diff options
| author | Ricardo M. Correia <rcorreia@wizy.org> | 2014-02-19 18:45:58 +0100 |
|---|---|---|
| committer | Ricardo M. Correia <rcorreia@wizy.org> | 2014-05-15 13:25:49 +0200 |
| commit | df503a2ad471df106d7c7ee2c3bad54200036fee (patch) | |
| tree | 455b59beb16badd6563642c78267119d45b2329b /pkgs/development/compilers/openjdk/bootstrap.nix | |
| parent | 2204eb9f18a32b1d2ca3498ebf1a820da75de8c3 (diff) | |
| download | nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar.gz nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar.bz2 nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar.lz nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar.xz nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.tar.zst nixpkgs-df503a2ad471df106d7c7ee2c3bad54200036fee.zip | |
openjdkBootstrap: Add support for grsecurity
Diffstat (limited to 'pkgs/development/compilers/openjdk/bootstrap.nix')
| -rw-r--r-- | pkgs/development/compilers/openjdk/bootstrap.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pkgs/development/compilers/openjdk/bootstrap.nix b/pkgs/development/compilers/openjdk/bootstrap.nix index 01ed43069b6..222ab010c26 100644 --- a/pkgs/development/compilers/openjdk/bootstrap.nix +++ b/pkgs/development/compilers/openjdk/bootstrap.nix @@ -1,4 +1,4 @@ -{ runCommand, glibc, fetchurl }: +{ stdenv, runCommand, glibc, fetchurl, file }: let # !!! These should be on nixos.org @@ -18,4 +18,12 @@ in runCommand "openjdk-bootstrap" {} '' xz -dc ${src} | sed "s/e*-glibc-[^/]*/$(basename ${glibc})/g" | tar xv mv openjdk-bootstrap $out + + # Temporarily, while NixOS's OpenJDK bootstrap tarball doesn't have PaX markings: + exes=$(${file}/bin/file $out/bin/* 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//') + for file in $exes; do + paxmark m "$file" + # On x86 for heap sizes over 700MB disable SEGMEXEC and PAGEEXEC as well. + ${stdenv.lib.optionalString stdenv.isi686 ''paxmark msp "$file"''} + done '' |