Makefile: make compiling with libprotobuf-c more robust under different systems

2017-05-29 16:22:31 +02:00 · 2017-05-29 16:22:31 +02:00 · cae0c4a7f5
commit cae0c4a7f5
parent 9e288fb6dc
3 changed files with 33 additions and 1807 deletions
--- a/44
+++ b/44
@ -26,9 +26,7 @@ CFLAGS += -O2 -c -std=gnu11 \
 	-Wformat -Wformat=2 -Wformat-security -fPIE \
 	-Wno-format-nonliteral \
 	-Wall -Wextra -Werror \
-	-Ikafel/include \
+	-Ikafel/include
 	-I/usr/include/google \
 	-Iprotobuf-c-text/protobuf-c-text
 LDFLAGS += -Wl,-z,now -Wl,-z,relro -pie -Wl,-z,noexecstack
@ -52,16 +50,34 @@ endif
 USE_PROTOBUF ?= yes
 ifeq ($(USE_PROTOBUF), yes)
-PROTOBUF_EXISTS ?= $(shell pkg-config --exists libprotobuf-c && echo yes)
+ifeq ("$(shell which protoc-c)", "")
-ifeq ($(PROTOBUF_EXISTS), yes)
+	USE_PROTOBUF := no
-	PROTO_DEPS = config.pb-c.h config.pb-c.c
+	PROTOC_WARNING := yes
 	SRCS += config.pb-c.c
 	CFLAGS += -DNSJAIL_WITH_PROTOBUF $(shell pkg-config --cflags libprotobuf-c)
 	LIBS += protobuf-c-text/protobuf-c-text/.libs/libprotobuf-c-text.a
 	LDFLAGS += $(shell pkg-config --libs libprotobuf-c)
 endif
 endif
 ifeq ($(USE_PROTOBUF), no)
 else ifeq ($(shell pkg-config --exists libprotobuf-c && echo yes), yes)
 	PROTO_DEPS = config.pb-c.h config.pb-c.c
 	SRCS += config.pb-c.c
 	CFLAGS += -DNSJAIL_WITH_PROTOBUF -Iprotobuf-c-text/protobuf-c-text $(shell pkg-config --cflags libprotobuf-c)
 	LIBS += protobuf-c-text/protobuf-c-text/.libs/libprotobuf-c-text.a
 	LDFLAGS += $(shell pkg-config --libs libprotobuf-c)
 else ifneq ("$(wildcard /usr/include/google/protobuf-c/protobuf-c.h)", "")
 	PROTO_DEPS = config.pb-c.h config.pb-c.c
 	SRCS += config.pb-c.c
 	CFLAGS += -DNSJAIL_WITH_PROTOBUF -Iprotobuf-c-text/protobuf-c-text -I/usr/include/google
 	LIBS += protobuf-c-text/protobuf-c-text/.libs/libprotobuf-c-text.a
 	LDFLAGS += -Wl,-lprotobuf-c
 else ifneq ("$(wildcard /usr/local/include/google/protobuf-c/protobuf-c.h)", "")
 	PROTO_DEPS = config.pb-c.h config.pb-c.c
 	SRCS += config.pb-c.c
 	CFLAGS += -DNSJAIL_WITH_PROTOBUF -Iprotobuf-c-text/protobuf-c-text -I/usr/local/include/google
 	LIBS += protobuf-c-text/protobuf-c-text/.libs/libprotobuf-c-text.a
 	LDFLAGS += -Wl,--library-path=/usr/local/lib -Wl,-lprotobuf-c
 else
 	USE_PROTOBUF := no
 endif
 .PHONY: all clear depend indent
@ -69,7 +85,13 @@ endif
 	$(CC) $(CFLAGS) $< -o $@
 all: $(PROTO_DEPS) $(BIN)
-ifneq ($(PROTOBUF_EXISTS), yes)
+ifeq ($(PROTOC_WARNING), yes)
 	$(info *********************************************************)
 	$(info *        'protoc-c' is missing on your system           *)
 	$(info *  Install 'protobuf-c-compiler' or a similar package   *)
 	$(info *********************************************************)
 endif
 ifeq ($(USE_PROTOBUF), no)
 	$(info *********************************************************)
 	$(info * Code compiled without libprotobuf-c/libprotobuf-c-dev *)
 	$(info *  The --config commandline option will be unavailable  *)
--- a/config.pb-c.c
+++ b/config.pb-c.c
--- a/config.pb-c.h
+++ b/config.pb-c.h
@ -1,440 +0,0 @@
 /* Generated by the protocol buffer compiler.  DO NOT EDIT! */
 /* Generated from: config.proto */
 #ifndef PROTOBUF_C_config_2eproto__INCLUDED
 #define PROTOBUF_C_config_2eproto__INCLUDED
 #include <protobuf-c/protobuf-c.h>
 PROTOBUF_C__BEGIN_DECLS
 #if PROTOBUF_C_VERSION_NUMBER < 1000000
 #error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers.
 #elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION
 #error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
 #endif
 typedef struct _Nsjail__IdMap Nsjail__IdMap;
 typedef struct _Nsjail__MountPt Nsjail__MountPt;
 typedef struct _Nsjail__Exe Nsjail__Exe;
 typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig;
 /* --- enums --- */
 typedef enum _Nsjail__Mode {
 	/*
 	 * Listening on a TCP port 
 	 */
 	NSJAIL__MODE__LISTEN = 0,
 	/*
 	 * Running the command once only 
 	 */
 	NSJAIL__MODE__ONCE = 1,
 	/*
 	 * Re-executing the command (forever) 
 	 */
 	NSJAIL__MODE__RERUN = 2,
 	/*
 	 * Executing command w/o the supervisor 
 	 */
 	NSJAIL__MODE__EXECVE = 3 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE)
 } Nsjail__Mode;
 /*
 * Should be self explanatory 
 */
 typedef enum _Nsjail__LogLevel {
 	/*
 	 * Equivalent to the '-v' cmd-line option 
 	 */
 	NSJAIL__LOG_LEVEL__DEBUG = 0,
 	/*
 	 * Default level 
 	 */
 	NSJAIL__LOG_LEVEL__INFO = 1,
 	/*
 	 * Equivalent to the '-q' cmd-line option 
 	 */
 	NSJAIL__LOG_LEVEL__WARNING = 2,
 	NSJAIL__LOG_LEVEL__ERROR = 3,
 	NSJAIL__LOG_LEVEL__FATAL = 4 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL)
 } Nsjail__LogLevel;
 /* --- messages --- */
 struct _Nsjail__IdMap {
 	ProtobufCMessage base;
 	/*
 	 * Empty string means "current uid/gid" 
 	 */
 	char *inside_id;
 	char *outside_id;
 	/*
 	 * See 'man user_namespaces' for the meaning of count 
 	 */
 	uint32_t count;
 	/*
 	 * Does this map use /usr/bin/new[u|g]idmap binary? 
 	 */
 	protobuf_c_boolean use_newidmap;
 };
 extern char nsjail__id_map__inside_id__default_value[];
 extern char nsjail__id_map__outside_id__default_value[];
 #define NSJAIL__ID_MAP__INIT \
 { PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \
    , nsjail__id_map__inside_id__default_value, nsjail__id_map__outside_id__default_value, 1u, 0 }
 struct _Nsjail__MountPt {
 	ProtobufCMessage base;
 	/*
 	 * Can be skipped for filesystems like 'proc' 
 	 */
 	char *src;
 	/*
 	 * Should 'src' path be prefixed with this envvar? 
 	 */
 	char *prefix_src_env;
 	/*
 	 * If specified, contains buffer that will be written to the dst file 
 	 */
 	protobuf_c_boolean has_src_content;
 	ProtobufCBinaryData src_content;
 	/*
 	 * Mount point inside jail 
 	 */
 	char *dst;
 	/*
 	 * Should 'dst' path be prefixed with this envvar? 
 	 */
 	char *prefix_dst_env;
 	/*
 	 * Can be empty for mount --bind mounts 
 	 */
 	char *fstype;
 	/*
 	 * E.g. size=5000000 for 'tmpfs' 
 	 */
 	char *options;
 	/*
 	 * Is it 'mount --bind src dst' type of mount 
 	 */
 	protobuf_c_boolean is_bind;
 	/*
 	 * It it R/W mount 
 	 */
 	protobuf_c_boolean rw;
 	/*
 	 * Is it directory? If not specified an internal
 	 *heuristics will be used to determine that 
 	 */
 	protobuf_c_boolean has_is_dir;
 	protobuf_c_boolean is_dir;
 	/*
 	 * Should the sandboxing fail if we cannot mount this resource? 
 	 */
 	protobuf_c_boolean mandatory;
 };
 extern char nsjail__mount_pt__fstype__default_value[];
 extern char nsjail__mount_pt__options__default_value[];
 #define NSJAIL__MOUNT_PT__INIT \
 { PROTOBUF_C_MESSAGE_INIT (&nsjail__mount_pt__descriptor) \
    , NULL, NULL, 0,{0,NULL}, NULL, NULL, nsjail__mount_pt__fstype__default_value, nsjail__mount_pt__options__default_value, 0, 0, 0,0, 1 }
 struct _Nsjail__Exe {
 	ProtobufCMessage base;
 	/*
 	 * Will be used both as execv's path and as argv[0] 
 	 */
 	char *path;
 	/*
 	 * This will be argv[1] and so on.. 
 	 */
 	size_t n_arg;
 	char **arg;
 };
 #define NSJAIL__EXE__INIT \
 { PROTOBUF_C_MESSAGE_INIT (&nsjail__exe__descriptor) \
    , NULL, 0,NULL }
 struct _Nsjail__NsJailConfig {
 	ProtobufCMessage base;
 	/*
 	 * Optional name and description for this config 
 	 */
 	char *name;
 	char *description;
 	/*
 	 * Execution mode: see 'msg Mode' description for more 
 	 */
 	Nsjail__Mode mode;
 	/*
 	 * Equivalent to a bind mount with dst='/' 
 	 */
 	char *chroot_dir;
 	/*
 	 * Applies both to the chroot_dir and to /proc mounts 
 	 */
 	protobuf_c_boolean is_root_rw;
 	/*
 	 * Hostname inside jail 
 	 */
 	char *hostname;
 	/*
 	 * Initial current working directory for the binary 
 	 */
 	char *cwd;
 	/*
 	 * TCP port to listen to. Valid with mode=LISTEN only 
 	 */
 	uint32_t port;
 	/*
 	 * Host to bind to for mode=LISTEN. Must be in IPv6 format 
 	 */
 	char *bindhost;
 	/*
 	 * For mode=LISTEN, maximum number of connections from a single IP 
 	 */
 	uint32_t max_conns_per_ip;
 	/*
 	 * Wall-time time limit for commands 
 	 */
 	uint32_t time_limit;
 	/*
 	 * Should nsjail go into background? 
 	 */
 	protobuf_c_boolean daemon;
 	/*
 	 * File to save lofs to 
 	 */
 	char *log_file;
 	/*
 	 * Minimum log level displayed.
 	 *See 'msg LogLevel' description for more 
 	 */
 	protobuf_c_boolean has_log_level;
 	Nsjail__LogLevel log_level;
 	/*
 	 * Should the current environment variables be kept
 	 *when executing the binary 
 	 */
 	protobuf_c_boolean keep_env;
 	/*
 	 * EnvVars to be set before executing binaries 
 	 */
 	size_t n_envar;
 	char **envar;
 	/*
 	 * Should capabilities be preserved or dropped 
 	 */
 	protobuf_c_boolean keep_caps;
 	/*
 	 * Should nsjail close FD=0,1,2 before executing the process 
 	 */
 	protobuf_c_boolean silent;
 	/*
 	 * Should the child process have control over terminal?
 	 *Can be useful to allow /bin/sh to provide
 	 *job control / signals 
 	 */
 	protobuf_c_boolean skip_setsid;
 	/*
 	 * Which FDs should be passed to the newly executed process
 	 *By default only FD=0,1,2 are passed 
 	 */
 	size_t n_pass_fd;
 	int32_t *pass_fd;
 	/*
 	 * Setting it to true will allow to have set-uid binaries
 	 *inside the jail 
 	 */
 	protobuf_c_boolean disable_no_new_privs;
 	/*
 	 * In MiB 
 	 */
 	uint64_t rlimit_as;
 	/*
 	 * In MiB 
 	 */
 	uint64_t rlimit_core;
 	/*
 	 * In seconds 
 	 */
 	uint64_t rlimit_cpu;
 	/*
 	 * In MiB 
 	 */
 	uint64_t rlimit_fsize;
 	uint64_t rlimit_nofile;
 	/*
 	 * This is system-wide: tricky to use 
 	 */
 	protobuf_c_boolean has_rlimit_nproc;
 	uint64_t rlimit_nproc;
 	/*
 	 * In MiB 
 	 */
 	protobuf_c_boolean has_rlimit_stack;
 	uint64_t rlimit_stack;
 	/*
 	 * See 'man personality' for more 
 	 */
 	protobuf_c_boolean persona_addr_compat_layout;
 	protobuf_c_boolean persona_mmap_page_zero;
 	protobuf_c_boolean persona_read_implies_exec;
 	protobuf_c_boolean persona_addr_limit_3gb;
 	protobuf_c_boolean persona_addr_no_randomize;
 	/*
 	 * Which name-spaces should be used? 
 	 */
 	protobuf_c_boolean clone_newnet;
 	protobuf_c_boolean clone_newuser;
 	protobuf_c_boolean clone_newns;
 	protobuf_c_boolean clone_newpid;
 	protobuf_c_boolean clone_newipc;
 	protobuf_c_boolean clone_newuts;
 	/*
 	 * It's only supported in newer kernels, hence disabled by default 
 	 */
 	protobuf_c_boolean clone_newcgroup;
 	/*
 	 * Mappings for UIDs and GIDs. See the description for 'msg IdMap'
 	 *for more 
 	 */
 	size_t n_uidmap;
 	Nsjail__IdMap **uidmap;
 	size_t n_gidmap;
 	Nsjail__IdMap **gidmap;
 	/*
 	 * Should /proc be mounted (R/O)? This can also be added in the 'mount'
 	 *section below 
 	 */
 	protobuf_c_boolean mount_proc;
 	/*
 	 * Mount points inside the jail. See the description for 'msg MountPt'
 	 *for more 
 	 */
 	size_t n_mount;
 	Nsjail__MountPt **mount;
 	/*
 	 * Kafel seccomp-bpf policy file or a string:
 	 *Homepage of the project: https://github.com/google/kafel 
 	 */
 	char *seccomp_policy_file;
 	char *seccomp_string;
 	/*
 	 * If > 0, maximum cumulative size of RAM used inside any jail 
 	 */
 	/*
 	 * In MiB 
 	 */
 	uint64_t cgroup_mem_max;
 	/*
 	 * Mount point for cgroups-memory in your system 
 	 */
 	char *cgroup_mem_mount;
 	/*
 	 * Writeable directory (for the nsjail user) under cgroup_mem_mount 
 	 */
 	char *cgroup_mem_parent;
 	/*
 	 * If > 0, maximum number of PIDs (threads/processes) inside jail 
 	 */
 	uint64_t cgroup_pids_max;
 	/*
 	 * Mount point for cgroups-pids in your system 
 	 */
 	char *cgroup_pids_mount;
 	/*
 	 * Writeable directory (for the nsjail user) under cgroup_pids_mount 
 	 */
 	char *cgroup_pids_parent;
 	/*
 	 * Should the 'lo' interface be brought up (active) inside this jail? 
 	 */
 	protobuf_c_boolean iface_no_lo;
 	/*
 	 * Parameters for the cloned MACVLAN interface inside jail 
 	 */
 	/*
 	 * Interface to be cloned, eg 'eth0' 
 	 */
 	char *macvlan_iface;
 	char *macvlan_vs_ip;
 	char *macvlan_vs_nm;
 	char *macvlan_vs_gw;
 	/*
 	 * Binary path (with arguments) to be executed. If not specified here, it
 	 *can be specified with cmd-line as "-- /path/to/command arg1 arg2" 
 	 */
 	Nsjail__Exe *exec_bin;
 };
 extern char nsjail__ns_jail_config__name__default_value[];
 extern char nsjail__ns_jail_config__description__default_value[];
 extern char nsjail__ns_jail_config__hostname__default_value[];
 extern char nsjail__ns_jail_config__cwd__default_value[];
 extern char nsjail__ns_jail_config__bindhost__default_value[];
 extern char nsjail__ns_jail_config__cgroup_mem_mount__default_value[];
 extern char nsjail__ns_jail_config__cgroup_mem_parent__default_value[];
 extern char nsjail__ns_jail_config__cgroup_pids_mount__default_value[];
 extern char nsjail__ns_jail_config__cgroup_pids_parent__default_value[];
 extern char nsjail__ns_jail_config__macvlan_vs_ip__default_value[];
 extern char nsjail__ns_jail_config__macvlan_vs_nm__default_value[];
 extern char nsjail__ns_jail_config__macvlan_vs_gw__default_value[];
 #define NSJAIL__NS_JAIL_CONFIG__INIT \
 { PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
    , nsjail__ns_jail_config__name__default_value, nsjail__ns_jail_config__description__default_value, NSJAIL__MODE__ONCE, NULL, 0, nsjail__ns_jail_config__hostname__default_value, nsjail__ns_jail_config__cwd__default_value, 0u, nsjail__ns_jail_config__bindhost__default_value, 0u, 600u, 0, NULL, 0,0, 0, 0,NULL, 0, 0, 0, 0,NULL, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL, 0, 0,NULL, NULL, NULL, 0ull, nsjail__ns_jail_config__cgroup_mem_mount__default_value, nsjail__ns_jail_config__cgroup_mem_parent__default_value, 0ull, nsjail__ns_jail_config__cgroup_pids_mount__default_value, nsjail__ns_jail_config__cgroup_pids_parent__default_value, 0, NULL, nsjail__ns_jail_config__macvlan_vs_ip__default_value, nsjail__ns_jail_config__macvlan_vs_nm__default_value, nsjail__ns_jail_config__macvlan_vs_gw__default_value, NULL }
 /* Nsjail__IdMap methods */
 void nsjail__id_map__init(Nsjail__IdMap * message);
 size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message);
 size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out);
 size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer);
 Nsjail__IdMap *nsjail__id_map__unpack
    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
 void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator);
 /* Nsjail__MountPt methods */
 void nsjail__mount_pt__init(Nsjail__MountPt * message);
 size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message);
 size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out);
 size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer);
 Nsjail__MountPt *nsjail__mount_pt__unpack
    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
 void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator);
 /* Nsjail__Exe methods */
 void nsjail__exe__init(Nsjail__Exe * message);
 size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message);
 size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out);
 size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer);
 Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
 void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator);
 /* Nsjail__NsJailConfig methods */
 void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message);
 size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message);
 size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out);
 size_t nsjail__ns_jail_config__pack_to_buffer
    (const Nsjail__NsJailConfig * message, ProtobufCBuffer * buffer);
 Nsjail__NsJailConfig *nsjail__ns_jail_config__unpack
    (ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
 void nsjail__ns_jail_config__free_unpacked
    (Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator);
 /* --- per-message closures --- */
 typedef void (*Nsjail__IdMap_Closure)
 (const Nsjail__IdMap * message, void *closure_data);
 typedef void (*Nsjail__MountPt_Closure)
 (const Nsjail__MountPt * message, void *closure_data);
 typedef void (*Nsjail__Exe_Closure)
 (const Nsjail__Exe * message, void *closure_data);
 typedef void (*Nsjail__NsJailConfig_Closure)
 (const Nsjail__NsJailConfig * message, void *closure_data);
 /* --- services --- */
 /* --- descriptors --- */
 extern const ProtobufCEnumDescriptor nsjail__mode__descriptor;
 extern const ProtobufCEnumDescriptor nsjail__log_level__descriptor;
 extern const ProtobufCMessageDescriptor nsjail__id_map__descriptor;
 extern const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor;
 extern const ProtobufCMessageDescriptor nsjail__exe__descriptor;
 extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor;
 PROTOBUF_C__END_DECLS
 #endif				/* PROTOBUF_C_config_2eproto__INCLUDED */