configure*: fix build with non-bash /bin/sh

The configure script happens to work if /bin/sh supports the non-POSIX "+=" operator (e.g.: bash) and fails otherwise (e.g.: dash). This usage first appeared on configure.ac on commit 66a476419 ("gcov support"), which is from 2016. If the --enable-apparmor flag is passed to ./configure (which is the default on Arch Linux), running `make` fails due to the missing -lapparmor LDFLAG. Thus, building firejail-git from the AUR does not work if /bin/sh is e.g.: dash. Errors when running the build commands below from makepkg: $ ./configure --prefix=/usr --enable-apparmor >/dev/null ./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found ./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found ./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found ./configure: 3518: EXTRA_CFLAGS+= : not found $ make >/dev/null /usr/bin/ld: apparmor.o: in function `apparmor_test': /tmp/firejail-git/src/firejail-git/src/jailcheck/apparmor.c:28: undefined reference to `aa_gettaskcon' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:10: jailcheck] Error 1 make: *** [Makefile:42: src/jailcheck/jailcheck] Error 2 make: *** Waiting for unfinished jobs.... /usr/bin/ld: apparmor.o: in function `print_apparmor': /tmp/firejail-git/src/firejail-git/src/firemon/apparmor.c:28: undefined reference to `aa_gettaskcon' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:10: firemon] Error 1 make: *** [Makefile:42: src/firemon/firemon] Error 2 /usr/bin/ld: join.o: in function `extract_apparmor': /tmp/firejail-git/src/firejail-git/src/firejail/join.c:65: undefined reference to `aa_is_enabled' /usr/bin/ld: sandbox.o: in function `set_apparmor': /tmp/firejail-git/src/firejail-git/src/firejail/sandbox.c:133: undefined reference to `aa_change_onexec' collect2: error: ld returned 1 exit status make[1]: *** [Makefile:10: firejail] Error 1 make: *** [Makefile:42: src/firejail/firejail] Error 2 Without the apparmor flag, the CFLAGS related to HAVE_SPECTRE do not get applied either, but `make` does not error out, so the problem is harder to detect in this case. Diff comparing the output of `./configure 2>&1` when running without and then with this patch: $ git --no-pager diff --no-index configure_current.log configure_patch.log diff --git a/configure_current.log b/configure_patch.log index f5e814f..099d836 100644 --- a/configure_current.log +++ b/configure_patch.log @@ -10,12 +10,9 @@ checking for gcc option to accept ISO C89... none needed checking for a BSD-compatible install... /usr/bin/install -c checking for ranlib... ranlib checking whether C compiler accepts -mindirect-branch=thunk... yes -./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found checking whether C compiler accepts -mretpoline... no checking whether C compiler accepts -fstack-clash-protection... yes -./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found checking whether C compiler accepts -fstack-protector-strong... yes -./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found checking for pkg-config... /usr/bin/pkg-config checking pkg-config is at least version 0.9.0... yes checking for gawk... yes @@ -88,7 +85,7 @@ Configuration options: busybox workaround: no Spectre compiler patch: yes EXTRA_LDFLAGS: - EXTRA_CFLAGS: + EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong fatal warnings: Gcov instrumentation: Install contrib scripts: yes
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-05-17 14:04:35 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2021-05-22 08:57:39 -0300
commit: 0c5d5d77b334059716ed753687abb3bf823bfcfa (patch)
tree: f95323b54ed48d56e02a39f7f448408b5661717a /configure
parent: support trailing comments on profile lines (diff)
download: firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.gz
firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.zst
firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.zip
1 files changed, 8 insertions, 8 deletions
diff --git a/configure b/configure
index 2acf04634..246b229ff 100755
--- a/configure
+++ b/configure
@@ -3171,7 +3171,7 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5
 $as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }
 if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :
-  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk"
 else
  :
@@ -3207,7 +3207,7 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
 $as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
 if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
-  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline"
 else
  :
@@ -3243,7 +3243,7 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5
 $as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; }
 if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then :
-  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection"
 else
  :
@@ -3279,7 +3279,7 @@ fi
 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5
 $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; }
 if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then :
-  HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"
+  HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-protector-strong"
 else
  :
@@ -3293,7 +3293,7 @@ fi
 if test "x$enable_analyzer" = "xyes"; then :
-        EXTRA_CFLAGS+=" -fanalyzer"
+        EXTRA_CFLAGS="$EXTRA_CFLAGS -fanalyzer"
 fi
@@ -3515,7 +3515,7 @@ else
        AA_LIBS=$pkg_cv_AA_LIBS
        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
 $as_echo "yes" >&6; }
-        EXTRA_CFLAGS+=" $AA_CFLAGS" && EXTRA_LDFLAGS+=" $AA_LIBS"
+        EXTRA_CFLAGS="$EXTRA_CFLAGS $AA_CFLAGS" && EXTRA_LDFLAGS="$EXTRA_LDFLAGS $AA_LIBS"
 fi
@@ -3530,7 +3530,7 @@ fi
 if test "x$enable_selinux" = "xyes"; then :
        HAVE_SELINUX="-DHAVE_SELINUX"
-        EXTRA_LDFLAGS+=" -lselinux "
+        EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lselinux "
 fi
@@ -3810,7 +3810,7 @@ fi
 if test "x$enable_gcov" = "xyes"; then :
        HAVE_GCOV="--coverage -DHAVE_GCOV "
-        EXTRA_LDFLAGS+=" -lgcov --coverage "
+        EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lgcov --coverage "
 fi
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-05-17 14:04:35 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2021-05-22 08:57:39 -0300
commit	0c5d5d77b334059716ed753687abb3bf823bfcfa (patch)
tree	f95323b54ed48d56e02a39f7f448408b5661717a /configure
parent	support trailing comments on profile lines (diff)
download	firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.gz firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.zst firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.zip

diff --git a/configure b/configure index 2acf04634..246b229ff 100755 --- a/configure +++ b/configure
@@ -3171,7 +3171,7 @@ fi
3171	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5	3171	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5
3172	$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }	3172	$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; }
3173	if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :	3173	if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then :
3174	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk"	3174	HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk"
3175		3175
3176	else	3176	else
3177	:	3177	:
@@ -3207,7 +3207,7 @@ fi
3207	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5	3207	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
3208	$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }	3208	$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
3209	if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :	3209	if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
3210	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline"	3210	HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline"
3211		3211
3212	else	3212	else
3213	:	3213	:
@@ -3243,7 +3243,7 @@ fi
3243	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5	3243	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5
3244	$as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; }	3244	$as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; }
3245	if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then :	3245	if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then :
3246	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection"	3246	HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection"
3247		3247
3248	else	3248	else
3249	:	3249	:
@@ -3279,7 +3279,7 @@ fi
3279	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5	3279	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5
3280	$as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; }	3280	$as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; }
3281	if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then :	3281	if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then :
3282	HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong"	3282	HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-protector-strong"
3283		3283
3284	else	3284	else
3285	:	3285	:
@@ -3293,7 +3293,7 @@ fi
3293		3293
3294	if test "x$enable_analyzer" = "xyes"; then :	3294	if test "x$enable_analyzer" = "xyes"; then :
3295		3295
3296	EXTRA_CFLAGS+=" -fanalyzer"	3296	EXTRA_CFLAGS="$EXTRA_CFLAGS -fanalyzer"
3297		3297
3298	fi	3298	fi
3299		3299
@@ -3515,7 +3515,7 @@ else
3515	AA_LIBS=$pkg_cv_AA_LIBS	3515	AA_LIBS=$pkg_cv_AA_LIBS
3516	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5	3516	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
3517	$as_echo "yes" >&6; }	3517	$as_echo "yes" >&6; }
3518	EXTRA_CFLAGS+=" $AA_CFLAGS" && EXTRA_LDFLAGS+=" $AA_LIBS"	3518	EXTRA_CFLAGS="$EXTRA_CFLAGS $AA_CFLAGS" && EXTRA_LDFLAGS="$EXTRA_LDFLAGS $AA_LIBS"
3519	fi	3519	fi
3520		3520
3521		3521
@@ -3530,7 +3530,7 @@ fi
3530	if test "x$enable_selinux" = "xyes"; then :	3530	if test "x$enable_selinux" = "xyes"; then :
3531		3531
3532	HAVE_SELINUX="-DHAVE_SELINUX"	3532	HAVE_SELINUX="-DHAVE_SELINUX"
3533	EXTRA_LDFLAGS+=" -lselinux "	3533	EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lselinux "
3534		3534
3535		3535
3536	fi	3536	fi
@@ -3810,7 +3810,7 @@ fi
3810	if test "x$enable_gcov" = "xyes"; then :	3810	if test "x$enable_gcov" = "xyes"; then :
3811		3811
3812	HAVE_GCOV="--coverage -DHAVE_GCOV "	3812	HAVE_GCOV="--coverage -DHAVE_GCOV "
3813	EXTRA_LDFLAGS+=" -lgcov --coverage "	3813	EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lgcov --coverage "
3814		3814
3815		3815
3816	fi	3816	fi