d284b82b3e
This doesn't have much effect on the final build, because we link libbasic.a into libsystemd-shared.so, so in the end, all the object built from basic/ end up in libsystemd-shared. And when the static library is linked into binaries, any objects that are included in it but are not used are trimmed. Hence, the size of output artifacts doesn't change: $ du -sb /var/tmp/inst* 54181861 /var/tmp/inst1 (old) 54207441 /var/tmp/inst1s (old split-usr) 54182477 /var/tmp/inst2 (new) 54208041 /var/tmp/inst2s (new split-usr) (The negligible change in size is because libsystemd-shared.so is bigger by a few hundred bytes. I guess it's because symbols are named differently or something like that.) The effect is on the build process, in particular partial builds. This change effectively moves the requirements on some build steps toward the leaves of the dependency tree. Two effects: - when building items that do not depend on libsystemd-shared, we build less stuff for libbasic.a (which wouldn't be used anyway, so it's a net win). - when building items that do depend on libshared, we reduce libbasic.a as a synchronization point, possibly allowing better parallelism. Method: 1. copy list of .h files from src/basic/meson.build to /tmp/basic 2. $ for i in $(grep '.h$' /tmp/basic); do echo $i; git --no-pager grep "include \"$i\"" src/basic/ 'src/lib*' 'src/nss-*' 'src/journal/sd-journal.c' |grep -v "${i%.h}.c";echo ;done | less
68 lines
2.2 KiB
C
68 lines
2.2 KiB
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
|
|
#include <errno.h>
|
|
#include <stdio.h>
|
|
|
|
#include "alloc-util.h"
|
|
#include "extract-word.h"
|
|
#include "securebits.h"
|
|
#include "securebits-util.h"
|
|
#include "string-util.h"
|
|
|
|
int secure_bits_to_string_alloc(int i, char **s) {
|
|
_cleanup_free_ char *str = NULL;
|
|
size_t len;
|
|
int r;
|
|
|
|
assert(s);
|
|
|
|
r = asprintf(&str, "%s%s%s%s%s%s",
|
|
(i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
|
|
(i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
|
|
(i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
|
|
(i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
|
|
(i & (1 << SECURE_NOROOT)) ? "noroot " : "",
|
|
(i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
|
|
if (r < 0)
|
|
return -ENOMEM;
|
|
|
|
len = strlen(str);
|
|
if (len != 0)
|
|
str[len - 1] = '\0';
|
|
|
|
*s = TAKE_PTR(str);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int secure_bits_from_string(const char *s) {
|
|
int secure_bits = 0;
|
|
const char *p;
|
|
int r;
|
|
|
|
for (p = s;;) {
|
|
_cleanup_free_ char *word = NULL;
|
|
|
|
r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
|
|
if (r == -ENOMEM)
|
|
return r;
|
|
if (r <= 0)
|
|
break;
|
|
|
|
if (streq(word, "keep-caps"))
|
|
secure_bits |= 1 << SECURE_KEEP_CAPS;
|
|
else if (streq(word, "keep-caps-locked"))
|
|
secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
|
|
else if (streq(word, "no-setuid-fixup"))
|
|
secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
|
|
else if (streq(word, "no-setuid-fixup-locked"))
|
|
secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
|
|
else if (streq(word, "noroot"))
|
|
secure_bits |= 1 << SECURE_NOROOT;
|
|
else if (streq(word, "noroot-locked"))
|
|
secure_bits |= 1 << SECURE_NOROOT_LOCKED;
|
|
}
|
|
|
|
return secure_bits;
|
|
}
|