Date: Mon, 17 Apr 2023 00:25:49 GMT From: "Stephen J. Kiernan" <stevek@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 894bcc876da9 - main - sys/modules/Makefile: conditionally add MAC/veriexec modules Message-ID: <202304170025.33H0PnOg054504@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by stevek: URL: https://cgit.FreeBSD.org/src/commit/?id=894bcc876da9390a02789dba31ab5ec5ec90bc33 commit 894bcc876da9390a02789dba31ab5ec5ec90bc33 Author: Stephen J. Kiernan <stevek@FreeBSD.org> AuthorDate: 2023-04-16 23:36:07 +0000 Commit: Stephen J. Kiernan <stevek@FreeBSD.org> CommitDate: 2023-04-17 00:24:54 +0000 sys/modules/Makefile: conditionally add MAC/veriexec modules Only build MAC/veriexec modules when MK_VERIEXEC is yes or we are building all modules. Add VERIEXEC knob to kernel __DEFAULT_NO_OPTIONS Reviewed by: sjg Obtained from: Juniper Networks, Inc. --- sys/conf/kern.opts.mk | 3 ++- sys/modules/Makefile | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk index 35ce97fae633..53992a31d07c 100644 --- a/sys/conf/kern.opts.mk +++ b/sys/conf/kern.opts.mk @@ -62,7 +62,8 @@ __DEFAULT_NO_OPTIONS = \ INIT_ALL_ZERO \ KERNEL_RETPOLINE \ RATELIMIT \ - REPRODUCIBLE_BUILD + REPRODUCIBLE_BUILD \ + VERIEXEC # Some options are totally broken on some architectures. We disable # them. If you need to enable them on an experimental basis, you diff --git a/sys/modules/Makefile b/sys/modules/Makefile index 71e0be4cce2c..df47f5bf4652 100644 --- a/sys/modules/Makefile +++ b/sys/modules/Makefile @@ -588,12 +588,14 @@ _mac_priority= mac_priority _mac_seeotheruids= mac_seeotheruids _mac_stub= mac_stub _mac_test= mac_test +.if ${MK_VERIEXEC} != "no" || defined(ALL_MODULES) _mac_veriexec= mac_veriexec _mac_veriexec_sha1= mac_veriexec_sha1 _mac_veriexec_sha256= mac_veriexec_sha256 _mac_veriexec_sha384= mac_veriexec_sha384 _mac_veriexec_sha512= mac_veriexec_sha512 .endif +.endif .if ${MK_NETGRAPH} != "no" || defined(ALL_MODULES) _netgraph= netgraph
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304170025.33H0PnOg054504>