stdenv: Move paxmark function to paxctl's setup hook
This commit is contained in:
Eelco Dolstra
parent
d7b356f73b
commit
9f822e5477
@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
|
||||
"MANDIR=share/man/man1"
|
||||
];
|
||||
|
||||
setupHook = ./setup-hook.sh;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "A tool for controlling PaX flags on a per binary basis";
|
||||
homepage = "https://pax.grsecurity.net";
|
||||
|
||||
8
pkgs/os-specific/linux/paxctl/setup-hook.sh
Normal file
8
pkgs/os-specific/linux/paxctl/setup-hook.sh
Normal file
@ -0,0 +1,8 @@
|
||||
# PaX-mark binaries.
|
||||
paxmark() {
|
||||
local flags="$1"
|
||||
shift
|
||||
|
||||
paxctl -c "$@"
|
||||
paxctl -zex -${flags} "$@"
|
||||
}
|
||||
@ -12,7 +12,6 @@ cat "$setup" >> $out/setup
|
||||
sed -e "s^@initialPath@^$initialPath^g" \
|
||||
-e "s^@gcc@^$gcc^g" \
|
||||
-e "s^@shell@^$shell^g" \
|
||||
-e "s^@needsPax@^$needsPax^g" \
|
||||
< $out/setup > $out/setup.tmp
|
||||
mv $out/setup.tmp $out/setup
|
||||
|
||||
|
||||
@ -10,8 +10,6 @@ let lib = import ../../../lib; in lib.makeOverridable (
|
||||
, setupScript ? ./setup.sh
|
||||
|
||||
, extraBuildInputs ? []
|
||||
|
||||
, skipPaxMarking ? false
|
||||
}:
|
||||
|
||||
let
|
||||
@ -56,9 +54,6 @@ let
|
||||
|
||||
inherit preHook initialPath gcc shell;
|
||||
|
||||
# Whether we should run paxctl to pax-mark binaries
|
||||
needsPax = result.isLinux && !skipPaxMarking;
|
||||
|
||||
propagatedUserEnvPkgs = [gcc] ++
|
||||
lib.filter lib.isDerivation initialPath;
|
||||
}
|
||||
@ -181,6 +176,9 @@ let
|
||||
|| system == "armv6l-linux"
|
||||
|| system == "armv7l-linux";
|
||||
|
||||
# Whether we should run paxctl to pax-mark binaries.
|
||||
needsPax = isLinux;
|
||||
|
||||
# For convenience, bring in the library functions in lib/ so
|
||||
# packages don't have to do that themselves.
|
||||
inherit lib;
|
||||
|
||||
@ -337,22 +337,9 @@ fi
|
||||
export NIX_BUILD_CORES
|
||||
|
||||
|
||||
######################################################################
|
||||
# Misc. helper functions.
|
||||
|
||||
|
||||
# PaX-mark binaries
|
||||
paxmark() {
|
||||
local flags="$1"
|
||||
shift
|
||||
|
||||
if [ -z "@needsPax@" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
paxctl -c "$@"
|
||||
paxctl -zex -${flags} "$@"
|
||||
}
|
||||
# Dummy implementation of the paxmark function. On Linux, this is
|
||||
# overwritten by paxctl's setup hook.
|
||||
paxmark() { true; }
|
||||
|
||||
|
||||
######################################################################
|
||||
|
||||
Loading…
Reference in New Issue
Block a user