From ed14add1efcac7491b46cf6628cacc6e9b6a1398 Mon Sep 17 00:00:00 2001 From: Martin Schiller Date: Wed, 17 Jul 2024 13:00:38 +0200 Subject: [PATCH] target.mk: further improve handling of default enabled SECCOMP The fix in commit 847fad476f3d ("target.mk: improve handling of default enabled SECCOMP") unfortunately does not work for targets where the ARCH variable is set in ./$(SUBTARGET)/target.mk. To get this working, the ./$(SUBTARGET)/target.mk must be included before the check. Fixes: 847fad476f3d ("target.mk: improve handling of default enabled SECCOMP") Signed-off-by: Martin Schiller --- include/target.mk | 83 ++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 41 deletions(-) diff --git a/include/target.mk b/include/target.mk index c9ff3cbb7c..48536b5dd9 100644 --- a/include/target.mk +++ b/include/target.mk @@ -6,25 +6,6 @@ ifneq ($(__target_inc),1) __target_inc=1 -ifneq ($(DUMP),) - # Parse generic config that might be set before a .config is generated to modify the - # default package configuration - # Keep DYNAMIC_DEF_PKG_CONF in sync with toplevel.mk to reflect the same configs - DYNAMIC_DEF_PKG_CONF := CONFIG_USE_APK CONFIG_SELINUX CONFIG_SMALL_FLASH CONFIG_SECCOMP - ifneq ($(wildcard $(TOPDIR)/.config),) - $(foreach config, $(DYNAMIC_DEF_PKG_CONF), \ - $(eval $(config) := $(shell grep "$(config)=y" $(TOPDIR)/.config 2>/dev/null)) \ - ) - # Init config that are enabled by default. Dependency are checked matching the one in - # the config. - else - ifeq ($(filter $(BOARD), uml),) - ifneq ($(filter $(ARCH), aarch64 arm armeb mips mipsel mips64 mips64el i386 powerpc x86_64),) - CONFIG_SECCOMP := y - endif - endif - endif -endif # default device type DEVICE_TYPE?=router @@ -46,28 +27,6 @@ DEFAULT_PACKAGES:=\ urandom-seed \ urngd -ifneq ($(CONFIG_USE_APK),) -DEFAULT_PACKAGES+=apk-mbedtls -else -DEFAULT_PACKAGES+=opkg -endif - -ifneq ($(CONFIG_SELINUX),) -DEFAULT_PACKAGES+=busybox-selinux procd-selinux -else -DEFAULT_PACKAGES+=busybox procd -endif - -# include ujail on systems with enough storage -ifeq ($(CONFIG_SMALL_FLASH),) -DEFAULT_PACKAGES+=procd-ujail -endif - -# include seccomp ld-preload hooks if kernel supports it -ifneq ($(CONFIG_SECCOMP),) -DEFAULT_PACKAGES+=procd-seccomp -endif - # For the basic set DEFAULT_PACKAGES.basic:= # For nas targets @@ -118,6 +77,48 @@ else endif endif +ifneq ($(DUMP),) + # Parse generic config that might be set before a .config is generated to modify the + # default package configuration + # Keep DYNAMIC_DEF_PKG_CONF in sync with toplevel.mk to reflect the same configs + DYNAMIC_DEF_PKG_CONF := CONFIG_USE_APK CONFIG_SELINUX CONFIG_SMALL_FLASH CONFIG_SECCOMP + ifneq ($(wildcard $(TOPDIR)/.config),) + $(foreach config, $(DYNAMIC_DEF_PKG_CONF), \ + $(eval $(config) := $(shell grep "$(config)=y" $(TOPDIR)/.config 2>/dev/null)) \ + ) + # Init config that are enabled by default. Dependency are checked matching the one in + # the config. + else + ifeq ($(filter $(BOARD), uml),) + ifneq ($(filter $(ARCH), aarch64 arm armeb mips mipsel mips64 mips64el i386 powerpc x86_64),) + CONFIG_SECCOMP := y + endif + endif + endif +endif + +ifneq ($(CONFIG_USE_APK),) +DEFAULT_PACKAGES+=apk-mbedtls +else +DEFAULT_PACKAGES+=opkg +endif + +ifneq ($(CONFIG_SELINUX),) +DEFAULT_PACKAGES+=busybox-selinux procd-selinux +else +DEFAULT_PACKAGES+=busybox procd +endif + +# include ujail on systems with enough storage +ifeq ($(CONFIG_SMALL_FLASH),) +DEFAULT_PACKAGES+=procd-ujail +endif + +# include seccomp ld-preload hooks if kernel supports it +ifneq ($(CONFIG_SECCOMP),) +DEFAULT_PACKAGES+=procd-seccomp +endif + # Add device specific packages (here below to allow device type set from subtarget) DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE)) -- 2.30.2