From 488567a45f95cefd258f5f1a4cdf00c8848576d9 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 20 May 2016 12:01:18 +0100 Subject: [PATCH] Use a version script to restrict symbols in the .so We want to stop aes_* and sha_* functions leaking out of our .so, as well as internal _olm_* symbols. This also means we need to link the unit tests against the objects. Possibly we should distinguish between unit tests and integration tests. --- Makefile | 17 ++++++++--------- version_script.ver | 9 +++++++++ 2 files changed, 17 insertions(+), 9 deletions(-) create mode 100644 version_script.ver diff --git a/Makefile b/Makefile index 20a82a6..9e01a1f 100644 --- a/Makefile +++ b/Makefile @@ -45,7 +45,6 @@ $(OBJECTS): CXXFLAGS += $(OPTIMIZE_FLAGS) $(TARGET): LDFLAGS += $(OPTIMIZE_FLAGS) $(TEST_BINARIES): CPPFLAGS += -Itests/include -$(TEST_BINARIES): LDLIBS += -lolm $(TEST_BINARIES): LDFLAGS += $(TEST_OPTIMIZE_FLAGS) -L$(BUILD_DIR) $(JS_OBJECTS): CFLAGS += $(JS_OPTIMIZE_FLAGS) @@ -55,7 +54,9 @@ $(JS_TARGET): LDFLAGS += $(JS_OPTIMIZE_FLAGS) ### top-level targets $(TARGET): $(OBJECTS) - $(CXX) $(LDFLAGS) --shared -fPIC $^ $(OUTPUT_OPTION) + $(CXX) $(LDFLAGS) --shared -fPIC \ + -Wl,--version-script,version_script.ver \ + $(OUTPUT_OPTION) $(OBJECTS) js: $(JS_TARGET) .PHONY: js @@ -78,7 +79,7 @@ build_tests: $(TEST_BINARIES) test: build_tests for i in $(TEST_BINARIES); do \ echo $$i; \ - LD_LIBRARY_PATH=$(BUILD_DIR) $$i || exit $$?; \ + $$i || exit $$?; \ done $(JS_EXPORTED_FUNCTIONS): $(PUBLIC_HEADERS) @@ -98,17 +99,15 @@ $(BUILD_DIR)/%.js.bc: src/%.c $(BUILD_DIR)/%.js.bc: src/%.cpp $(EMCC.cc) $(OUTPUT_OPTION) $< -$(BUILD_DIR)/%: tests/%.c - $(LINK.c) $< $(LOADLIBES) $(LDLIBS) -o $@ +$(BUILD_DIR)/%: tests/%.c $(OBJECTS) + $(LINK.c) $< $(OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@ -$(BUILD_DIR)/%: tests/%.cpp - $(LINK.cc) $< $(LOADLIBES) $(LDLIBS) -o $@ +$(BUILD_DIR)/%: tests/%.cpp $(OBJECTS) + $(LINK.cc) $< $(OBJECTS) $(LOADLIBES) $(LDLIBS) -o $@ ### dependencies -$(TEST_BINARIES): $(TARGET) - -include $(OBJECTS:.o=.d) -include $(JS_OBJECTS:.bc=.d) -include $(TEST_BINARIES:=.d) diff --git a/version_script.ver b/version_script.ver new file mode 100644 index 0000000..3aec5f6 --- /dev/null +++ b/version_script.ver @@ -0,0 +1,9 @@ +# this is a 'version script' for the linker which tells it to only export +# symbols starting 'olm_'. + +{ + global: + olm_*; + local: + *; +};