keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ff2fbdb3bf
rpm-ostree/Makefile-rpm-ostree.am
Colin Walters e41a8ab26f Add support for wrapping binaries (rpm, dracut, grubby) 
We need to be friendlier to people who are transitioning from
"traditional" yum managed systems.  This patchset starts to lay
out the groundwork for supporting "intercepting" binaries that
are in the tree.

For backwards compatibility, this feature is disabled by default,
to enable it, one can add `cliwrap: true` to the manifest.

To start with for example, we wrap `/usr/bin/rpm` and cause it
to drop privileges.  This way it can't corrupt anything; we're
not just relying on the read-only bind mount.  For example nothing
will accidentally get written to `/var/lib/rpm`.

Now a tricky thing with this one is we *do* want it to write if
we're in an unlocked state.

There are various other examples of binaries we want to intercept,
among them:

 - `grubby` -> `rpm-ostree kargs`
 - `dracut` -> `rpm-ostree initramfs`
 - `yum` -> well...we'll talk about that later
2020-04-15 16:22:57 +02:00

136 lines
5.5 KiB
Plaintext
Raw Blame History

# Copyright (C) 2013 Colin Walters <walters@verbum.org>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
bin_PROGRAMS += rpm-ostree
rpm_ostree_SOURCES = src/app/main.c \
rpm-ostreed-generated.h \
rpm-ostreed-generated.c \
src/app/rpmostree-builtins.h \
src/app/rpmostree-db-builtins.h \
src/app/rpmostree-compose-builtins.h \
src/app/rpmostree-builtin-upgrade.c \
src/app/rpmostree-builtin-rollback.c \
src/app/rpmostree-builtin-deploy.c \
src/app/rpmostree-builtin-reload.c \
src/app/rpmostree-builtin-rebase.c \
src/app/rpmostree-builtin-cancel.c \
src/app/rpmostree-builtin-cliwrap.c \
src/app/rpmostree-builtin-cleanup.c \
src/app/rpmostree-builtin-initramfs.c \
src/app/rpmostree-builtin-livefs.c \
src/app/rpmostree-builtin-usroverlay.c \
src/app/rpmostree-builtin-override.c \
src/app/rpmostree-builtin-refresh-md.c \
src/app/rpmostree-builtin-reset.c \
src/app/rpmostree-pkg-builtins.c \
src/app/rpmostree-builtin-status.c \
src/app/rpmostree-builtin-ex.c \
src/app/rpmostree-builtin-coreos-rootfs.c \
src/app/rpmostree-builtin-testutils.c \
src/app/rpmostree-builtin-container.c \
src/app/rpmostree-ex-builtin-commit2rojig.c \
src/app/rpmostree-ex-builtin-rojig2commit.c \
src/app/rpmostree-builtin-db.c \
src/app/rpmostree-builtin-start-daemon.c \
src/app/rpmostree-builtin-finalize-deployment.c \
src/app/rpmostree-db-builtin-diff.c \
src/app/rpmostree-db-builtin-list.c \
src/app/rpmostree-db-builtin-version.c \
src/app/rpmostree-dbus-helpers.c \
src/app/rpmostree-dbus-helpers.h \
src/app/rpmostree-container-builtins.h \
src/app/rpmostree-container-builtins.c \
src/app/rpmostree-override-builtins.h \
src/app/rpmostree-override-builtins.c \
src/app/rpmostree-libbuiltin.c \
src/app/rpmostree-libbuiltin.h \
src/app/rpmostree-polkit-agent.c \
src/app/rpmostree-polkit-agent.h \
src/app/rpmostree-builtin-kargs.c \
src/app/rpmostree-compose-builtin-tree.c \
src/app/rpmostree-compose-builtin-rojig.c \
src/app/rpmostree-composeutil.c \
src/app/rpmostree-composeutil.h \
src/app/rpmostree-builtin-compose.c \
$(NULL)
rpm_ostree_CFLAGS = $(AM_CFLAGS) -I$(srcdir)/src/app -I$(srcdir)/src/daemon \
-I$(srcdir)/src/lib -I$(srcdir)/src/libpriv -I$(libglnx_srcpath) \
-fvisibility=hidden -DPKGLIBDIR=\"$(pkglibdir)\" $(PKGDEP_RPMOSTREE_CFLAGS)
rpm_ostree_LDADD = $(PKGDEP_RPMOSTREE_LIBS) librpmostreepriv.la librpmostree-1.la librpmostreed.la
privdatadir=$(pkglibdir)
privdata_DATA = src/app/rpm-ostree-0-integration.conf
install-bin-hook:
mv $(DESTDIR)$(bindir)/rpm-ostree $(DESTDIR)$(bindir)/$(primaryname)
ln -sf $(primaryname) $(DESTDIR)$(bindir)/rpm-ostree
if BUILDOPT_NEW_NAME
INSTALL_DATA_HOOKS += install-bin-hook
endif
# Propagate automake verbose mode
cargo_build = $(cargo) build $(if $(subst 0,,$(V)),--verbose,)
if !HAVE_PREBUILT_CBINDGEN
if !HAVE_EXTERNAL_CBINDGEN
rpmostree-bindgen: bindgen/Cargo.toml bindgen/src/main.rs
cd $(top_srcdir)/bindgen && \
export CARGO_TARGET_DIR=@abs_top_builddir@/bindgen-target && \
if test -d "$${CARGO_TARGET_DIR}" && [ "$$(stat -c '%u' $${CARGO_TARGET_DIR})" != "$$(id -u)" ]; then echo "mismatched uids on build"; exit 1; fi && \
$(cargo_build) && \
ln -sf $${CARGO_TARGET_DIR}/debug/rpmostree-bindgen $(abs_top_builddir)/rpmostree-bindgen
endif
endif
GITIGNOREFILES += bindgen-target/ rpmostree-bindgen
librpmostree_rust_path = @abs_top_builddir@/target/@RUST_TARGET_SUBDIR@/librpmostree_rust.a
# If the target directory exists, and isn't owned by our uid, then
# we exit with a fatal error, since someone probably did `make && sudo make install`,
# and in this case cargo will download into ~/.root which we don't want.
LIBRPMOSTREE_RUST_SRCS = $(shell find rust/src/ -name '*.rs') rust/cbindgen.toml
$(librpmostree_rust_path): Makefile $(LIBRPMOSTREE_RUST_SRCS)
cd $(top_srcdir)/rust && \
export CARGO_TARGET_DIR=@abs_top_builddir@/target && \
target_subdir=@abs_top_builddir@/target/@RUST_TARGET_SUBDIR@; \
if test -d "$${target_subdir}" && [ "$$(stat -c '%u' $${target_subdir})" != "$$(id -u)" ]; then echo "mismatched uids on build"; exit 1; fi && \
$(cargo_build) $(CARGO_RELEASE_ARGS)
EXTRA_DIST += $(LIBRPMOSTREE_RUST_SRCS) rust/Cargo.lock
# Generate bindings from Rust to C
if !HAVE_PREBUILT_CBINDGEN
if HAVE_EXTERNAL_CBINDGEN
rpmostree-rust.h:
$(AM_V_GEN) cbindgen -c rust/cbindgen.toml -o $@ $(top_srcdir)/rust
else
rpmostree-rust.h: rpmostree-bindgen
$(AM_V_GEN) ./rpmostree-bindgen $(top_srcdir)/rust
endif
BUILT_SOURCES += rpmostree-rust.h
endif
rpm_ostree_CFLAGS += $(PKGDEP_RPMOSTREE_RS_CFLAGS)
rpm_ostree_LDADD += $(librpmostree_rust_path) $(PKGDEP_RPMOSTREE_RS_LIBS)
# Wraps `cargo test`. This is always a debug non-release build;
# the main thing here is we still drop the `target` dir in our build
# directory, since we nominally support srcdir != builddir.
rust-test:
cd $(top_srcdir)/rust && CARGO_TARGET_DIR=@abs_top_builddir@/target cargo test
.PHONY: rust-test
Reference in New Issue View Git Blame Copy Permalink