Re: [PATCH v3] Support static-only builds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2/11/2025 4:16 PM, Alyssa Ross wrote:

Sometimes it's useful to have a static-only toolchain.  This can be
due to targetting some weird embedded platform, or it can be because
it ensures that no dynamic libraries are sneaking into a system that's
supposed to be 100% static due to non-cooperative build systems.  Most
build systems support static-only builds, e.g. autoconf provides a
--disable-shared configure option.

selinux's custom make-based build system did not support such an
option, so here I've added one.  Apart from the obvious changes, I had
to make the utilities that use external libraries link against them
manually, because that can't be inferred from the static selinux
libraries.  For downstream users of libselinux using pkg-config, this
shouldn't be a problem, because libselinux.pc already includes the
Requires.private line that specifies libpcre should be linked against
as well.

Signed-off-by: Alyssa Ross <hi@xxxxxxxxx>
---
Changes since v3:

  • Resolve conflicts.
  • Add selabel_compare to PCRE_USERS.
  • Use pkg-config for libselinux in policycoreutils, so PCRE is linked.

v2: https://lore.kernel.org/selinux/20211113141616.361640-1-hi@xxxxxxxxx

  libselinux/src/Makefile              | 11 ++++++++---
  libselinux/utils/Makefile            |  8 +++++++-
  libsemanage/src/Makefile             |  9 +++++++--
  libsepol/src/Makefile                | 11 ++++++++---
  policycoreutils/Makefile             |  5 +++++
  policycoreutils/load_policy/Makefile |  2 +-
  policycoreutils/newrole/Makefile     |  2 +-
  policycoreutils/run_init/Makefile    |  2 +-
  policycoreutils/secon/Makefile       |  2 +-
  policycoreutils/semodule/Makefile    |  3 ++-
  policycoreutils/sestatus/Makefile    |  2 +-
  policycoreutils/setfiles/Makefile    |  2 +-
  policycoreutils/setsebool/Makefile   |  3 ++-
  policycoreutils/unsetfiles/Makefile  |  2 +-
  14 files changed, 46 insertions(+), 18 deletions(-)

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 213c7d34..261c22d4 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -147,7 +147,10 @@ endif
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS) -all: $(LIBA) $(LIBSO) $(LIBPC) 
+all: $(LIBA) $(LIBPC)
+ifneq ($(DISABLE_SHARED),y)
+all: $(LIBSO)
+endif
pywrap: all selinuxswig_python_exception.i 
  	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext
@@ -186,11 +189,13 @@ $(SWIGRUBYCOUT): $(SWIGRUBYIF)
  install: all
  	test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
  	install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
-	test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
-	install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
  	test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
  	install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ifneq ($(DISABLE_SHARED),y)
+	test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+	install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
  	ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+endif
install-pywrap: pywrap 
  	CFLAGS="$(CPPFLAGS) $(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) .
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index 0d7095b1..6b1dc7c9 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -53,7 +53,13 @@ else
  TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
  endif
-sefcontext_compile: LDLIBS += ../src/libselinux.a $(PCRE_LDLIBS) -lsepol 
+sefcontext_compile: LDLIBS += ../src/libselinux.a -lsepol
+
+PCRE_USERS = matchpathcon sefcontext_compile selabel_compare \
+	selabel_digest selabel_get_digests_all_partial_matches \
+	selabel_lookup selabel_lookup_best_match \
+	selabel_partial_match
+$(PCRE_USERS): LDLIBS += $(PCRE_LDLIBS)
all: $(TARGETS) diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile 
index 8dfbd762..7d60b1e9 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -67,7 +67,10 @@ SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ -all: $(LIBA) $(LIBSO) $(LIBPC) 
+all: $(LIBA) $(LIBPC)
+ifneq ($(DISABLE_SHARED),y)
+all: $(LIBSO)
+endif
pywrap: all $(SWIGSO) @@ -137,11 +140,13 @@ swigify: $(SWIGIF) 
  install: all
  	test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
  	install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
-	install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
  	test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
  	install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
  	test -f $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION)
+ifneq ($(DISABLE_SHARED),y)
+	install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
  	cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+endif
install-pywrap: pywrap 
  	test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 71fa3ed7..a1aed072 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -45,7 +45,10 @@ LDFLAGS += -undefined dynamic_lookup
  LN=gln
  endif
-all: $(LIBA) $(LIBSO) $(LIBPC) 
+all: $(LIBA) $(LIBPC)
+ifneq ($(DISABLE_SHARED),y)
+all: $(LIBSO)
+endif
$(LIBA): $(OBJS) 
@@ -87,11 +90,13 @@ endif
  install: all
  	test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
  	install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
-	test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
-	install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
  	test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
  	install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ifneq ($(DISABLE_SHARED),y)
+	test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+	install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
  	$(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
+endif
relabel: 
  	/sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
index 32ad0201..7acd51dd 100644
--- a/policycoreutils/Makefile
+++ b/policycoreutils/Makefile
@@ -1,5 +1,10 @@
  SUBDIRS = setfiles load_policy newrole run_init secon sestatus semodule setsebool scripts po man hll unsetfiles
+PKG_CONFIG ?= pkg-config 
+
+LIBSELINUX_LDLIBS := $(shell $(PKG_CONFIG) --libs libselinux)
+export LIBSELINUX_LDLIBS
+
I think that in the DISABLE_SHARED case, the pkg-config command needs --static as well. I tried your patch, and I get errors that the downstream users of libselinux have undefined references to libpcre2, and they are being build without -lpcre2-8. Based on the pkg-config man page, it looks like Requires.private libraries are only included if the --static flag is passed.
I also see that restorecond is not including -lpcre2-8. It probably needs the same treatment as policycoreutils/*.
Finally, I was unable to get the install-rubywrap and install-pywrap targets to build with DISABLE_SHARED=y. I wasn't able to figure out the ultimate issue there. 

-Daniel
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux