commit 9f822e5477bc32b77af39b5bf8cf50b56b97c196 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

stdenv: Move paxmark function to paxctl's setup hook

Eelco Dolstra 11 years ago 9f822e54 d7b356f7

+16 -22

5 changed files

expand all

unified split

pkgs

os-specific

linux

paxctl

default.nix

setup-hook.sh

stdenv

generic

builder.sh

default.nix

setup.sh

pkgs/os-specific/linux/paxctl/default.nix

··· 18 "MANDIR=share/man/man1" 19 ]; 20 21 meta = with stdenv.lib; { 22 description = "A tool for controlling PaX flags on a per binary basis"; 23 homepage = "https://pax.grsecurity.net";

··· 18 "MANDIR=share/man/man1" 19 ]; 20 21 + setupHook = ./setup-hook.sh; 22 + 23 meta = with stdenv.lib; { 24 description = "A tool for controlling PaX flags on a per binary basis"; 25 homepage = "https://pax.grsecurity.net";

pkgs/os-specific/linux/paxctl/setup-hook.sh

···

··· 1 + # PaX-mark binaries. 2 + paxmark() { 3 + local flags="$1" 4 + shift 5 + 6 + paxctl -c "$@" 7 + paxctl -zex -${flags} "$@" 8 + }

-1

pkgs/stdenv/generic/builder.sh

··· 12 sed -e "s^@initialPath@^$initialPath^g" \ 13 -e "s^@gcc@^$gcc^g" \ 14 -e "s^@shell@^$shell^g" \ 15 - -e "s^@needsPax@^$needsPax^g" \ 16 < $out/setup > $out/setup.tmp 17 mv $out/setup.tmp $out/setup 18

··· 12 sed -e "s^@initialPath@^$initialPath^g" \ 13 -e "s^@gcc@^$gcc^g" \ 14 -e "s^@shell@^$shell^g" \ 15 < $out/setup > $out/setup.tmp 16 mv $out/setup.tmp $out/setup 17

+3 -5

pkgs/stdenv/generic/default.nix

··· 10 , setupScript ? ./setup.sh 11 12 , extraBuildInputs ? [] 13 - 14 - , skipPaxMarking ? false 15 }: 16 17 let ··· 55 setup = setupScript; 56 57 inherit preHook initialPath gcc shell; 58 - 59 - # Whether we should run paxctl to pax-mark binaries 60 - needsPax = result.isLinux && !skipPaxMarking; 61 62 propagatedUserEnvPkgs = [gcc] ++ 63 lib.filter lib.isDerivation initialPath; ··· 180 isArm = system == "armv5tel-linux" 181 || system == "armv6l-linux" 182 || system == "armv7l-linux"; 183 184 # For convenience, bring in the library functions in lib/ so 185 # packages don't have to do that themselves.

··· 10 , setupScript ? ./setup.sh 11 12 , extraBuildInputs ? [] 13 }: 14 15 let ··· 53 setup = setupScript; 54 55 inherit preHook initialPath gcc shell; 56 57 propagatedUserEnvPkgs = [gcc] ++ 58 lib.filter lib.isDerivation initialPath; ··· 175 isArm = system == "armv5tel-linux" 176 || system == "armv6l-linux" 177 || system == "armv7l-linux"; 178 + 179 + # Whether we should run paxctl to pax-mark binaries. 180 + needsPax = isLinux; 181 182 # For convenience, bring in the library functions in lib/ so 183 # packages don't have to do that themselves.

+3 -16

pkgs/stdenv/generic/setup.sh

··· 337 export NIX_BUILD_CORES 338 339 340 - ###################################################################### 341 - # Misc. helper functions. 342 - 343 - 344 - # PaX-mark binaries 345 - paxmark() { 346 - local flags="$1" 347 - shift 348 - 349 - if [ -z "@needsPax@" ]; then 350 - return 351 - fi 352 - 353 - paxctl -c "$@" 354 - paxctl -zex -${flags} "$@" 355 - } 356 357 358 ######################################################################

··· 337 export NIX_BUILD_CORES 338 339 340 + # Dummy implementation of the paxmark function. On Linux, this is 341 + # overwritten by paxctl's setup hook. 342 + paxmark() { true; } 343 344 345 ######################################################################