consider the following GNU Makefile and invocations in the bash shell:
C = c
Q ?= q
.PHONY:default
default:
@echo C=$(C)
@echo Q=$(Q) $ make
C=c
Q=q
$ make C=notc
C=notc
Q=q
$ make Q=notq
C=c
Q=notq
$ C=notc make
C=c
Q=q
$ Q=notq make
C=c
Q=notq
either type of assignment can be overridden by specifying a new value after "make" on the command line, but only variables assigned with ?= can also be overridden by the environment. I've deliberately done both: makefiles in which make communicates with its caller via environment variables, and makefiles in which make should ignore any identically named environment variables.
Next, experimenting with += :
P += p
.PHONY:default
default:
@echo P=$(P)
$ make
P=p
$ make P=prefix
P=prefix
$ P=prefix make
P=prefix p
like with ?= , only user-specified values in the environment can be appended to with += . this is especially useful is the following idiom: if a Makefile specifies "CFLAGS += necessary flags", then the user can add additional flags to CFLAGS just for one build without editing the Makefile. for += to work keeping the necessary CFLAGS specified in the Makefile, the user must specify CFLAGS in the environment as demonstrated in the last example above, not in a command-line argument to make.
an attacker could surreptitiously set CFLAGS="something evil" in your environment, thereby affecting all builds that use exclusively CFLAGS += , but if you are worried about an attacker who can set and export arbitrary variables in your environment, you probably have bigger problems.
future work: the "override" makefile directive.
No comments :
Post a Comment