commit 9f822e5477bc32b77af39b5bf8cf50b56b97c196 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

stdenv: Move paxmark function to paxctl's setup hook

Eelco Dolstra 11 years ago 9f822e54 d7b356f7

+16 -22

5 changed files

expand all

unified split

pkgs

os-specific

linux

paxctl

default.nix

setup-hook.sh

stdenv

generic

builder.sh

default.nix

setup.sh

pkgs/os-specific/linux/paxctl/default.nix

··· 18 18 "MANDIR=share/man/man1" 19 19 ]; 20 20 21 + setupHook = ./setup-hook.sh; 22 + 21 23 meta = with stdenv.lib; { 22 24 description = "A tool for controlling PaX flags on a per binary basis"; 23 25 homepage = "https://pax.grsecurity.net";

pkgs/os-specific/linux/paxctl/setup-hook.sh

··· 1 + # PaX-mark binaries. 2 + paxmark() { 3 + local flags="$1" 4 + shift 5 + 6 + paxctl -c "$@" 7 + paxctl -zex -${flags} "$@" 8 + }

-1

pkgs/stdenv/generic/builder.sh

··· 12 12 sed -e "s^@initialPath@^$initialPath^g" \ 13 13 -e "s^@gcc@^$gcc^g" \ 14 14 -e "s^@shell@^$shell^g" \ 15 - -e "s^@needsPax@^$needsPax^g" \ 16 15 < $out/setup > $out/setup.tmp 17 16 mv $out/setup.tmp $out/setup 18 17

+3 -5

pkgs/stdenv/generic/default.nix

··· 10 10 , setupScript ? ./setup.sh 11 11 12 12 , extraBuildInputs ? [] 13 - 14 - , skipPaxMarking ? false 15 13 }: 16 14 17 15 let ··· 55 53 setup = setupScript; 56 54 57 55 inherit preHook initialPath gcc shell; 58 - 59 - # Whether we should run paxctl to pax-mark binaries 60 - needsPax = result.isLinux && !skipPaxMarking; 61 56 62 57 propagatedUserEnvPkgs = [gcc] ++ 63 58 lib.filter lib.isDerivation initialPath; ··· 180 175 isArm = system == "armv5tel-linux" 181 176 || system == "armv6l-linux" 182 177 || system == "armv7l-linux"; 178 + 179 + # Whether we should run paxctl to pax-mark binaries. 180 + needsPax = isLinux; 183 181 184 182 # For convenience, bring in the library functions in lib/ so 185 183 # packages don't have to do that themselves.

+3 -16

pkgs/stdenv/generic/setup.sh

··· 337 337 export NIX_BUILD_CORES 338 338 339 339 340 - ###################################################################### 341 - # Misc. helper functions. 342 - 343 - 344 - # PaX-mark binaries 345 - paxmark() { 346 - local flags="$1" 347 - shift 348 - 349 - if [ -z "@needsPax@" ]; then 350 - return 351 - fi 352 - 353 - paxctl -c "$@" 354 - paxctl -zex -${flags} "$@" 355 - } 340 + # Dummy implementation of the paxmark function. On Linux, this is 341 + # overwritten by paxctl's setup hook. 342 + paxmark() { true; } 356 343 357 344 358 345 ######################################################################