Date: Tue, 03 Sep 2013 15:37:04 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: freebsd-arch@freebsd.org Subject: /usr/lib/private Message-ID: <86zjrut4an.fsf@nine.des.no>
next in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
The attached patch introduces a mechanism for installing libraries into
/usr/lib/private, which is not in the standard rtld search path, and
setting -rpath accordingly for programs and libraries that need one of
those libraries. Private libraries are meant for internal use only and
need to be kept out of the way so they don't conflict with similarly-
named libraries installed by ports. The first to go is libssh (which
shouldn't even exist, but that's another story).
There is one issue this patch does not address: 32-bit binaries which
reference private libraries on a 64-bit system won't find them. This
can be fixed by having rtld automagically translate /usr/lib/private to
/usr/lib32/private when appropriate, which is rather gross.
I intend to commit this shortly - it is blocking DNSSEC for FreeBSD 10.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment; filename=head-privatelib.diff
Index: Makefile.inc1
===================================================================
--- Makefile.inc1 (revision 255069)
+++ Makefile.inc1 (working copy)
@@ -382,6 +382,7 @@
PATH=${TMPPATH} \
LIBDIR=/usr/lib32 \
SHLIBDIR=/usr/lib32 \
+ LIBPRIVATEDIR=/usr/lib32/private \
COMPILER_TYPE=${WMAKE_COMPILER_TYPE}
LIB32WMAKEFLAGS+= \
CC="${XCC} ${LIB32FLAGS}" \
Index: ObsoleteFiles.inc
===================================================================
--- ObsoleteFiles.inc (revision 255069)
+++ ObsoleteFiles.inc (working copy)
@@ -38,6 +38,9 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20130903: libssh becomes private
+OLD_LIBS+=usr/lib/libssh.so.5
+OLD_LIBS+=usr/lib32/libssh.so.5
# 20130829: bsdpatch is patch unconditionally
OLD_FILES+=usr/bin/bsdpatch
OLD_FILES+=usr/share/man/man1/bsdpatch.1.gz
Index: etc/mtree/BSD.usr.dist
===================================================================
--- etc/mtree/BSD.usr.dist (revision 255069)
+++ etc/mtree/BSD.usr.dist (working copy)
@@ -24,6 +24,8 @@
..
i18n
..
+ private
+ ..
..
lib32
dtrace
@@ -30,6 +32,8 @@
..
i18n
..
+ private
+ ..
..
libdata
gcc
Index: lib/libldns/Makefile
===================================================================
--- lib/libldns/Makefile (revision 255069)
+++ lib/libldns/Makefile (working copy)
@@ -6,7 +6,7 @@
.PATH: ${LDNSDIR} ${LDNSDIR}/compat
LIB= ldns
-INTERNALLIB= true
+PRIVATELIB= true
CFLAGS+= -I${LDNSDIR}
Index: lib/libpam/modules/pam_ssh/Makefile
===================================================================
--- lib/libpam/modules/pam_ssh/Makefile (revision 255069)
+++ lib/libpam/modules/pam_ssh/Makefile (working copy)
@@ -15,6 +15,7 @@
DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT}
LDADD= -lssh -lcrypto -lcrypt
+USEPRIVATELIB= ssh
.include <bsd.lib.mk>
Index: secure/lib/libssh/Makefile
===================================================================
--- secure/lib/libssh/Makefile (revision 255069)
+++ secure/lib/libssh/Makefile (working copy)
@@ -3,6 +3,7 @@
.include <bsd.own.mk>
LIB= ssh
+PRIVATELIB= true
SHLIB_MAJOR= 5
SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \
canohost.c channels.c cipher.c cipher-aes.c \
Index: secure/libexec/sftp-server/Makefile
===================================================================
--- secure/libexec/sftp-server/Makefile (revision 255069)
+++ secure/libexec/sftp-server/Makefile (working copy)
@@ -10,6 +10,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/libexec/ssh-keysign/Makefile
===================================================================
--- secure/libexec/ssh-keysign/Makefile (revision 255069)
+++ secure/libexec/ssh-keysign/Makefile (working copy)
@@ -8,6 +8,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/libexec/ssh-pkcs11-helper/Makefile
===================================================================
--- secure/libexec/ssh-pkcs11-helper/Makefile (revision 255069)
+++ secure/libexec/ssh-pkcs11-helper/Makefile (working copy)
@@ -8,6 +8,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/scp/Makefile
===================================================================
--- secure/usr.bin/scp/Makefile (revision 255069)
+++ secure/usr.bin/scp/Makefile (working copy)
@@ -9,6 +9,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/sftp/Makefile
===================================================================
--- secure/usr.bin/sftp/Makefile (revision 255069)
+++ secure/usr.bin/sftp/Makefile (working copy)
@@ -9,6 +9,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES}
LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/ssh/Makefile
===================================================================
--- secure/usr.bin/ssh/Makefile (revision 255069)
+++ secure/usr.bin/ssh/Makefile (working copy)
@@ -18,6 +18,7 @@
DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ}
LDADD= -lssh -lutil -lz
+USEPRIVATELIB= ssh
.if ${MK_KERBEROS_SUPPORT} != "no"
CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL
Index: secure/usr.bin/ssh-add/Makefile
===================================================================
--- secure/usr.bin/ssh-add/Makefile (revision 255069)
+++ secure/usr.bin/ssh-add/Makefile (working copy)
@@ -9,6 +9,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/ssh-agent/Makefile
===================================================================
--- secure/usr.bin/ssh-agent/Makefile (revision 255069)
+++ secure/usr.bin/ssh-agent/Makefile (working copy)
@@ -9,6 +9,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/ssh-keygen/Makefile
===================================================================
--- secure/usr.bin/ssh-keygen/Makefile (revision 255069)
+++ secure/usr.bin/ssh-keygen/Makefile (working copy)
@@ -9,6 +9,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.bin/ssh-keyscan/Makefile
===================================================================
--- secure/usr.bin/ssh-keyscan/Makefile (revision 255069)
+++ secure/usr.bin/ssh-keyscan/Makefile (working copy)
@@ -6,6 +6,7 @@
DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ}
LDADD= -lssh -lcrypt -lcrypto -lz
+USEPRIVATELIB= ssh
.include <bsd.prog.mk>
Index: secure/usr.sbin/sshd/Makefile
===================================================================
--- secure/usr.sbin/sshd/Makefile (revision 255069)
+++ secure/usr.sbin/sshd/Makefile (working copy)
@@ -27,6 +27,7 @@
DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM}
LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM}
+USEPRIVATELIB= ssh
.if ${MK_AUDIT} != "no"
CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR
Index: share/mk/bsd.lib.mk
===================================================================
--- share/mk/bsd.lib.mk (revision 255069)
+++ share/mk/bsd.lib.mk (working copy)
@@ -119,16 +119,24 @@
all: objwarn
+.if defined(PRIVATELIB)
+_LIBDIR:=${LIBPRIVATEDIR}
+_SHLIBDIR:=${LIBPRIVATEDIR}
+.else
+_LIBDIR:=${LIBDIR}
+_SHLIBDIR:=${SHLIBDIR}
+.endif
+
.if defined(SHLIB_NAME)
.if ${MK_DEBUG_FILES} != "no"
SHLIB_NAME_FULL=${SHLIB_NAME}.full
# Use ${DEBUGDIR} for base system debug files, else .debug subdirectory
-.if ${SHLIBDIR} == "/boot" ||\
+.if ${_SHLIBDIR} == "/boot" ||\
${SHLIBDIR:C%/lib(/.*)?$%/lib%} == "/lib" ||\
${SHLIBDIR:C%/usr/lib(32)?(/.*)?%/usr/lib%} == "/usr/lib"
-DEBUGFILEDIR=${DEBUGDIR}${SHLIBDIR}
+DEBUGFILEDIR=${DEBUGDIR}${_SHLIBDIR}
.else
-DEBUGFILEDIR=${SHLIBDIR}/.debug
+DEBUGFILEDIR=${_SHLIBDIR}/.debug
DEBUGMKDIR=
.endif
.else
@@ -145,6 +153,10 @@
LDFLAGS+= -Wl,--version-script=${VERSION_MAP}
.endif
+.if defined(USEPRIVATELIB)
+LDFLAGS+= -L${_SHLIBDIRPREFIX}${LIBPRIVATEDIR} -rpath ${LIBPRIVATEDIR}
+.endif
+
.if defined(LIB) && !empty(LIB) || defined(SHLIB_NAME)
OBJS+= ${SRCS:N*.h:R:S/$/.o/}
.endif
@@ -291,16 +303,16 @@
_libinstall:
.if defined(LIB) && !empty(LIB) && ${MK_INSTALLLIB} != "no"
${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
- ${_INSTALLFLAGS} lib${LIB}.a ${DESTDIR}${LIBDIR}
+ ${_INSTALLFLAGS} lib${LIB}.a ${DESTDIR}${_LIBDIR}
.endif
.if ${MK_PROFILE} != "no" && defined(LIB) && !empty(LIB)
${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
- ${_INSTALLFLAGS} lib${LIB}_p.a ${DESTDIR}${LIBDIR}
+ ${_INSTALLFLAGS} lib${LIB}_p.a ${DESTDIR}${_LIBDIR}
.endif
.if defined(SHLIB_NAME)
${INSTALL} ${STRIP} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
${_INSTALLFLAGS} ${_SHLINSTALLFLAGS} \
- ${SHLIB_NAME} ${DESTDIR}${SHLIBDIR}
+ ${SHLIB_NAME} ${DESTDIR}${_SHLIBDIR}
.if ${MK_DEBUG_FILES} != "no"
.if defined(DEBUGMKDIR)
${INSTALL} -T debug -d ${DESTDIR}${DEBUGFILEDIR}
@@ -328,23 +340,23 @@
# installworld; in the later case ${_LDSCRIPTROOT} must be obviously empty
# because on the target system, libraries are meant to be looked up from /.
.if defined(SHLIB_LDSCRIPT) && !empty(SHLIB_LDSCRIPT) && exists(${.CURDIR}/${SHLIB_LDSCRIPT})
- sed -e 's,@@SHLIB@@,${_LDSCRIPTROOT}${SHLIBDIR}/${SHLIB_NAME},g' \
- -e 's,@@LIBDIR@@,${_LDSCRIPTROOT}${LIBDIR},g' \
- ${.CURDIR}/${SHLIB_LDSCRIPT} > ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld
+ sed -e 's,@@SHLIB@@,${_LDSCRIPTROOT}${_SHLIBDIR}/${SHLIB_NAME},g' \
+ -e 's,@@LIBDIR@@,${_LDSCRIPTROOT}${_LIBDIR},g' \
+ ${.CURDIR}/${SHLIB_LDSCRIPT} > ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld
${INSTALL} -S -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
- ${_INSTALLFLAGS} ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld \
- ${DESTDIR}${LIBDIR}/${SHLIB_LINK}
- rm -f ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld
+ ${_INSTALLFLAGS} ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld \
+ ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
+ rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld
.else
-.if ${SHLIBDIR} == ${LIBDIR}
- ${INSTALL_SYMLINK} ${SHLIB_NAME} ${DESTDIR}${LIBDIR}/${SHLIB_LINK}
+.if ${_SHLIBDIR} == ${_LIBDIR}
+ ${INSTALL_SYMLINK} ${SHLIB_NAME} ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
.else
- ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${SHLIBDIR}/${SHLIB_NAME} \
- ${DESTDIR}${LIBDIR}/${SHLIB_LINK}
-.if exists(${DESTDIR}${LIBDIR}/${SHLIB_NAME})
- -chflags noschg ${DESTDIR}${LIBDIR}/${SHLIB_NAME}
- rm -f ${DESTDIR}${LIBDIR}/${SHLIB_NAME}
+ ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \
+ ${DESTDIR}${_LIBDIR}/${SHLIB_LINK}
+.if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME})
+ -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
+ rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME}
.endif
.endif
.endif # SHLIB_LDSCRIPT
@@ -352,7 +364,7 @@
.endif # SHIB_NAME
.if defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) && ${MK_TOOLCHAIN} != "no"
${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
- ${_INSTALLFLAGS} lib${LIB}_pic.a ${DESTDIR}${LIBDIR}
+ ${_INSTALLFLAGS} lib${LIB}_pic.a ${DESTDIR}${_LIBDIR}
.endif
.if defined(WANT_LINT) && !defined(NO_LINT) && defined(LIB) && !empty(LIB)
${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \
Index: share/mk/bsd.libnames.mk
===================================================================
--- share/mk/bsd.libnames.mk (revision 255069)
+++ share/mk/bsd.libnames.mk (working copy)
@@ -87,7 +87,7 @@
LIBKVM?= ${DESTDIR}${LIBDIR}/libkvm.a
LIBL?= ${DESTDIR}${LIBDIR}/libl.a
.if ${MK_LDNS} != "no"
-LIBLDNS?= ${DESTDIR}${LIBDIR}/libldns.a
+LIBLDNS?= ${DESTDIR}${LIBPRIVATEDIR}/libldns.a
.endif
LIBLN?= "don't use LIBLN, use LIBL"
.if ${MK_BIND} != "no"
@@ -150,7 +150,7 @@
LIBSBUF?= ${DESTDIR}${LIBDIR}/libsbuf.a
LIBSDP?= ${DESTDIR}${LIBDIR}/libsdp.a
LIBSMB?= ${DESTDIR}${LIBDIR}/libsmb.a
-LIBSSH?= ${DESTDIR}${LIBDIR}/libssh.a
+LIBSSH?= ${DESTDIR}${LIBPRIVATEDIR}/libssh.a
LIBSSL?= ${DESTDIR}${LIBDIR}/libssl.a
LIBSTAND?= ${DESTDIR}${LIBDIR}/libstand.a
LIBSTDCPLUSPLUS?= ${DESTDIR}${LIBDIR}/libstdc++.a
Index: share/mk/bsd.own.mk
===================================================================
--- share/mk/bsd.own.mk (revision 255069)
+++ share/mk/bsd.own.mk (working copy)
@@ -28,6 +28,8 @@
#
# LIBCOMPATDIR Base path for compat libraries. [/usr/lib/compat]
#
+# LIBPRIVATEDIR Base path for private libraries. [/usr/lib/private]
+#
# LIBDATADIR Base path for misc. utility data files. [/usr/libdata]
#
# LIBEXECDIR Base path for system daemons and utilities. [/usr/libexec]
@@ -144,6 +146,7 @@
LIBDIR?= /usr/lib
LIBCOMPATDIR?= /usr/lib/compat
+LIBPRIVATEDIR?= /usr/lib/private
LIBDATADIR?= /usr/libdata
LIBEXECDIR?= /usr/libexec
LINTLIBDIR?= /usr/libdata/lint
Index: share/mk/bsd.prog.mk
===================================================================
--- share/mk/bsd.prog.mk (revision 255069)
+++ share/mk/bsd.prog.mk (working copy)
@@ -52,6 +52,10 @@
LDFLAGS+= -static
.endif
+.if defined(USEPRIVATELIB)
+LDFLAGS+= -L${_SHLIBDIRPREFIX}${LIBPRIVATEDIR} -rpath ${LIBPRIVATEDIR}
+.endif
+
.if ${MK_DEBUG_FILES} != "no"
PROG_FULL=${PROG}.full
# Use ${DEBUGDIR} for base system debug files, else .debug subdirectory
--=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86zjrut4an.fsf>