Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Apr 2023 00:25:49 GMT
From:      "Stephen J. Kiernan" <stevek@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 894bcc876da9 - main - sys/modules/Makefile: conditionally add MAC/veriexec modules
Message-ID:  <202304170025.33H0PnOg054504@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by stevek:

URL: https://cgit.FreeBSD.org/src/commit/?id=894bcc876da9390a02789dba31ab5ec5ec90bc33

commit 894bcc876da9390a02789dba31ab5ec5ec90bc33
Author:     Stephen J. Kiernan <stevek@FreeBSD.org>
AuthorDate: 2023-04-16 23:36:07 +0000
Commit:     Stephen J. Kiernan <stevek@FreeBSD.org>
CommitDate: 2023-04-17 00:24:54 +0000

    sys/modules/Makefile: conditionally add MAC/veriexec modules
    
    Only build MAC/veriexec modules when MK_VERIEXEC is yes or we
    are building all modules.
    
    Add VERIEXEC knob to kernel __DEFAULT_NO_OPTIONS
    
    Reviewed by:    sjg
    Obtained from:  Juniper Networks, Inc.
---
 sys/conf/kern.opts.mk | 3 ++-
 sys/modules/Makefile  | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/conf/kern.opts.mk b/sys/conf/kern.opts.mk
index 35ce97fae633..53992a31d07c 100644
--- a/sys/conf/kern.opts.mk
+++ b/sys/conf/kern.opts.mk
@@ -62,7 +62,8 @@ __DEFAULT_NO_OPTIONS = \
     INIT_ALL_ZERO \
     KERNEL_RETPOLINE \
     RATELIMIT \
-    REPRODUCIBLE_BUILD
+    REPRODUCIBLE_BUILD \
+    VERIEXEC
 
 # Some options are totally broken on some architectures. We disable
 # them. If you need to enable them on an experimental basis, you
diff --git a/sys/modules/Makefile b/sys/modules/Makefile
index 71e0be4cce2c..df47f5bf4652 100644
--- a/sys/modules/Makefile
+++ b/sys/modules/Makefile
@@ -588,12 +588,14 @@ _mac_priority=	mac_priority
 _mac_seeotheruids= mac_seeotheruids
 _mac_stub=	mac_stub
 _mac_test=	mac_test
+.if ${MK_VERIEXEC} != "no" || defined(ALL_MODULES)
 _mac_veriexec=	mac_veriexec
 _mac_veriexec_sha1= mac_veriexec_sha1
 _mac_veriexec_sha256= mac_veriexec_sha256
 _mac_veriexec_sha384= mac_veriexec_sha384
 _mac_veriexec_sha512= mac_veriexec_sha512
 .endif
+.endif
 
 .if ${MK_NETGRAPH} != "no" || defined(ALL_MODULES)
 _netgraph=	netgraph

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202304170025.33H0PnOg054504>