diff options
author | Laurent Bercot <ska-skaware@skarnet.org> | 2020-11-21 02:22:09 +0000 |
---|---|---|
committer | Laurent Bercot <ska-skaware@skarnet.org> | 2020-11-21 02:22:09 +0000 |
commit | 5c2880becc94141b8035b3488b6bd60696011308 (patch) | |
tree | 51e177122b50e248075dae441e4a76d68fd33081 /package | |
parent | 5715c21a077ee1c2fe8957cb4adcea14fd2eda6b (diff) | |
download | s6-networking-5c2880becc94141b8035b3488b6bd60696011308.tar.xz |
Privs can only be dropped after reading key files.
Diffstat (limited to 'package')
-rw-r--r-- | package/deps.mak | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/package/deps.mak b/package/deps.mak index febb16b..ceff750 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -27,7 +27,6 @@ src/conn-tools/s6-tlsd-io.o src/conn-tools/s6-tlsd-io.lo: src/conn-tools/s6-tlsd src/conn-tools/s6-tlsd.o src/conn-tools/s6-tlsd.lo: src/conn-tools/s6-tlsd.c src/conn-tools/s6tls-internal.h src/conn-tools/s6-tlsserver.o src/conn-tools/s6-tlsserver.lo: src/conn-tools/s6-tlsserver.c src/include/s6-networking/config.h src/conn-tools/s6-ucspitlsd.o src/conn-tools/s6-ucspitlsd.lo: src/conn-tools/s6-ucspitlsd.c src/include/s6-networking/config.h src/conn-tools/s6tls-internal.h -src/conn-tools/s6tls_drop.o src/conn-tools/s6tls_drop.lo: src/conn-tools/s6tls_drop.c src/conn-tools/s6tls-internal.h src/conn-tools/s6tls_exec_tlscio.o src/conn-tools/s6tls_exec_tlscio.lo: src/conn-tools/s6tls_exec_tlscio.c src/include/s6-networking/config.h src/conn-tools/s6tls-internal.h src/conn-tools/s6tls_exec_tlsdio.o src/conn-tools/s6tls_exec_tlsdio.lo: src/conn-tools/s6tls_exec_tlsdio.c src/include/s6-networking/config.h src/conn-tools/s6tls-internal.h src/conn-tools/s6tls_wait_and_exec_app.o src/conn-tools/s6tls_wait_and_exec_app.lo: src/conn-tools/s6tls_wait_and_exec_app.c src/conn-tools/s6tls-internal.h @@ -44,6 +43,7 @@ src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_readfile.lo: src/sbearssl/sbearssl_cert_readfile.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_cert_to.lo: src/sbearssl/sbearssl_cert_to.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_client_init_and_run.lo: src/sbearssl/sbearssl_client_init_and_run.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h +src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_drop.lo: src/sbearssl/sbearssl_drop.c src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_issuer_keytype.lo: src/sbearssl/sbearssl_ec_issuer_keytype.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_from.lo: src/sbearssl/sbearssl_ec_pkey_from.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_pkey_to.lo: src/sbearssl/sbearssl_ec_pkey_to.c src/include/s6-networking/sbearssl.h @@ -75,6 +75,7 @@ src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x500_from_ta.lo: src/ src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x500_name_len.lo: src/sbearssl/sbearssl_x500_name_len.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_x509_minimal_set_tai.lo: src/sbearssl/sbearssl_x509_minimal_set_tai.c src/include/s6-networking/sbearssl.h src/stls/stls_client_init_and_handshake.o src/stls/stls_client_init_and_handshake.lo: src/stls/stls_client_init_and_handshake.c src/include/s6-networking/stls.h src/stls/stls-internal.h +src/stls/stls_drop.o src/stls/stls_drop.lo: src/stls/stls_drop.c src/stls/stls-internal.h src/stls/stls_run.o src/stls/stls_run.lo: src/stls/stls_run.c src/include/s6-networking/stls.h src/stls/stls_server_init_and_handshake.o src/stls/stls_server_init_and_handshake.lo: src/stls/stls_server_init_and_handshake.c src/include/s6-networking/stls.h src/stls/stls-internal.h @@ -89,12 +90,12 @@ s6-taiclock: src/clock/s6-taiclock.o s6-taiclockd: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} ${SYSCLOCK_LIB} s6-taiclockd: src/clock/s6-taiclockd.o ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) -libs6tls.a.xyzzy: src/conn-tools/s6tls_drop.o src/conn-tools/s6tls_exec_tlscio.o src/conn-tools/s6tls_exec_tlsdio.o src/conn-tools/s6tls_wait_and_exec_app.o +libs6tls.a.xyzzy: src/conn-tools/s6tls_exec_tlscio.o src/conn-tools/s6tls_exec_tlsdio.o src/conn-tools/s6tls_wait_and_exec_app.o else -libs6tls.a.xyzzy: src/conn-tools/s6tls_drop.lo src/conn-tools/s6tls_exec_tlscio.lo src/conn-tools/s6tls_exec_tlsdio.lo src/conn-tools/s6tls_wait_and_exec_app.lo +libs6tls.a.xyzzy: src/conn-tools/s6tls_exec_tlscio.lo src/conn-tools/s6tls_exec_tlsdio.lo src/conn-tools/s6tls_wait_and_exec_app.lo endif libs6tls.so.xyzzy: EXTRA_LIBS := -libs6tls.so.xyzzy: src/conn-tools/s6tls_drop.lo src/conn-tools/s6tls_exec_tlscio.lo src/conn-tools/s6tls_exec_tlsdio.lo src/conn-tools/s6tls_wait_and_exec_app.lo +libs6tls.so.xyzzy: src/conn-tools/s6tls_exec_tlscio.lo src/conn-tools/s6tls_exec_tlsdio.lo src/conn-tools/s6tls_wait_and_exec_app.lo s6-getservbyname: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} s6-getservbyname: src/conn-tools/s6-getservbyname.o s6-ident-client: EXTRA_LIBS := -lskarnet ${SOCKET_LIB} ${SYSCLOCK_LIB} @@ -141,16 +142,16 @@ libs6net.so.xyzzy: src/libs6net/s6net_ident_client.lo src/libs6net/s6net_ident_r minidentd: EXTRA_LIBS := -lskarnet ${MAYBEPTHREAD_LIB} ${SOCKET_LIB} ${SYSCLOCK_LIB} minidentd: src/minidentd/minidentd.o src/minidentd/mgetuid.o ${LIBNSSS} ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) -libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_server_init_and_run.o +libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_readbigpem.o src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_drop.o src/sbearssl/sbearssl_ec_issuer_keytype.o src/sbearssl/sbearssl_ec_pkey_from.o src/sbearssl/sbearssl_ec_pkey_to.o src/sbearssl/sbearssl_ec_skey_from.o src/sbearssl/sbearssl_ec_skey_to.o src/sbearssl/sbearssl_error_str.o src/sbearssl/sbearssl_isder.o src/sbearssl/sbearssl_pem_decode_from_buffer.o src/sbearssl/sbearssl_pem_decode_from_string.o src/sbearssl/sbearssl_pem_push.o src/sbearssl/sbearssl_pkey_from.o src/sbearssl/sbearssl_pkey_to.o src/sbearssl/sbearssl_rsa_pkey_from.o src/sbearssl/sbearssl_rsa_pkey_to.o src/sbearssl/sbearssl_rsa_skey_from.o src/sbearssl/sbearssl_rsa_skey_to.o src/sbearssl/sbearssl_run.o src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_certs.o src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_x500_name_len.o src/sbearssl/sbearssl_x500_from_ta.o src/sbearssl/sbearssl_x509_minimal_set_tai.o src/sbearssl/sbearssl_client_init_and_run.o src/sbearssl/sbearssl_server_init_and_run.o else -libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_server_init_and_run.lo +libsbearssl.a.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_server_init_and_run.lo endif libsbearssl.so.xyzzy: EXTRA_LIBS := -lbearssl -lskarnet -libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_server_init_and_run.lo +libsbearssl.so.xyzzy: src/sbearssl/sbearssl_append.lo src/sbearssl/sbearssl_cert_from.lo src/sbearssl/sbearssl_cert_readbigpem.lo src/sbearssl/sbearssl_cert_readfile.lo src/sbearssl/sbearssl_cert_to.lo src/sbearssl/sbearssl_drop.lo src/sbearssl/sbearssl_ec_issuer_keytype.lo src/sbearssl/sbearssl_ec_pkey_from.lo src/sbearssl/sbearssl_ec_pkey_to.lo src/sbearssl/sbearssl_ec_skey_from.lo src/sbearssl/sbearssl_ec_skey_to.lo src/sbearssl/sbearssl_error_str.lo src/sbearssl/sbearssl_isder.lo src/sbearssl/sbearssl_pem_decode_from_buffer.lo src/sbearssl/sbearssl_pem_decode_from_string.lo src/sbearssl/sbearssl_pem_push.lo src/sbearssl/sbearssl_pkey_from.lo src/sbearssl/sbearssl_pkey_to.lo src/sbearssl/sbearssl_rsa_pkey_from.lo src/sbearssl/sbearssl_rsa_pkey_to.lo src/sbearssl/sbearssl_rsa_skey_from.lo src/sbearssl/sbearssl_rsa_skey_to.lo src/sbearssl/sbearssl_run.lo src/sbearssl/sbearssl_skey_from.lo src/sbearssl/sbearssl_skey_readfile.lo src/sbearssl/sbearssl_skey_to.lo src/sbearssl/sbearssl_ta_cert.lo src/sbearssl/sbearssl_ta_certs.lo src/sbearssl/sbearssl_ta_from.lo src/sbearssl/sbearssl_ta_readdir.lo src/sbearssl/sbearssl_ta_readfile.lo src/sbearssl/sbearssl_ta_to.lo src/sbearssl/sbearssl_x500_name_len.lo src/sbearssl/sbearssl_x500_from_ta.lo src/sbearssl/sbearssl_x509_minimal_set_tai.lo src/sbearssl/sbearssl_client_init_and_run.lo src/sbearssl/sbearssl_server_init_and_run.lo ifeq ($(strip $(STATIC_LIBS_ARE_PIC)),) -libstls.a.xyzzy: src/stls/stls_run.o src/stls/stls_client_init_and_handshake.o src/stls/stls_server_init_and_handshake.o +libstls.a.xyzzy: src/stls/stls_drop.o src/stls/stls_run.o src/stls/stls_client_init_and_handshake.o src/stls/stls_server_init_and_handshake.o else -libstls.a.xyzzy: src/stls/stls_run.lo src/stls/stls_client_init_and_handshake.lo src/stls/stls_server_init_and_handshake.lo +libstls.a.xyzzy: src/stls/stls_drop.lo src/stls/stls_run.lo src/stls/stls_client_init_and_handshake.lo src/stls/stls_server_init_and_handshake.lo endif libstls.so.xyzzy: EXTRA_LIBS := ${CRYPTO_LIB} -lskarnet -libstls.so.xyzzy: src/stls/stls_run.lo src/stls/stls_client_init_and_handshake.lo src/stls/stls_server_init_and_handshake.lo +libstls.so.xyzzy: src/stls/stls_drop.lo src/stls/stls_run.lo src/stls/stls_client_init_and_handshake.lo src/stls/stls_server_init_and_handshake.lo |