diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-06-30 14:26:23 +0200 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-08-09 12:44:50 +0200 |
| commit | 9f822e5477bc32b77af39b5bf8cf50b56b97c196 (patch) | |
| tree | 910f6142a6da027a9012b95199f11bc9a463cd03 | |
| parent | d7b356f73b41640f5ee741f004c4fb41e0471d30 (diff) | |
| download | nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar.gz nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar.bz2 nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar.lz nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar.xz nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.tar.zst nixpkgs-9f822e5477bc32b77af39b5bf8cf50b56b97c196.zip | |
stdenv: Move paxmark function to paxctl's setup hook
| -rw-r--r-- | pkgs/os-specific/linux/paxctl/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/paxctl/setup-hook.sh | 8 | ||||
| -rw-r--r-- | pkgs/stdenv/generic/builder.sh | 1 | ||||
| -rw-r--r-- | pkgs/stdenv/generic/default.nix | 8 | ||||
| -rw-r--r-- | pkgs/stdenv/generic/setup.sh | 19 |
5 files changed, 16 insertions, 22 deletions
diff --git a/pkgs/os-specific/linux/paxctl/default.nix b/pkgs/os-specific/linux/paxctl/default.nix index 8e70ddd8434..795ffa38ac4 100644 --- a/pkgs/os-specific/linux/paxctl/default.nix +++ b/pkgs/os-specific/linux/paxctl/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { "MANDIR=share/man/man1" ]; + setupHook = ./setup-hook.sh; + meta = with stdenv.lib; { description = "A tool for controlling PaX flags on a per binary basis"; homepage = "https://pax.grsecurity.net"; diff --git a/pkgs/os-specific/linux/paxctl/setup-hook.sh b/pkgs/os-specific/linux/paxctl/setup-hook.sh new file mode 100644 index 00000000000..11a6bb9910f --- /dev/null +++ b/pkgs/os-specific/linux/paxctl/setup-hook.sh @@ -0,0 +1,8 @@ +# PaX-mark binaries. +paxmark() { + local flags="$1" + shift + + paxctl -c "$@" + paxctl -zex -${flags} "$@" +} diff --git a/pkgs/stdenv/generic/builder.sh b/pkgs/stdenv/generic/builder.sh index 60360e7b825..fd4c17ca251 100644 --- a/pkgs/stdenv/generic/builder.sh +++ b/pkgs/stdenv/generic/builder.sh @@ -12,7 +12,6 @@ cat "$setup" >> $out/setup sed -e "s^@initialPath@^$initialPath^g" \ -e "s^@gcc@^$gcc^g" \ -e "s^@shell@^$shell^g" \ - -e "s^@needsPax@^$needsPax^g" \ < $out/setup > $out/setup.tmp mv $out/setup.tmp $out/setup diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index f370aec88cf..28a3c1e9f3b 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -10,8 +10,6 @@ let lib = import ../../../lib; in lib.makeOverridable ( , setupScript ? ./setup.sh , extraBuildInputs ? [] - -, skipPaxMarking ? false }: let @@ -56,9 +54,6 @@ let inherit preHook initialPath gcc shell; - # Whether we should run paxctl to pax-mark binaries - needsPax = result.isLinux && !skipPaxMarking; - propagatedUserEnvPkgs = [gcc] ++ lib.filter lib.isDerivation initialPath; } @@ -181,6 +176,9 @@ let || system == "armv6l-linux" || system == "armv7l-linux"; + # Whether we should run paxctl to pax-mark binaries. + needsPax = isLinux; + # For convenience, bring in the library functions in lib/ so # packages don't have to do that themselves. inherit lib; diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh index e5fdbdf2d53..72db7dc6004 100644 --- a/pkgs/stdenv/generic/setup.sh +++ b/pkgs/stdenv/generic/setup.sh @@ -337,22 +337,9 @@ fi export NIX_BUILD_CORES -###################################################################### -# Misc. helper functions. - - -# PaX-mark binaries -paxmark() { - local flags="$1" - shift - - if [ -z "@needsPax@" ]; then - return - fi - - paxctl -c "$@" - paxctl -zex -${flags} "$@" -} +# Dummy implementation of the paxmark function. On Linux, this is +# overwritten by paxctl's setup hook. +paxmark() { true; } ###################################################################### |