From 81a9e4f428e9a2305a2ea8c576dadde60fa5a381 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Thu, 20 Sep 2018 12:42:59 +0100 Subject: [PATCH] tools: Link OCaml programs with -runtime-variant _pic if available. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OCaml has a small runtime which is statically linked into the virt tools (providing things like GC and primitives). Since OCaml 4.03 it has been possible to select variants of this runtime, one of which is compiled with -fPIC, using ‘ocamlopt -runtime-variant _pic’. This has performance implications on i686, but is relatively free on other architectures. Since it (in theory) adds to the security of the final binary this commit enables it whenever it is available. (cherry picked from commit 09abb9c990f6e07b3577088522b8ad9fb439a80e) --- .gitignore | 1 + configure.ac | 2 ++ m4/guestfs-ocaml.m4 | 18 ++++++++++++++++++ ocaml-link.sh => ocaml-link.sh.in | 8 +++++++- 4 files changed, 28 insertions(+), 1 deletion(-) rename ocaml-link.sh => ocaml-link.sh.in (88%) diff --git a/.gitignore b/.gitignore index af80e36d1..89b8baa17 100644 --- a/.gitignore +++ b/.gitignore @@ -410,6 +410,7 @@ Makefile.in /make-fs/virt-make-fs.1 /missing /ocaml-dep.sh +/ocaml-link.sh /ocaml/bindtests.bc /ocaml/bindtests.opt /ocaml/bindtests.ml diff --git a/configure.ac b/configure.ac index 4da3bd021..6c38406bb 100644 --- a/configure.ac +++ b/configure.ac @@ -198,6 +198,8 @@ AC_CONFIG_FILES([installcheck.sh], [chmod +x,-w installcheck.sh]) AC_CONFIG_FILES([ocaml-dep.sh], [chmod +x,-w ocaml-dep.sh]) +AC_CONFIG_FILES([ocaml-link.sh], + [chmod +x,-w ocaml-link.sh]) AC_CONFIG_FILES([p2v/virt-p2v-make-disk], [chmod +x,-w p2v/virt-p2v-make-disk]) AC_CONFIG_FILES([p2v/virt-p2v-make-kickstart], diff --git a/m4/guestfs-ocaml.m4 b/m4/guestfs-ocaml.m4 index e08f40a02..fea11a334 100644 --- a/m4/guestfs-ocaml.m4 +++ b/m4/guestfs-ocaml.m4 @@ -59,6 +59,24 @@ AM_CONDITIONAL([HAVE_OCAMLOPT], AM_CONDITIONAL([HAVE_OCAMLDOC], [test "x$OCAMLDOC" != "xno"]) +dnl Check if ocamlc/ocamlopt -runtime-variant _pic works. It was +dnl added in OCaml >= 4.03, but in theory might be disabled by +dnl downstream distros. +OCAML_RUNTIME_VARIANT_PIC_OPTION="" +if test "x$OCAMLC" != "xno"; then + AC_MSG_CHECKING([if OCaml ‘-runtime-variant _pic’ works]) + rm -f conftest.ml contest + echo 'print_endline "hello world"' > conftest.ml + if $OCAMLC conftest.ml -runtime-variant _pic -o conftest >&5 2>&5 ; then + AC_MSG_RESULT([yes]) + OCAML_RUNTIME_VARIANT_PIC_OPTION="-runtime-variant _pic" + else + AC_MSG_RESULT([no]) + fi + rm -f conftest.ml contest +fi +AC_SUBST([OCAML_RUNTIME_VARIANT_PIC_OPTION]) + dnl Check if ocamldep has options -all and -one-line (not present in RHEL 6). AC_MSG_CHECKING([if ocamldep has the ‘-all’ option]) if ocamldep -all >&AS_MESSAGE_LOG_FD 2>&1; then diff --git a/ocaml-link.sh b/ocaml-link.sh.in similarity index 88% rename from ocaml-link.sh rename to ocaml-link.sh.in index 855637534..fbcc07951 100755 --- a/ocaml-link.sh +++ b/ocaml-link.sh.in @@ -1,4 +1,6 @@ #!/bin/bash - +# Script used to link OCaml programs. +# @configure_input@ # (C) Copyright 2015-2018 Red Hat Inc. # # This program is free software; you can redistribute it and/or modify @@ -41,4 +43,8 @@ while true ; do esac done -exec "$@" -linkpkg -cclib "${cclib}" +# NB -cclib must come last. +exec "$@" \ + @OCAML_RUNTIME_VARIANT_PIC_OPTION@ \ + -linkpkg \ + -cclib "${cclib}" -- 2.20.1