From owner-freebsd-arch@FreeBSD.ORG Tue Sep 3 13:37:35 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id F2750187 for ; Tue, 3 Sep 2013 13:37:34 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 6CB2A2CC5 for ; Tue, 3 Sep 2013 13:37:34 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 70CC645B0 for ; Tue, 3 Sep 2013 13:37:33 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 7ED1133A24; Tue, 3 Sep 2013 15:37:04 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: freebsd-arch@freebsd.org Subject: /usr/lib/private Date: Tue, 03 Sep 2013 15:37:04 +0200 Message-ID: <86zjrut4an.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Sep 2013 13:37:35 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The attached patch introduces a mechanism for installing libraries into /usr/lib/private, which is not in the standard rtld search path, and setting -rpath accordingly for programs and libraries that need one of those libraries. Private libraries are meant for internal use only and need to be kept out of the way so they don't conflict with similarly- named libraries installed by ports. The first to go is libssh (which shouldn't even exist, but that's another story). There is one issue this patch does not address: 32-bit binaries which reference private libraries on a 64-bit system won't find them. This can be fixed by having rtld automagically translate /usr/lib/private to /usr/lib32/private when appropriate, which is rather gross. I intend to commit this shortly - it is blocking DNSSEC for FreeBSD 10. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=head-privatelib.diff Index: Makefile.inc1 =================================================================== --- Makefile.inc1 (revision 255069) +++ Makefile.inc1 (working copy) @@ -382,6 +382,7 @@ PATH=${TMPPATH} \ LIBDIR=/usr/lib32 \ SHLIBDIR=/usr/lib32 \ + LIBPRIVATEDIR=/usr/lib32/private \ COMPILER_TYPE=${WMAKE_COMPILER_TYPE} LIB32WMAKEFLAGS+= \ CC="${XCC} ${LIB32FLAGS}" \ Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc (revision 255069) +++ ObsoleteFiles.inc (working copy) @@ -38,6 +38,9 @@ # xargs -n1 | sort | uniq -d; # done +# 20130903: libssh becomes private +OLD_LIBS+=usr/lib/libssh.so.5 +OLD_LIBS+=usr/lib32/libssh.so.5 # 20130829: bsdpatch is patch unconditionally OLD_FILES+=usr/bin/bsdpatch OLD_FILES+=usr/share/man/man1/bsdpatch.1.gz Index: etc/mtree/BSD.usr.dist =================================================================== --- etc/mtree/BSD.usr.dist (revision 255069) +++ etc/mtree/BSD.usr.dist (working copy) @@ -24,6 +24,8 @@ .. i18n .. + private + .. .. lib32 dtrace @@ -30,6 +32,8 @@ .. i18n .. + private + .. .. libdata gcc Index: lib/libldns/Makefile =================================================================== --- lib/libldns/Makefile (revision 255069) +++ lib/libldns/Makefile (working copy) @@ -6,7 +6,7 @@ .PATH: ${LDNSDIR} ${LDNSDIR}/compat LIB= ldns -INTERNALLIB= true +PRIVATELIB= true CFLAGS+= -I${LDNSDIR} Index: lib/libpam/modules/pam_ssh/Makefile =================================================================== --- lib/libpam/modules/pam_ssh/Makefile (revision 255069) +++ lib/libpam/modules/pam_ssh/Makefile (working copy) @@ -15,6 +15,7 @@ DPADD= ${LIBSSH} ${LIBCRYPTO} ${LIBCRYPT} LDADD= -lssh -lcrypto -lcrypt +USEPRIVATELIB= ssh .include Index: secure/lib/libssh/Makefile =================================================================== --- secure/lib/libssh/Makefile (revision 255069) +++ secure/lib/libssh/Makefile (working copy) @@ -3,6 +3,7 @@ .include LIB= ssh +PRIVATELIB= true SHLIB_MAJOR= 5 SRCS= authfd.c authfile.c bufaux.c bufbn.c buffer.c \ canohost.c channels.c cipher.c cipher-aes.c \ Index: secure/libexec/sftp-server/Makefile =================================================================== --- secure/libexec/sftp-server/Makefile (revision 255069) +++ secure/libexec/sftp-server/Makefile (working copy) @@ -10,6 +10,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/libexec/ssh-keysign/Makefile =================================================================== --- secure/libexec/ssh-keysign/Makefile (revision 255069) +++ secure/libexec/ssh-keysign/Makefile (working copy) @@ -8,6 +8,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/libexec/ssh-pkcs11-helper/Makefile =================================================================== --- secure/libexec/ssh-pkcs11-helper/Makefile (revision 255069) +++ secure/libexec/ssh-pkcs11-helper/Makefile (working copy) @@ -8,6 +8,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.bin/scp/Makefile =================================================================== --- secure/usr.bin/scp/Makefile (revision 255069) +++ secure/usr.bin/scp/Makefile (working copy) @@ -9,6 +9,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.bin/sftp/Makefile =================================================================== --- secure/usr.bin/sftp/Makefile (revision 255069) +++ secure/usr.bin/sftp/Makefile (working copy) @@ -9,6 +9,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} ${LIBEDIT} ${LIBNCURSES} LDADD= -lssh -lcrypt -lcrypto -lz -ledit -lncurses +USEPRIVATELIB= ssh .include Index: secure/usr.bin/ssh/Makefile =================================================================== --- secure/usr.bin/ssh/Makefile (revision 255069) +++ secure/usr.bin/ssh/Makefile (working copy) @@ -18,6 +18,7 @@ DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} LDADD= -lssh -lutil -lz +USEPRIVATELIB= ssh .if ${MK_KERBEROS_SUPPORT} != "no" CFLAGS+= -DGSSAPI -DHAVE_GSSAPI_GSSAPI_H=1 -DKRB5 -DHEIMDAL Index: secure/usr.bin/ssh-add/Makefile =================================================================== --- secure/usr.bin/ssh-add/Makefile (revision 255069) +++ secure/usr.bin/ssh-add/Makefile (working copy) @@ -9,6 +9,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.bin/ssh-agent/Makefile =================================================================== --- secure/usr.bin/ssh-agent/Makefile (revision 255069) +++ secure/usr.bin/ssh-agent/Makefile (working copy) @@ -9,6 +9,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.bin/ssh-keygen/Makefile =================================================================== --- secure/usr.bin/ssh-keygen/Makefile (revision 255069) +++ secure/usr.bin/ssh-keygen/Makefile (working copy) @@ -9,6 +9,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.bin/ssh-keyscan/Makefile =================================================================== --- secure/usr.bin/ssh-keyscan/Makefile (revision 255069) +++ secure/usr.bin/ssh-keyscan/Makefile (working copy) @@ -6,6 +6,7 @@ DPADD= ${LIBSSH} ${LIBCRYPT} ${LIBCRYPTO} ${LIBZ} LDADD= -lssh -lcrypt -lcrypto -lz +USEPRIVATELIB= ssh .include Index: secure/usr.sbin/sshd/Makefile =================================================================== --- secure/usr.sbin/sshd/Makefile (revision 255069) +++ secure/usr.sbin/sshd/Makefile (working copy) @@ -27,6 +27,7 @@ DPADD= ${LIBSSH} ${LIBUTIL} ${LIBZ} ${LIBWRAP} ${LIBPAM} LDADD= -lssh -lutil -lz -lwrap ${MINUSLPAM} +USEPRIVATELIB= ssh .if ${MK_AUDIT} != "no" CFLAGS+= -DUSE_BSM_AUDIT -DHAVE_GETAUDIT_ADDR Index: share/mk/bsd.lib.mk =================================================================== --- share/mk/bsd.lib.mk (revision 255069) +++ share/mk/bsd.lib.mk (working copy) @@ -119,16 +119,24 @@ all: objwarn +.if defined(PRIVATELIB) +_LIBDIR:=${LIBPRIVATEDIR} +_SHLIBDIR:=${LIBPRIVATEDIR} +.else +_LIBDIR:=${LIBDIR} +_SHLIBDIR:=${SHLIBDIR} +.endif + .if defined(SHLIB_NAME) .if ${MK_DEBUG_FILES} != "no" SHLIB_NAME_FULL=${SHLIB_NAME}.full # Use ${DEBUGDIR} for base system debug files, else .debug subdirectory -.if ${SHLIBDIR} == "/boot" ||\ +.if ${_SHLIBDIR} == "/boot" ||\ ${SHLIBDIR:C%/lib(/.*)?$%/lib%} == "/lib" ||\ ${SHLIBDIR:C%/usr/lib(32)?(/.*)?%/usr/lib%} == "/usr/lib" -DEBUGFILEDIR=${DEBUGDIR}${SHLIBDIR} +DEBUGFILEDIR=${DEBUGDIR}${_SHLIBDIR} .else -DEBUGFILEDIR=${SHLIBDIR}/.debug +DEBUGFILEDIR=${_SHLIBDIR}/.debug DEBUGMKDIR= .endif .else @@ -145,6 +153,10 @@ LDFLAGS+= -Wl,--version-script=${VERSION_MAP} .endif +.if defined(USEPRIVATELIB) +LDFLAGS+= -L${_SHLIBDIRPREFIX}${LIBPRIVATEDIR} -rpath ${LIBPRIVATEDIR} +.endif + .if defined(LIB) && !empty(LIB) || defined(SHLIB_NAME) OBJS+= ${SRCS:N*.h:R:S/$/.o/} .endif @@ -291,16 +303,16 @@ _libinstall: .if defined(LIB) && !empty(LIB) && ${MK_INSTALLLIB} != "no" ${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ - ${_INSTALLFLAGS} lib${LIB}.a ${DESTDIR}${LIBDIR} + ${_INSTALLFLAGS} lib${LIB}.a ${DESTDIR}${_LIBDIR} .endif .if ${MK_PROFILE} != "no" && defined(LIB) && !empty(LIB) ${INSTALL} -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ - ${_INSTALLFLAGS} lib${LIB}_p.a ${DESTDIR}${LIBDIR} + ${_INSTALLFLAGS} lib${LIB}_p.a ${DESTDIR}${_LIBDIR} .endif .if defined(SHLIB_NAME) ${INSTALL} ${STRIP} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${_INSTALLFLAGS} ${_SHLINSTALLFLAGS} \ - ${SHLIB_NAME} ${DESTDIR}${SHLIBDIR} + ${SHLIB_NAME} ${DESTDIR}${_SHLIBDIR} .if ${MK_DEBUG_FILES} != "no" .if defined(DEBUGMKDIR) ${INSTALL} -T debug -d ${DESTDIR}${DEBUGFILEDIR} @@ -328,23 +340,23 @@ # installworld; in the later case ${_LDSCRIPTROOT} must be obviously empty # because on the target system, libraries are meant to be looked up from /. .if defined(SHLIB_LDSCRIPT) && !empty(SHLIB_LDSCRIPT) && exists(${.CURDIR}/${SHLIB_LDSCRIPT}) - sed -e 's,@@SHLIB@@,${_LDSCRIPTROOT}${SHLIBDIR}/${SHLIB_NAME},g' \ - -e 's,@@LIBDIR@@,${_LDSCRIPTROOT}${LIBDIR},g' \ - ${.CURDIR}/${SHLIB_LDSCRIPT} > ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld + sed -e 's,@@SHLIB@@,${_LDSCRIPTROOT}${_SHLIBDIR}/${SHLIB_NAME},g' \ + -e 's,@@LIBDIR@@,${_LDSCRIPTROOT}${_LIBDIR},g' \ + ${.CURDIR}/${SHLIB_LDSCRIPT} > ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld ${INSTALL} -S -C -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ - ${_INSTALLFLAGS} ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld \ - ${DESTDIR}${LIBDIR}/${SHLIB_LINK} - rm -f ${DESTDIR}${LIBDIR}/${SHLIB_LINK:R}.ld + ${_INSTALLFLAGS} ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld \ + ${DESTDIR}${_LIBDIR}/${SHLIB_LINK} + rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_LINK:R}.ld .else -.if ${SHLIBDIR} == ${LIBDIR} - ${INSTALL_SYMLINK} ${SHLIB_NAME} ${DESTDIR}${LIBDIR}/${SHLIB_LINK} +.if ${_SHLIBDIR} == ${_LIBDIR} + ${INSTALL_SYMLINK} ${SHLIB_NAME} ${DESTDIR}${_LIBDIR}/${SHLIB_LINK} .else - ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${SHLIBDIR}/${SHLIB_NAME} \ - ${DESTDIR}${LIBDIR}/${SHLIB_LINK} -.if exists(${DESTDIR}${LIBDIR}/${SHLIB_NAME}) - -chflags noschg ${DESTDIR}${LIBDIR}/${SHLIB_NAME} - rm -f ${DESTDIR}${LIBDIR}/${SHLIB_NAME} + ${INSTALL_SYMLINK} ${_SHLIBDIRPREFIX}${_SHLIBDIR}/${SHLIB_NAME} \ + ${DESTDIR}${_LIBDIR}/${SHLIB_LINK} +.if exists(${DESTDIR}${_LIBDIR}/${SHLIB_NAME}) + -chflags noschg ${DESTDIR}${_LIBDIR}/${SHLIB_NAME} + rm -f ${DESTDIR}${_LIBDIR}/${SHLIB_NAME} .endif .endif .endif # SHLIB_LDSCRIPT @@ -352,7 +364,7 @@ .endif # SHIB_NAME .if defined(INSTALL_PIC_ARCHIVE) && defined(LIB) && !empty(LIB) && ${MK_TOOLCHAIN} != "no" ${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ - ${_INSTALLFLAGS} lib${LIB}_pic.a ${DESTDIR}${LIBDIR} + ${_INSTALLFLAGS} lib${LIB}_pic.a ${DESTDIR}${_LIBDIR} .endif .if defined(WANT_LINT) && !defined(NO_LINT) && defined(LIB) && !empty(LIB) ${INSTALL} -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ Index: share/mk/bsd.libnames.mk =================================================================== --- share/mk/bsd.libnames.mk (revision 255069) +++ share/mk/bsd.libnames.mk (working copy) @@ -87,7 +87,7 @@ LIBKVM?= ${DESTDIR}${LIBDIR}/libkvm.a LIBL?= ${DESTDIR}${LIBDIR}/libl.a .if ${MK_LDNS} != "no" -LIBLDNS?= ${DESTDIR}${LIBDIR}/libldns.a +LIBLDNS?= ${DESTDIR}${LIBPRIVATEDIR}/libldns.a .endif LIBLN?= "don't use LIBLN, use LIBL" .if ${MK_BIND} != "no" @@ -150,7 +150,7 @@ LIBSBUF?= ${DESTDIR}${LIBDIR}/libsbuf.a LIBSDP?= ${DESTDIR}${LIBDIR}/libsdp.a LIBSMB?= ${DESTDIR}${LIBDIR}/libsmb.a -LIBSSH?= ${DESTDIR}${LIBDIR}/libssh.a +LIBSSH?= ${DESTDIR}${LIBPRIVATEDIR}/libssh.a LIBSSL?= ${DESTDIR}${LIBDIR}/libssl.a LIBSTAND?= ${DESTDIR}${LIBDIR}/libstand.a LIBSTDCPLUSPLUS?= ${DESTDIR}${LIBDIR}/libstdc++.a Index: share/mk/bsd.own.mk =================================================================== --- share/mk/bsd.own.mk (revision 255069) +++ share/mk/bsd.own.mk (working copy) @@ -28,6 +28,8 @@ # # LIBCOMPATDIR Base path for compat libraries. [/usr/lib/compat] # +# LIBPRIVATEDIR Base path for private libraries. [/usr/lib/private] +# # LIBDATADIR Base path for misc. utility data files. [/usr/libdata] # # LIBEXECDIR Base path for system daemons and utilities. [/usr/libexec] @@ -144,6 +146,7 @@ LIBDIR?= /usr/lib LIBCOMPATDIR?= /usr/lib/compat +LIBPRIVATEDIR?= /usr/lib/private LIBDATADIR?= /usr/libdata LIBEXECDIR?= /usr/libexec LINTLIBDIR?= /usr/libdata/lint Index: share/mk/bsd.prog.mk =================================================================== --- share/mk/bsd.prog.mk (revision 255069) +++ share/mk/bsd.prog.mk (working copy) @@ -52,6 +52,10 @@ LDFLAGS+= -static .endif +.if defined(USEPRIVATELIB) +LDFLAGS+= -L${_SHLIBDIRPREFIX}${LIBPRIVATEDIR} -rpath ${LIBPRIVATEDIR} +.endif + .if ${MK_DEBUG_FILES} != "no" PROG_FULL=${PROG}.full # Use ${DEBUGDIR} for base system debug files, else .debug subdirectory --=-=-=--