From patchwork Wed Jun 9 11:16:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 43782 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 924A43951C71 for ; Wed, 9 Jun 2021 11:19:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 924A43951C71 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1623237543; bh=G+KQFkVAq1J4wVYrloBfnURMWkX5MTKbHycahgH61Cc=; h=To:Subject:In-Reply-To:References:Date:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=INHEUkU2JDlqj3CGt4Q95N7sojIE8mseghcVSb1VGNbIjxWzuofPXDpvjFQ5x6dJi KIS+wHugW/dZgUIFpS85G/YP0kw2/zgEjhkv7cZ+rXivneR2uASWlD2pI1QbeIXGzK EsVUIbReDRm7FhTeI3R+U61Qn6lKHDtwD5ClFm9E= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 5004E395A832 for ; Wed, 9 Jun 2021 11:16:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5004E395A832 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-588-ywUfomx_PLmScmPJVp4CiA-1; Wed, 09 Jun 2021 07:16:29 -0400 X-MC-Unique: ywUfomx_PLmScmPJVp4CiA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D676C802575 for ; Wed, 9 Jun 2021 11:16:28 +0000 (UTC) Received: from oldenburg.str.redhat.com (ovpn-115-60.ams2.redhat.com [10.36.115.60]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 12A2C17C5F for ; Wed, 9 Jun 2021 11:16:27 +0000 (UTC) To: libc-alpha@sourceware.org Subject: [PATCH 4/4] Add --disable-major-minor-libraries configure option In-Reply-To: References: X-From-Line: 476bfc2e0c41a91a37d945ae2af29e931801b0f7 Mon Sep 17 00:00:00 2001 Message-Id: <476bfc2e0c41a91a37d945ae2af29e931801b0f7.1623237082.git.fweimer@redhat.com> Date: Wed, 09 Jun 2021 13:16:26 +0200 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLACK autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Florian Weimer via Libc-alpha From: Florian Weimer Reply-To: Florian Weimer Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This option can be used to increase compatibility with package managers. The name was choosen to avoid confusion with all the different versions (glibc release, soname versions, symbol versions). This patch makes all uses of -$(version).so conditional on the new $(major-minor-libraries) flag. The alternative install targets write the implementation DSOs directly to the locations determined by their sonames, skipping the creation of an intermediate symbolic link. install-symbolic-link in Makerules is updated not to require the $(symbolic-link-list) file because it may not exist in --disable-major-minor-libraries mode. --- INSTALL | 10 ++++++++++ Makefile | 4 +++- Makerules | 26 +++++++++++++++++++++++++- config.make.in | 1 + configure | 15 +++++++++++++++ configure.ac | 7 +++++++ elf/Makefile | 8 +++++++- manual/install.texi | 9 +++++++++ 8 files changed, 77 insertions(+), 3 deletions(-) diff --git a/INSTALL b/INSTALL index bc761ab98b..ed5f66489b 100644 --- a/INSTALL +++ b/INSTALL @@ -199,6 +199,16 @@ if 'CFLAGS' is specified it must enable optimization. For example: RELRO and a read-only global offset table (GOT), at the cost of slightly increased program load times. +'--disable-major-minor-libraries' + Do not install shared objects under file names that contain the + major and minor version of the GNU C Library. By default, such + names are used, and the names defined by the ABI are provided as + symbolic links only. This causes problems with certain package + managers during library upgrades and (in particular) downgrades, so + this option can be used to install these shared objects directly + under their ABI-defined names, without an additional indirection + via symbolic links. + '--enable-pt_chown' The file 'pt_chown' is a helper binary for 'grantpt' (*note Pseudo-Terminals: Allocation.) that is installed setuid root to fix diff --git a/Makefile b/Makefile index 242d36de91..4cf422adce 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,9 @@ ifeq (yes,$(build-shared)) install: install-symbolic-link .PHONY: install-symbolic-link install-symbolic-link: subdir_install - $(symbolic-link-prog) $(symbolic-link-list) + if test -e $(symbolic-link-list) ; then \ + $(symbolic-link-prog) $(symbolic-link-list); \ + fi rm -f $(symbolic-link-list) install: diff --git a/Makerules b/Makerules index d3f29d0b89..162b92a4c2 100644 --- a/Makerules +++ b/Makerules @@ -989,6 +989,14 @@ versioned := $(strip $(foreach so,$(install-lib.so),\ install-lib.so-versioned := $(filter $(versioned), $(install-lib.so)) install-lib.so-unversioned := $(filter-out $(versioned), $(install-lib.so)) +# $(install-major-minor-libraries) is used within install-lib-nosubdir +# to trigger installation of the actual implementation file. +ifeq (yes,$(major-minor-libraries)) +install-major-minor-libraries = $(inst_slibdir)/$(L:.so=)-$(version).so +else +install-major-minor-libraries = +endif + # For libraries whose soname have version numbers, we install three files: # $(inst_libdir)/libfoo.so -- for linking, symlink or ld script # $(inst_slibdir)/libfoo.so.NN -- for loading by SONAME, symlink @@ -996,7 +1004,7 @@ install-lib.so-unversioned := $(filter-out $(versioned), $(install-lib.so)) install-lib-nosubdir: $(install-lib.so-unversioned:%=$(inst_slibdir)/%) \ $(foreach L,$(install-lib.so-versioned),\ $(inst_libdir)/$L \ - $(inst_slibdir)/$(L:.so=)-$(version).so \ + $(install-major-minor-libraries) \ $(inst_slibdir)/$L$($L-version)) # Install all the unversioned shared libraries. @@ -1049,6 +1057,7 @@ endef endif ifdef libc.so-version +ifeq (yes,$(major-minor-libraries)) # For a library specified to be version N, install three files: # libc.so -> libc.so.N (e.g. libc.so.6) # libc.so.6 -> libc-VERSION.so (e.g. libc-1.10.so) @@ -1058,6 +1067,11 @@ $(inst_slibdir)/libc.so$(libc.so-version): $(inst_slibdir)/libc-$(version).so \ $(make-shlib-link) $(inst_slibdir)/libc-$(version).so: $(common-objpfx)libc.so $(+force) $(do-install-program) +else # !$(major-minor-libraries) +$(inst_slibdir)/libc.so$(libc.so-version): $(common-objpfx)libc.so $(+force) + $(do-install-program) +endif # !$(major-minor-libraries) + install: $(inst_slibdir)/libc.so$(libc.so-version) # This fragment of linker script gives the OUTPUT_FORMAT statement @@ -1124,6 +1138,7 @@ include $(o-iterator) generated += $(foreach o,$(versioned),$o$($o-version)) +ifeq (yes,$(major-minor-libraries)) define o-iterator-doit $(inst_slibdir)/$o$($o-version): $(inst_slibdir)/$(o:.so=)-$(version).so \ $(+force); @@ -1138,6 +1153,15 @@ $(inst_slibdir)/$(o:.so=)-$(version).so: $(objpfx)$o $(+force); endef object-suffixes-left := $(versioned) include $(o-iterator) + +else # !$(major-minor-libraries) +define o-iterator-doit +$(inst_slibdir)/$o$($o-version): $(objpfx)$o $(+force); + $$(do-install-program) +endef +object-suffixes-left := $(versioned) +include $(o-iterator) +endif # !$(major-minor-libraries) endif # ifneq (,$(versioned)) define do-install-so diff --git a/config.make.in b/config.make.in index cbf59114b0..55a8351dd2 100644 --- a/config.make.in +++ b/config.make.in @@ -71,6 +71,7 @@ have-libcap = @have_libcap@ have-cc-with-libunwind = @libc_cv_cc_with_libunwind@ fno-unit-at-a-time = @fno_unit_at_a_time@ bind-now = @bindnow@ +major-minor-libraries = @major_minor_libraries@ have-hash-style = @libc_cv_hashstyle@ use-default-link = @use_default_link@ have-cxx-thread_local = @libc_cv_cxx_thread_local@ diff --git a/configure b/configure index a86bcf7671..cb98b4c047 100755 --- a/configure +++ b/configure @@ -681,6 +681,7 @@ experimental_malloc enable_werror all_warnings force_install +major_minor_libraries bindnow hardcoded_path_in_tests enable_timezone_tools @@ -774,6 +775,7 @@ enable_hidden_plt enable_bind_now enable_stack_protector enable_static_nss +enable_major_minor_libraries enable_force_install enable_maintainer_mode enable_kernel @@ -1435,6 +1437,10 @@ Optional Features: Use -fstack-protector[-all|-strong] to detect glibc buffer overflows --enable-static-nss build static NSS modules [default=no] + --enable-major-minor-libraries + install most shared objects under names based on the + glibc version, with symbolic links to them + [default=yes] --disable-force-install don't force installation of files from this package, even if they are older than the installed files --enable-maintainer-mode @@ -3480,6 +3486,15 @@ if test x"$static_nss" = xyes || test x"$shared" = xno; then fi +# Check whether --enable-major-minor-libraries was given. +if test "${enable_major_minor_libraries+set}" = set; then : + enableval=$enable_major_minor_libraries; major_minor_libraries=$enableval +else + major_minor_libraries=yes +fi + + + # Check whether --enable-force-install was given. if test "${enable_force_install+set}" = set; then : enableval=$enable_force_install; force_install=$enableval diff --git a/configure.ac b/configure.ac index f2588f394f..91d54e6926 100644 --- a/configure.ac +++ b/configure.ac @@ -242,6 +242,13 @@ if test x"$static_nss" = xyes || test x"$shared" = xno; then AC_DEFINE(DO_STATIC_NSS) fi +AC_ARG_ENABLE([major-minor-libraries], + AC_HELP_STRING([--enable-major-minor-libraries], + [install most shared objects under names based on the glibc version, with symbolic links to them @<:@default=yes@:>@]), + [major_minor_libraries=$enableval], + [major_minor_libraries=yes]) +AC_SUBST(major_minor_libraries) + AC_ARG_ENABLE([force-install], AS_HELP_STRING([--disable-force-install], [don't force installation of files from this package, even if they are older than the installed files]), diff --git a/elf/Makefile b/elf/Makefile index 5389c35536..3211dbfd64 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -628,6 +628,7 @@ $(objpfx)trusted-dirs.st: Makefile $(..)Makeconfig CPPFLAGS-dl-load.c += -I$(objpfx). -I$(csu-objpfx). ifeq (yes,$(build-shared)) +ifeq (yes,$(major-minor-libraries)) $(inst_slibdir)/$(rtld-version-installed-name): $(objpfx)ld.so $(+force) $(make-target-directory) $(do-install-program) @@ -637,11 +638,16 @@ $(inst_rtlddir)/$(rtld-installed-name): \ $(inst_slibdir)/libc-$(version).so $(make-target-directory) $(make-shlib-link) +else # !$(major-minor-libraries) +$(inst_rtlddir)/$(rtld-installed-name): $(objpfx)ld.so $(+force) + $(make-target-directory) + $(do-install-program) +endif # !$(major-minor-libraries) # Special target called by parent to install just the dynamic linker. .PHONY: ldso_install ldso_install: $(inst_rtlddir)/$(rtld-installed-name) -endif +endif # $(build-shared) # Workarounds for ${exec_prefix} expansion in configure variables. diff --git a/manual/install.texi b/manual/install.texi index f1d858fb78..3e0ae46285 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -226,6 +226,15 @@ provides additional security hardening because it enables full RELRO and a read-only global offset table (GOT), at the cost of slightly increased program load times. +@item --disable-major-minor-libraries +Do not install shared objects under file names that contain the major +and minor version of @theglibc. By default, such names are used, and +the names defined by the ABI are provided as symbolic links only. This +causes problems with certain package managers during library upgrades +and (in particular) downgrades, so this option can be used to install +these shared objects directly under their ABI-defined names, without an +additional indirection via symbolic links. + @pindex pt_chown @findex grantpt @item --enable-pt_chown