view gub/specs/ @ 5485:e506118f65a8

tools:: lift LD_PRELOAD restrictions. Fixes confusion. Makes no sense for tools. Be it /usr/bin/gcc or tools::gcc, it needs to read /usr/include/stdlib.h etc. How to, or why restrict reading other files from /? See LIBRESTRICT_IGNORE below, it would need to include every binary in tools_prefix :-)
author Jan Nieuwenhuizen <>
date Thu, 20 Aug 2009 14:40:55 +0200
parents d2d22f00f8a2
children 3ecad6b5f9b1
line wrap: on
line source

from gub import tools
from gub import misc

class Librestrict_make__tools (tools.MakeBuild):
    source = 'url://host/librestrict-1.9a.tar.gz'
    def librestrict_flavours (self):
        return misc.librestrict ()
    def flavours (self):
        return ['exec', 'open', 'stat']
    def BARFS_WITH_2_5_1_name (self):
        return 'librestrict-' + '-'.join (self.librestrict_flavours ())
    def _get_build_dependencies (self):
        return [
#            'tools::gcc'
    def get_conflict_dict (self):
        # Ugly hack: if the user is not explicitly tightening the
        # restrictions using LIBRESTRICT=open:stat, uninstall dash and
        # coreutils.  This avoids triggering of any open(2)
        # restrictions on common commands.
        relax_restrictions = ['coreutils', 'bash']
        if 'stat' in self.librestrict_flavours ():
            relax_restrictions = []
        return {'': [
                + relax_restrictions
    def shadow (self):
        self.system ('rm -rf %(builddir)s')
        self.shadow_tree ('%(gubdir)s/librestrict', '%(builddir)s')
    def makeflags (self):
        return 'prefix=%(system_prefix)s'
    def LD_PRELOAD (self):
        return ''

class Librestrict_nomake__tools (Librestrict_make__tools):
    def compile_command (self):
        # URG, must *not* have U __stack_chk_fail@@GLIBC_2.4
        # because glibc-[core-]2.3 will not install with LD_PRELOAD
        CFLAGS = '-fno-stack-protector'
        compile = 'gcc -W -Wall %(CFLAGS)s -I. -fPIC -shared -o lib%(name) %(name)s.c'
        sources = ' '.join (['restrict-%s.c' % name for name in self.librestrict_flavours ()])
        b = 'cd %(builddir)s && '
        command = b + 'cat %(sources)s > restrict-all.c\n' % locals ()
        def updated (d, e):
            c = d.copy ()
            c.update (e)
            return c
        for f in self.flavours () + ['all']:
            name = 'restrict-' + f
            command += (b
                        + compile % locals ()
                        + ' || '
                        + compile % updated (locals (), {'CFLAGS':''})
                        + '\n')
        command += b + 'mv'
        return command
    def install_command (self):
        return (misc.join_lines ('''
mkdir -p %(install_prefix)s/lib
&& cp -p librestrict*.so %(install_prefix)s/lib

Librestrict__tools = Librestrict_nomake__tools
Librestrict_open__tools = Librestrict__tools