Skip to content

Comments

IO compartments for graphics libraries#198

Open
brooksdavis wants to merge 13 commits intomainfrom
graphics-c18n
Open

IO compartments for graphics libraries#198
brooksdavis wants to merge 13 commits intomainfrom
graphics-c18n

Conversation

@brooksdavis
Copy link
Member

@brooksdavis brooksdavis commented Mar 5, 2025

This adds a C18N option to select ports and enables io compartments for each.

I merged libtiff forward to a more recent version from upstream as it's much easier to patch cmake then automake makefiles for this purpose.

The cmake patches aren't what you'd actually want to upstream in that they don't attempt to detect support for the feature, but for ports I think they are good enough.

The libtiff bump may be a bit risky so I've marked the PR as draft for now.

@kwitaszczyk
Copy link
Member

kwitaszczyk commented Mar 7, 2025

I have been wondering if we can come up with a design that would not require modifications in Makefiles and patches of particular ports. For example, if there is a file category/name/policy.json (e.g., graphics/jpeg-turbo/policy.json or graphics/jpeg-turbo/jpeg-turbo.json if we'd like to have unique policy file names) then it is automatically used when building the port without the need to patch port's Makefile/patches to append to linker flags. Mk/Uses/cmake.mk and similar build-system-related files already pass CFLAGS and LDFLAGS that we could reuse for this purpose.

However, I realise now that a port might consist of multiple libraries for which we would like to define separate policies and for which separate LDFLAGS values would have to be constructed. I still wonder if it would be possible to define a single policy file that would be passed to all static linker invocations and the static linker would decide what part of that policy (e.g., based on a library file name) to use for constructing compartments. The policy language already defines a policy for collections of DSOs but I have not experimented with that yet.

Do you think it would be worth exploring this approach to centralise policy-related changes in ports, if not now not to delay this change then at least in the future?

@brooksdavis
Copy link
Member Author

brooksdavis commented Mar 7, 2025

I envisioned the DSOs mechanism as a solution to this problem (I was thinking of abseil.io and protobufs based on the server report, but it should also work in this case were the issue is little utilities). Unfortunately, it's not implemented yet and well below other things on the priority list.

I think what I've done here is closer to what upstreams would want to do most of the time, but not ideal for ports. Once the dsos mechanism is implemented we could look at some sort of magic file name (probably in the files subdirectory). I'm a little wary of that approach from an intentionality perspective, but it certainly would reduce merge conflicts. There is then a question of making sure the policies don't rot...

@brooksdavis brooksdavis linked an issue Apr 2, 2025 that may be closed by this pull request
Add cheribsd-ports infrastructure for compartmentalization policies #208
Open
@brooksdavis brooksdavis marked this pull request as ready for review September 16, 2025 11:09
brooksdavis and others added 7 commits September 16, 2025 12:12
@brooksdavis
Add a description for a C18N option
6d10178
@brooksdavis
graphics/png: add an io compartment
da862ff
@brooksdavis
devel/{,lib}jpeg-turbo: add io compartments
6018f5d
@5u623l20 @brooksdavis
graphics/tiff: Moved man to share/man
02fc9ee 
Approved by:    portmgr (blanket)

(cherry picked from commit a194be0)
@TijlCoosemans @brooksdavis
graphics/tiff: Update to 4.6.0
1257538 
PR:		278577
Exp-run by:	antoine

CheriBSD-ports: PORTREVISION bumps excluded

(cherry picked from commit 98bf258)
@brooksdavis
graphics/tiff: Update to 4.7.0 and switch to CMake
4827d94 
Changelog:
https://gitlab.com/libtiff/libtiff/-/releases/v4.7.0

PR:		281639
Approved by:	desktop (fluffy) via Matrix
Exp-run by:	antoine

(cherry picked from commit 0bdf588)
@brooksdavis
graphics/tiff: add io compartment
cb30ecb
@kwitaszczyk
Mk/Uses/compiler.mk: allow requesting for c18n
b433a64 
Allow a port to request using devel/llvm-morello-c18n by specifying
compiler:c18n in USES.

Pointed out by:	@bsdjhb
@kwitaszczyk
Mk/Uses/cmake.mk: handle COMPARTMENT_POLICY
fd38aed 
Rather than specify CMAKE_ARGS for COMPARTMENT_POLICY in each port,
append -DCOMPARTMENT_POLICY whenever COMPARTMENT_POLICY is defined.
@kwitaszczyk
graphics/png: fix a typo
20b8a99
@kwitaszczyk
graphics/jpeg-turbo: update c18n routines
7494697
@kwitaszczyk
graphics/png: update c18n routines
ca29e01
@kwitaszczyk
graphics/tiff: update c18n routines
7d07ae5
@kwitaszczyk
Copy link
Member

kwitaszczyk commented Sep 16, 2025

@brooksdavis I've added two main changes to this PR:

  1. A port can request using devel/llvm-morello-c18n with USES=compiler:c18n, and we want to use that whenever C18N is enabled in a port
  2. A user can define their own COMPARTMENT_POLICY on a command line

Apart from that, there was a typo in a policy for graphics/png. graphics/tiff doesn't build due to the error:

ld: error: input section libtiff/CMakeFiles/tiff.dir/tif_fax3.c.o:.rodata containing local symbol directly accessed by compartment io in input section libtiff/CMakeFiles/tiff.dir/tif_fax3.c.o:.text cannot be assigned due to exported symbol TIFFFaxWhiteCodes

You can squash my commits with yours before we merge this.

@kwitaszczyk kwitaszczyk mentioned this pull request Dec 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kwitaszczyk kwitaszczyk kwitaszczyk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add cheribsd-ports infrastructure for compartmentalization policies

4 participants

@brooksdavis @kwitaszczyk @5u623l20 @TijlCoosemans