Sometimes it's useful to have a static-only toolchain. This can be due to targetting some weird embedded platform, or it can be because it ensures that no dynamic libraries are sneaking into a system that's supposed to be 100% static due to non-cooperative build systems. Most build systems support static-only builds, e.g. autoconf provides a --disable-shared configure option. selinux's custom make-based build system did not support such an option, so here I've added one. Apart from the obvious changes, I had to make the utilities that use external libraries link against them manually, because that can't be inferred from the static selinux libraries. For downstream users of libselinux using pkg-config, this shouldn't be a problem, because libselinux.pc already includes the Requires.private line that specifies libpcre should be linked against as well. Signed-off-by: Alyssa Ross <hi@xxxxxxxxx> --- Changes since v3: â?¢ Resolve conflicts. â?¢ Add selabel_compare to PCRE_USERS. â?¢ Use pkg-config for libselinux in policycoreutils, so PCRE is linked. v2: https://lore.kernel.org/selinux/20211113141616.361640-1-hi@xxxxxxxxx libselinux/src/Makefile | 11 ++++++++--- libselinux/utils/Makefile | 8 +++++++- libsemanage/src/Makefile | 9 +++++++-- libsepol/src/Makefile | 11 ++++++++--- policycoreutils/Makefile | 5 +++++ policycoreutils/load_policy/Makefile | 2 +- policycoreutils/newrole/Makefile | 2 +- policycoreutils/run_init/Makefile | 2 +- policycoreutils/secon/Makefile | 2 +- policycoreutils/semodule/Makefile | 3 ++- policycoreutils/sestatus/Makefile | 2 +- policycoreutils/setfiles/Makefile | 2 +- policycoreutils/setsebool/Makefile | 3 ++- policycoreutils/unsetfiles/Makefile | 2 +- 14 files changed, 46 insertions(+), 18 deletions(-) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 213c7d34..261c22d4 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -147,7 +147,10 @@ endif SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif pywrap: all selinuxswig_python_exception.i CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext @@ -186,11 +189,13 @@ $(SWIGRUBYCOUT): $(SWIGRUBYIF) install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig +ifneq ($(DISABLE_SHARED),y) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) +endif install-pywrap: pywrap CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) . diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile index 0d7095b1..6b1dc7c9 100644 --- a/libselinux/utils/Makefile +++ b/libselinux/utils/Makefile @@ -53,7 +53,13 @@ else TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) endif -sefcontext_compile: LDLIBS += ../src/libselinux.a $(PCRE_LDLIBS) -lsepol +sefcontext_compile: LDLIBS += ../src/libselinux.a -lsepol + +PCRE_USERS = matchpathcon sefcontext_compile selabel_compare \ + selabel_digest selabel_get_digests_all_partial_matches \ + selabel_lookup selabel_lookup_best_match \ + selabel_partial_match +$(PCRE_USERS): LDLIBS += $(PCRE_LDLIBS) all: $(TARGETS) diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index 8dfbd762..7d60b1e9 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -67,7 +67,10 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif pywrap: all $(SWIGSO) @@ -137,11 +140,13 @@ swigify: $(SWIGIF) install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig test -f $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) +ifneq ($(DISABLE_SHARED),y) + install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR) cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET) +endif install-pywrap: pywrap test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index 71fa3ed7..a1aed072 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -45,7 +45,10 @@ LDFLAGS += -undefined dynamic_lookup LN=gln endif -all: $(LIBA) $(LIBSO) $(LIBPC) +all: $(LIBA) $(LIBPC) +ifneq ($(DISABLE_SHARED),y) +all: $(LIBSO) +endif $(LIBA): $(OBJS) @@ -87,11 +90,13 @@ endif install: all test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR) install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR) - test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) - install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig +ifneq ($(DISABLE_SHARED),y) + test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR) + install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR) $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) +endif relabel: /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO) diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile index 32ad0201..7acd51dd 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,5 +1,10 @@ SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setsebool scripts po man hll unsetfiles +PKG_CONFIG ?= pkg-config + +LIBSELINUX_LDLIBS := $(shell $(PKG_CONFIG) --libs libselinux) +export LIBSELINUX_LDLIBS + all install relabel clean indent: @for subdir in $(SUBDIRS); do \ (cd $$subdir && $(MAKE) $@) || exit 1; \ diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile index ad80d500..37c0111b 100644 --- a/policycoreutils/load_policy/Makefile +++ b/policycoreutils/load_policy/Makefile @@ -7,7 +7,7 @@ LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale CFLAGS ?= -Werror -Wall -W override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" -override LDLIBS += -lsepol -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) -lsepol TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c))) diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile index 4b8145d3..6e95e79f 100644 --- a/policycoreutils/newrole/Makefile +++ b/policycoreutils/newrole/Makefile @@ -25,7 +25,7 @@ VERSION = $(shell cat ../VERSION) CFLAGS ?= -Werror -Wall -W EXTRA_OBJS = override CFLAGS += -DVERSION=\"$(VERSION)\" -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" -override LDLIBS += -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) ifeq ($(PAMH), y) override CFLAGS += -DUSE_PAM EXTRA_OBJS += hashtab.o diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile index 619ebc1d..a5002587 100644 --- a/policycoreutils/run_init/Makefile +++ b/policycoreutils/run_init/Makefile @@ -11,7 +11,7 @@ AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) CFLAGS ?= -Werror -Wall -W override CFLAGS += -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\"" -override LDLIBS += -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) ifeq ($(PAMH), y) override CFLAGS += -DUSE_PAM override LDLIBS += -lpam -lpam_misc diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile index 440503a1..daa3e10e 100644 --- a/policycoreutils/secon/Makefile +++ b/policycoreutils/secon/Makefile @@ -8,7 +8,7 @@ WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wca VERSION = $(shell cat ../VERSION) CFLAGS ?= $(WARNS) -O1 override CFLAGS += -DVERSION=\"$(VERSION)\" -override LDLIBS += -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) all: secon diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile index 9fbf99d6..3855f95e 100644 --- a/policycoreutils/semodule/Makefile +++ b/policycoreutils/semodule/Makefile @@ -5,11 +5,12 @@ SBINDIR ?= $(PREFIX)/sbin MANDIR = $(PREFIX)/share/man CFLAGS ?= -Werror -Wall -W -override LDLIBS += -lsepol -lselinux -lsemanage +override LDLIBS += -lsemanage -lsepol $(LIBSELINUX_LDLIBS) SEMODULE_OBJS = semodule.o all: semodule genhomedircon +semodule: LDLIBS += -laudit -lbz2 semodule: $(SEMODULE_OBJS) genhomedircon: diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile index aebf050c..b0df6d28 100644 --- a/policycoreutils/sestatus/Makefile +++ b/policycoreutils/sestatus/Makefile @@ -8,7 +8,7 @@ ETCDIR ?= /etc CFLAGS ?= -Werror -Wall -W override CFLAGS += -D_FILE_OFFSET_BITS=64 -override LDLIBS += -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) all: sestatus diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile index 84ffb08b..0b27e934 100644 --- a/policycoreutils/setfiles/Makefile +++ b/policycoreutils/setfiles/Makefile @@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) CFLAGS ?= -g -Werror -Wall -W -override LDLIBS += -lselinux -lsepol -lpthread +override LDLIBS += $(LIBSELINUX_LDLIBS) -lsepol -lpthread ifeq ($(AUDITH), y) override CFLAGS += -DUSE_AUDIT diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile index fc5b4ff6..12b6315d 100644 --- a/policycoreutils/setsebool/Makefile +++ b/policycoreutils/setsebool/Makefile @@ -6,13 +6,14 @@ MANDIR = $(PREFIX)/share/man BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions CFLAGS ?= -Werror -Wall -W -override LDLIBS += -lselinux -lsemanage +override LDLIBS += -lsemanage $(LIBSELINUX_LDLIBS) SETSEBOOL_OBJS = setsebool.o BASHCOMPLETIONS=setsebool-bash-completion.sh all: setsebool +setsebool: LDLIBS += -laudit -lbz2 setsebool: $(SETSEBOOL_OBJS) install: all diff --git a/policycoreutils/unsetfiles/Makefile b/policycoreutils/unsetfiles/Makefile index 9e5edc04..bdc1b9de 100644 --- a/policycoreutils/unsetfiles/Makefile +++ b/policycoreutils/unsetfiles/Makefile @@ -3,7 +3,7 @@ SBINDIR ?= $(PREFIX)/sbin MANDIR ?= $(PREFIX)/share/man override CFLAGS += -D_GNU_SOURCE -override LDLIBS += -lselinux +override LDLIBS += $(LIBSELINUX_LDLIBS) all: unsetfiles base-commit: 71aec30d068789e856e7cc429b620ae1cfa890f1 -- 2.47.0
