Generate CAPABILITIES in a script due to make 4.3

This way we could generate the capabilities in a way that works with every version of make. Changes to list_capabilities are intended to exactly replicate the old behavior. (cherry picked from commit e92da079ca)
2025-03-04 00:14:44 +01:00 · 2020-03-23 15:09:15 +00:00 · 2020-03-23 15:09:15 +00:00 · 0d8e4cda3f
commit 0d8e4cda3f
parent 69651fc656
5 changed files with 17 additions and 16 deletions
--- a/common/Make.rules
+++ b/common/Make.rules
@ -74,19 +74,6 @@ endif
 pod_clean:
 	-rm -f ${MANPAGES} *.[0-9].gz ${HTMLMANPAGES} pod2htm*.tmp

-# =====================
-# generate list of capabilities based on
-# /usr/include/linux/capabilities.h for use in multiple locations in
-# the source tree
-# =====================
-
-# emits defined capabilities in a simple list, e.g. "CAP_NAME CAP_NAME2"
-CAPABILITIES=$(shell echo "\#include <linux/capability.h>" | cpp -dM | LC_ALL=C sed -n -e '/CAP_EMPTY_SET/d' -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$$/CAP_\1/p' | LC_ALL=C sort)
-
-.PHONY: list_capabilities
-list_capabilities: /usr/include/linux/capability.h
-	@echo "$(CAPABILITIES)"
-
 # =====================
 # manpages
 # =====================
--- a/common/list_capabilities.sh
+++ b/common/list_capabilities.sh
@ -0,0 +1,14 @@
+#!/bin/bash -e
+
+# =====================
+# generate list of capabilities based on
+# /usr/include/linux/capabilities.h for use in multiple locations in
+# the source tree
+# =====================
+
+echo "#include <linux/capability.h>" | \
+  cpp -dM | \
+  LC_ALL=C sed -n \
+    -e '/CAP_EMPTY_SET/d' \
+    -e 's/^\#define[ \t]\+CAP_\([A-Z0-9_]\+\)[ \t]\+\([0-9xa-f]\+\)\(.*\)$/CAP_\1/p' | \
+  LC_ALL=C sort
--- a/parser/Makefile
+++ b/parser/Makefile
@ -287,7 +287,7 @@ af_names.h: ../common/list_af_names.sh
 	# cat $@

 cap_names.h: /usr/include/linux/capability.h
-	echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
+	../common/list_capabilities.sh | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@

 tst_lib: lib.c parser.h $(filter-out lib.o, ${TEST_OBJECTS})
 	$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS) $(TEST_LDLIBS)
--- a/utils/Makefile
+++ b/utils/Makefile
@ -80,7 +80,7 @@ clean: pod_clean
 .SILENT: check_severity_db
 check_severity_db: /usr/include/linux/capability.h severity.db
 	# The sed statement is based on the one in the parser's makefile
-	RC=0 ; for cap in ${CAPABILITIES} ; do \
+	RC=0 ; for cap in $(shell ../common/list_capabilities.sh) ; do \
 	    if !  grep -q -w $${cap} severity.db ; then \
 		echo "Warning! capability $${cap} not found in severity.db" ; \
 		RC=1 ; \
--- a/utils/vim/create-apparmor.vim.py
+++ b/utils/vim/create-apparmor.vim.py
@ -45,7 +45,7 @@ def cmd(command, input=None, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, s
    return [sp.returncode, out + outerr]

 # get capabilities list
-(rc, output) = cmd(['make', '-s', '--no-print-directory', 'list_capabilities'])
+(rc, output) = cmd(['../../common/list_capabilities.sh'])
 if rc != 0:
    sys.stderr.write("make list_capabilities failed: " + output)
    exit(rc)