ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-02-06 11:09:31 +00:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

target.mk: further improve handling of default enabled SECCOMP

Browse Source 
The fix in commit 847fad476f3d ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.

To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.

Fixes: 847fad476f3d ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This commit is contained in:
Martin Schiller 2024-07-17 13:00:38 +02:00
parent b39375ae4c
commit ed14add1ef
1 changed files with 42 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
include/target.mk
View File

@ -6,25 +6,6 @@
ifneq ($(__target_inc),1) ifneq ($(__target_inc),1)
__target_inc=1 __target_inc=1
ifneq ($(DUMP),)
# Parse generic config that might be set before a .config is generated to modify the
# default package configuration
# Keep DYNAMIC_DEF_PKG_CONF in sync with toplevel.mk to reflect the same configs
DYNAMIC_DEF_PKG_CONF := CONFIG_USE_APK CONFIG_SELINUX CONFIG_SMALL_FLASH CONFIG_SECCOMP
ifneq ($(wildcard $(TOPDIR)/.config),)
$(foreach config, $(DYNAMIC_DEF_PKG_CONF), \
$(eval $(config) := $(shell grep "$(config)=y" $(TOPDIR)/.config 2>/dev/null)) \
)
# Init config that are enabled by default. Dependency are checked matching the one in
# the config.
else
ifeq ($(filter $(BOARD), uml),)
ifneq ($(filter $(ARCH), aarch64 arm armeb mips mipsel mips64 mips64el i386 powerpc x86_64),)
CONFIG_SECCOMP := y
endif
endif
endif
endif
# default device type # default device type
DEVICE_TYPE?=router DEVICE_TYPE?=router
@ -46,28 +27,6 @@ DEFAULT_PACKAGES:=\
urandom-seed \ urandom-seed \
urngd urngd
ifneq ($(CONFIG_USE_APK),)
DEFAULT_PACKAGES+=apk-mbedtls
else
DEFAULT_PACKAGES+=opkg
endif
ifneq ($(CONFIG_SELINUX),)
DEFAULT_PACKAGES+=busybox-selinux procd-selinux
else
DEFAULT_PACKAGES+=busybox procd
endif
# include ujail on systems with enough storage
ifeq ($(CONFIG_SMALL_FLASH),)
DEFAULT_PACKAGES+=procd-ujail
endif
# include seccomp ld-preload hooks if kernel supports it
ifneq ($(CONFIG_SECCOMP),)
DEFAULT_PACKAGES+=procd-seccomp
endif
# For the basic set # For the basic set
DEFAULT_PACKAGES.basic:= DEFAULT_PACKAGES.basic:=
# For nas targets # For nas targets
@ -118,6 +77,48 @@ else
endif endif
endif endif
ifneq ($(DUMP),)
# Parse generic config that might be set before a .config is generated to modify the
# default package configuration
# Keep DYNAMIC_DEF_PKG_CONF in sync with toplevel.mk to reflect the same configs
DYNAMIC_DEF_PKG_CONF := CONFIG_USE_APK CONFIG_SELINUX CONFIG_SMALL_FLASH CONFIG_SECCOMP
ifneq ($(wildcard $(TOPDIR)/.config),)
$(foreach config, $(DYNAMIC_DEF_PKG_CONF), \
$(eval $(config) := $(shell grep "$(config)=y" $(TOPDIR)/.config 2>/dev/null)) \
)
# Init config that are enabled by default. Dependency are checked matching the one in
# the config.
else
ifeq ($(filter $(BOARD), uml),)
ifneq ($(filter $(ARCH), aarch64 arm armeb mips mipsel mips64 mips64el i386 powerpc x86_64),)
CONFIG_SECCOMP := y
endif
endif
endif
endif
ifneq ($(CONFIG_USE_APK),)
DEFAULT_PACKAGES+=apk-mbedtls
else
DEFAULT_PACKAGES+=opkg
endif
ifneq ($(CONFIG_SELINUX),)
DEFAULT_PACKAGES+=busybox-selinux procd-selinux
else
DEFAULT_PACKAGES+=busybox procd
endif
# include ujail on systems with enough storage
ifeq ($(CONFIG_SMALL_FLASH),)
DEFAULT_PACKAGES+=procd-ujail
endif
# include seccomp ld-preload hooks if kernel supports it
ifneq ($(CONFIG_SECCOMP),)
DEFAULT_PACKAGES+=procd-seccomp
endif
# Add device specific packages (here below to allow device type set from subtarget) # Add device specific packages (here below to allow device type set from subtarget)
DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE)) DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE))