diff options
| author | Richard Ipsum <richardipsum@fastmail.co.uk> | 2017-07-09 14:45:34 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2017-07-20 19:37:15 +0100 |
| commit | 43b72e84b40d68efe1d8395c31d5ab83f58501c7 (patch) | |
| tree | 35374edf536a53ed667da9b69b8be93cd7489cae | |
| parent | 23e7a95e20c932ef685dadd3a70acbe3544b1e53 (diff) | |
| download | supple-43b72e84b40d68efe1d8395c31d5ab83f58501c7.tar.gz | |
Allow baking of LUA_PATH and LUA_CPATH env vars
These vars get unset for security reasons, but on NixOS these vars
are needed to determine the location of dependent libs, since they're
not available in their usual fhs positions.
| -rw-r--r-- | Makefile | 23 | ||||
| -rw-r--r-- | src/supple_paths.h.in | 3 | ||||
| -rw-r--r-- | src/wrapper.c | 9 |
3 files changed, 31 insertions, 4 deletions
@@ -28,12 +28,26 @@ CMOD_OBJECTS := $(patsubst %,lib/%.o,$(subst .,/,$(CMODULES))) LUA_INTERP_NAME := lua$(LUA_VER) LUA_INTERP_PATH := $(shell which lua$(LUA_VER)) +# Override these variables +# to bake LUA_PATH and LUA_CPATH environment variables into the sandbox binary. +# They can't be set at runtime for security reasons. +BAKE_SUPPLE_PATHS := 0 +SUPPLE_LUA_PATH := "" +SUPPLE_LUA_CPATH := "" + +ifeq ($(BAKE_SUPPLE_PATHS), 1) + DEF_BAKE_SUPPLE_PATHS=-DBAKE_SUPPLE_PATHS +else + DEF_BAKE_SUPPLE_PATHS= +endif + INCS := -I/usr/include/lua$(LUA_VER) OPT := -O0 -g WARN := -Wall -Werror DEFS := -D'LUA_INTERP_NAME="$(LUA_INTERP_NAME)"' \ -D'LUA_INTERP_PATH="$(LUA_INTERP_PATH)"' \ - -D'WRAPPER_PATH="$(WRAPPER_PATH)"' + -D'WRAPPER_PATH="$(WRAPPER_PATH)"' $(DEF_BAKE_SUPPLE_PATHS) + CFLAGS := $(INCS) $(OPT) $(WARN) $(DEFS) $(CFLAGS) LFLAGS := -O1 -g $(LFLAGS) @@ -45,7 +59,10 @@ LFLAGS := -O1 -g $(LFLAGS) build: $(CMOD_TARGETS) wrapper -wrapper: src/wrapper.c +src/supple_paths.h: src/supple_paths.h.in + sed -e 's|@@SUPPLE_LUA_PATH@@|$(SUPPLE_LUA_PATH)|' -e 's|@@SUPPLE_LUA_CPATH@@|$(SUPPLE_LUA_CPATH)|' < $< > $@ + +wrapper: src/wrapper.c src/supple_paths.h $(CC) $(LFLAGS) $(CFLAGS) -o $@ $< $(LIB_LUA) testwrapper: src/wrapper.c @@ -80,7 +97,7 @@ LUA := SUPPLE_TEST_WRAPPER="$(shell pwd)/testwrapper" LUA_PATH="$(shell pwd)/lib clean: $(RM) luacov.report.out luacov.stats.out $(RM) $(CMOD_TARGETS) $(CMOD_OBJECTS) - $(RM) wrapper testwrapper + $(RM) wrapper testwrapper supple_paths.h $(RM) -r html distclean: clean diff --git a/src/supple_paths.h.in b/src/supple_paths.h.in new file mode 100644 index 0000000..7ed0b0b --- /dev/null +++ b/src/supple_paths.h.in @@ -0,0 +1,3 @@ + +#define SUPPLE_LUA_PATH "@@SUPPLE_LUA_PATH@@" +#define SUPPLE_LUA_CPATH "@@SUPPLE_LUA_CPATH@@" diff --git a/src/wrapper.c b/src/wrapper.c index 9cc90cd..c7ed535 100644 --- a/src/wrapper.c +++ b/src/wrapper.c @@ -18,6 +18,8 @@ #include <stdlib.h> #include <stdio.h> +#include "supple_paths.h" + typedef struct { int retcode; } prot_args; @@ -62,7 +64,12 @@ main(int argc, char **argv) int success; /* Perform pre-lua-interpreter initialisation */ -#ifndef TESTING_SUPPLE +#if defined BAKE_SUPPLE_PATHS + setenv("LUA_PATH", SUPPLE_LUA_PATH, 1); + setenv("LUA_CPATH", SUPPLE_LUA_CPATH, 1); + unsetenv("SUPPLE_MKDTEMP"); + unsetenv("LUA_INIT"); +#elif !defined TESTING_SUPPLE unsetenv("LUA_PATH"); unsetenv("LUA_CPATH"); unsetenv("SUPPLE_MKDTEMP"); |