From 0521e8db4c6bf27167bedeb20789021db94252e0 Mon Sep 17 00:00:00 2001 From: zrj Date: Thu, 9 Nov 2017 16:57:23 +0200 Subject: [PATCH] libpam: Play some 4D chess for static pam modules support. We need A, B, C and D. C depends on A, B depends on D, A&B and C&D are both built in pairs. So split A&B and hope for the best. PAM modules were moved in closer to support this in the previous commit. Also use workaround to get matching set pointers. Might be a pam bug. Now su(1), login(1) and friends are usable in -static compilations with pending buildworld support patches. No functional change to usual case of shared libpam.so. Partially-taken-from: FreeBSD --- lib/libpam/Makefile | 6 ++-- lib/libpam/Makefile.inc | 6 ++++ lib/libpam/libpam/Makefile | 18 +++++++----- lib/libpam/modules/Makefile.inc | 3 +- lib/libpam/static_libpam/Makefile | 60 +++++++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 10 deletions(-) create mode 100644 lib/libpam/static_libpam/Makefile diff --git a/lib/libpam/Makefile b/lib/libpam/Makefile index e804a1f124..eeb4eec6dd 100644 --- a/lib/libpam/Makefile +++ b/lib/libpam/Makefile @@ -1,6 +1,8 @@ # libpam is normally built earlier by the _prebuild_libs target. +# Modules link in the shared libpam.so, but static_libpam links in the static +# modules so all modules need to be built before the static_libpam. -SUBDIR+= libpam modules -SUBDIR_ORDERED= +SUBDIR+= libpam modules static_libpam +SUBDIR_ORDERED= modules static_libpam .include diff --git a/lib/libpam/Makefile.inc b/lib/libpam/Makefile.inc index d3b5cbd3a7..fc99e95f1e 100644 --- a/lib/libpam/Makefile.inc +++ b/lib/libpam/Makefile.inc @@ -1,2 +1,8 @@ +# only used by static_libpam and libpam_*.a +STATIC_CFLAGS+= -DOPENPAM_STATIC_MODULES + +# Workaround a diff between security/openpam.h and openpam_static.c +STATIC_CFLAGS+= -D_openpam_static_modules=openpam_static_modules + .include "../Makefile.inc" diff --git a/lib/libpam/libpam/Makefile b/lib/libpam/libpam/Makefile index d44ebe35ef..2defd44355 100644 --- a/lib/libpam/libpam/Makefile +++ b/lib/libpam/libpam/Makefile @@ -1,4 +1,11 @@ -LIB= pam + +# +# Only build shared lib here, libpam.a is built by static_libpam. +# This is done to avoid circular dependencies for static modules. +# +.if !defined(LIB) +SHLIB_NAME= libpam.so.${SHLIB_MAJOR} +.endif SRCDIR= ${.CURDIR}/../../../contrib/openpam @@ -6,7 +13,7 @@ MODULE_DIR= ${LIBDIR}/security CFLAGS+= -DHAVE_CONFIG_H CFLAGS+= -DOPENPAM_MODULES_DIR='"${MODULE_DIR}/"' -CFLAGS+= -I${SRCDIR}/lib -I${SRCDIR}/include -I${.CURDIR} +CFLAGS+= -I${SRCDIR}/lib -I${SRCDIR}/include -I${.CURDIR}/../libpam WARNS= 3 @@ -64,9 +71,6 @@ SRCS= \ # Local files SRCS+= pam_debug_log.c -# only when OPENPAM_STATIC_MODULES -#SRCS+= openpam_static.c - PAMINCS=openpam.h \ openpam_attr.h \ openpam_version.h \ @@ -74,10 +78,10 @@ PAMINCS=openpam.h \ pam_constants.h \ pam_modules.h \ pam_types.h -INCS= ${PAMINCS:S;^;${SRCDIR}/include/security/;} security/pam_mod_misc.h +INCS?= ${PAMINCS:S;^;${SRCDIR}/include/security/;} security/pam_mod_misc.h INCSDIR= ${INCLUDEDIR}/security -MAN= openpam.3 \ +MAN?= openpam.3 \ openpam_borrow_cred.3 \ openpam_free_data.3 \ openpam_free_envlist.3 \ diff --git a/lib/libpam/modules/Makefile.inc b/lib/libpam/modules/Makefile.inc index 0bf45d295e..745c43bb79 100644 --- a/lib/libpam/modules/Makefile.inc +++ b/lib/libpam/modules/Makefile.inc @@ -10,7 +10,8 @@ TARGET_SHLIBDIR= ${LIBDIR}/security CFLAGS+= -I${LIBPAMDIR} LDADD+= -lpam -DPADD+= ${LIBPAM} +# XXX workaround for recursive depends +DPADD+= ${LIBPAM:M*libpam.a:R:S/$/.so/} OPENPAM_DIR= ${.CURDIR}/../../../../contrib/openpam diff --git a/lib/libpam/static_libpam/Makefile b/lib/libpam/static_libpam/Makefile new file mode 100644 index 0000000000..6e4f107cc1 --- /dev/null +++ b/lib/libpam/static_libpam/Makefile @@ -0,0 +1,60 @@ +# $FreeBSD: head/lib/libpam/static_libpam/Makefile 314901 2017-03-08 08:25:26Z brooks $ + +# Build only the static library here. +LIB= pam +NOPIC= yes + +# Already handled by libpam shared version. +NOMAN= noman +INCS= + +# +# Static modules support +# +# We build static versions of all modules and of openpam_static.o, +# then link them all together into openpam_static_modules.o. None of +# the modules export any symbols, but they store structures with +# pointers to their service functions in a linker set which the code +# in openpam_static.c traverses to locate the individual modules. +# +MODULESDIR= ../modules +MODULES= pam_chroot \ + pam_deny \ + pam_echo \ + pam_exec \ + pam_ftpusers \ + pam_group \ + pam_guest \ + pam_lastlog \ + pam_login_access \ + pam_nologin \ + pam_opie \ + pam_opieaccess \ + pam_passwdqc \ + pam_permit \ + pam_radius \ + pam_rhosts \ + pam_rootok \ + pam_securetty \ + pam_self \ + pam_tacplus \ + pam_unix + +.if !defined(NO_CRYPT) +MODULES+= pam_ssh +.endif + +STATIC_MODULES= ${MODULES:C/.*/${MODULESDIR}\/&\/lib&.a/} +STATICOBJS+= openpam_static_modules.o +CLEANFILES+= openpam_static.o openpam_static.po \ + openpam_static_modules.o + +openpam_static_modules.o: openpam_static.o ${STATIC_MODULES} + ${CC} -nostdlib ${LDFLAGS} -o ${.TARGET} -r -Wl,--whole-archive ${.ALLSRC} + +openpam_static_modules.po: openpam_static.po ${STATIC_MODULES} + ${CC} -nostdlib ${LDFLAGS} -o ${.TARGET} -r -Wl,--whole-archive ${.ALLSRC} + +.PATH: ${.CURDIR}/../libpam + +.include "${.CURDIR}/../libpam/Makefile" -- 2.11.4.GIT