Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 3009baa
capsicum: stop defining from the configure script
Baptiste Daroussin committed 3 months ago
commit 3009baa48926cb7861a2e048c4a8de06cc84a9c4
parent beeb445
10 files changed +26 -56
modified auto.def
@@ -307,17 +307,9 @@ if {[opt-bool with-tsan]} {
	define tsan 1

}

if {[opt-bool with-coverage]} {
- 
	define-append COVERAGE_CFLAGS -O0 -g -fprofile-arcs -ftest-coverage -fprofile-instr-generate -fcoverage-mapping
+ 
	define-append COVERAGE_CFLAGS -O0 -g -fprofile-arcs -ftest-coverage -fprofile-instr-generate -fcoverage-mapping -DCOVERAGE=1

	define-append COVERAGE_LDFLAGS -fprofile-instr-generate

	define coverage 1
- 
# disable capsicum when coverage is used because coverage does not work in
- 
# capsicum mode
- 
} else {
- 
# capsicum
- 
	if {[cc-check-functions cap_sandboxed]} {
- 
		define-feature capsicum
- 
			cc-check-includes sys/capsicum.h
- 
	}

}



if {[pkg-config-init 0]} {
modified libpkg/pkg_sandbox.c
@@ -25,17 +25,14 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */
- 
#ifdef HAVE_CONFIG_H
- 
#include "pkg_config.h"
- 
#endif
- 


#include <sys/resource.h>

#include <sys/types.h>

#include <sys/wait.h>

#include <sys/socket.h>
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)

#include <sys/capsicum.h>
+ 
#define HAVE_CAPSICUM 1

#endif



#include <err.h>
@@ -99,7 +96,7 @@ pkg_handle_sandboxed_call(pkg_sandbox_cb func, int fd, void *ud)


	/* Here comes child process */

#ifdef HAVE_CAPSICUM
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		_exit(EXIT_FAILURE);
@@ -208,7 +205,7 @@ pkg_handle_sandboxed_get_string(pkg_sandbox_cb func, char **result, int64_t *len
		err(EXIT_FAILURE, "Unable to setrlimit(RLIMIT_NPROC)");



#ifdef HAVE_CAPSICUM
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		return (EPKG_FATAL);
modified libpkg/triggers.c
@@ -499,7 +499,7 @@ trigger_execute_lua(const char *script, bool sandbox, pkghash *args)
		lua_args_table(L, arguments, i);

#ifdef HAVE_CAPSICUM

		if (sandbox) {
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

			if (cap_enter() < 0 && errno != ENOSYS) {

				err(1, "cap_enter failed");

			}
modified src/audit.c
@@ -26,11 +26,8 @@
#include <unistd.h>

#include <ucl.h>
- 
#ifdef HAVE_SYS_CAPSICUM_H
- 
#include <sys/capsicum.h>
- 
#endif
-
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)
+ 
#define HAVE_CAPSICUM 1

#include <sys/capsicum.h>

#endif
@@ -391,7 +388,7 @@ exec_audit(int argc, char **argv)


	/* Now we have vulnxml loaded and check list formed */

#ifdef HAVE_CAPSICUM
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		pkg_audit_free(audit);
modified src/clean.c
@@ -15,7 +15,8 @@
/* For MIN */

#include <sys/param.h>
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)
+ 
#define HAVE_CAPSICUM 1

#include <sys/capsicum.h>

#endif
@@ -351,7 +352,7 @@ exec_clean(int argc, char **argv)
			return (EXIT_FAILURE);

		}
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

		if (cap_enter() < 0 && errno != ENOSYS) {

			warn("cap_enter() failed");

			close(cachefd);
modified src/event.c
@@ -41,10 +41,6 @@
#include <sys/wait.h>

#include <sys/socket.h>
- 
#ifdef HAVE_CAPSICUM
- 
#include <sys/capsicum.h>
- 
#endif
- 


#include <err.h>

#include <string.h>

#include <unistd.h>
modified src/info.c
@@ -28,12 +28,9 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */
- 
#ifdef HAVE_CONFIG_H
- 
#include "pkg_config.h"
- 
#endif
-
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)

#include <sys/capsicum.h>
+ 
#define HAVE_CAPSICUM 1

#endif



#include <err.h>
@@ -276,7 +273,7 @@ exec_info(int argc, char **argv)
			return (EXIT_FAILURE);

		}
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

		if (cap_enter() < 0 && errno != ENOSYS) {

			warn("cap_enter() failed");

			close(fd);
modified src/ssh.c
@@ -1,7 +1,7 @@
/*-

 * Copyright (c) 2011-2013 Baptiste Daroussin <bapt@FreeBSD.org>

 * All rights reserved.
- 
 *
+ 
 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:
@@ -11,7 +11,7 @@
 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.
- 
 *
+ 
 *

 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR

 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
@@ -24,12 +24,9 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */
- 
#ifdef HAVE_CONFIG_H
- 
#include "pkg_config.h"
- 
#endif
-
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)

#include <sys/capsicum.h>
+ 
#define HAVE_CAPSICUM 1

#endif



#include <stdio.h>
@@ -81,7 +78,7 @@ exec_ssh(int argc, char **argv __unused)
		return (EXIT_FAILURE);

	}
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		close(fd);
modified src/updating.c
@@ -5,12 +5,9 @@
 * SPDX-License-Identifier: BSD-2-Clause

 */
- 
#ifdef HAVE_CONFIG_H
- 
#include "pkg_config.h"
- 
#endif
-
- 
#ifdef HAVE_CAPSICUM
+ 
#if __has_include(<sys/capsicum.h>)

#include <sys/capsicum.h>
+ 
#define HAVE_CAPSICUM 1

#endif



#include <err.h>
@@ -297,7 +294,7 @@ exec_updating(int argc, char **argv)
		return (EXIT_FAILURE);

	}
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		fclose(fd);
modified src/upgrade.c
@@ -27,8 +27,6 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 */
- 
#include "pkg_config.h"
- 


#include <sys/types.h>

#include <sys/socket.h>

#include <sys/wait.h>
@@ -42,13 +40,11 @@
#include <pkghash.h>

#include <pkg.h>
- 
#ifdef HAVE_SYS_CAPSICUM_H
+ 
#if __has_include(<sys/capsicum.h>)

#include <sys/capsicum.h>
+ 
#define HAVE_CAPSICUM 1

#endif
- 
#ifdef HAVE_CAPSICUM
- 
#include <sys/capsicum.h>
- 
#endif

#include "pkgcli.h"

#include <pkg/audit.h>
@@ -116,7 +112,7 @@ check_vulnerable(struct pkg_audit *audit, struct pkgdb *db, int sock)
	pkg_drop_privileges();



#ifdef HAVE_CAPSICUM
- 
#ifndef PKG_COVERAGE
+ 
#ifndef COVERAGE

	if (cap_enter() < 0 && errno != ENOSYS) {

		warn("cap_enter() failed");

		goto out_cleanup;