# The path to the alternative, ASR-rerandomized system service binaries.
# The path used here is typically a symlink into /usr for size reasons.
-# As of writing, the only way to create these sets of binaries is by means
-# of the host-side "minix/llvm/clientctl buildasr" command.
SERVICE_ASR_PATH=$SERVICE_PATH/asr
# A space-separated list of labels not to update in any case. The list
# we avoid potential problems with gaps between the numbers by
# stopping at the first number for which no binary is present.
total=1
- while [ -f $SERVICE_ASR_PATH/$total/$filename ]; do
+ while [ -f $SERVICE_ASR_PATH/$filename-$total ]; do
total=$(($total + 1))
done
if [ $count -eq 0 ]; then
binary=$SERVICE_PATH/$filename
else
- binary=$SERVICE_ASR_PATH/$count/$filename
+ binary=$SERVICE_ASR_PATH/$filename-$count
fi
# Check whether the live update should use a state other than the
# Perform the live update. The update may legitimately fail if the
# service is not in the right state. TODO: report transient errors
# as debugging output only.
- service -a update $binary -label $label -asr-count $count \
- $state $maxtime
+ service -a update $binary -progname $filename -label $label \
+ -asr-count $count $state $maxtime
error=$?
if [ $error -eq 0 ]; then
debug "updated $label to number $count, total $total"
if [ ${ASR_HACK} -eq 1 ]
then
# Hacky workaround for ASR-randomized service binaries since they don't get nicely packaged in a tarball
- # add any generated ASR-randomized service binaries (but not their root directory, which is already there)
+ # add any generated ASR-randomized service binaries
# TODO: apply stricter file permissions for both these and the base /service binaries, against local attacks
- (cd ${DESTDIR} && find ./usr/service/asr -type d | sed '1d;s/$/ type=dir uid=0 gid=0 mode=0755/') >> ${WORK_DIR}/input
(cd ${DESTDIR} && find ./usr/service/asr -type f | sed 's/$/ type=file uid=0 gid=0 mode=0755/') >> ${WORK_DIR}/input
cp -r ${DESTDIR}/usr/service/asr ${ROOT_DIR}/usr/service
fi
#MINIX-specific vars
_MKVARS.no+= \
- MKIMAGEONLY MKSMALL MKBITCODE MKMAGIC MKSRC
+ MKIMAGEONLY MKSMALL MKBITCODE MKMAGIC MKASR MKSRC
.if !empty(MACHINE_ARCH:Mearm*)
_MKVARS.no+= \
MKWATCHDOG MKACPI MKAPIC MKDEBUGREG MKINSTALLBOOT MKPCI
MKLIVEUPDATE:= no
.endif
+# MINIX: MKASR implies MKMAGIC
+.if ${MKASR} == "yes"
+MKMAGIC:= yes
+.endif
+
# MINIX: MKMAGIC implies MKBITCODE
.if ${MKMAGIC} == "yes"
MKBITCODE:= yes
#MINIX-specific vars
.for var in \
USE_WATCHDOG USE_ACPI USE_APIC USE_DEBUGREG USE_SYSDEBUG \
- USE_LIVEUPDATE USE_PCI USE_BITCODE USE_MAGIC
+ USE_LIVEUPDATE USE_PCI USE_BITCODE USE_MAGIC USE_ASR
.if (${${var:S/USE_/MK/}} == "no")
${var}:= no
.else
MAGICFLAGS?=
OPTFLAGS+= -load ${MAGICPASS} -magic ${MAGICFLAGS}
+
+# For MKASR builds, generate an additional set of rerandomized service
+# binaries.
+.if ${USE_ASR:Uno} == "yes"
+ASRPASS?= ${NETBSDSRCDIR}/minix/llvm/bin/asr.so
+ASRCOUNT?= 3
+ASRDIR?= /usr/service/asr
+
+DPADD+= ${ASRPASS}
+
+OPTFLAGS+= -load ${ASRPASS} -asr
+
+# Produce a variable _RANGE that contains "1 2 3 .. ${ASRCOUNT}". We do not
+# want to invoke a shell command to do this; what if the host platform does not
+# have seq(1) ? So, we do it with built-in BSD make features instead. There
+# are probably substantially better ways to do this, though. Right now the
+# maximum ASRCOUNT is 65536 (16**4), which should be plenty. An ASRCOUNT of 0
+# is not supported, nor would it be very useful.
+_RANGE= 0
+_G0= xxxxxxxxxxxxxxxx
+_G= ${_G0:S/x/${_G0}/g:S/x/${_G0}/g:S/x/${_G0}/g}
+.for _X in ${_G:C/^(.{${ASRCOUNT}}).*/\1/:S/x/x /g}
+_RANGE:= ${_RANGE} ${_RANGE:[#]}
+.endfor
+_RANGE:= ${_RANGE:[2..-1]}
+
+# Add progname-1, progname-2, progname-3 (etc) to the list of programs to
+# generate, and install (just) these to ASRDIR.
+PROGS?= ${PROG}
+_PROGLIST:= ${PROGS}
+.for _N in ${_RANGE}
+.for _P in ${_PROGLIST}
+PROGS+= ${_P}-${_N}
+SRCS.${_P}-${_N}= ${SRCS.${_P}:U${SRCS}}
+BITCODE_LD_FLAGS_1ST.${_P}-${_N}:= ${BITCODE_LD_FLAGS_1ST.${_P}}
+BINDIR.${_P}-${_N}= ${ASRDIR}
+.endfor
+.endfor
+
+.endif # ${USE_ASR:Uno} == "yes"
.endif # ${USE_BITCODE:Uno} == "yes" && ${USE_MAGIC:Uno} == "yes"
.include <bsd.prog.mk>
DBG= -Os
.endif
-.if ${MKMAGIC:Uno} == "yes"
+.if ${MKMAGIC:Uno} == "yes" || ${MKASR:Uno} == "yes"
CPPFLAGS+= -D_MINIX_MAGIC=1
STRIPFLAG= -s
DBG=-g