h>
> +#include <sys/apparmor.h>
>
> #include "parser.h"
> #include "profile.h"
> Index: b/parser/parser_regex.c
> ===================================================================
> --- a/parser/parser_regex.c
> +++ b/parser/parser_regex.c
> @@ -21,7 +21,7 @@
> #include <string.h>
> #include <libintl.h>
> #include <linux/limits.h>
> -#include <apparmor.h>
> +#include <sys/apparmor.h>
> #define _(s) gettext(s)
>
> #include <string>
> Index: b/parser/parser_yacc.y
> ===================================================================
> --- a/parser/parser_yacc.y
> +++ b/parser/parser_yacc.y
> @@ -27,7 +27,7 @@
> #include <errno.h>
> #include <fcntl.h>
> #include <libintl.h>
> -#include <apparmor.h>
> +#include <sys/apparmor.h>
> #define _(s) gettext(s)
>
> /* #define DEBUG */
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20140106/5ae0f106/attachment.pgp>