diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 10 | ||||
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | config.mk.in | 81 | ||||
-rw-r--r-- | src/etc-cleanup/Makefile | 2 | ||||
-rw-r--r-- | src/fbuilder/Makefile | 2 | ||||
-rw-r--r-- | src/fcopy/Makefile | 4 | ||||
-rw-r--r-- | src/fids/Makefile | 2 | ||||
-rw-r--r-- | src/firecfg/Makefile | 4 | ||||
-rw-r--r-- | src/firejail/Makefile | 4 | ||||
-rw-r--r-- | src/firemon/Makefile | 4 | ||||
-rw-r--r-- | src/fldd/Makefile | 4 | ||||
-rw-r--r-- | src/fnet/Makefile | 4 | ||||
-rw-r--r-- | src/fnetfilter/Makefile | 4 | ||||
-rw-r--r-- | src/fsec-optimize/Makefile | 4 | ||||
-rw-r--r-- | src/fsec-print/Makefile | 4 | ||||
-rw-r--r-- | src/fseccomp/Makefile | 4 | ||||
-rw-r--r-- | src/fzenity/Makefile | 2 | ||||
-rw-r--r-- | src/jailcheck/Makefile | 4 | ||||
-rw-r--r-- | src/libpostexecseccomp/Makefile | 2 | ||||
-rw-r--r-- | src/libtracelog/Makefile | 2 | ||||
-rw-r--r-- | src/profstats/Makefile | 2 | ||||
-rw-r--r-- | src/prog.mk | 26 | ||||
-rw-r--r-- | src/so.mk | 23 |
26 files changed, 118 insertions, 95 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index dd0dc4da0..8754e7eff 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -54,7 +54,7 @@ jobs: | |||
54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
55 | steps: | 55 | steps: |
56 | - name: Harden Runner | 56 | - name: Harden Runner |
57 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 57 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
@@ -84,7 +84,7 @@ jobs: | |||
84 | runs-on: ubuntu-22.04 | 84 | runs-on: ubuntu-22.04 |
85 | steps: | 85 | steps: |
86 | - name: Harden Runner | 86 | - name: Harden Runner |
87 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 87 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
88 | with: | 88 | with: |
89 | egress-policy: block | 89 | egress-policy: block |
90 | allowed-endpoints: > | 90 | allowed-endpoints: > |
@@ -110,7 +110,7 @@ jobs: | |||
110 | runs-on: ubuntu-22.04 | 110 | runs-on: ubuntu-22.04 |
111 | steps: | 111 | steps: |
112 | - name: Harden Runner | 112 | - name: Harden Runner |
113 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 113 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
114 | with: | 114 | with: |
115 | egress-policy: block | 115 | egress-policy: block |
116 | allowed-endpoints: > | 116 | allowed-endpoints: > |
@@ -132,7 +132,7 @@ jobs: | |||
132 | runs-on: ubuntu-20.04 | 132 | runs-on: ubuntu-20.04 |
133 | steps: | 133 | steps: |
134 | - name: Harden Runner | 134 | - name: Harden Runner |
135 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 135 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
136 | with: | 136 | with: |
137 | egress-policy: block | 137 | egress-policy: block |
138 | allowed-endpoints: > | 138 | allowed-endpoints: > |
@@ -150,7 +150,7 @@ jobs: | |||
150 | runs-on: ubuntu-22.04 | 150 | runs-on: ubuntu-22.04 |
151 | steps: | 151 | steps: |
152 | - name: Harden Runner | 152 | - name: Harden Runner |
153 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 153 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
154 | with: | 154 | with: |
155 | egress-policy: block | 155 | egress-policy: block |
156 | allowed-endpoints: > | 156 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index afa8d1305..32dbaf8cc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -46,7 +46,7 @@ jobs: | |||
46 | SHELL: /bin/bash | 46 | SHELL: /bin/bash |
47 | steps: | 47 | steps: |
48 | - name: Harden Runner | 48 | - name: Harden Runner |
49 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 49 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
50 | with: | 50 | with: |
51 | egress-policy: block | 51 | egress-policy: block |
52 | allowed-endpoints: > | 52 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eec359f40..9b82ab240 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -75,7 +75,7 @@ jobs: | |||
75 | 75 | ||
76 | steps: | 76 | steps: |
77 | - name: Harden Runner | 77 | - name: Harden Runner |
78 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 78 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
79 | with: | 79 | with: |
80 | disable-sudo: true | 80 | disable-sudo: true |
81 | egress-policy: block | 81 | egress-policy: block |
@@ -93,7 +93,7 @@ jobs: | |||
93 | 93 | ||
94 | # Initializes the CodeQL tools for scanning. | 94 | # Initializes the CodeQL tools for scanning. |
95 | - name: Initialize CodeQL | 95 | - name: Initialize CodeQL |
96 | uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 96 | uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
97 | with: | 97 | with: |
98 | languages: ${{ matrix.language }} | 98 | languages: ${{ matrix.language }} |
99 | # If you wish to specify custom queries, you can do so here or in a config file. | 99 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -104,7 +104,7 @@ jobs: | |||
104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
105 | # If this step fails, then you should remove it and run the build manually (see below) | 105 | # If this step fails, then you should remove it and run the build manually (see below) |
106 | - name: Autobuild | 106 | - name: Autobuild |
107 | uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 107 | uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
108 | 108 | ||
109 | # âšī¸ Command-line programs to run using the OS shell. | 109 | # âšī¸ Command-line programs to run using the OS shell. |
110 | # đ https://git.io/JvXDl | 110 | # đ https://git.io/JvXDl |
@@ -118,4 +118,4 @@ jobs: | |||
118 | # make release | 118 | # make release |
119 | 119 | ||
120 | - name: Perform CodeQL Analysis | 120 | - name: Perform CodeQL Analysis |
121 | uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 121 | uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 8418a390b..0e7403508 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -24,7 +24,7 @@ jobs: | |||
24 | runs-on: ubuntu-latest | 24 | runs-on: ubuntu-latest |
25 | steps: | 25 | steps: |
26 | - name: Harden Runner | 26 | - name: Harden Runner |
27 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 27 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
28 | with: | 28 | with: |
29 | disable-sudo: true | 29 | disable-sudo: true |
30 | egress-policy: block | 30 | egress-policy: block |
@@ -26,6 +26,9 @@ firejail (0.9.73) baseline; urgency=low | |||
26 | * build: deb: enable apparmor by default & remove deb-apparmor (#5668) | 26 | * build: deb: enable apparmor by default & remove deb-apparmor (#5668) |
27 | * build: Fix whitespace and add .editorconfig (#5674) | 27 | * build: Fix whitespace and add .editorconfig (#5674) |
28 | * build: enable compiler warnings by default (#5842) | 28 | * build: enable compiler warnings by default (#5842) |
29 | * build: remove -mretpoline and NO_EXTRA_CFLAGS (#5859) | ||
30 | * build: disable all built-in implicit make rules (#5864) | ||
31 | * build: organize and standardize make vars and targets (#5866) | ||
29 | * ci: always update the package db before installing packages (#5742) | 32 | * ci: always update the package db before installing packages (#5742) |
30 | * ci: fix codeql unable to download its own bundle (#5783) | 33 | * ci: fix codeql unable to download its own bundle (#5783) |
31 | * ci: split configure/build/install commands on gitlab (#5784) | 34 | * ci: split configure/build/install commands on gitlab (#5784) |
diff --git a/config.mk.in b/config.mk.in index 6ee541507..f3c1f658c 100644 --- a/config.mk.in +++ b/config.mk.in | |||
@@ -22,35 +22,56 @@ docdir=@docdir@ | |||
22 | mandir=@mandir@ | 22 | mandir=@mandir@ |
23 | sysconfdir=@sysconfdir@ | 23 | sysconfdir=@sysconfdir@ |
24 | 24 | ||
25 | HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ | 25 | # Misc flags |
26 | BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ | 26 | BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@ |
27 | HAVE_SUID=@HAVE_SUID@ | 27 | HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@ |
28 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
29 | HAVE_GCOV=@HAVE_GCOV@ | ||
28 | HAVE_MAN=@HAVE_MAN@ | 30 | HAVE_MAN=@HAVE_MAN@ |
29 | 31 | ||
32 | # MANFLAGS | ||
33 | HAVE_APPARMOR=@HAVE_APPARMOR@ | ||
30 | HAVE_CHROOT=@HAVE_CHROOT@ | 34 | HAVE_CHROOT=@HAVE_CHROOT@ |
31 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | 35 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
32 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
33 | HAVE_USERNS=@HAVE_USERNS@ | ||
34 | HAVE_X11=@HAVE_X11@ | ||
35 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ | 36 | HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@ |
37 | HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | ||
38 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | ||
36 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ | 39 | HAVE_GLOBALCFG=@HAVE_GLOBALCFG@ |
37 | HAVE_APPARMOR=@HAVE_APPARMOR@ | 40 | HAVE_IDS=@HAVE_IDS@ |
41 | HAVE_LTS=@HAVE_LTS@ | ||
42 | HAVE_NETWORK=@HAVE_NETWORK@ | ||
43 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ | ||
44 | HAVE_OUTPUT=@HAVE_OUTPUT@ | ||
38 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ | 45 | HAVE_OVERLAYFS=@HAVE_OVERLAYFS@ |
39 | HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@ | ||
40 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ | 46 | HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@ |
41 | HAVE_PRIVATE_LIB=@HAVE_PRIVATE_LIB@ | 47 | HAVE_PRIVATE_LIB=@HAVE_PRIVATE_LIB@ |
42 | HAVE_IDS=@HAVE_IDS@ | ||
43 | HAVE_GCOV=@HAVE_GCOV@ | ||
44 | HAVE_SELINUX=@HAVE_SELINUX@ | 48 | HAVE_SELINUX=@HAVE_SELINUX@ |
45 | HAVE_SUID=@HAVE_SUID@ | 49 | HAVE_SUID=@HAVE_SUID@ |
46 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 50 | HAVE_USERNS=@HAVE_USERNS@ |
47 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 51 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
48 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 52 | HAVE_X11=@HAVE_X11@ |
49 | HAVE_LTS=@HAVE_LTS@ | ||
50 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | ||
51 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ | ||
52 | 53 | ||
53 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_PRIVATE_LIB) $(HAVE_APPARMOR) $(HAVE_IDS) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) $(HAVE_ONLY_SYSCFG_PROFILES) | 54 | MANFLAGS = \ |
55 | $(HAVE_APPARMOR) \ | ||
56 | $(HAVE_CHROOT) \ | ||
57 | $(HAVE_DBUSPROXY) \ | ||
58 | $(HAVE_FILE_TRANSFER) \ | ||
59 | $(HAVE_FIRETUNNEL) \ | ||
60 | $(HAVE_FORCE_NONEWPRIVS) \ | ||
61 | $(HAVE_GLOBALCFG) \ | ||
62 | $(HAVE_IDS) \ | ||
63 | $(HAVE_LTS) \ | ||
64 | $(HAVE_NETWORK) \ | ||
65 | $(HAVE_ONLY_SYSCFG_PROFILES) \ | ||
66 | $(HAVE_OUTPUT) \ | ||
67 | $(HAVE_OVERLAYFS) \ | ||
68 | $(HAVE_PRIVATE_HOME) \ | ||
69 | $(HAVE_PRIVATE_LIB) \ | ||
70 | $(HAVE_SELINUX) \ | ||
71 | $(HAVE_SUID) \ | ||
72 | $(HAVE_USERNS) \ | ||
73 | $(HAVE_USERTMPFS) \ | ||
74 | $(HAVE_X11) | ||
54 | 75 | ||
55 | # User variables - should not be modified in the code (as they are reserved for | 76 | # User variables - should not be modified in the code (as they are reserved for |
56 | # the user building the package); see the following for details: | 77 | # the user building the package); see the following for details: |
@@ -60,7 +81,29 @@ CFLAGS=@CFLAGS@ | |||
60 | LDFLAGS=@LDFLAGS@ | 81 | LDFLAGS=@LDFLAGS@ |
61 | 82 | ||
62 | # Project variables | 83 | # Project variables |
63 | LIBS=@LIBS@ | 84 | EXTRA_CFLAGS =@EXTRA_CFLAGS@ |
85 | COMMON_CFLAGS = \ | ||
86 | -ggdb -O2 -DVERSION='"$(VERSION)"' \ | ||
87 | -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ | ||
88 | -Wformat -Wformat-security \ | ||
89 | -fstack-protector-all -D_FORTIFY_SOURCE=2 \ | ||
90 | -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \ | ||
91 | -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \ | ||
92 | -DVARDIR='"/var/lib/firejail"' \ | ||
93 | |||
94 | PROG_CFLAGS = \ | ||
95 | $(COMMON_CFLAGS) \ | ||
96 | $(HAVE_GCOV) $(MANFLAGS) \ | ||
97 | $(EXTRA_CFLAGS) \ | ||
98 | -fPIE | ||
99 | |||
100 | SO_CFLAGS = \ | ||
101 | $(COMMON_CFLAGS) \ | ||
102 | -fPIC | ||
103 | |||
104 | EXTRA_LDFLAGS =@EXTRA_LDFLAGS@ | ||
105 | PROG_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIE -pie $(EXTRA_LDFLAGS) | ||
106 | SO_LDFLAGS = -Wl,-z,relro -Wl,-z,now -fPIC | ||
107 | LIBS =@LIBS@ | ||
64 | 108 | ||
65 | EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | 109 | CLEANFILES = *.o *.gcov *.gcda *.gcno *.plist |
66 | EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | ||
diff --git a/src/etc-cleanup/Makefile b/src/etc-cleanup/Makefile index c8a12476e..c3c482bdb 100644 --- a/src/etc-cleanup/Makefile +++ b/src/etc-cleanup/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | PROG = etc-cleanup | 5 | PROG = etc-cleanup |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/etc_groups.h | 8 | EXTRA_HDRS = ../include/etc_groups.h |
9 | 9 | ||
10 | include $(ROOT)/src/prog.mk | 10 | include $(ROOT)/src/prog.mk |
diff --git a/src/fbuilder/Makefile b/src/fbuilder/Makefile index 7595f0775..634bf725f 100644 --- a/src/fbuilder/Makefile +++ b/src/fbuilder/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | PROG = fbuilder | 5 | PROG = fbuilder |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/syscall.h |
9 | 9 | ||
10 | include $(ROOT)/src/prog.mk | 10 | include $(ROOT)/src/prog.mk |
diff --git a/src/fcopy/Makefile b/src/fcopy/Makefile index e2956fdd1..a3c4abe9d 100644 --- a/src/fcopy/Makefile +++ b/src/fcopy/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fcopy | 5 | PROG = fcopy |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/syscall.h |
9 | MOD_OBJS = ../lib/common.o | 9 | EXTRA_OBJS = ../lib/common.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fids/Makefile b/src/fids/Makefile index 901cbb470..76388a03d 100644 --- a/src/fids/Makefile +++ b/src/fids/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | PROG = fids | 5 | PROG = fids |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h | 8 | EXTRA_HDRS = ../include/common.h |
9 | 9 | ||
10 | include $(ROOT)/src/prog.mk | 10 | include $(ROOT)/src/prog.mk |
diff --git a/src/firecfg/Makefile b/src/firecfg/Makefile index 59b713f1b..de4639ab6 100644 --- a/src/firecfg/Makefile +++ b/src/firecfg/Makefile | |||
@@ -5,13 +5,13 @@ ROOT = ../.. | |||
5 | PROG = firecfg | 5 | PROG = firecfg |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = \ | 8 | EXTRA_HDRS = \ |
9 | ../include/common.h \ | 9 | ../include/common.h \ |
10 | ../include/euid_common.h \ | 10 | ../include/euid_common.h \ |
11 | ../include/libnetlink.h \ | 11 | ../include/libnetlink.h \ |
12 | ../include/firejail_user.h \ | 12 | ../include/firejail_user.h \ |
13 | ../include/pid.h | 13 | ../include/pid.h |
14 | 14 | ||
15 | MOD_OBJS = ../lib/common.o ../lib/firejail_user.o | 15 | EXTRA_OBJS = ../lib/common.o ../lib/firejail_user.o |
16 | 16 | ||
17 | include $(ROOT)/src/prog.mk | 17 | include $(ROOT)/src/prog.mk |
diff --git a/src/firejail/Makefile b/src/firejail/Makefile index 53bccf843..d3a4b4f81 100644 --- a/src/firejail/Makefile +++ b/src/firejail/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = firejail | 5 | PROG = firejail |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = \ | 8 | EXTRA_HDRS = \ |
9 | ../include/rundefs.h \ | 9 | ../include/rundefs.h \ |
10 | ../include/common.h \ | 10 | ../include/common.h \ |
11 | ../include/ldd_utils.h \ | 11 | ../include/ldd_utils.h \ |
@@ -18,7 +18,7 @@ MOD_HDRS = \ | |||
18 | ../include/etc_groups.h | 18 | ../include/etc_groups.h |
19 | 19 | ||
20 | 20 | ||
21 | MOD_OBJS = \ | 21 | EXTRA_OBJS = \ |
22 | ../lib/common.o \ | 22 | ../lib/common.o \ |
23 | ../lib/ldd_utils.o \ | 23 | ../lib/ldd_utils.o \ |
24 | ../lib/firejail_user.o \ | 24 | ../lib/firejail_user.o \ |
diff --git a/src/firemon/Makefile b/src/firemon/Makefile index e0059aee5..09387f3eb 100644 --- a/src/firemon/Makefile +++ b/src/firemon/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = firemon | 5 | PROG = firemon |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/pid.h | 8 | EXTRA_HDRS = ../include/common.h ../include/pid.h |
9 | MOD_OBJS = ../lib/common.o ../lib/pid.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/pid.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fldd/Makefile b/src/fldd/Makefile index 86693a76c..7fec70a33 100644 --- a/src/fldd/Makefile +++ b/src/fldd/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fldd | 5 | PROG = fldd |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h | 8 | EXTRA_HDRS = ../include/common.h ../include/syscall.h ../include/ldd_utils.h |
9 | MOD_OBJS = ../lib/common.o ../lib/ldd_utils.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/ldd_utils.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fnet/Makefile b/src/fnet/Makefile index 8efc6d26b..50bfdfffd 100644 --- a/src/fnet/Makefile +++ b/src/fnet/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fnet | 5 | PROG = fnet |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/libnetlink.h | 8 | EXTRA_HDRS = ../include/common.h ../include/libnetlink.h |
9 | MOD_OBJS = ../lib/common.o ../lib/libnetlink.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/libnetlink.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fnetfilter/Makefile b/src/fnetfilter/Makefile index 2be8311ae..156af3ed0 100644 --- a/src/fnetfilter/Makefile +++ b/src/fnetfilter/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fnetfilter | 5 | PROG = fnetfilter |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/syscall.h |
9 | MOD_OBJS = ../lib/common.o | 9 | EXTRA_OBJS = ../lib/common.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fsec-optimize/Makefile b/src/fsec-optimize/Makefile index 4941f13b1..5a14726a0 100644 --- a/src/fsec-optimize/Makefile +++ b/src/fsec-optimize/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fsec-optimize | 5 | PROG = fsec-optimize |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h |
9 | MOD_OBJS = ../lib/common.o ../lib/errno.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/errno.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fsec-print/Makefile b/src/fsec-print/Makefile index 78e87a93f..d55167796 100644 --- a/src/fsec-print/Makefile +++ b/src/fsec-print/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fsec-print | 5 | PROG = fsec-print |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/seccomp.h ../include/syscall.h |
9 | MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fseccomp/Makefile b/src/fseccomp/Makefile index 461179f4d..f8c35d41f 100644 --- a/src/fseccomp/Makefile +++ b/src/fseccomp/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = fseccomp | 5 | PROG = fseccomp |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/syscall.h | 8 | EXTRA_HDRS = ../include/common.h ../include/syscall.h |
9 | MOD_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/errno.o ../lib/syscall.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/fzenity/Makefile b/src/fzenity/Makefile index a17a9252f..148babbe8 100644 --- a/src/fzenity/Makefile +++ b/src/fzenity/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | PROG = fzenity | 5 | PROG = fzenity |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h | 8 | EXTRA_HDRS = ../include/common.h |
9 | 9 | ||
10 | include $(ROOT)/src/prog.mk | 10 | include $(ROOT)/src/prog.mk |
diff --git a/src/jailcheck/Makefile b/src/jailcheck/Makefile index 23cd9c1a9..3b0b83412 100644 --- a/src/jailcheck/Makefile +++ b/src/jailcheck/Makefile | |||
@@ -5,7 +5,7 @@ ROOT = ../.. | |||
5 | PROG = jailcheck | 5 | PROG = jailcheck |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h ../include/pid.h | 8 | EXTRA_HDRS = ../include/common.h ../include/pid.h |
9 | MOD_OBJS = ../lib/common.o ../lib/pid.o | 9 | EXTRA_OBJS = ../lib/common.o ../lib/pid.o |
10 | 10 | ||
11 | include $(ROOT)/src/prog.mk | 11 | include $(ROOT)/src/prog.mk |
diff --git a/src/libpostexecseccomp/Makefile b/src/libpostexecseccomp/Makefile index dfd8eb318..c5ec14672 100644 --- a/src/libpostexecseccomp/Makefile +++ b/src/libpostexecseccomp/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | SO = libpostexecseccomp.so | 5 | SO = libpostexecseccomp.so |
6 | TARGET = $(SO) | 6 | TARGET = $(SO) |
7 | 7 | ||
8 | MOD_HDRS = ../include/seccomp.h ../include/rundefs.h | 8 | EXTRA_HDRS = ../include/seccomp.h ../include/rundefs.h |
9 | 9 | ||
10 | include $(ROOT)/src/so.mk | 10 | include $(ROOT)/src/so.mk |
diff --git a/src/libtracelog/Makefile b/src/libtracelog/Makefile index ac48264df..2b43ce131 100644 --- a/src/libtracelog/Makefile +++ b/src/libtracelog/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | SO = libtracelog.so | 5 | SO = libtracelog.so |
6 | TARGET = $(SO) | 6 | TARGET = $(SO) |
7 | 7 | ||
8 | MOD_HDRS = ../include/rundefs.h | 8 | EXTRA_HDRS = ../include/rundefs.h |
9 | 9 | ||
10 | include $(ROOT)/src/so.mk | 10 | include $(ROOT)/src/so.mk |
diff --git a/src/profstats/Makefile b/src/profstats/Makefile index b4cb1a6f7..ae88bf2fd 100644 --- a/src/profstats/Makefile +++ b/src/profstats/Makefile | |||
@@ -5,6 +5,6 @@ ROOT = ../.. | |||
5 | PROG = profstats | 5 | PROG = profstats |
6 | TARGET = $(PROG) | 6 | TARGET = $(PROG) |
7 | 7 | ||
8 | MOD_HDRS = ../include/common.h | 8 | EXTRA_HDRS = ../include/common.h |
9 | 9 | ||
10 | include $(ROOT)/src/prog.mk | 10 | include $(ROOT)/src/prog.mk |
diff --git a/src/prog.mk b/src/prog.mk index e4473184f..70b3629b2 100644 --- a/src/prog.mk +++ b/src/prog.mk | |||
@@ -3,25 +3,11 @@ | |||
3 | # Note: $(ROOT)/config.mk must be included before this file. | 3 | # Note: $(ROOT)/config.mk must be included before this file. |
4 | # | 4 | # |
5 | # The includer should probably define PROG and TARGET and may also want to | 5 | # The includer should probably define PROG and TARGET and may also want to |
6 | # define MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN. | 6 | # define EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES. |
7 | 7 | ||
8 | HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS) | 8 | HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS) |
9 | SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS) | 9 | SRCS := $(sort $(wildcard *.c)) |
10 | OBJS := $(SRCS:.c=.o) $(MOD_OBJS) | 10 | OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS) |
11 | |||
12 | PROG_CFLAGS = \ | ||
13 | -ggdb -O2 -DVERSION='"$(VERSION)"' \ | ||
14 | -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ | ||
15 | -Wformat -Wformat-security \ | ||
16 | -fstack-protector-all -D_FORTIFY_SOURCE=2 \ | ||
17 | -fPIE \ | ||
18 | -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' \ | ||
19 | -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' \ | ||
20 | -DVARDIR='"/var/lib/firejail"' \ | ||
21 | $(HAVE_GCOV) $(MANFLAGS) \ | ||
22 | $(EXTRA_CFLAGS) | ||
23 | |||
24 | PROG_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now $(EXTRA_LDFLAGS) | ||
25 | 11 | ||
26 | .PHONY: all | 12 | .PHONY: all |
27 | all: $(TARGET) | 13 | all: $(TARGET) |
@@ -33,7 +19,7 @@ $(PROG): $(OBJS) $(ROOT)/config.mk | |||
33 | $(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) | 19 | $(CC) $(PROG_LDFLAGS) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) |
34 | 20 | ||
35 | .PHONY: clean | 21 | .PHONY: clean |
36 | clean:; rm -fr *.o $(PROG) *.gcov *.gcda *.gcno *.plist $(TOCLEAN) | 22 | clean:; rm -fr $(PROG) $(CLEANFILES) |
37 | 23 | ||
38 | .PHONY: distclean | 24 | .PHONY: distclean |
39 | distclean: clean; rm -fr $(TODISTCLEAN) | 25 | distclean: clean |
@@ -3,20 +3,11 @@ | |||
3 | # Note: $(ROOT)/config.mk must be included before this file. | 3 | # Note: $(ROOT)/config.mk must be included before this file. |
4 | # | 4 | # |
5 | # The includer should probably define SO and TARGET and may also want to define | 5 | # The includer should probably define SO and TARGET and may also want to define |
6 | # MOD_HDRS, MOD_SRCS, MOD_OBJS, TOCLEAN and TODISTCLEAN. | 6 | # EXTRA_HDRS and EXTRA_OBJS and extend CLEANFILES. |
7 | 7 | ||
8 | HDRS := $(sort $(wildcard *.h)) $(MOD_HDRS) | 8 | HDRS := $(sort $(wildcard *.h)) $(EXTRA_HDRS) |
9 | SRCS := $(sort $(wildcard *.c)) $(MOD_SRCS) | 9 | SRCS := $(sort $(wildcard *.c)) |
10 | OBJS := $(SRCS:.c=.o) $(MOD_OBJS) | 10 | OBJS := $(SRCS:.c=.o) $(EXTRA_OBJS) |
11 | |||
12 | SO_CFLAGS = \ | ||
13 | -ggdb -O2 -DVERSION='"$(VERSION)"' \ | ||
14 | -Wall -Wextra $(HAVE_FATAL_WARNINGS) \ | ||
15 | -Wformat -Wformat-security \ | ||
16 | -fstack-protector-all -D_FORTIFY_SOURCE=2 \ | ||
17 | -fPIC | ||
18 | |||
19 | SO_LDFLAGS = -pie -fPIE -Wl,-z,relro -Wl,-z,now | ||
20 | 11 | ||
21 | .PHONY: all | 12 | .PHONY: all |
22 | all: $(TARGET) | 13 | all: $(TARGET) |
@@ -25,10 +16,10 @@ all: $(TARGET) | |||
25 | $(CC) $(SO_CFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 16 | $(CC) $(SO_CFLAGS) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
26 | 17 | ||
27 | $(SO): $(OBJS) $(ROOT)/config.mk | 18 | $(SO): $(OBJS) $(ROOT)/config.mk |
28 | $(CC) $(SO_LDFLAGS) -shared -fPIC -z relro $(LDFLAGS) -o $@ $(OBJS) -ldl | 19 | $(CC) $(SO_LDFLAGS) -shared $(LDFLAGS) -o $@ $(OBJS) -ldl |
29 | 20 | ||
30 | .PHONY: clean | 21 | .PHONY: clean |
31 | clean:; rm -fr $(OBJS) $(SO) *.plist $(TOCLEAN) | 22 | clean:; rm -fr $(SO) $(CLEANFILES) |
32 | 23 | ||
33 | .PHONY: distclean | 24 | .PHONY: distclean |
34 | distclean: clean; rm -fr $(TODISTCLEAN) | 25 | distclean: clean |