openwrt/include/package.mk
John Crispin 491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00

353 lines
11 KiB
Makefile

#
# Copyright (C) 2006-2008 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
__package_mk:=1
all: $(if $(DUMP),dumpinfo,compile)
PKG_BUILD_DIR ?= $(BUILD_DIR)/$(PKG_NAME)$(if $(PKG_VERSION),-$(PKG_VERSION))
PKG_INSTALL_DIR ?= $(PKG_BUILD_DIR)/ipkg-install
PKG_MD5SUM ?= unknown
PKG_BUILD_PARALLEL ?=
PKG_USE_MIPS16 ?= 1
PKG_CHECK_FORMAT_SECURITY ?= 1
PKG_CC_STACKPROTECTOR_REGULAR ?= 1
PKG_CC_STACKPROTECTOR_STRONG ?= 1
PKG_FORTIFY_SOURCE_1 ?= 1
PKG_FORTIFY_SOURCE_2 ?= 1
PKG_RELRO_PARTIAL ?= 1
PKG_RELRO_FULL ?= 1
ifneq ($(CONFIG_PKG_BUILD_USE_JOBSERVER),)
MAKE_J:=$(if $(MAKE_JOBSERVER),$(MAKE_JOBSERVER) -j)
else
MAKE_J:=-j$(CONFIG_PKG_BUILD_JOBS)
endif
ifeq ($(strip $(PKG_BUILD_PARALLEL)),0)
PKG_JOBS?=-j1
else
PKG_JOBS?=$(if $(PKG_BUILD_PARALLEL)$(CONFIG_PKG_DEFAULT_PARALLEL),\
$(if $(CONFIG_PKG_BUILD_PARALLEL),$(MAKE_J),-j1),-j1)
endif
ifdef CONFIG_USE_MIPS16
ifeq ($(strip $(PKG_USE_MIPS16)),1)
TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
TARGET_CFLAGS += -mips16 -minterlink-mips16
endif
endif
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
TARGET_CFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_2
ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
endif
endif
ifdef CONFIG_PKG_RELRO_PARTIAL
ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
TARGET_CFLAGS += -Wl,-z,relro
endif
endif
ifdef CONFIG_PKG_RELRO_FULL
ifeq ($(strip $(PKG_RELRO_FULL)),1)
TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
endif
endif
include $(INCLUDE_DIR)/prereq.mk
include $(INCLUDE_DIR)/host.mk
include $(INCLUDE_DIR)/unpack.mk
include $(INCLUDE_DIR)/depends.mk
find_library_dependencies = $(wildcard $(patsubst %,$(STAGING_DIR)/pkginfo/%.version, \
$(filter-out $(BUILD_PACKAGES),$(foreach dep, \
$(filter-out @%, $(patsubst +%,%,$(1))), \
$(if $(findstring :,$(dep)), \
$(word 2,$(subst :,$(space),$(dep))), \
$(dep) \
) \
))))
STAMP_NO_AUTOREBUILD=$(wildcard $(PKG_BUILD_DIR)/.no_autorebuild)
PREV_STAMP_PREPARED:=$(if $(STAMP_NO_AUTOREBUILD),$(wildcard $(PKG_BUILD_DIR)/.prepared*))
ifneq ($(PREV_STAMP_PREPARED),)
STAMP_PREPARED:=$(PREV_STAMP_PREPARED)
CONFIG_AUTOREBUILD:=
else
STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))$(call confvar,$(PKG_PREPARED_DEPENDS)))
endif
STAMP_CONFIGURED:=$(PKG_BUILD_DIR)/.configured$(if $(DUMP),,_$(call confvar,$(PKG_CONFIG_DEPENDS)))
STAMP_CONFIGURED_WILDCARD=$(patsubst %_$(call confvar,$(PKG_CONFIG_DEPENDS)),%_*,$(STAMP_CONFIGURED))
STAMP_BUILT:=$(PKG_BUILD_DIR)/.built
STAMP_INSTALLED:=$(STAGING_DIR)/stamp/.$(PKG_NAME)_installed
STAGING_FILES_LIST:=$(PKG_NAME)$(if $(BUILD_VARIANT),.$(BUILD_VARIANT),).list
ifneq ($(if $(CONFIG_SRC_TREE_OVERRIDE),$(wildcard ./git-src)),)
USE_GIT_TREE:=1
QUILT:=1
endif
ifdef USE_SOURCE_DIR
QUILT:=1
endif
ifneq ($(wildcard $(PKG_BUILD_DIR)/.source_dir),)
QUILT:=1
endif
PKG_DIR_NAME:=$(lastword $(subst /,$(space),$(CURDIR)))
PKG_INSTALL_STAMP:=$(PKG_INFO_DIR)/$(PKG_DIR_NAME).$(if $(BUILD_VARIANT),$(BUILD_VARIANT),default).install
include $(INCLUDE_DIR)/download.mk
include $(INCLUDE_DIR)/quilt.mk
include $(INCLUDE_DIR)/package-defaults.mk
include $(INCLUDE_DIR)/package-dumpinfo.mk
include $(INCLUDE_DIR)/package-ipkg.mk
include $(INCLUDE_DIR)/package-bin.mk
include $(INCLUDE_DIR)/autotools.mk
override MAKEFLAGS=
CONFIG_SITE:=$(INCLUDE_DIR)/site/$(REAL_GNU_TARGET_NAME)
CUR_MAKEFILE:=$(filter-out Makefile,$(firstword $(MAKEFILE_LIST)))
SUBMAKE:=$(NO_TRACE_MAKE) $(if $(CUR_MAKEFILE),-f $(CUR_MAKEFILE))
PKG_CONFIG_PATH=$(STAGING_DIR)/usr/lib/pkgconfig:$(STAGING_DIR)/usr/share/pkgconfig
unexport QUIET
ifeq ($(DUMP)$(filter prereq clean refresh update,$(MAKECMDGOALS)),)
ifneq ($(if $(QUILT),,$(CONFIG_AUTOREBUILD)),)
define Build/Autoclean
$(PKG_BUILD_DIR)/.dep_files: $(STAMP_PREPARED)
$(call rdep,${CURDIR} $(PKG_FILE_DEPENDS),$(STAMP_PREPARED),$(PKG_BUILD_DIR)/.dep_files,-x "*/.dep_*")
$(if $(filter prepare,$(MAKECMDGOALS)),,$(call rdep,$(PKG_BUILD_DIR),$(STAMP_BUILT),,-x "*/.dep_*" -x "*/ipkg*"))
endef
endif
endif
define Download/default
FILE:=$(PKG_SOURCE)
URL:=$(PKG_SOURCE_URL)
SUBDIR:=$(PKG_SOURCE_SUBDIR)
PROTO:=$(PKG_SOURCE_PROTO)
$(if $(PKG_SOURCE_MIRROR),MIRROR:=$(filter 1,$(PKG_MIRROR)))
$(if $(PKG_MIRROR_MD5SUM),MIRROR_MD5SUM:=$(PKG_MIRROR_MD5SUM))
VERSION:=$(PKG_SOURCE_VERSION)
MD5SUM:=$(PKG_MD5SUM)
endef
ifdef USE_GIT_TREE
define Build/Prepare/Default
mkdir -p $(PKG_BUILD_DIR)
ln -s $(CURDIR)/git-src $(PKG_BUILD_DIR)/.git
( cd $(PKG_BUILD_DIR); git checkout .)
endef
endif
ifdef USE_SOURCE_DIR
define Build/Prepare/Default
rm -rf $(PKG_BUILD_DIR)
$(if $(wildcard $(USE_SOURCE_DIR)/*),,@echo "Error: USE_SOURCE_DIR=$(USE_SOURCE_DIR) path not found"; false)
ln -snf $(USE_SOURCE_DIR) $(PKG_BUILD_DIR)
touch $(PKG_BUILD_DIR)/.source_dir
endef
endif
define Build/Exports/Default
$(1) : export ACLOCAL_INCLUDE=$$(foreach p,$$(wildcard $$(STAGING_DIR)/usr/share/aclocal $$(STAGING_DIR)/usr/share/aclocal-* $$(STAGING_DIR)/host/share/aclocal $$(STAGING_DIR)/host/share/aclocal-*),-I $$(p))
$(1) : export STAGING_PREFIX=$$(STAGING_DIR)/usr
$(1) : export PATH=$$(TARGET_PATH_PKG)
$(1) : export CONFIG_SITE:=$$(CONFIG_SITE)
$(1) : export PKG_CONFIG_PATH:=$$(PKG_CONFIG_PATH)
$(1) : export PKG_CONFIG_LIBDIR:=$$(PKG_CONFIG_PATH)
$(1) : export CCACHE_DIR:=$(STAGING_DIR)/ccache
endef
Build/Exports=$(Build/Exports/Default)
define Build/DefaultTargets
$(if $(QUILT),$(Build/Quilt))
$(if $(USE_SOURCE_DIR)$(USE_GIT_TREE),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
$(call Build/Autoclean)
download:
$(foreach hook,$(Hooks/Download),
$(call $(hook))$(sep)
)
$(STAMP_PREPARED) : export PATH=$$(TARGET_PATH_PKG)
$(STAMP_PREPARED):
@-rm -rf $(PKG_BUILD_DIR)
@mkdir -p $(PKG_BUILD_DIR)
$(foreach hook,$(Hooks/Prepare/Pre),$(call $(hook))$(sep))
$(Build/Prepare)
$(foreach hook,$(Hooks/Prepare/Post),$(call $(hook))$(sep))
touch $$@
$(call Build/Exports,$(STAMP_CONFIGURED))
$(STAMP_CONFIGURED): $(STAMP_PREPARED)
$(foreach hook,$(Hooks/Configure/Pre),$(call $(hook))$(sep))
$(Build/Configure)
$(foreach hook,$(Hooks/Configure/Post),$(call $(hook))$(sep))
rm -f $(STAMP_CONFIGURED_WILDCARD)
touch $$@
$(call Build/Exports,$(STAMP_BUILT))
$(STAMP_BUILT): $(STAMP_CONFIGURED)
$(foreach hook,$(Hooks/Compile/Pre),$(call $(hook))$(sep))
$(Build/Compile)
$(foreach hook,$(Hooks/Compile/Post),$(call $(hook))$(sep))
$(Build/Install)
$(foreach hook,$(Hooks/Install/Post),$(call $(hook))$(sep))
touch $$@
$(STAMP_INSTALLED) : export PATH=$$(TARGET_PATH_PKG)
$(STAMP_INSTALLED): $(STAMP_BUILT)
$(SUBMAKE) -j1 clean-staging
rm -rf $(TMP_DIR)/stage-$(PKG_NAME)
mkdir -p $(TMP_DIR)/stage-$(PKG_NAME)/host $(STAGING_DIR)/packages $(STAGING_DIR_HOST)/packages
$(foreach hook,$(Hooks/InstallDev/Pre),\
$(call $(hook),$(TMP_DIR)/stage-$(PKG_NAME),$(TMP_DIR)/stage-$(PKG_NAME)/host)$(sep)\
)
$(call Build/InstallDev,$(TMP_DIR)/stage-$(PKG_NAME),$(TMP_DIR)/stage-$(PKG_NAME)/host)
$(foreach hook,$(Hooks/InstallDev/Post),\
$(call $(hook),$(TMP_DIR)/stage-$(PKG_NAME),$(TMP_DIR)/stage-$(PKG_NAME)/host)$(sep)\
)
if [ -f $(STAGING_DIR)/packages/$(STAGING_FILES_LIST) ]; then \
$(SCRIPT_DIR)/clean-package.sh \
"$(STAGING_DIR)/packages/$(STAGING_FILES_LIST)" \
"$(STAGING_DIR)"; \
fi
if [ -d $(TMP_DIR)/stage-$(PKG_NAME) ]; then \
(cd $(TMP_DIR)/stage-$(PKG_NAME); find ./ > $(TMP_DIR)/stage-$(PKG_NAME).files); \
$(call locked, \
mv $(TMP_DIR)/stage-$(PKG_NAME).files $(STAGING_DIR)/packages/$(STAGING_FILES_LIST) && \
$(CP) $(TMP_DIR)/stage-$(PKG_NAME)/* $(STAGING_DIR)/; \
,staging-dir); \
fi
rm -rf $(TMP_DIR)/stage-$(PKG_NAME)
touch $$@
ifdef Build/InstallDev
compile: $(STAMP_INSTALLED)
endif
define Build/DefaultTargets
endef
prepare: $(STAMP_PREPARED)
configure: $(STAMP_CONFIGURED)
dist: $(STAMP_CONFIGURED)
distcheck: $(STAMP_CONFIGURED)
endef
define Build/IncludeOverlay
$(eval -include $(wildcard $(TOPDIR)/overlay/*/$(PKG_NAME).mk))
define Build/IncludeOverlay
endef
endef
define BuildPackage
$(Build/IncludeOverlay)
$(eval $(Package/Default))
$(eval $(Package/$(1)))
ifdef DESCRIPTION
$$(error DESCRIPTION:= is obsolete, use Package/PKG_NAME/description)
endif
ifndef Package/$(1)/description
define Package/$(1)/description
$(TITLE)
endef
endif
BUILD_PACKAGES += $(1)
$(STAMP_PREPARED): $$(if $(QUILT)$(DUMP),,$(call find_library_dependencies,$(DEPENDS)))
$(foreach FIELD, TITLE CATEGORY SECTION VERSION,
ifeq ($($(FIELD)),)
$$(error Package/$(1) is missing the $(FIELD) field)
endif
)
$(if $(DUMP), \
$(Dumpinfo/Package), \
$(foreach target, \
$(if $(Package/$(1)/targets),$(Package/$(1)/targets), \
$(if $(PKG_TARGETS),$(PKG_TARGETS), ipkg) \
), $(BuildTarget/$(target)) \
) \
)
$(if $(PKG_HOST_ONLY)$(DUMP),,$(call Build/DefaultTargets,$(1)))
endef
define pkg_install_files
$(foreach install_file,$(1),$(INSTALL_DIR) $(3)/`dirname $(install_file)`; $(INSTALL_DATA) $(2)/$(install_file) $(3)/`dirname $(install_file)`;)
endef
define pkg_install_bin
$(foreach install_apps,$(1),$(INSTALL_DIR) $(3)/`dirname $(install_apps)`; $(INSTALL_BIN) $(2)/$(install_apps) $(3)/`dirname $(install_apps)`;)
endef
Build/Prepare=$(call Build/Prepare/Default,)
Build/Configure=$(call Build/Configure/Default,)
Build/Compile=$(call Build/Compile/Default,)
Build/Install=$(if $(PKG_INSTALL),$(call Build/Install/Default,))
Build/Dist=$(call Build/Dist/Default,)
Build/DistCheck=$(call Build/DistCheck/Default,)
.NOTPARALLEL:
.PHONY: prepare-package-install
prepare-package-install:
@mkdir -p $(PKG_INFO_DIR)
@touch $(PKG_INSTALL_STAMP).clean
@echo "$(filter-out essential,$(PKG_FLAGS))" > $(PKG_INSTALL_STAMP).flags
$(PACKAGE_DIR):
mkdir -p $@
dumpinfo:
download:
prepare:
configure:
compile: prepare-package-install
install: compile
clean-staging: FORCE
rm -f $(STAMP_INSTALLED)
@-(\
cd "$(STAGING_DIR)"; \
if [ -f packages/$(STAGING_FILES_LIST) ]; then \
cat packages/$(STAGING_FILES_LIST) | xargs -r rm -f 2>/dev/null; \
fi; \
)
clean: clean-staging FORCE
$(call Build/UninstallDev,$(STAGING_DIR),$(STAGING_DIR_HOST))
$(Build/Clean)
rm -f $(STAGING_DIR)/packages/$(STAGING_FILES_LIST) $(STAGING_DIR_HOST)/packages/$(STAGING_FILES_LIST)
rm -rf $(PKG_BUILD_DIR)
dist:
$(Build/Dist)
distcheck:
$(Build/DistCheck)