2016-01-10 20:35:36 +00:00
|
|
|
## Copyright (C) 2005-2016 Red Hat, Inc.
|
|
|
|
## Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com>
|
2013-05-14 23:42:12 +00:00
|
|
|
##
|
|
|
|
## This library is free software; you can redistribute it and/or
|
|
|
|
## modify it under the terms of the GNU Lesser General Public
|
|
|
|
## License as published by the Free Software Foundation; either
|
|
|
|
## version 2.1 of the License, or (at your option) any later version.
|
|
|
|
##
|
|
|
|
## This library is distributed in the hope that it will be useful,
|
|
|
|
## but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
## Lesser General Public License for more details.
|
|
|
|
##
|
|
|
|
## You should have received a copy of the GNU Lesser General Public
|
|
|
|
## License along with this library. If not, see
|
|
|
|
## <http://www.gnu.org/licenses/>.
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2019-01-04 19:47:44 +00:00
|
|
|
AM_CPPFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
-I$(top_builddir)/include -I$(top_srcdir)/include \
|
|
|
|
-I$(top_builddir)/gnulib/lib -I$(top_srcdir)/gnulib/lib \
|
|
|
|
-I$(top_builddir)/src -I$(top_srcdir)/src \
|
|
|
|
-I$(top_srcdir)/src/util \
|
|
|
|
-I$(top_srcdir) \
|
2019-01-04 19:42:52 +00:00
|
|
|
$(NULL)
|
2011-07-28 12:55:21 +00:00
|
|
|
|
2019-08-08 09:23:26 +00:00
|
|
|
# We do not want to accidentally include stuff from gnulib
|
|
|
|
# or the main src/ dir or public API dir. Specific files can
|
|
|
|
# still be included via their path relative to the root if
|
|
|
|
# needed
|
|
|
|
STANDALONE_CPPFLAGS = -I$(top_srcdir)
|
|
|
|
|
2016-06-29 13:19:18 +00:00
|
|
|
WARN_CFLAGS += $(STRICT_FRAME_LIMIT_CFLAGS)
|
|
|
|
|
2017-11-16 13:35:12 +00:00
|
|
|
AM_CFLAGS = \
|
|
|
|
$(WARN_CFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_CFLAGS) \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(PIE_CFLAGS) \
|
|
|
|
$(LIBXML_CFLAGS) \
|
|
|
|
$(NULL)
|
|
|
|
|
2013-08-20 09:20:46 +00:00
|
|
|
AM_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(RELRO_LDFLAGS) \
|
|
|
|
$(NO_INDIRECT_LDFLAGS) \
|
2018-01-25 09:35:58 +00:00
|
|
|
$(NO_UNDEFINED_LDFLAGS) \
|
2013-08-20 09:20:46 +00:00
|
|
|
$(NULL)
|
|
|
|
|
2009-09-16 11:01:53 +00:00
|
|
|
ICON_FILES = \
|
|
|
|
libvirt_win_icon_16x16.ico \
|
|
|
|
libvirt_win_icon_32x32.ico \
|
|
|
|
libvirt_win_icon_48x48.ico \
|
|
|
|
libvirt_win_icon_64x64.ico \
|
|
|
|
virsh_win_icon.rc
|
|
|
|
|
2016-04-13 15:09:14 +00:00
|
|
|
PODFILES = \
|
|
|
|
virt-admin.pod \
|
|
|
|
virt-host-validate.pod \
|
|
|
|
virt-login-shell.pod \
|
|
|
|
virt-pki-validate.pod \
|
|
|
|
virt-sanlock-cleanup.pod \
|
|
|
|
virt-xml-validate.pod \
|
|
|
|
virsh.pod \
|
|
|
|
$(NULL)
|
|
|
|
|
|
|
|
MANINFILES = \
|
|
|
|
virt-admin.1.in \
|
|
|
|
virt-host-validate.1.in \
|
|
|
|
virt-login-shell.1.in \
|
|
|
|
virt-pki-validate.1.in \
|
|
|
|
virt-sanlock-cleanup.8.in \
|
|
|
|
virt-xml-validate.1.in \
|
|
|
|
virsh.1.in \
|
|
|
|
$(NULL)
|
|
|
|
|
2010-08-25 12:07:26 +00:00
|
|
|
EXTRA_DIST = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(ICON_FILES) \
|
|
|
|
$(conf_DATA) \
|
|
|
|
virt-xml-validate.in \
|
|
|
|
virt-pki-validate.in \
|
|
|
|
virt-sanlock-cleanup.in \
|
|
|
|
libvirt-guests.sysconf \
|
|
|
|
virt-login-shell.conf \
|
|
|
|
virsh-edit.c \
|
2017-11-02 13:41:53 +00:00
|
|
|
bash-completion/vsh \
|
2018-09-25 12:15:24 +00:00
|
|
|
libvirt_recover_xattrs.sh \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(PODFILES) \
|
|
|
|
$(MANINFILES) \
|
2016-04-13 15:09:14 +00:00
|
|
|
$(NULL)
|
2012-07-31 03:52:13 +00:00
|
|
|
|
|
|
|
|
2016-01-10 20:35:36 +00:00
|
|
|
CLEANFILES =
|
2011-10-11 21:10:17 +00:00
|
|
|
DISTCLEANFILES =
|
2016-04-13 15:12:24 +00:00
|
|
|
MAINTAINERCLEANFILES =
|
2011-10-11 21:10:17 +00:00
|
|
|
|
2013-08-08 15:36:31 +00:00
|
|
|
confdir = $(sysconfdir)/libvirt
|
2013-08-30 19:58:59 +00:00
|
|
|
conf_DATA =
|
2013-08-08 15:36:31 +00:00
|
|
|
|
2009-09-16 13:42:57 +00:00
|
|
|
bin_SCRIPTS = virt-xml-validate virt-pki-validate
|
2016-04-08 15:14:13 +00:00
|
|
|
bin_PROGRAMS = virsh virt-admin
|
2012-10-21 02:29:51 +00:00
|
|
|
libexec_SCRIPTS = libvirt-guests.sh
|
2016-04-12 20:05:15 +00:00
|
|
|
man1_MANS = \
|
2016-04-08 15:23:10 +00:00
|
|
|
virt-pki-validate.1 \
|
|
|
|
virt-xml-validate.1 \
|
|
|
|
virsh.1 \
|
|
|
|
virt-admin.1
|
2009-09-16 11:01:53 +00:00
|
|
|
|
2012-09-20 11:58:07 +00:00
|
|
|
if WITH_SANLOCK
|
2011-06-14 08:29:00 +00:00
|
|
|
sbin_SCRIPTS = virt-sanlock-cleanup
|
2016-04-12 20:05:15 +00:00
|
|
|
man8_MANS = virt-sanlock-cleanup.8
|
2011-10-11 21:10:17 +00:00
|
|
|
DISTCLEANFILES += virt-sanlock-cleanup
|
2013-09-04 02:39:16 +00:00
|
|
|
endif WITH_SANLOCK
|
2009-09-16 11:01:53 +00:00
|
|
|
|
2015-11-09 22:36:40 +00:00
|
|
|
if WITH_LOGIN_SHELL
|
2013-08-30 19:58:59 +00:00
|
|
|
conf_DATA += virt-login-shell.conf
|
|
|
|
bin_PROGRAMS += virt-login-shell
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
libexec_PROGRAMS = virt-login-shell-helper
|
2016-04-12 20:05:15 +00:00
|
|
|
man1_MANS += virt-login-shell.1
|
2016-04-13 17:24:51 +00:00
|
|
|
endif WITH_LOGIN_SHELL
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2016-04-08 15:14:13 +00:00
|
|
|
if WITH_HOST_VALIDATE
|
|
|
|
bin_PROGRAMS += virt-host-validate
|
2016-04-12 20:05:15 +00:00
|
|
|
man1_MANS += virt-host-validate.1
|
|
|
|
endif WITH_HOST_VALIDATE
|
2016-04-08 15:14:13 +00:00
|
|
|
|
2009-04-19 15:10:45 +00:00
|
|
|
virt-xml-validate: virt-xml-validate.in Makefile
|
2013-08-19 22:26:41 +00:00
|
|
|
$(AM_V_GEN)sed -e 's|[@]schemadir@|$(pkgdatadir)/schemas|g' \
|
|
|
|
-e 's|[@]VERSION@|$(VERSION)|g' \
|
|
|
|
< $< > $@ || (rm $@ && exit 1) && chmod +x $@
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2009-09-16 13:42:57 +00:00
|
|
|
virt-pki-validate: virt-pki-validate.in Makefile
|
2013-08-19 22:38:57 +00:00
|
|
|
$(AM_V_GEN)sed -e 's|[@]sysconfdir@|$(sysconfdir)|g' \
|
|
|
|
-e 's|[@]VERSION@|$(VERSION)|g' \
|
|
|
|
< $< > $@ || (rm $@ && exit 1) && chmod +x $@
|
2009-09-16 11:01:53 +00:00
|
|
|
|
2011-06-14 08:29:00 +00:00
|
|
|
virt-sanlock-cleanup: virt-sanlock-cleanup.in Makefile
|
build: use common .in replacement mechanism
We had several different styles of .in conversion in our Makefiles:
ALLCAPS, @ALLCAPS@, @lower@, ::lower::
Canonicalize on one form, to make it easier to copy and paste
between .in files.
Also, we were using some non-portable sed constructs: \@ is an
undefined escape sequence (it happens to be @ itself in GNU sed,
but POSIX allows it to mean something else), as well as risky
behavior (failure to consistently quote things means a space
in $(sysconfdir) could throw things off; also, Autoconf recommends
using | rather than , or ! in the s||| operator, because | has to
be quoted in shell and is therefore less likely to appear in file
names than , or !).
Fix all of these uses to follow the same syntax.
* daemon/libvirtd.8.in: Switch to @var@.
* tools/virt-xml-validate.in: Likewise.
* tools/virt-pki-validate.in: Likewise.
* src/locking/virtlockd.init.in: Likewise.
* daemon/Makefile.am: Prefer | over ! in sed.
(libvirtd.8): Prefer consistent substitution.
(libvirtd.init, libvirtd.service): Avoid non-portable sed.
* tools/Makefile.am (libvirt-guests.sh, libvirt-guests.init)
(libvirt-guests.service): Likewise.
(virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup):
Prefer consistent capitalization.
* src/Makefile.am (virtlockd.init, virtlockd.service)
(virtlockd.socket): Prefer consistent substitution.
2013-01-04 20:35:04 +00:00
|
|
|
$(AM_V_GEN)sed -e 's|[@]sysconfdir@|$(sysconfdir)|' \
|
|
|
|
-e 's|[@]localstatedir@|$(localstatedir)|' < $< > $@ \
|
2011-06-14 08:29:00 +00:00
|
|
|
|| (rm $@ && exit 1) && chmod +x $@
|
|
|
|
|
2015-09-23 13:17:35 +00:00
|
|
|
noinst_LTLIBRARIES = libvirt_shell.la
|
|
|
|
libvirt_shell_la_CFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_CFLAGS) \
|
|
|
|
$(READLINE_CFLAGS) \
|
2015-09-23 13:17:35 +00:00
|
|
|
$(NULL)
|
|
|
|
libvirt_shell_la_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_LDFLAGS) \
|
|
|
|
$(PIE_LDFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_LDFLAGS) \
|
2015-09-23 13:17:35 +00:00
|
|
|
$(NULL)
|
|
|
|
libvirt_shell_la_LIBADD = \
|
2018-03-05 15:39:48 +00:00
|
|
|
../src/libvirt.la \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(LIBXML_LIBS) \
|
|
|
|
$(READLINE_LIBS) \
|
|
|
|
../gnulib/lib/libgnu.la \
|
2015-09-23 13:17:35 +00:00
|
|
|
$(NULL)
|
2018-08-23 15:53:41 +00:00
|
|
|
libvirt_shell_la_SOURCES = \
|
|
|
|
vsh.c vsh.h \
|
|
|
|
vsh-table.c vsh-table.h
|
2015-09-23 13:17:35 +00:00
|
|
|
|
2012-01-10 17:31:21 +00:00
|
|
|
virt_host_validate_SOURCES = \
|
|
|
|
virt-host-validate.c \
|
2017-02-24 16:27:56 +00:00
|
|
|
virt-host-validate-common.c virt-host-validate-common.h
|
|
|
|
|
|
|
|
VIRT_HOST_VALIDATE_QEMU = \
|
|
|
|
virt-host-validate-qemu.c \
|
|
|
|
virt-host-validate-qemu.h
|
|
|
|
VIRT_HOST_VALIDATE_LXC = \
|
|
|
|
virt-host-validate-lxc.c \
|
|
|
|
virt-host-validate-lxc.h
|
|
|
|
VIRT_HOST_VALIDATE_BHYVE = \
|
|
|
|
virt-host-validate-bhyve.c \
|
|
|
|
virt-host-validate-bhyve.h
|
|
|
|
if WITH_QEMU
|
|
|
|
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_QEMU)
|
|
|
|
else ! WITH_QEMU
|
|
|
|
EXTRA_DIST += $(VIRT_HOST_VALIDATE_QEMU)
|
|
|
|
endif ! WITH_QEMU
|
|
|
|
|
|
|
|
if WITH_LXC
|
|
|
|
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_LXC)
|
|
|
|
else ! WITH_LXC
|
|
|
|
EXTRA_DIST += $(VIRT_HOST_VALIDATE_LXC)
|
|
|
|
endif ! WITH_LXC
|
|
|
|
|
|
|
|
if WITH_BHYVE
|
|
|
|
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_BHYVE)
|
|
|
|
else ! WITH_BHYVE
|
|
|
|
EXTRA_DIST += $(VIRT_HOST_VALIDATE_BHYVE)
|
|
|
|
endif ! WITH_BHYVE
|
2012-01-10 17:31:21 +00:00
|
|
|
|
|
|
|
virt_host_validate_LDFLAGS = \
|
2013-08-20 09:20:46 +00:00
|
|
|
$(AM_LDFLAGS) \
|
2013-04-03 10:32:15 +00:00
|
|
|
$(PIE_LDFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_LDFLAGS) \
|
2012-01-10 17:31:21 +00:00
|
|
|
$(NULL)
|
|
|
|
|
|
|
|
virt_host_validate_LDADD = \
|
2017-11-03 12:09:47 +00:00
|
|
|
../src/libvirt.la \
|
|
|
|
../gnulib/lib/libgnu.la \
|
2012-01-10 17:31:21 +00:00
|
|
|
$(NULL)
|
|
|
|
|
|
|
|
virt_host_validate_CFLAGS = \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(AM_CFLAGS) \
|
2012-01-10 17:31:21 +00:00
|
|
|
$(NULL)
|
|
|
|
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
# virt-login-shell will be setuid, and must not link to anything
|
|
|
|
# except glibc. It wil scrub the environment and then invoke the
|
|
|
|
# real virt-login-shell-helper binary.
|
2017-11-03 12:09:47 +00:00
|
|
|
virt_login_shell_SOURCES = \
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
virt-login-shell.c
|
|
|
|
|
2019-08-08 09:23:26 +00:00
|
|
|
virt_login_shell_CPPFLAGS = $(STANDALONE_CPPFLAGS)
|
|
|
|
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
virt_login_shell_helper_SOURCES = \
|
2019-08-01 09:57:39 +00:00
|
|
|
virt-login-shell-helper.c
|
2013-08-08 15:36:31 +00:00
|
|
|
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
virt_login_shell_helper_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_LDFLAGS) \
|
|
|
|
$(PIE_LDFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_LDFLAGS) \
|
2013-08-20 09:20:46 +00:00
|
|
|
$(NULL)
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
virt_login_shell_helper_LDADD = \
|
|
|
|
../src/libvirt.la \
|
|
|
|
../src/libvirt-lxc.la \
|
2013-08-08 15:36:31 +00:00
|
|
|
../gnulib/lib/libgnu.la
|
|
|
|
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 09:58:31 +00:00
|
|
|
virt_login_shell_helper_CFLAGS = \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(AM_CFLAGS) \
|
|
|
|
$(NULL)
|
2013-08-08 15:36:31 +00:00
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
virsh_SOURCES = \
|
|
|
|
virsh.c virsh.h \
|
2019-03-13 21:04:51 +00:00
|
|
|
virsh-checkpoint.c virsh-checkpoint.h \
|
2018-01-14 10:51:44 +00:00
|
|
|
virsh-completer.c virsh-completer.h \
|
2019-07-13 16:00:35 +00:00
|
|
|
virsh-completer-domain.c virsh-completer-domain.h \
|
2019-08-07 07:44:55 +00:00
|
|
|
virsh-completer-checkpoint.c virsh-completer-checkpoint.h \
|
2019-07-14 10:24:38 +00:00
|
|
|
virsh-completer-host.c virsh-completer-host.h \
|
2019-07-13 16:45:48 +00:00
|
|
|
virsh-completer-interface.c virsh-completer-interface.h \
|
2019-07-13 16:51:56 +00:00
|
|
|
virsh-completer-network.c virsh-completer-network.h \
|
2019-07-13 16:57:17 +00:00
|
|
|
virsh-completer-nodedev.c virsh-completer-nodedev.h \
|
2019-07-13 17:02:24 +00:00
|
|
|
virsh-completer-nwfilter.c virsh-completer-nwfilter.h \
|
2019-07-13 16:27:12 +00:00
|
|
|
virsh-completer-pool.c virsh-completer-pool.h \
|
2019-07-13 17:17:42 +00:00
|
|
|
virsh-completer-secret.c virsh-completer-secret.h \
|
2019-07-13 17:24:01 +00:00
|
|
|
virsh-completer-snapshot.c virsh-completer-snapshot.h \
|
2019-07-13 16:36:26 +00:00
|
|
|
virsh-completer-volume.c virsh-completer-volume.h \
|
2017-11-03 12:09:47 +00:00
|
|
|
virsh-console.c virsh-console.h \
|
|
|
|
virsh-domain.c virsh-domain.h \
|
|
|
|
virsh-domain-monitor.c virsh-domain-monitor.h \
|
|
|
|
virsh-host.c virsh-host.h \
|
|
|
|
virsh-interface.c virsh-interface.h \
|
|
|
|
virsh-network.c virsh-network.h \
|
|
|
|
virsh-nodedev.c virsh-nodedev.h \
|
|
|
|
virsh-nwfilter.c virsh-nwfilter.h \
|
|
|
|
virsh-pool.c virsh-pool.h \
|
|
|
|
virsh-secret.c virsh-secret.h \
|
|
|
|
virsh-snapshot.c virsh-snapshot.h \
|
|
|
|
virsh-util.c virsh-util.h \
|
|
|
|
virsh-volume.c virsh-volume.h \
|
2012-08-18 03:16:04 +00:00
|
|
|
$(NULL)
|
2009-09-16 11:01:53 +00:00
|
|
|
|
2013-08-20 09:20:46 +00:00
|
|
|
virsh_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_LDFLAGS) \
|
|
|
|
$(PIE_LDFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_LDFLAGS) \
|
2013-08-20 09:20:46 +00:00
|
|
|
$(NULL)
|
2017-11-03 12:09:47 +00:00
|
|
|
virsh_LDADD = \
|
|
|
|
$(STATIC_BINARIES) \
|
|
|
|
../src/libvirt-lxc.la \
|
|
|
|
../src/libvirt-qemu.la \
|
2015-09-25 11:20:38 +00:00
|
|
|
libvirt_shell.la
|
2017-11-03 12:09:47 +00:00
|
|
|
virsh_CFLAGS = \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(AM_CFLAGS) \
|
2017-05-26 17:43:42 +00:00
|
|
|
$(READLINE_CFLAGS)
|
2015-10-12 15:07:21 +00:00
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
virt_admin_SOURCES = \
|
|
|
|
virt-admin.c virt-admin.h \
|
2018-01-14 10:51:44 +00:00
|
|
|
virt-admin-completer.c virt-admin-completer.h \
|
2015-10-12 15:07:21 +00:00
|
|
|
$(NULL)
|
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
virt_admin_LDFLAGS = \
|
|
|
|
$(AM_LDFLAGS) \
|
2019-08-02 11:05:37 +00:00
|
|
|
$(COVERAGE_LDFLAGS) \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(STATIC_BINARIES) \
|
|
|
|
$(PIE_LDFLAGS) \
|
2015-10-12 15:07:21 +00:00
|
|
|
$(NULL)
|
2017-11-03 12:09:47 +00:00
|
|
|
virt_admin_LDADD = \
|
|
|
|
../src/libvirt-admin.la \
|
|
|
|
libvirt_shell.la \
|
|
|
|
$(LIBXML_LIBS) \
|
2015-10-12 15:07:21 +00:00
|
|
|
$(NULL)
|
2017-11-03 12:09:47 +00:00
|
|
|
virt_admin_CFLAGS = \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(AM_CFLAGS) \
|
2015-10-12 15:07:21 +00:00
|
|
|
$(READLINE_CFLAGS)
|
2012-05-17 15:08:53 +00:00
|
|
|
BUILT_SOURCES =
|
2009-09-16 11:01:53 +00:00
|
|
|
|
|
|
|
if WITH_WIN_ICON
|
|
|
|
virsh_LDADD += virsh_win_icon.$(OBJEXT)
|
|
|
|
|
|
|
|
# Before you edit virsh_win_icon.rc, please note the following
|
|
|
|
# limitations of the resource file format:
|
|
|
|
#
|
|
|
|
# (1) '..' is not permitted in the icon filename field.
|
|
|
|
# (2) '-' is not permitted in the icon filename field.
|
|
|
|
# (3) Comments are not permitted in the file.
|
|
|
|
#
|
|
|
|
# Windows appears to choose the first <= 32x32 icon it finds
|
|
|
|
# in the resource file. Therefore you should list the available
|
|
|
|
# icons from largest to smallest, and make sure that the 32x32
|
|
|
|
# icon is the most legible.
|
|
|
|
#
|
|
|
|
# Windows .ICO is a special MS-only format. GIMP and other
|
|
|
|
# tools can write it. However there are several variations,
|
|
|
|
# and Windows seems to do its own colour quantization. More
|
|
|
|
# information is needed in this area.
|
|
|
|
|
|
|
|
virsh_win_icon.$(OBJEXT): virsh_win_icon.rc
|
2010-03-31 12:10:08 +00:00
|
|
|
$(AM_V_GEN)$(WINDRES) \
|
2009-09-16 11:01:53 +00:00
|
|
|
--input-format rc --input $< \
|
|
|
|
--output-format coff --output $@
|
2013-09-04 02:39:16 +00:00
|
|
|
endif WITH_WIN_ICON
|
2009-09-16 11:01:53 +00:00
|
|
|
|
2016-04-12 20:28:27 +00:00
|
|
|
POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)"
|
|
|
|
|
2016-04-12 20:15:45 +00:00
|
|
|
%.1.in: %.pod
|
2016-04-13 16:52:12 +00:00
|
|
|
$(AM_V_GEN)$(POD2MAN) $< $@-t1 && \
|
|
|
|
if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
|
|
|
|
sed \
|
|
|
|
-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
|
|
|
|
-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
|
|
|
|
< $@-t1 > $@-t2 && \
|
|
|
|
rm -f $@-t1 && \
|
|
|
|
mv $@-t2 $@
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2016-04-12 20:15:45 +00:00
|
|
|
%.8.in: %.pod
|
2016-04-13 16:52:12 +00:00
|
|
|
$(AM_V_GEN)$(POD2MAN) --section=8 $< $@-t1 && \
|
|
|
|
if grep 'POD ERROR' $@-t1; then rm $@-t1; exit 1; fi && \
|
|
|
|
sed \
|
|
|
|
-e 's|SYSCONFDIR|\@sysconfdir\@|g' \
|
|
|
|
-e 's|LOCALSTATEDIR|\@localstatedir\@|g' \
|
|
|
|
< $@-t1 > $@-t2 && \
|
|
|
|
rm -f $@-t1 && \
|
|
|
|
mv $@-t2 $@
|
2016-04-12 18:32:33 +00:00
|
|
|
|
2016-04-12 20:15:45 +00:00
|
|
|
%.1: %.1.in $(top_srcdir)/configure.ac
|
|
|
|
$(AM_V_GEN)sed \
|
|
|
|
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
|
|
|
|
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
|
|
|
|
< $< > $@-t && \
|
|
|
|
mv $@-t $@
|
|
|
|
|
|
|
|
%.8: %.8.in $(top_srcdir)/configure.ac
|
|
|
|
$(AM_V_GEN)sed \
|
|
|
|
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
|
|
|
|
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
|
|
|
|
< $< > $@-t && \
|
|
|
|
mv $@-t $@
|
|
|
|
|
2019-03-15 15:47:27 +00:00
|
|
|
install-data-local: install-systemd install-nss \
|
2017-11-02 13:41:53 +00:00
|
|
|
install-bash-completion
|
2010-08-25 12:07:26 +00:00
|
|
|
|
2019-03-15 15:47:27 +00:00
|
|
|
uninstall-local: uninstall-systemd uninstall-nss \
|
2017-11-02 13:41:53 +00:00
|
|
|
uninstall-bash-completion
|
2010-08-25 12:07:26 +00:00
|
|
|
|
2011-07-07 13:45:07 +00:00
|
|
|
install-sysconfig:
|
build: follow directory install conventions
Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
to follow other conventions already present in src/Makefile.am.
In particular, we prefer MKDIR_P over mkdir -p, and should
have a matching rmdir during uninstall for every directory
created during install (the idea being that uninstall in a
DESTDIR should be clean, while installation in the final
system should not fail with non-empty directories left behind).
* tools/Makefile.am (install-sysconfig, install-initscript)
(install-systemd): Use MKDIR_P.
(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
Also remove directories.
* daemon/Makefile.am (install-data-local, install-data-polkit)
(install-logrotate, install-sysconfig, install-sysctl)
(install-init-redhat, install-init-upstart, install-init-systemd)
(install-data-sasl): Use MKDIR_P.
(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
(uninstall-init-redhat, uninstall-init-upstart)
(uninstall-init-systemd): Also remove directory.
(uninstall-logrotate): New rule.
(uninstall-local): Add uninstall-logrotate.
2011-12-09 18:06:19 +00:00
|
|
|
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
|
2011-07-07 13:45:07 +00:00
|
|
|
$(INSTALL_DATA) $(srcdir)/libvirt-guests.sysconf \
|
|
|
|
$(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
|
|
|
|
|
|
|
|
uninstall-sysconfig:
|
|
|
|
rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
|
build: follow directory install conventions
Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
to follow other conventions already present in src/Makefile.am.
In particular, we prefer MKDIR_P over mkdir -p, and should
have a matching rmdir during uninstall for every directory
created during install (the idea being that uninstall in a
DESTDIR should be clean, while installation in the final
system should not fail with non-empty directories left behind).
* tools/Makefile.am (install-sysconfig, install-initscript)
(install-systemd): Use MKDIR_P.
(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
Also remove directories.
* daemon/Makefile.am (install-data-local, install-data-polkit)
(install-logrotate, install-sysconfig, install-sysctl)
(install-init-redhat, install-init-upstart, install-init-systemd)
(install-data-sasl): Use MKDIR_P.
(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
(uninstall-init-redhat, uninstall-init-upstart)
(uninstall-init-systemd): Also remove directory.
(uninstall-logrotate): New rule.
(uninstall-local): Add uninstall-logrotate.
2011-12-09 18:06:19 +00:00
|
|
|
rmdir $(DESTDIR)$(sysconfdir)/sysconfig ||:
|
2011-07-07 13:45:07 +00:00
|
|
|
|
2019-03-15 15:47:27 +00:00
|
|
|
EXTRA_DIST += libvirt-guests.sh.in
|
2011-07-07 13:45:07 +00:00
|
|
|
|
2012-10-21 02:29:51 +00:00
|
|
|
libvirt-guests.sh: libvirt-guests.sh.in $(top_builddir)/config.status
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_V_GEN)sed \
|
|
|
|
-e 's|[@]PACKAGE[@]|$(PACKAGE)|g' \
|
|
|
|
-e 's|[@]bindir[@]|$(bindir)|g' \
|
|
|
|
-e 's|[@]localedir[@]|$(localedir)|g' \
|
|
|
|
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
|
|
|
|
-e 's|[@]sbindir[@]|$(sbindir)|g' \
|
|
|
|
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
|
|
|
|
< $< > $@-t && \
|
|
|
|
chmod a+x $@-t && \
|
2010-08-25 12:07:26 +00:00
|
|
|
mv $@-t $@
|
2012-10-21 02:29:51 +00:00
|
|
|
BUILT_SOURCES += libvirt-guests.sh
|
2011-07-07 13:45:07 +00:00
|
|
|
|
|
|
|
EXTRA_DIST += libvirt-guests.service.in
|
2014-01-17 12:11:58 +00:00
|
|
|
SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
|
2011-12-08 13:30:24 +00:00
|
|
|
|
2011-07-07 13:45:07 +00:00
|
|
|
if LIBVIRT_INIT_SCRIPT_SYSTEMD
|
2012-10-21 02:29:51 +00:00
|
|
|
install-systemd: libvirt-guests.service install-sysconfig libvirt-guests.sh
|
build: follow directory install conventions
Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
to follow other conventions already present in src/Makefile.am.
In particular, we prefer MKDIR_P over mkdir -p, and should
have a matching rmdir during uninstall for every directory
created during install (the idea being that uninstall in a
DESTDIR should be clean, while installation in the final
system should not fail with non-empty directories left behind).
* tools/Makefile.am (install-sysconfig, install-initscript)
(install-systemd): Use MKDIR_P.
(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
Also remove directories.
* daemon/Makefile.am (install-data-local, install-data-polkit)
(install-logrotate, install-sysconfig, install-sysctl)
(install-init-redhat, install-init-upstart, install-init-systemd)
(install-data-sasl): Use MKDIR_P.
(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
(uninstall-init-redhat, uninstall-init-upstart)
(uninstall-init-systemd): Also remove directory.
(uninstall-logrotate): New rule.
(uninstall-local): Add uninstall-logrotate.
2011-12-09 18:06:19 +00:00
|
|
|
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
|
2012-06-26 07:53:33 +00:00
|
|
|
$(INSTALL_DATA) libvirt-guests.service \
|
2011-12-08 13:30:24 +00:00
|
|
|
$(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirt-guests.service
|
2011-07-07 13:45:07 +00:00
|
|
|
|
2012-10-21 02:29:51 +00:00
|
|
|
uninstall-systemd: uninstall-sysconfig
|
2011-12-08 13:30:24 +00:00
|
|
|
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirt-guests.service
|
build: follow directory install conventions
Commit 4d9e51f6 fixed a 'make uninstall' failure, but failed
to follow other conventions already present in src/Makefile.am.
In particular, we prefer MKDIR_P over mkdir -p, and should
have a matching rmdir during uninstall for every directory
created during install (the idea being that uninstall in a
DESTDIR should be clean, while installation in the final
system should not fail with non-empty directories left behind).
* tools/Makefile.am (install-sysconfig, install-initscript)
(install-systemd): Use MKDIR_P.
(uninstall-sysconfig, uninstall-initscript, uninstall-systemd):
Also remove directories.
* daemon/Makefile.am (install-data-local, install-data-polkit)
(install-logrotate, install-sysconfig, install-sysctl)
(install-init-redhat, install-init-upstart, install-init-systemd)
(install-data-sasl): Use MKDIR_P.
(uninstall-data-polkit, uninstall-sysconfig, uninstall-sysctl)
(uninstall-init-redhat, uninstall-init-upstart)
(uninstall-init-systemd): Also remove directory.
(uninstall-logrotate): New rule.
(uninstall-local): Add uninstall-logrotate.
2011-12-09 18:06:19 +00:00
|
|
|
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) ||:
|
2011-07-07 13:45:07 +00:00
|
|
|
|
|
|
|
BUILT_SOURCES += libvirt-guests.service
|
|
|
|
|
2013-09-04 02:39:16 +00:00
|
|
|
else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
|
2011-07-07 13:45:07 +00:00
|
|
|
install-systemd:
|
|
|
|
uninstall-systemd:
|
2013-09-04 02:39:16 +00:00
|
|
|
endif ! LIBVIRT_INIT_SCRIPT_SYSTEMD
|
2011-07-07 13:45:07 +00:00
|
|
|
|
|
|
|
libvirt-guests.service: libvirt-guests.service.in $(top_builddir)/config.status
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_V_GEN)sed \
|
|
|
|
-e 's|[@]PACKAGE[@]|$(PACKAGE)|g' \
|
|
|
|
-e 's|[@]bindir[@]|$(bindir)|g' \
|
|
|
|
-e 's|[@]localedir[@]|$(localedir)|g' \
|
|
|
|
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
|
|
|
|
-e 's|[@]sbindir[@]|$(sbindir)|g' \
|
|
|
|
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
|
|
|
|
-e 's|[@]libexecdir[@]|$(libexecdir)|g' \
|
|
|
|
< $< > $@-t && \
|
2011-07-07 13:45:07 +00:00
|
|
|
mv $@-t $@
|
2010-08-25 12:07:26 +00:00
|
|
|
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2017-11-02 13:41:53 +00:00
|
|
|
if WITH_BASH_COMPLETION
|
|
|
|
install-bash-completion:
|
|
|
|
$(MKDIR_P) "$(DESTDIR)$(BASH_COMPLETIONS_DIR)"
|
|
|
|
$(INSTALL_SCRIPT) $(srcdir)/bash-completion/vsh \
|
|
|
|
"$(DESTDIR)$(BASH_COMPLETIONS_DIR)/vsh"
|
2018-01-24 15:42:00 +00:00
|
|
|
( cd $(DESTDIR)$(BASH_COMPLETIONS_DIR) && \
|
2018-01-31 17:30:55 +00:00
|
|
|
rm -f virsh virt-admin && \
|
2018-01-24 15:42:00 +00:00
|
|
|
$(LN_S) vsh virsh && \
|
|
|
|
$(LN_S) vsh virt-admin )
|
2017-11-02 13:41:53 +00:00
|
|
|
|
|
|
|
uninstall-bash-completion:
|
2018-01-24 15:42:00 +00:00
|
|
|
rm -f $(DESTDIR)$(BASH_COMPLETIONS_DIR)/vsh \
|
|
|
|
$(DESTDIR)$(BASH_COMPLETIONS_DIR)/virsh \
|
|
|
|
$(DESTDIR)$(BASH_COMPLETIONS_DIR)/virt-admin
|
2017-11-02 13:41:53 +00:00
|
|
|
rmdir $(DESTDIR)$(BASH_COMPLETIONS_DIR) ||:
|
|
|
|
else ! WITH_BASH_COMPLETION
|
|
|
|
install-bash-completion:
|
|
|
|
uninstall-bash-completion:
|
|
|
|
endif ! WITH_BASH_COMPLETION
|
|
|
|
|
|
|
|
|
2019-02-08 08:10:24 +00:00
|
|
|
EXTRA_DIST += wireshark/util/genxdrstub.pl
|
2016-01-10 20:35:36 +00:00
|
|
|
|
|
|
|
if WITH_WIRESHARK_DISSECTOR
|
|
|
|
|
|
|
|
ws_plugin_LTLIBRARIES = wireshark/src/libvirt.la
|
2017-11-16 13:34:31 +00:00
|
|
|
wireshark_src_libvirt_la_CFLAGS = \
|
2017-11-16 13:24:45 +00:00
|
|
|
-I wireshark/src $(WIRESHARK_DISSECTOR_CFLAGS) $(XDR_CFLAGS)
|
2016-01-10 20:35:36 +00:00
|
|
|
wireshark_src_libvirt_la_LDFLAGS = -avoid-version -module
|
|
|
|
wireshark_src_libvirt_la_SOURCES = \
|
|
|
|
wireshark/src/packet-libvirt.h \
|
2019-02-08 08:10:24 +00:00
|
|
|
wireshark/src/packet-libvirt.c \
|
|
|
|
wireshark/src/plugin.c
|
2016-01-10 20:35:36 +00:00
|
|
|
|
|
|
|
wireshark/src/packet-libvirt.c: wireshark/src/packet-libvirt.h \
|
|
|
|
wireshark/src/libvirt/protocol.h
|
|
|
|
|
|
|
|
WS_DISSECTOR_PROTO_FILES = \
|
|
|
|
$(abs_top_srcdir)/src/remote/remote_protocol.x \
|
|
|
|
$(abs_top_srcdir)/src/remote/qemu_protocol.x \
|
|
|
|
$(abs_top_srcdir)/src/remote/lxc_protocol.x \
|
|
|
|
$(abs_top_srcdir)/src/rpc/virkeepaliveprotocol.x
|
|
|
|
|
|
|
|
wireshark/src/libvirt/protocol.h: wireshark/util/genxdrstub.pl \
|
|
|
|
$(WS_DISSECTOR_PROTO_FILES)
|
2017-08-04 17:12:13 +00:00
|
|
|
$(AM_V_GEN)$(MKDIR_P) wireshark/src/libvirt && \
|
2016-01-10 20:35:36 +00:00
|
|
|
cd wireshark/src && \
|
|
|
|
LIBVIRT_VERSION=$(LIBVIRT_VERSION) \
|
|
|
|
$(PERL) $(abs_top_srcdir)/tools/wireshark/util/genxdrstub.pl \
|
|
|
|
$(WS_DISSECTOR_PROTO_FILES)
|
|
|
|
|
|
|
|
endif WITH_WIRESHARK_DISSECTOR
|
|
|
|
|
2016-03-27 18:07:10 +00:00
|
|
|
if WITH_BSD_NSS
|
|
|
|
LIBVIRT_NSS_SYMBOL_FILE = \
|
|
|
|
$(srcdir)/nss/libvirt_nss_bsd.syms
|
2016-11-29 12:48:53 +00:00
|
|
|
LIBVIRT_GUEST_NSS_SYMBOL_FILE = \
|
|
|
|
$(LIBVIRT_NSS_SYMBOL_FILE)
|
2016-03-27 18:07:10 +00:00
|
|
|
NSS_SO_VER = 1
|
|
|
|
|
2016-04-20 08:14:23 +00:00
|
|
|
install-nss:
|
2016-04-20 17:24:22 +00:00
|
|
|
( cd $(DESTDIR)$(libdir) && \
|
2016-04-21 11:16:56 +00:00
|
|
|
rm -f nss_libvirt.so.$(NSS_SO_VER) && \
|
2016-11-29 12:48:53 +00:00
|
|
|
$(LN_S) libnss_libvirt.so.$(NSS_SO_VER) nss_libvirt.so.$(NSS_SO_VER) && \
|
|
|
|
rm -f nss_libvirt_guest.so.$(NSS_SO_VER) && \
|
|
|
|
$(LN_S) libnss_libvirt_guest.so.$(NSS_SO_VER) \
|
|
|
|
nss_libvirt_guest.so.$(NSS_SO_VER))
|
2016-03-27 18:07:10 +00:00
|
|
|
|
2016-04-20 08:14:23 +00:00
|
|
|
uninstall-nss:
|
2016-04-19 09:08:48 +00:00
|
|
|
-rm -f $(DESTDIR)$(libdir)/nss_libvirt.so.$(NSS_SO_VER)
|
2016-11-29 12:48:53 +00:00
|
|
|
-rm -f $(DESTDIR)$(libdir)/nss_libvirt_guest.so.$(NSS_SO_VER)
|
2016-03-27 18:07:10 +00:00
|
|
|
else ! WITH_BSD_NSS
|
2016-02-13 08:27:50 +00:00
|
|
|
LIBVIRT_NSS_SYMBOL_FILE = \
|
|
|
|
$(srcdir)/nss/libvirt_nss.syms
|
2016-11-29 12:48:53 +00:00
|
|
|
LIBVIRT_GUEST_NSS_SYMBOL_FILE = \
|
|
|
|
$(srcdir)/nss/libvirt_guest_nss.syms
|
2016-03-27 18:07:10 +00:00
|
|
|
NSS_SO_VER = 2
|
2016-04-20 08:14:23 +00:00
|
|
|
|
|
|
|
install-nss:
|
|
|
|
uninstall-nss:
|
2016-03-27 18:07:10 +00:00
|
|
|
endif ! WITH_BSD_NSS
|
2016-02-13 08:27:50 +00:00
|
|
|
|
|
|
|
LIBVIRT_NSS_SOURCES = \
|
2017-11-03 12:09:47 +00:00
|
|
|
nss/libvirt_nss.c \
|
2019-07-31 09:40:39 +00:00
|
|
|
nss/libvirt_nss.h \
|
|
|
|
nss/libvirt_nss_leases.c \
|
|
|
|
nss/libvirt_nss_leases.h \
|
|
|
|
$(NULL)
|
2016-02-13 08:27:50 +00:00
|
|
|
|
2016-03-19 16:56:02 +00:00
|
|
|
if WITH_NSS
|
2016-02-13 08:27:50 +00:00
|
|
|
noinst_LTLIBRARIES += nss/libnss_libvirt_impl.la
|
|
|
|
nss_libnss_libvirt_impl_la_SOURCES = \
|
|
|
|
$(LIBVIRT_NSS_SOURCES)
|
|
|
|
|
2019-08-08 09:23:26 +00:00
|
|
|
nss_libnss_libvirt_impl_la_CPPFLAGS = $(STANDALONE_CPPFLAGS)
|
2016-02-13 08:27:50 +00:00
|
|
|
nss_libnss_libvirt_impl_la_CFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
-DLIBVIRT_NSS \
|
2019-07-31 09:40:39 +00:00
|
|
|
$(YAJL_CFLAGS) \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_CFLAGS) \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(NULL)
|
2016-02-14 10:38:37 +00:00
|
|
|
|
|
|
|
nss_libnss_libvirt_impl_la_LIBADD = \
|
2019-07-31 13:48:50 +00:00
|
|
|
$(YAJL_LIBS) \
|
|
|
|
$(NULL)
|
2016-02-13 08:27:50 +00:00
|
|
|
|
|
|
|
nss_libnss_libvirt_la_SOURCES =
|
|
|
|
nss_libnss_libvirt_la_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_NSS_SYMBOL_FILE) \
|
2016-02-13 08:27:50 +00:00
|
|
|
$(AM_LDFLAGS) \
|
|
|
|
-module \
|
|
|
|
-export-dynamic \
|
|
|
|
-avoid-version \
|
|
|
|
-shared \
|
2016-03-27 18:07:10 +00:00
|
|
|
-shrext .so.$(NSS_SO_VER)
|
2016-02-13 08:27:50 +00:00
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
nss_libnss_libvirt_la_LIBADD = \
|
2016-02-13 08:27:50 +00:00
|
|
|
nss/libnss_libvirt_impl.la
|
|
|
|
|
2016-11-29 12:48:53 +00:00
|
|
|
noinst_LTLIBRARIES += nss/libnss_libvirt_guest_impl.la
|
|
|
|
nss_libnss_libvirt_guest_impl_la_SOURCES = \
|
2019-07-31 09:40:39 +00:00
|
|
|
$(LIBVIRT_NSS_SOURCES) \
|
|
|
|
nss/libvirt_nss_macs.h \
|
|
|
|
nss/libvirt_nss_macs.c \
|
|
|
|
$(NULL)
|
2016-11-29 12:48:53 +00:00
|
|
|
|
2019-08-08 09:23:26 +00:00
|
|
|
nss_libnss_libvirt_guest_impl_la_CPPFLAGS = $(STANDALONE_CPPFLAGS)
|
2016-11-29 12:48:53 +00:00
|
|
|
nss_libnss_libvirt_guest_impl_la_CFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
-DLIBVIRT_NSS \
|
|
|
|
-DLIBVIRT_NSS_GUEST \
|
2019-07-31 09:40:39 +00:00
|
|
|
$(YAJL_CFLAGS) \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(AM_CFLAGS) \
|
2017-11-16 13:35:12 +00:00
|
|
|
$(NULL)
|
2016-11-29 12:48:53 +00:00
|
|
|
|
|
|
|
nss_libnss_libvirt_guest_impl_la_LIBADD = \
|
2019-07-31 13:48:50 +00:00
|
|
|
$(YAJL_LIBS) \
|
|
|
|
$(NULL)
|
2016-11-29 12:48:53 +00:00
|
|
|
|
|
|
|
nss_libnss_libvirt_guest_la_SOURCES =
|
|
|
|
nss_libnss_libvirt_guest_la_LDFLAGS = \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_GUEST_NSS_SYMBOL_FILE) \
|
2016-11-29 12:48:53 +00:00
|
|
|
$(AM_LDFLAGS) \
|
|
|
|
-module \
|
|
|
|
-export-dynamic \
|
|
|
|
-avoid-version \
|
|
|
|
-shared \
|
|
|
|
-shrext .so.$(NSS_SO_VER)
|
|
|
|
|
2017-11-03 12:09:47 +00:00
|
|
|
nss_libnss_libvirt_guest_la_LIBADD = \
|
2016-11-29 12:48:53 +00:00
|
|
|
nss/libnss_libvirt_guest_impl.la
|
|
|
|
|
2016-02-13 08:27:50 +00:00
|
|
|
lib_LTLIBRARIES = \
|
2016-11-29 12:48:53 +00:00
|
|
|
nss/libnss_libvirt.la \
|
|
|
|
nss/libnss_libvirt_guest.la
|
2016-02-13 08:27:50 +00:00
|
|
|
|
|
|
|
endif WITH_NSS
|
|
|
|
|
2016-04-09 05:17:14 +00:00
|
|
|
EXTRA_DIST += $(LIBVIRT_NSS_SOURCES) \
|
|
|
|
$(srcdir)/nss/libvirt_nss.syms \
|
2017-11-03 12:09:47 +00:00
|
|
|
$(srcdir)/nss/libvirt_nss_bsd.syms \
|
2016-11-29 12:48:53 +00:00
|
|
|
$(srcdir)/nss/libvirt_guest_nss.syms
|
2016-01-10 20:35:36 +00:00
|
|
|
|
|
|
|
clean-local:
|
|
|
|
-rm -rf wireshark/src/libvirt
|
|
|
|
|
|
|
|
CLEANFILES += $(bin_SCRIPTS)
|
2010-11-17 17:38:59 +00:00
|
|
|
CLEANFILES += *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda *.i *.s
|
2016-04-12 20:05:15 +00:00
|
|
|
CLEANFILES += $(man1_MANS) $(man8_MANS)
|
2009-04-19 15:10:45 +00:00
|
|
|
|
2011-10-11 21:10:17 +00:00
|
|
|
DISTCLEANFILES += $(BUILT_SOURCES)
|
2016-04-13 15:12:24 +00:00
|
|
|
|
|
|
|
MAINTAINERCLEANFILES += $(MANINFILES)
|