Sometimes it's useful to have a static-only toolchain. This can be due to targetting some weird embedded platform, or it can be because it ensures that no dynamic libraries are sneaking into a system that's supposed to be 100% static due to non-cooperative build systems. Most build systems support static-only builds, e.g. autoconf provides a --disable-shared configure option. selinux's custom make-based build system did not support such an option, so here I've added one. Apart from the obvious changes, I had to make the utilities that use external libraries link against them manually, because that can't be inferred from the static selinux libraries. For downstream users of libselinux using pkg-config, this shouldn't be a problem, because libselinux.pc already includes the Requires.private line that specifies libpcre should be linked against as well. Signed-off-by: Alyssa Ross <hi@xxxxxxxxx> --- Changes since v1: • Moved libselinux.a ahead of -lpcre in the linker arguments for sefcontext_compile in libselinux/utils/Makefile, as suggested by Nicolas Iooss, to hopefully fix CI. • Fixed static-only builds of libsemanage and policycoreutils, in addition to libsepol and libselinux. I've also tested building checkpolicy and semodule-utils, which worked without any further changes. v1: https://lore.kernel.org/selinux/20211111164229.9711-1-hi@xxxxxxxxx/ libselinux/src/Makefile | 11 ++++++++--- libselinux/utils/Makefile | 7 ++++++- libsemanage/src/Makefile | 9 +++++++-- libsepol/src/Makefile | 11 ++++++++--- policycoreutils/load_policy/Makefile | 2 +- policycoreutils/semodule/Makefile | 3 ++- policycoreutils/setfiles/Makefile | 2 ++ policycoreutils/setsebool/Makefile | 3 ++- 8 files changed, 36 insertions(+), 12 deletions(-) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 52c40f01..814012e1 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -136,7 +136,10 @@ endif SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif pywrap: all selinuxswig_python_exception.i CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext @@ -175,11 +178,13 @@ $(SWIGRUBYCOUT): $(SWIGRUBYIF) install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig +ifneq ($(DISABLE_SHARED),y) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) +endif install-pywrap: pywrap $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile index 36816155..c58ae6f8 100644 --- a/libselinux/utils/Makefile +++ b/libselinux/utils/Makefile @@ -52,7 +52,12 @@ else TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) endif -sefcontext_compile: LDLIBS += ../src/libselinux.a $(PCRE_LDLIBS) -lsepol +sefcontext_compile: LDLIBS += ../src/libselinux.a -lsepol + +PCRE_USERS = matchpathcon sefcontext_compile selabel_digest \ + selabel_get_digests_all_partial_matches selabel_lookup \ + selabel_lookup_best_match selabel_partial_match +$(PCRE_USERS): LDLIBS += $(PCRE_LDLIBS) all: $(TARGETS) diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index ab6cae51..824910ef 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -66,7 +66,10 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif pywrap: all $(SWIGSO) @@ -136,11 +139,13 @@ swigify: $(SWIGIF) install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig test -f $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) +ifneq ($(DISABLE_SHARED),y) + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) +endif install-pywrap: pywrap test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index dc8b1773..a3623635 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -39,7 +39,10 @@ LDFLAGS += -undefined dynamic_lookup LN=gln endif -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif $(LIBA): $(OBJS) @@ -81,11 +84,13 @@ endif install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig +ifneq ($(DISABLE_SHARED),y) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) +endif relabel: /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile index c1ba805b..78eec8fa 100644 --- a/policycoreutils/load_policy/Makefile +++ b/policycoreutils/load_policy/Makefile @@ -7,7 +7,7 @@ LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale CFLAGS ?= -Werror -Wall -W override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" -override LDLIBS += -lsepol -lselinux +override LDLIBS += -lselinux -lsepol TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile index 73801e48..a1220df2 100644 --- a/policycoreutils/semodule/Makefile +++ b/policycoreutils/semodule/Makefile @@ -5,11 +5,12 @@ SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man CFLAGS ?= -Werror -Wall -W -override LDLIBS += -lsepol -lselinux -lsemanage +override LDLIBS += -lsemanage -lsepol -lselinux SEMODULE_OBJS = semodule.o all: semodule genhomedircon +semodule: LDLIBS += -laudit -lbz2 semodule: $(SEMODULE_OBJS) genhomedircon: diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile index 63d81850..5d2a815e 100644 --- a/policycoreutils/setfiles/Makefile +++ b/policycoreutils/setfiles/Makefile @@ -15,6 +15,8 @@ endif all: setfiles restorecon restorecon_xattr +restorecon_xattr setfiles: LDLIBS += -lpcre + setfiles: setfiles.o restore.o restorecon: setfiles diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile index 4b55046c..d11a1fc7 100644 --- a/policycoreutils/setsebool/Makefile +++ b/policycoreutils/setsebool/Makefile @@ -6,13 +6,14 @@ MANDIR = $(PREFIX)/share/man BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions CFLAGS ?= -Werror -Wall -W -override LDLIBS += -lsepol -lselinux -lsemanage +override LDLIBS += -lsemanage -lsepol -lselinux SETSEBOOL_OBJS = setsebool.o BASHCOMPLETIONS=setsebool-bash-completion.sh all: setsebool +setsebool: LDLIBS += -laudit -lbz2 setsebool: $(SETSEBOOL_OBJS) install: all base-commit: 7f600c40bc18d8180993edcd54daf45124736776 -- 2.33.0
