Add LIBSSP_NONSHARED to bsd.libnames.mk and append LIBSSP_NONSHARED to DPADD in
lib/libc when MK_SSP != no
Approved by: rpaulo (mentor)
MFC after: 3 days
Phabric: D675 (as part of a larger diff)
PR: 192728
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
where it never would work anyhow, such as csu or loader. This suggests
there may be better ways of adding support to the tree. Many of these
cases can be fixed such that -fPIE will work but there is really no
reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
really building libraries but have been using bsd.prog.mk because the code
is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
been needed.
We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.
Reported by: kib
the build starts.
This adds a new variable DHDRS that contains a list of all DTrace
header files. Then, we use the beforedepend hook to make sure the
heaeder files are built.
Introduce a beforebuild dependency (from projects/bmake) based on
feedback from Simon J. Gerraty. This lets us generate the header
files without running make depend.
Reviewed by: sjg, imp
MFC after: 3 days
This doesn't work like I expected and the if clause is never matched.
It turns out that the problem with the older make is unrelated.
MFC after: 3 days
* Include OBJDIR to make sure the generated file is found;
* Simplify the definition of OBJS;
* Add targets for shared objects and for profiled objects.
MFC after: 3 days
Make sure everything linking to a privatelib and/or an internallib does it directly
from the OBJDIR rather than DESTDIR.
Add src.libnames.mk so bsd.libnames.mk is not polluted by libraries not existsing
in final installation
Introduce the LD* variable which is what ld(1) is expecting (via LDADD) to link to
internal/privatelib
Directly link to the .so in case of private library to avoid having to complexify
LDFLAGS.
Phabric: https://phabric.freebsd.org/D553
Reviewed by: imp, emaste
get them flagged as .NOPATH. This hurts people who don't use obj dirs.
Since its clean target seprate rm's for things, use NOPATH_FILES as list
to collect things that need .NOPATH.
bsd.obj.mk will add CLEANFILES to NOPATH_FILES and do the deed if needed.
Reviewed by: sbruno
This is a redo of r267424, which was reverted in r267432 because it broke
"make buildworld" from FreeBSD 9.x. This issue has been resolved and this
change is still "make tinderbox" clean.
nothing more. Force it to be "no" when MK_CXX is "no" to simplify
usage. It no longer also means "build g++" since we no longer have a
platform where that's interesting now that pc98 no longer needs clang
and gcc, but not g++. pc98 now just uses clang after boot2 changes.
statically linked into consumers (GDB and variants) in the base
system, and the shared library is no longer installed.
That also allows ports to be able to use a modern version of readline
PR: 162948
Reviewed by: emaste
With the move of atf-sh into /usr/libexec in r267181, some of the
tests in the integration_test program broke because they could not
execute atf-sh from the path any longer.
This slipped through because I do have a local atf installation in
my home directory that appears in my path, hence the tests could
still execute my own version.
Fix this by forcing /usr/libexec to appear at the beginning of the
path when attempting to execute atf-sh.
To make upgrading easy (and to avoid an unnecessary entry in UPDATING),
make integration_test depend on the Makefile so that a rebuild of the
shell script is triggered. This requires a hack in the *.test.mk files
to ensure the Makefile is not treated as a source to the generated
program. Ugly, I know, but I don't have a better way of doing this at
the moment. Will think of one once I address the TODO in the *.test.mk
files that suggests generalizing the file generation functionality.
PR: 191052
Reviewed by: Garrett Cooper
This includes:
o All directories named *ia64*
o All files named *ia64*
o All ia64-specific code guarded by __ia64__
o All ia64-specific makefile logic
o Mention of ia64 in comments and documentation
This excludes:
o Everything under contrib/
o Everything under crypto/
o sys/xen/interface
o sys/sys/elf_common.h
Discussed at: BSDcan
When building world when WITH_DEBUG_FILES is set,
avoid building ar(1) archives with '-g'.
Tested on: head@r267801
Reviewed by: emaste, imp
Sponsored by: The FreeBSD Foundation
The _SUPPORT knobs have a consistent meaning which differs from the
behaviour controlled by this knob. As the knob is opt-out and has not
appeared in a release the impact should be low.
Suggested by: imp, wblock
MFC after: 1 week
during SUBDIR_PARALLEL builds. This augments the coarse .WAIT mechanism,
which is still useful if you've got a situation such as "almost everything
depends on A and B".
Because the parallel subdir mechanism uses non-obvious mangling of
target names, which should probably remain a private detail of the
implementation, it's not easy to do things like "libfoo: libbar", so
instead the new mechanism lets you set a variable that lists dependencies:
SUBDIR_DEPEND_libfoo= libgroodah libpouet
Note that while I'm using libraries as an example here, it really has
nothing to do with the generated library files. This is really saying
"build in directory libfoo after building in the libgroodah and libpouet
directories."
This updates lib/Makefile with dependency information based on the old
almost-accurate comment block and by combing through lib/* makefiles
looking for LDADD dependencies to other libraries within lib/*.
Reviewed by: Jia-Shiun Li <jiashiun@gmail.com>
This was never intended to be off by default but was done this way
because the initial patches broke the build. Things seem stable now
(have been so for a while too) and "make tinderbox" is clean so let's
try again.
Announced in freebsd-current; all reported shortcomings have been
addressed.
Force all the contents of /usr/tests to go into a separate distribution
file so that users of binary releases can easily choose to not install it.
To make this possible, we need two fixes:
- bsd.subdir.mk needs to properly honor NO_SUBDIR in all cases so that we
do not recurse into 'tests' subdirectories when we needn't. Otherwise,
we end up with some Kyuafiles in base.txz.
- etc/Makefile needs to skip installing tests in its 'distribute' target
so that a Kyuafile doesn't leak into base.txz.
Approved by: gjb
When FILES is defined in a Makefile that _also_ includes bsd.subdir.mk, the
build of the files (if any) was not properly triggered during the build
stage. This was because bsd.files.mk did not define the buildfiles target
if it was already defined... and bsd.subdir.mk defined this target on its
own, thus causing a conflict.
Fix this by unconditionally defining buildfiles from bsd.files.mk; this is
safe because nothing else in the tree needs to redefine this and because the
target itself contains no commands: all it does is define dependencies.
Also ensure that bsd.files.mk is always pulled in by bsd.test.mk regardless
of what bsd.prog.mk does.
These fixes allow "make installworld" to run cleanly on a system with
read-only src and obj trees.
This is "make tinderbox" clean.
Reviewed by: imp
Obtained from: jilles
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.
Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]
Mark known build failures as NO_PIE for now.
The only known runtime failure was rtld.
[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by: Shawn Webb <lattera@gmail.com>
Discussed between: des@ and Shawn Webb [2]
In r266650, we made libatf-c and libatf-c++ private libraries so that no
components outside of the source tree could unintendedly depend on them.
This change does the same for the "atf-sh library" by moving the atf-sh
interpreter from its public location in /usr/bin/ to the private location
in /usr/libexec/. Our build system will ensure that our own test programs
use the right binary, but users won't be able to depend on atf-sh by
"mistake".
Committing this now to ride the UPDATING notice added with r267172 today.
This exists already in plain.test.mk and tap.test.mk and should have been
added to atf.test.mk too when the feature was first introduced.
(It is probably time to address the related TODOs but I will do that
separately.)
We should not be leaking these interfaces to the outside world given
that it's much easier for third-party components to use the devel/atf
package from ports.
As a side-effect, we can also drop the ATF pkgconfig and aclocal files
from the base system. Nothing in the base system needs these, and it
was quite ugly to have to get them installed only so that a few ports
could build. The offending ports have been fixed to depend on
devel/atf explicitly.
Reviewed by: bapt
Makefiles are evaluated without building things. In a normal build,
the prerequisites would be built, and CC would be an actual thing. In
an INDEX build, though, they don't exists. Redirect stderr to get rid
of annoying messages, and assume that the compiler version is 0 if the
actual compiler can't tell us. Do this in preference to guessing based
on numbers because gcc410 might be 4.10, or 4.1.0 and without
carefully crafted special knowledge we differentiate between them
easily (also ming-gcc has no clues at all). Elsewhere, don't trust
the compiler version if it is 0.
this allows make -n to do tree walks as expected without
doing anything else (as intended).
Use prefix _sub. to help avoid conflict with any real target.
Reviewed by: imp
Targets thus marked are supposed to run even with -n.
As such they should not do anything except run the sub-make.
Use an intermediate target _* to associate with _SUBDIR and which
depends on installincludes etc so that we get the correct behavior with -n.
Reviewed by: marcel