+22 -3

pkgs/development/compilers/openjdk/default.nix

reviewed

··· 1 1 { stdenv, fetchurl, unzip, zip, procps, coreutils, alsaLib, ant, freetype, cups 2 2 - , which, jdk, nettools, xorg 2 2 + , which, jdk, nettools, xorg, file 3 3 , fontconfig, cpio, cacert, perl, setJavaClassPath }: 4 4 5 5 let ··· 19 19 20 20 build = "43"; 21 21 22 22 + # On x86 for heap sizes over 700MB disable SEGMEXEC and PAGEEXEC as well. 23 23 + paxflags = if stdenv.isi686 then "msp" else "m"; 24 24 + 22 25 in 23 26 24 27 stdenv.mkDerivation rec { ··· 35 38 [ unzip procps ant which zip cpio nettools alsaLib 36 39 xorg.libX11 xorg.libXt xorg.libXext xorg.libXrender xorg.libXtst 37 40 xorg.libXi xorg.libXinerama xorg.libXcursor xorg.lndir 38 38 - fontconfig perl 41 41 + fontconfig perl file 39 42 ]; 40 43 41 44 NIX_LDFLAGS = "-lfontconfig -lXcursor -lXinerama"; ··· 49 52 openjdk/{jdk,corba}/make/common/shared/Defs-utils.gmk 50 53 ''; 51 54 52 52 - patches = [ ./cppflags-include-fix.patch ./fix-java-home.patch ]; 55 55 + patches = [ ./cppflags-include-fix.patch ./fix-java-home.patch ./paxctl.patch ]; 53 56 54 57 NIX_NO_SELF_RPATH = true; 55 58 ··· 72 75 73 76 configurePhase = "true"; 74 77 78 78 + preBuild = '' 79 79 + # We also need to PaX-mark in the middle of the build 80 80 + substituteInPlace hotspot/make/linux/makefiles/launcher.make \ 81 81 + --replace XXX_PAXFLAGS_XXX ${paxflags} 82 82 + substituteInPlace jdk/make/common/Program.gmk \ 83 83 + --replace XXX_PAXFLAGS_XXX ${paxflags} 84 84 + ''; 85 85 + 75 86 installPhase = '' 76 87 mkdir -p $out/lib/openjdk $out/share $jre/lib/openjdk 77 88 ··· 97 108 98 109 rm -rf $out/lib/openjdk/jre/bin 99 110 ln -s $out/lib/openjdk/bin $out/lib/openjdk/jre/bin 111 111 + 112 112 + # Set PaX markings 113 113 + exes=$(file $out/lib/openjdk/bin/* $jre/lib/openjdk/jre/bin/* 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//') 114 114 + echo "to mark: *$exes*" 115 115 + for file in $exes; do 116 116 + echo "marking *$file*" 117 117 + paxmark ${paxflags} "$file" 118 118 + done 100 119 101 120 # Remove duplicate binaries. 102 121 for i in $(cd $out/lib/openjdk/bin && echo *); do

+28

pkgs/development/compilers/openjdk/paxctl.patch

reviewed

··· 1 1 + diff --git a/hotspot/make/linux/makefiles/launcher.make b/hotspot/make/linux/makefiles/launcher.make 2 2 + index 34bbcd6..41b9332 100644 3 3 + --- a/hotspot/make/linux/makefiles/launcher.make 4 4 + +++ b/hotspot/make/linux/makefiles/launcher.make 5 5 + @@ -83,6 +83,8 @@ $(LAUNCHER): $(OBJS) $(LIBJVM) $(LAUNCHER_MAPFILE) 6 6 + $(QUIETLY) echo Linking launcher... 7 7 + $(QUIETLY) $(LINK_LAUNCHER/PRE_HOOK) 8 8 + $(QUIETLY) $(LINK_LAUNCHER) $(LFLAGS_LAUNCHER) -o $@ $(OBJS) $(LIBS_LAUNCHER) 9 9 + + paxctl -c $(LAUNCHER) 10 10 + + paxctl -zex -XXX_PAXFLAGS_XXX $(LAUNCHER) 11 11 + $(QUIETLY) $(LINK_LAUNCHER/POST_HOOK) 12 12 + 13 13 + $(LAUNCHER): $(LAUNCHER_SCRIPT) 14 14 + diff --git a/jdk/make/common/Program.gmk b/jdk/make/common/Program.gmk 15 15 + index 091800d..1de8cb4 100644 16 16 + --- a/jdk/make/common/Program.gmk 17 17 + +++ b/jdk/make/common/Program.gmk 18 18 + @@ -60,6 +60,10 @@ ACTUAL_PROGRAM = $(ACTUAL_PROGRAM_DIR)/$(ACTUAL_PROGRAM_NAME) 19 19 + program_default_rule: all 20 20 + 21 21 + program: $(ACTUAL_PROGRAM) 22 22 + + if [[ "$(PROGRAM)" = "java" ]]; then \ 23 23 + + paxctl -c $(ACTUAL_PROGRAM); \ 24 24 + + paxctl -zex -XXX_PAXFLAGS_XXX $(ACTUAL_PROGRAM); \ 25 25 + + fi 26 26 + 27 27 + # Work-around for missing processor specific mapfiles 28 28 + ifndef CROSS_COMPILE_ARCH