kumquat-buildroot/package/libcap/0001-Support-dynamic-test-compilation-and-execution.patch

From 307e7f5744b7c84af4c07091c5310cf4f9514694 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Mon, 7 Sep 2020 12:24:43 -0700
Subject: Support dynamic test compilation and execution.

  make DYNAMIC=yes test sudotest

works now. Thomas Petazzoni provided a patch that built
the tests this way, but I've restructured things to
make the above command line work against the uninstalled
library builds.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
[Retrieved from:
https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=307e7f5744b7c84af4c07091c5310cf4f9514694]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 Make.Rules          |  2 +-
 go/Makefile         |  6 +++---
 go/try-launching.go |  2 +-
 progs/.gitignore    |  1 +
 progs/Makefile      | 15 ++++++++++-----
 progs/quicktest.sh  |  8 ++++----
 tests/Makefile      | 23 +++++++++++++++--------
 7 files changed, 35 insertions(+), 22 deletions(-)

diff --git a/Make.Rules b/Make.Rules
index c62f541..8c3f9b3 100644
--- a/Make.Rules
+++ b/Make.Rules
@@ -69,7 +69,7 @@ WARNINGS=-Wall -Wwrite-strings \
 LD=$(CC) -Wl,-x -shared
 LDFLAGS ?= #-g
 LIBCAPLIB := -L$(topdir)/libcap -lcap
-LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread
+LIBPSXLIB := -L$(topdir)/libcap -lpsx -lpthread -Wl,-wrap,pthread_create
 
 BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
 
diff --git a/go/Makefile b/go/Makefile
index c5ad7aa..19b3e29 100644
--- a/go/Makefile
+++ b/go/Makefile
@@ -23,8 +23,8 @@ all: $(PSXGOPACKAGE) $(CAPGOPACKAGE) web compare-cap try-launching
 $(DEPS):
 	make -C ../libcap all
 
-../progs/capsh:
-	make -C ../progs capsh
+../progs/tcapsh-static:
+	make -C ../progs tcapsh-static
 
 src/$(IMPORTDIR)/psx:
 	mkdir -p "src/$(IMPORTDIR)"
@@ -70,7 +70,7 @@ ifeq ($(CGO_REQUIRED),0)
 	CGO_ENABLED="1" CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH=$(GOPATH) $(GO) build -o $@-cgo $<
 endif
 
-test: all ../progs/capsh
+test: all ../progs/tcapsh-static
 	CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/psx
 	CGO_LDFLAGS_ALLOW="$(CGO_LDFLAGS_ALLOW)" GOPATH="$(GOPATH)" $(GO) test $(IMPORTDIR)/cap
 	LD_LIBRARY_PATH=../libcap ./compare-cap
diff --git a/go/try-launching.go b/go/try-launching.go
index 1c3d477..272fd0a 100644
--- a/go/try-launching.go
+++ b/go/try-launching.go
@@ -32,7 +32,7 @@ func tryLaunching() {
 	}{
 		{args: []string{root + "/go/ok"}},
 		{
-			args:   []string{root + "/progs/capsh", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
+			args:   []string{root + "/progs/tcapsh-static", "--dropped=cap_chown", "--is-uid=123", "--is-gid=456", "--has-a=cap_setuid"},
 			iab:    "!cap_chown,^cap_setuid,cap_sys_admin",
 			uid:    123,
 			gid:    456,
diff --git a/progs/.gitignore b/progs/.gitignore
index 1c7ff23..978229e 100644
--- a/progs/.gitignore
+++ b/progs/.gitignore
@@ -1,4 +1,5 @@
 capsh
+tcapsh-static
 getcap
 getpcaps
 setcap
diff --git a/progs/Makefile b/progs/Makefile
index 076e44f..1b27c41 100644
--- a/progs/Makefile
+++ b/progs/Makefile
@@ -8,13 +8,15 @@ PROGS=getpcaps capsh getcap setcap
 
 BUILD=$(PROGS)
 
-ifneq ($(DYNAMIC),yes)
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+else
 LDFLAGS += --static
 endif
 
 DEPS=../libcap/libcap.a ../libcap/libpsx.a
 
-all: $(BUILD)
+all: $(BUILD) tcapsh-static
 
 $(DEPS):
 	make -C ../libcap all
@@ -36,9 +38,12 @@ endif
 
 test: $(PROGS)
 
-sudotest: test
-	sudo ./quicktest.sh
+tcapsh-static: capsh.c $(DEPS)
+	$(CC) $(IPATH) $(CAPSH_SHELL) $(CFLAGS) -o $@ $< $(LIBCAPLIB) $(LDFLAGS) --static
+
+sudotest: test tcapsh-static
+	sudo $(LDPATH) ./quicktest.sh
 
 clean:
 	$(LOCALCLEAN)
-	rm -f *.o $(BUILD) tcapsh ping hack.sh compare-cap
+	rm -f *.o $(BUILD) tcapsh* privileged ping hack.sh compare-cap
diff --git a/progs/quicktest.sh b/progs/quicktest.sh
index fbe98a6..5873317 100755
--- a/progs/quicktest.sh
+++ b/progs/quicktest.sh
@@ -45,7 +45,7 @@ pass_capsh () {
 pass_capsh --print
 
 # Make a local non-setuid-0 version of capsh and call it privileged
-cp ./capsh ./privileged && /bin/chmod -s ./privileged
+cp ./tcapsh-static ./privileged && /bin/chmod -s ./privileged
 if [ $? -ne 0 ]; then
     echo "Failed to copy capsh for capability manipulation"
     exit 1
@@ -77,7 +77,7 @@ pass_capsh --mode=PURE1E --iab='!%cap_chown,cap_sys_admin'
 pass_capsh --keep=0 --keep=1 --keep=0 --keep=1 --print
 
 /bin/rm -f tcapsh
-/bin/cp capsh tcapsh
+/bin/cp tcapsh-static tcapsh
 /bin/chown root.root tcapsh
 /bin/chmod u+s tcapsh
 /bin/ls -l tcapsh
@@ -166,7 +166,7 @@ pass_capsh --keep=1 --uid=$nouid --caps=cap_setpcap=ep \
 
 # Verify we can chroot
 pass_capsh --chroot=$(/bin/pwd)
-pass_capsh --chroot=$(/bin/pwd) ==
+pass_capsh -- -c "./tcapsh-static --chroot=$(/bin/pwd) =="
 fail_capsh --chroot=$(/bin/pwd) -- -c "echo oops"
 
 ./capsh --has-ambient
@@ -216,7 +216,7 @@ echo "testing namespaced file caps"
 # nsprivileged capsh will have an ns rootid value (this is
 # the same setup as an earlier test but with a ns file cap).
 rm -f nsprivileged
-cp ./capsh ./nsprivileged && /bin/chmod -s ./nsprivileged
+cp ./tcapsh-static ./nsprivileged && /bin/chmod -s ./nsprivileged
 ./setcap -n 1 all=ep ./nsprivileged
 if [ $? -eq 0 ]; then
     ./getcap -n ./nsprivileged | fgrep "[rootid=1]"
diff --git a/tests/Makefile b/tests/Makefile
index 0c86ee8..a555887 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -7,6 +7,12 @@ include ../Make.Rules
 
 DEPS=../libcap/libcap.a ../libcap/libpsx.a
 
+ifeq ($(DYNAMIC),yes)
+LDPATH = LD_LIBRARY_PATH=../libcap
+else
+LDFLAGS += --static
+endif
+
 all: psx_test libcap_psx_test libcap_launch_test
 
 $(DEPS):
@@ -19,30 +25,31 @@ sudotest: test run_libcap_launch_test run_libcap_launch_test
 install: all
 
 run_psx_test: psx_test
-	./psx_test
+	$(LDPATH) ./psx_test
 
 psx_test: psx_test.c $(DEPS)
-	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB) -Wl,-wrap,pthread_create
+	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBPSXLIB)
 
 run_libcap_psx_test: libcap_psx_test
-	./libcap_psx_test
+	$(LDPATH) ./libcap_psx_test
 
 libcap_psx_test: libcap_psx_test.c $(DEPS)
-	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
+	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
 
 run_libcap_launch_test: libcap_launch_test libcap_psx_launch_test noop
-	sudo ./libcap_launch_test
-	sudo ./libcap_psx_launch_test
+	sudo $(LDPATH) ./libcap_launch_test
+	sudo $(LDPATH) ./libcap_psx_launch_test
 
 libcap_launch_test: libcap_launch_test.c $(DEPS)
-	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) --static
+	$(CC) $(CFLAGS) $(IPATH) $< -o $@ $(LIBCAPLIB) $(LDFLAGS)
 
 # this varies only slightly from the above insofar as it currently
 # only links in the pthreads fork support. TODO() we need to change
 # the source to do something interesting with pthreads.
 libcap_psx_launch_test: libcap_launch_test.c $(DEPS)
-	$(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) -Wl,-wrap,pthread_create --static
+	$(CC) $(CFLAGS) $(IPATH) -DWITH_PTHREADS $< -o $@ $(LIBCAPLIB) $(LIBPSXLIB) $(LDFLAGS)
 
+# This one runs in a chroot with no shared library files.
 noop: noop.c
 	$(CC) $(CFLAGS) $< -o $@ --static
 
-- 
cgit 1.2.3-1.el7