diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-05-17 14:04:35 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-05-22 08:57:39 -0300 |
commit | 0c5d5d77b334059716ed753687abb3bf823bfcfa (patch) | |
tree | f95323b54ed48d56e02a39f7f448408b5661717a /configure | |
parent | support trailing comments on profile lines (diff) | |
download | firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.gz firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.tar.zst firejail-0c5d5d77b334059716ed753687abb3bf823bfcfa.zip |
configure*: fix build with non-bash /bin/sh
The configure script happens to work if /bin/sh supports the non-POSIX
"+=" operator (e.g.: bash) and fails otherwise (e.g.: dash).
This usage first appeared on configure.ac on commit 66a476419 ("gcov
support"), which is from 2016.
If the --enable-apparmor flag is passed to ./configure (which is the
default on Arch Linux), running `make` fails due to the missing
-lapparmor LDFLAG. Thus, building firejail-git from the AUR does not
work if /bin/sh is e.g.: dash.
Errors when running the build commands below from makepkg:
$ ./configure --prefix=/usr --enable-apparmor >/dev/null
./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
./configure: 3518: EXTRA_CFLAGS+= : not found
$ make >/dev/null
/usr/bin/ld: apparmor.o: in function `apparmor_test':
/tmp/firejail-git/src/firejail-git/src/jailcheck/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: jailcheck] Error 1
make: *** [Makefile:42: src/jailcheck/jailcheck] Error 2
make: *** Waiting for unfinished jobs....
/usr/bin/ld: apparmor.o: in function `print_apparmor':
/tmp/firejail-git/src/firejail-git/src/firemon/apparmor.c:28: undefined reference to `aa_gettaskcon'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firemon] Error 1
make: *** [Makefile:42: src/firemon/firemon] Error 2
/usr/bin/ld: join.o: in function `extract_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/join.c:65: undefined reference to `aa_is_enabled'
/usr/bin/ld: sandbox.o: in function `set_apparmor':
/tmp/firejail-git/src/firejail-git/src/firejail/sandbox.c:133: undefined reference to `aa_change_onexec'
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:10: firejail] Error 1
make: *** [Makefile:42: src/firejail/firejail] Error 2
Without the apparmor flag, the CFLAGS related to HAVE_SPECTRE do not get
applied either, but `make` does not error out, so the problem is harder
to detect in this case.
Diff comparing the output of `./configure 2>&1` when running without and
then with this patch:
$ git --no-pager diff --no-index configure_current.log configure_patch.log
diff --git a/configure_current.log b/configure_patch.log
index f5e814f..099d836 100644
--- a/configure_current.log
+++ b/configure_patch.log
@@ -10,12 +10,9 @@ checking for gcc option to accept ISO C89... none needed
checking for a BSD-compatible install... /usr/bin/install -c
checking for ranlib... ranlib
checking whether C compiler accepts -mindirect-branch=thunk... yes
-./configure: 3174: EXTRA_CFLAGS+= -mindirect-branch=thunk: not found
checking whether C compiler accepts -mretpoline... no
checking whether C compiler accepts -fstack-clash-protection... yes
-./configure: 3246: EXTRA_CFLAGS+= -fstack-clash-protection: not found
checking whether C compiler accepts -fstack-protector-strong... yes
-./configure: 3282: EXTRA_CFLAGS+= -fstack-protector-strong: not found
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking for gawk... yes
@@ -88,7 +85,7 @@ Configuration options:
busybox workaround: no
Spectre compiler patch: yes
EXTRA_LDFLAGS:
- EXTRA_CFLAGS:
+ EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong
fatal warnings:
Gcov instrumentation:
Install contrib scripts: yes
Diffstat (limited to 'configure')
-rwxr-xr-x | configure | 16 |
1 files changed, 8 insertions, 8 deletions
@@ -3171,7 +3171,7 @@ fi | |||
3171 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5 | 3171 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk" >&5 |
3172 | $as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; } | 3172 | $as_echo "$ax_cv_check_cflags___mindirect_branch_thunk" >&6; } |
3173 | if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then : | 3173 | if test "x$ax_cv_check_cflags___mindirect_branch_thunk" = xyes; then : |
3174 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mindirect-branch=thunk" | 3174 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mindirect-branch=thunk" |
3175 | 3175 | ||
3176 | else | 3176 | else |
3177 | : | 3177 | : |
@@ -3207,7 +3207,7 @@ fi | |||
3207 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5 | 3207 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5 |
3208 | $as_echo "$ax_cv_check_cflags___mretpoline" >&6; } | 3208 | $as_echo "$ax_cv_check_cflags___mretpoline" >&6; } |
3209 | if test "x$ax_cv_check_cflags___mretpoline" = xyes; then : | 3209 | if test "x$ax_cv_check_cflags___mretpoline" = xyes; then : |
3210 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -mretpoline" | 3210 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -mretpoline" |
3211 | 3211 | ||
3212 | else | 3212 | else |
3213 | : | 3213 | : |
@@ -3243,7 +3243,7 @@ fi | |||
3243 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5 | 3243 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_clash_protection" >&5 |
3244 | $as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; } | 3244 | $as_echo "$ax_cv_check_cflags___fstack_clash_protection" >&6; } |
3245 | if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then : | 3245 | if test "x$ax_cv_check_cflags___fstack_clash_protection" = xyes; then : |
3246 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-clash-protection" | 3246 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-clash-protection" |
3247 | 3247 | ||
3248 | else | 3248 | else |
3249 | : | 3249 | : |
@@ -3279,7 +3279,7 @@ fi | |||
3279 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5 | 3279 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_strong" >&5 |
3280 | $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; } | 3280 | $as_echo "$ax_cv_check_cflags___fstack_protector_strong" >&6; } |
3281 | if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then : | 3281 | if test "x$ax_cv_check_cflags___fstack_protector_strong" = xyes; then : |
3282 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS+=" -fstack-protector-strong" | 3282 | HAVE_SPECTRE="yes" && EXTRA_CFLAGS="$EXTRA_CFLAGS -fstack-protector-strong" |
3283 | 3283 | ||
3284 | else | 3284 | else |
3285 | : | 3285 | : |
@@ -3293,7 +3293,7 @@ fi | |||
3293 | 3293 | ||
3294 | if test "x$enable_analyzer" = "xyes"; then : | 3294 | if test "x$enable_analyzer" = "xyes"; then : |
3295 | 3295 | ||
3296 | EXTRA_CFLAGS+=" -fanalyzer" | 3296 | EXTRA_CFLAGS="$EXTRA_CFLAGS -fanalyzer" |
3297 | 3297 | ||
3298 | fi | 3298 | fi |
3299 | 3299 | ||
@@ -3515,7 +3515,7 @@ else | |||
3515 | AA_LIBS=$pkg_cv_AA_LIBS | 3515 | AA_LIBS=$pkg_cv_AA_LIBS |
3516 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 | 3516 | { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 |
3517 | $as_echo "yes" >&6; } | 3517 | $as_echo "yes" >&6; } |
3518 | EXTRA_CFLAGS+=" $AA_CFLAGS" && EXTRA_LDFLAGS+=" $AA_LIBS" | 3518 | EXTRA_CFLAGS="$EXTRA_CFLAGS $AA_CFLAGS" && EXTRA_LDFLAGS="$EXTRA_LDFLAGS $AA_LIBS" |
3519 | fi | 3519 | fi |
3520 | 3520 | ||
3521 | 3521 | ||
@@ -3530,7 +3530,7 @@ fi | |||
3530 | if test "x$enable_selinux" = "xyes"; then : | 3530 | if test "x$enable_selinux" = "xyes"; then : |
3531 | 3531 | ||
3532 | HAVE_SELINUX="-DHAVE_SELINUX" | 3532 | HAVE_SELINUX="-DHAVE_SELINUX" |
3533 | EXTRA_LDFLAGS+=" -lselinux " | 3533 | EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lselinux " |
3534 | 3534 | ||
3535 | 3535 | ||
3536 | fi | 3536 | fi |
@@ -3810,7 +3810,7 @@ fi | |||
3810 | if test "x$enable_gcov" = "xyes"; then : | 3810 | if test "x$enable_gcov" = "xyes"; then : |
3811 | 3811 | ||
3812 | HAVE_GCOV="--coverage -DHAVE_GCOV " | 3812 | HAVE_GCOV="--coverage -DHAVE_GCOV " |
3813 | EXTRA_LDFLAGS+=" -lgcov --coverage " | 3813 | EXTRA_LDFLAGS="$EXTRA_LDFLAGS -lgcov --coverage " |
3814 | 3814 | ||
3815 | 3815 | ||
3816 | fi | 3816 | fi |