slackware-current/testing/source/rust/rust.SlackBuild
Patrick J Volkerding 4657194ae3 Tue Oct 1 18:01:38 UTC 2024
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
extra/llvm-17.0.6-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/cryfs-0.10.3-x86_64-5_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/cups-filters-1.28.17-x86_64-2_slack15.0.txz:  Rebuilt.
  Mitigate security issue that could lead to a denial of service or
  the execution of arbitrary code.
  Rebuilt with --with-browseremoteprotocols=none to disable incoming
  connections, since this daemon has been shown to be insecure. If you
  actually use cups-browsed, be sure to install the new
  /etc/cups/cups-browsed.conf.new containing this line:
  BrowseRemoteProtocols none
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47176
  (* Security fix *)
patches/packages/espeak-ng-1.50-x86_64-4_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/libvncserver-0.9.13-x86_64-4_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/marisa-0.2.6-x86_64-5_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/mlt-7.4.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/mozilla-firefox-115.16.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.16.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2024-48
    https://www.cve.org/CVERecord?id=CVE-2024-9392
    https://www.cve.org/CVERecord?id=CVE-2024-9393
    https://www.cve.org/CVERecord?id=CVE-2024-9394
    https://www.cve.org/CVERecord?id=CVE-2024-9401
  (* Security fix *)
patches/packages/openobex-1.7.2-x86_64-6_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
patches/packages/pkgtools-15.0-noarch-44_slack15.0.txz:  Rebuilt.
  makepkg: when looking for ELF objects with --remove-rpaths or
  --remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
  of the directory or filename.
  Also warn about /tmp rpaths after the package is built.
patches/packages/spirv-llvm-translator-13.0.0-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
testing/packages/llvm-18.1.8-x86_64-2_slack15.0.txz:  Rebuilt.
  Remove rpaths from binaries.
  (* Security fix *)
2024-10-02 13:30:38 +02:00

319 lines
10 KiB
Bash
Executable file

#!/bin/bash
# Copyright 2017 Andrew Clemons, Wellington, New Zealand
# Copyright 2017, 2018, 2019, 2020, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA
# Copyright 2017 Stuart Winter
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=rust
SRCNAM="${PKGNAM}c"
VERSION=${VERSION:-1.81.0}
BUILD=${BUILD:-1_slack15.0}
# Set this to YES to build with the system LLVM, or NO to use the bundled LLVM.
SYSTEM_LLVM=${SYSTEM_LLVM:-NO}
# Bootstrap variables (might not be kept updated for latest Rust):
RSTAGE0_VERSION=${RSTAGE0_VERSION:-1.80.1}
RSTAGE0_DIR=${RSTAGE0_DIR:-2024-08-08}
CSTAGE0_VERSION=${CSTAGE0_VERSION:-1.80.1}
CSTAGE0_DIR=${CSTAGE0_DIR:-$RSTAGE0_DIR}
# Automatically determine the architecture we're building on:
MARCH=$( uname -m )
if [ -z "$ARCH" ]; then
case "$MARCH" in
i?86) export ARCH=i686 ;;
armv7hl) export ARCH=$MARCH ;;
arm*) export ARCH=arm ;;
# Unless $ARCH is already set, use uname -m for all other archs:
*) export ARCH=$MARCH ;;
esac
fi
unset MARCH
# For compiling i686 under an x86_64 kernel:
if [ "$(uname -m)" = "x86_64" -a "$(file -L /usr/bin/gcc | grep 80386 | grep 32-bit)" != "" ]; then
ARCH=i686
fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
exit 0
fi
# If the bootstrap binaries are present, use those. Otherwise bootstrap from
# installed compiler.
if /bin/ls *-unknown-linux-gnu.tar.?z 1> /dev/null 2> /dev/null ; then
LOCAL_BOOTSTRAP=no
else
LOCAL_BOOTSTRAP=yes
fi
# https://forge.rust-lang.org/platform-support.html
# Bootstrapping ARCH:
if [ "$ARCH" = "i586" ]; then
if [ "$LOCAL_BOOTSTRAP" = "yes" ] ; then
if rustc -Vv | grep host | grep i586 > /dev/null ; then
BARCH="$ARCH"
else
BARCH="i686"
if case "$( uname -m )" in i586) true ;; *) false ;; esac ; then
echo "rust must be bootstrapped from an i686 machine"
exit 1
fi
fi
else
# i586 must be built on a i686 machine, since the bootstrap compiler is i686
BARCH="i686"
if case "$( uname -m )" in i586) true ;; *) false ;; esac ; then
echo "rust must be bootstrapped from an i686 machine"
exit 1
fi
fi
TARCH="$ARCH"
elif [ "$ARCH" = "armv7hl" ]; then
BARCH="armv7"
TARCH="$BARCH"
else
BARCH="$ARCH"
TARCH="$ARCH"
fi
# Bootstrapping ABI:
if [ "$ARCH" = "armv7hl" ]; then
BABI="gnueabihf"
else
BABI="gnu"
fi
TMP=${TMP:-/tmp}
OUTPUT=${OUTPUT:-$TMP}
PKG=$TMP/package-$PKGNAM
# Not needed, as the build will automatically use as many jobs as there are
# threads.
#NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
if [ "$ARCH" = "i586" ]; then
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
elif [ "$ARCH" = "armv7hl" ]; then
LIBDIRSUFFIX=""
else
LIBDIRSUFFIX=""
fi
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $SRCNAM-$VERSION-src
echo "Extracting $CWD/$SRCNAM-$VERSION-src.tar.?z..."
tar xf $CWD/$SRCNAM-$VERSION-src.tar.?z || exit 1
cd $SRCNAM-$VERSION-src || exit 1
# Link with -lffi in case of using system LLVM:
if [ "${SYSTEM_LLVM}" = "YES" ]; then
zcat $CWD/link_libffi.diff.gz | patch -p1 --verbose || exit 1
fi
cat $CWD/0004-compiler-Use-wasm-ld-for-wasm-targets.patch | patch -p1 --verbose || exit 1
if [ "$LOCAL_BOOTSTRAP" != "yes" ] ; then
# rust requires bootstrapping with the previous rust version.
# versions are defined in src/stage0.txt.
mkdir -p build/cache/$RSTAGE0_DIR
cp $CWD/$PKGNAM-std-$RSTAGE0_VERSION-$BARCH-unknown-linux-gnu.tar.?z \
$CWD/$SRCNAM-$RSTAGE0_VERSION-$BARCH-unknown-linux-gnu.tar.?z \
build/cache/$RSTAGE0_DIR
mkdir -p build/cache/$CSTAGE0_DIR
cp $CWD/cargo-$CSTAGE0_VERSION-$BARCH-unknown-linux-gnu.tar.?z build/cache/$CSTAGE0_DIR
fi
# Build configuration:
cat << EOF > config.toml
[llvm]
ccache = "/usr/bin/ccache"
link-shared = true
[build]
build = "$BARCH-unknown-linux-$BABI"
host = ["$TARCH-unknown-linux-$BABI"]
target = ["$TARCH-unknown-linux-$BABI"]
tools = ["analysis", "cargo", "clippy", "rls", "rustfmt", "src", "rust-analyzer", "rust-demangler"]
submodules = false
vendor = true
extended = true
profiler = true
sanitizers = true
# Do not query new versions of dependencies online.
locked-deps = true
[install]
prefix = "/usr"
docdir = "doc/rust-$VERSION"
libdir = "lib$LIBDIRSUFFIX"
mandir = "man"
[rust]
codegen-units = 0
channel = "stable"
rpath = false
codegen-tests = false
EOF
if [ "${SYSTEM_LLVM}" = "YES" ]; then
cat << EOF >> config.toml
# Add this stuff to build with the system LLVM:
[target.i586-unknown-linux-gnu]
llvm-config = "/usr/bin/llvm-config"
[target.i686-unknown-linux-gnu]
llvm-config = "/usr/bin/llvm-config"
[target.x86_64-unknown-linux-gnu]
llvm-config = "/usr/bin/llvm-config"
[target.armv7-unknown-linux-gnueabihf]
llvm-config = "/usr/bin/llvm-config"
EOF
fi
if [ "$LOCAL_BOOTSTRAP" = "yes" ] ; then
sed -i "s|^\(extended = true\)$|\1\nrustc = \"/usr/bin/rustc\"\ncargo = \"/usr/bin/cargo\"|" config.toml
fi
chown -R root:root .
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
-o -perm 511 \) -exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \+
export PKG_CONFIG_ALLOW_CROSS=1
if [ "$BARCH" = "i586" ] ; then
# when bootstrapping from i586 (rust already installed), also build a i686
# rustlib:
sed -i 's/^target =.*$/target = ["i686-unknown-linux-gnu"]/' config.toml
elif [ "$BARCH" = "i686" ] ; then
if [ "$TARCH" = "i586" ] ; then
# this will cause some messages like:
# warning: redundant linker flag specified for library `m`
# but will keep the build from falling over when doing the stage1 compiler
# linking for the i586 compiler. seems the correct flags don't get passed
# through and we end up failures like:
# error: linking with `clang` failed: exit code: 1
# /tmp/SBo/rustc-1.20.0-src/build/i686-unknown-linux-gnu/stage1-rustc/i586-unknown-linux-gnu/release/deps/librustc_llvm-4ab259c9aed547db.so: undefined reference to `xxx`
export RUSTFLAGS="$RUSTFLAGS -C link-args=-lrt -ldl -lcurses -lpthread -lz -lm"
fi
fi
# Fix path to the rust libraries in rust-analyzer:
if [ -r src/tools/rust-analyzer/crates/rust-analyzer/src/config.rs ]; then
if [ ! "$LIBDIRSUFFIX" = "" ]; then
sed -i "s,\"lib/rustlib,\"lib${LIBDIRSUFFIX}/rustlib,g" src/tools/rust-analyzer/crates/project-model/src/sysroot.rs
fi
fi
# Build and install:
python3 ./x.py build || exit 1
DESTDIR=$PKG python3 x.py install || exit 1
# In case the rls stub doesn't get installed by the 'install' target:
if [ ! -x $PKG/usr/bin/rls ]; then
install -m755 build/*-linux-gnu/stage1-tools-bin/rls $PKG/usr/bin/rls
fi
# Fix path to lldb_commands:
if [ -x $PKG/usr/bin/rust-lldb ]; then
if [ ! "$LIBDIRSUFFIX" = "" ]; then
sed -i "s,/lib/rustlib/,/lib$LIBDIRSUFFIX/rustlib/,g" $PKG/usr/bin/rust-lldb
fi
fi
# Eh, none of this is all that big. Might as well leave it around as a
# reference.
#rm -f $PKG/usr/lib$LIBDIRSUFFIX/rustlib/components
#rm -f $PKG/usr/lib$LIBDIRSUFFIX/rustlib/install.log
#rm -f $PKG/usr/lib$LIBDIRSUFFIX/rustlib/manifest-*
#rm -f $PKG/usr/lib$LIBDIRSUFFIX/rustlib/rust-installer-version
#rm -f $PKG/usr/lib$LIBDIRSUFFIX/rustlib/uninstall.sh
# Make sure the paths are correct, though:
sed -i "s,/tmp/package-rust/,/,g" $PKG/usr/lib$LIBDIRSUFFIX/rustlib/install.log $PKG/usr/lib$LIBDIRSUFFIX/rustlib/manifest-*
# And a little compression doesn't hurt either:
gzip -9 $PKG/usr/lib$LIBDIRSUFFIX/rustlib/manifest-*
# Move bash completions to the system location:
if [ -d $PKG/etc/bash_completion.d ]; then
mkdir -p $PKG/usr/share/bash-completion
mv $PKG/etc/bash_completion.d $PKG/usr/share/bash-completion/completions
rmdir $PKG/etc 2> /dev/null
fi
# Correct permissions on shared libraries:
find $PKG/usr/lib$LIBDIRSUFFIX -name "*.so" -exec chmod 755 "{}" \+
# Evidently there are a lot of duplicated libraries in this tree, so let's
# try to save some space:
( cd $PKG/usr/lib${LIBDIRSUFFIX}/rustlib/*-linux-gnu/lib && for file in *.so ; do if cmp -s $file ../../../$file ; then ln -sf ../../../$file .; fi; done )
# Strip ELF objects:
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
# Get rid of possible .old files in these locations:
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/*.old
rm -f $PKG/usr/bin/*.old
# Commented out (for now) since we disable rpaths in config.toml:
## Remove any compiled-in RPATHs:
#find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
# | cut -f 1 -d : | while read elfobject ; do
# patchelf --remove-rpath $elfobject || exit 1
#done
# Compress man pages:
find $PKG/usr/man -type f -exec gzip -9 {} \+
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
# Add some documentation:
mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
cp -a *.md COPYRIGHT* COPYING* LICENSE* $PKG/usr/doc/$PKGNAM-$VERSION
# Include licenses from third party vendors:
mkdir $PKG/usr/doc/$PKGNAM-$VERSION/vendor
( cd vendor
tar cf - $(find . -maxdepth 2 | grep -e README -e LICENSE -e COPYING -e CHANGELOG -e PERFORMANCE -e UPGRADE ) | ( cd $PKG/usr/doc/$PKGNAM-$VERSION/vendor ; tar xf - )
)
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PKGNAM-$VERSION-$ARCH-$BUILD.txz