If we append CFLAGS to the ones passed via command line (if any),
-D options we append will override -D options passed on command line
(if any).
For example, OpenSUSE build flags include -D_FORTIFY_SOURCE=3, and we
want to have -D_FORTIFY_SOURCE=2, if and only if not overridden. The
current behaviour implies we redefine _FORTIFY_SOURCE as 2, though.
Instead of appending CFLAGS, prepend them by adding all the default
build flags to another variable, a simply expanded one (defined with
:=), named FLAGS, and pass that *before* CFLAGS in targets, so that
defines from command line can override default flags.
Reported-by: Dario Faggioli <dfaggioli(a)suse.com>
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
---
Makefile | 49 +++++++++++++++++++++++++------------------------
1 file changed, 25 insertions(+), 24 deletions(-)
diff --git a/Makefile b/Makefile
index af3d1ff..6805c23 100644
--- a/Makefile
+++ b/Makefile
@@ -23,13 +23,13 @@ AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed
's/I[456]86/I386/')
AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed 's/PPC64/PPC/')
AUDIT_ARCH := $(shell echo $(AUDIT_ARCH) | sed 's/PPCLE/PPC64LE/')
-CFLAGS += -Wall -Wextra -pedantic -std=c99 -D_XOPEN_SOURCE=700 -D_GNU_SOURCE
-CFLAGS += -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE
-CFLAGS += -DPAGE_SIZE=$(shell getconf PAGE_SIZE)
-CFLAGS += -DNETNS_RUN_DIR=\"/run/netns\"
-CFLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(AUDIT_ARCH)
-CFLAGS += -DRLIMIT_STACK_VAL=$(RLIMIT_STACK_VAL)
-CFLAGS += -DARCH=\"$(TARGET_ARCH)\"
+FLAGS := -Wall -Wextra -pedantic -std=c99 -D_XOPEN_SOURCE=700 -D_GNU_SOURCE
+FLAGS += -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE
+FLAGS += -DPAGE_SIZE=$(shell getconf PAGE_SIZE)
+FLAGS += -DNETNS_RUN_DIR=\"/run/netns\"
+FLAGS += -DPASST_AUDIT_ARCH=AUDIT_ARCH_$(AUDIT_ARCH)
+FLAGS += -DRLIMIT_STACK_VAL=$(RLIMIT_STACK_VAL)
+FLAGS += -DARCH=\"$(TARGET_ARCH)\"
PASST_SRCS = arch.c arp.c checksum.c conf.c dhcp.c dhcpv6.c icmp.c igmp.c \
isolation.c lineread.c mld.c ndp.c netlink.c packet.c passt.c pasta.c \
@@ -50,36 +50,36 @@ HEADERS = $(PASST_HEADERS)
# from the pointer arithmetic used from the tcp_tap_handler() path to get the
# remote connection address.
ifeq ($(shell $(CC) -dumpversion),11)
-ifneq (,$(filter -flto%,$(CFLAGS)))
-ifneq (,$(filter -O2,$(CFLAGS)))
- CFLAGS += -DTCP_HASH_NOINLINE
- CFLAGS += -DSIPHASH_20B_NOINLINE
+ifneq (,$(filter -flto%,$(FLAGS) $(CFLAGS)))
+ifneq (,$(filter -O2,$(FLAGS) $(CFLAGS)))
+ FLAGS += -DTCP_HASH_NOINLINE
+ FLAGS += -DSIPHASH_20B_NOINLINE
endif
endif
endif
C := \#include <linux/tcp.h>\nstruct tcp_info x = { .tcpi_snd_wnd = 0 };
ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1;
echo $$?),0)
- CFLAGS += -DHAS_SND_WND
+ FLAGS += -DHAS_SND_WND
endif
C := \#include <linux/tcp.h>\nstruct tcp_info x = { .tcpi_bytes_acked = 0 };
ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1;
echo $$?),0)
- CFLAGS += -DHAS_BYTES_ACKED
+ FLAGS += -DHAS_BYTES_ACKED
endif
C := \#include <linux/tcp.h>\nstruct tcp_info x = { .tcpi_min_rtt = 0 };
ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1;
echo $$?),0)
- CFLAGS += -DHAS_MIN_RTT
+ FLAGS += -DHAS_MIN_RTT
endif
C := \#include <sys/random.h>\nint main(){int a=getrandom(0, 0, 0);}
ifeq ($(shell printf "$(C)" | $(CC) -S -xc - -o - >/dev/null 2>&1;
echo $$?),0)
- CFLAGS += -DHAS_GETRANDOM
+ FLAGS += -DHAS_GETRANDOM
endif
ifeq ($(shell :|$(CC) -fstack-protector-strong -S -xc - -o - >/dev/null 2>&1;
echo $$?),0)
- CFLAGS += -fstack-protector-strong
+ FLAGS += -fstack-protector-strong
endif
prefix ?= /usr/local
@@ -98,18 +98,19 @@ endif
all: $(BIN) $(MANPAGES) docs
-static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS
+static: FLAGS += -static -DGLIBC_NO_STATIC_NSS
static: clean all
seccomp.h: $(PASST_SRCS) $(PASST_HEADERS)
@ EXTRA_SYSCALLS=$(EXTRA_SYSCALLS) ./seccomp.sh $^
passt: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
- $(CC) $(CFLAGS) $(PASST_SRCS) -o passt $(LDFLAGS)
+ $(CC) $(FLAGS) $(CFLAGS) $(PASST_SRCS) -o passt $(LDFLAGS)
-passt.avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
+passt.avx2: FLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops
passt.avx2: $(PASST_SRCS) $(PASST_HEADERS) seccomp.h
- $(CC) $(filter-out -O2,$(CFLAGS)) $(PASST_SRCS) -o passt.avx2 $(LDFLAGS)
+ $(CC) $(filter-out -O2,$(FLAGS) $(CFLAGS)) \
+ $(PASST_SRCS) -o passt.avx2 $(LDFLAGS)
passt.avx2: passt
@@ -117,12 +118,12 @@ pasta.avx2 pasta.1 pasta: pasta%: passt%
ln -s $< $@
qrap: $(QRAP_SRCS) passt.h
- $(CC) $(CFLAGS) $(QRAP_SRCS) -o qrap $(LDFLAGS)
+ $(CC) $(FLAGS) $(CFLAGS) $(QRAP_SRCS) -o qrap $(LDFLAGS)
valgrind: EXTRA_SYSCALLS="rt_sigprocmask rt_sigtimedwait rt_sigaction \
getpid gettid kill clock_gettime mmap munmap open \
unlink gettimeofday futex"
-valgrind: CFLAGS:=-g -O0 $(filter-out -O%,$(CFLAGS))
+valgrind: FLAGS:=-g -O0 $(filter-out -O%,$(FLAGS))
valgrind: all
.PHONY: clean
@@ -261,7 +262,7 @@ clang-tidy: $(SRCS) $(HEADERS)
-altera-struct-pack-align,\
-concurrency-mt-unsafe \
-config='{CheckOptions: [{key:
bugprone-suspicious-string-compare.WarnOnImplicitComparison, value:
"false"}]}' \
- --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(CFLAGS))
+ --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(FLAGS) $(CFLAGS))
ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"),1)
TARGET := $(shell ${CC} -v 2>&1 | sed -n 's/Target: \(.*\)/\1/p')
@@ -304,5 +305,5 @@ cppcheck: $(SRCS) $(HEADERS)
--suppress=unmatchedSuppression:udp.c \
--suppress=unmatchedSuppression:util.c \
--suppress=unmatchedSuppression:util.h \
- $(filter -D%,$(CFLAGS)) \
+ $(filter -D%,$(FLAGS) $(CFLAGS)) \
.
--
2.35.1
Hello everyone, And thanks Stefano for the patch! On Wed, 2022-09-14 at 15:45 +0200, Stefano Brivio wrote:If we append CFLAGS to the ones passed via command line (if any), -D options we append will override -D options passed on command line (if any). For example, OpenSUSE build flags include -D_FORTIFY_SOURCE=3, and we want to have -D_FORTIFY_SOURCE=2, if and only if not overridden. The current behaviour implies we redefine _FORTIFY_SOURCE as 2, though. Instead of appending CFLAGS, prepend them by adding all the default build flags to another variable, a simply expanded one (defined with :=), named FLAGS, and pass that *before* CFLAGS in targets, so that defines from command line can override default flags.Right. In fact, in openSUSE, we try to use _FORTIFY_SOURCE=3 for all the packages, although opting out is possible, if that causes problem or is undesirable for whatever reason. Point is though, that we would like for the CFLAGS that we set from the project configuration in OBS, to be the ones that are actually used. With this patch, this is exactly what happens, as we can see here: [ 31s] + CFLAGS='-O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 - fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables - fstack-clash-protection -Werror=return-type -flto=auto -g' ... [ 32s] cc -Wall -Wextra -pedantic -std=c99 -D_XOPEN_SOURCE=700 - D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE -DPAGE_SIZE=4096 - DNETNS_RUN_DIR=\"/run/netns\" -DPASST_AUDIT_ARCH=AUDIT_ARCH_X86_64 - DRLIMIT_STACK_VAL=8192 -DARCH=\"X86_64\" -DHAS_SND_WND - DHAS_BYTES_ACKED -DHAS_MIN_RTT -DHAS_GETRANDOM -fstack-protector-strong -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector- strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash- protection -Werror=return-type -flto=auto -g qrap.c -o qrap -flto=auto Which is in fact what I want. So I guess the patch can have...Reported-by: Dario Faggioli <dfaggioli(a)suse.com> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>... Tested-by: Dario Faggioli <dfaggioli(a)suse.com> (If that's useful :-). AFAICS, the patch is not yet committed. I've therefore added it as a downstream one in my passt package on OBS: https://build.opensuse.org/package/show/home:dfaggioli:devel/passt I've also submitted the package to the Virtualization:containers Devel Project: https://build.opensuse.org/request/show/1005013 https://en.opensuse.org/openSUSE:Factory_development_model https://en.opensuse.org/openSUSE:How_to_contribute_to_Factory If/When it's accepted there, I'll proceed and file a request for putting it in "Factory", which will then mean that it will be available in openSUSE Tumbleweed's official repository. Thanks again and Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)
Hi Dario, On Tue, 20 Sep 2022 22:51:49 +0200 Dario Faggioli <dfaggioli(a)suse.com> wrote:Hello everyone, And thanks Stefano for the patch! On Wed, 2022-09-14 at 15:45 +0200, Stefano Brivio wrote:Indeed it's useful, thanks for testing! I wasn't entirely sure it would work on OBS.If we append CFLAGS to the ones passed via command line (if any), -D options we append will override -D options passed on command line (if any). For example, OpenSUSE build flags include -D_FORTIFY_SOURCE=3, and we want to have -D_FORTIFY_SOURCE=2, if and only if not overridden. The current behaviour implies we redefine _FORTIFY_SOURCE as 2, though. Instead of appending CFLAGS, prepend them by adding all the default build flags to another variable, a simply expanded one (defined with :=), named FLAGS, and pass that *before* CFLAGS in targets, so that defines from command line can override default flags.Right. In fact, in openSUSE, we try to use _FORTIFY_SOURCE=3 for all the packages, although opting out is possible, if that causes problem or is undesirable for whatever reason. Point is though, that we would like for the CFLAGS that we set from the project configuration in OBS, to be the ones that are actually used. With this patch, this is exactly what happens, as we can see here: [ 31s] + CFLAGS='-O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 - fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables - fstack-clash-protection -Werror=return-type -flto=auto -g' ... [ 32s] cc -Wall -Wextra -pedantic -std=c99 -D_XOPEN_SOURCE=700 - D_GNU_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pie -fPIE -DPAGE_SIZE=4096 - DNETNS_RUN_DIR=\"/run/netns\" -DPASST_AUDIT_ARCH=AUDIT_ARCH_X86_64 - DRLIMIT_STACK_VAL=8192 -DARCH=\"X86_64\" -DHAS_SND_WND - DHAS_BYTES_ACKED -DHAS_MIN_RTT -DHAS_GETRANDOM -fstack-protector-strong -O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -fstack-protector- strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash- protection -Werror=return-type -flto=auto -g qrap.c -o qrap -flto=auto Which is in fact what I want. So I guess the patch can have...Reported-by: Dario Faggioli <dfaggioli(a)suse.com> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>... Tested-by: Dario Faggioli <dfaggioli(a)suse.com> (If that's useful :-).AFAICS, the patch is not yet committed. I've therefore added it as a downstream one in my passt package on OBS: https://build.opensuse.org/package/show/home:dfaggioli:devel/passtRight, I haven't pushed this one yet. I'm still trying to sort some remaining issues with pending changes in the test suite this week. It should go in soon, I'll let you know once it does.I've also submitted the package to the Virtualization:containers Devel Project: https://build.opensuse.org/request/show/1005013 https://en.opensuse.org/openSUSE:Factory_development_model https://en.opensuse.org/openSUSE:How_to_contribute_to_Factory If/When it's accepted there, I'll proceed and file a request for putting it in "Factory", which will then mean that it will be available in openSUSE Tumbleweed's official repository.Thanks a lot for the package and for the update! -- Stefano
On Wed, 21 Sep 2022 16:40:38 +0200 Stefano Brivio <sbrivio(a)redhat.com> wrote:On Tue, 20 Sep 2022 22:51:49 +0200 Dario Faggioli <dfaggioli(a)suse.com> wrote: [...]Pushed right now. -- StefanoAFAICS, the patch is not yet committed. I've therefore added it as a downstream one in my passt package on OBS: https://build.opensuse.org/package/show/home:dfaggioli:devel/passtRight, I haven't pushed this one yet. I'm still trying to sort some remaining issues with pending changes in the test suite this week. It should go in soon, I'll let you know once it does.