qt5.6/5.7: PaX compat qtwebengine

* paxmark QtWebEngineProcess so it executes on PaX kernels * when building on host w/PaX apply patch to fix mksnapshot Patch taken from Gentoo[1], slightly modified to use paxctl directly. [1] https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-qt/qtwebengine/files/qtwebengine-paxmark-mksnapshot.patch
author: Will Dietz <w@wdtz.org> 2016-12-07 13:12:47 -0600
committer: Will Dietz <w@wdtz.org> 2016-12-07 20:02:41 -0600
commit: 7c29e476a76b691ca30cbbe07f75f589c11861e7 (patch)
tree: 8abb14c179371da9746ecb3c8eb7d73f05e15f79 /pkgs/development/libraries/qt-5
parent: 1c50bdd928cec055d2ca842e2cf567aba2584efc (diff)
download: nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.gz
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.bz2
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.lz
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.xz
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.zst
nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.zip
5 files changed, 102 insertions, 2 deletions
diff --git a/pkgs/development/libraries/qt-5/5.6/qtwebengine/default.nix b/pkgs/development/libraries/qt-5/5.6/qtwebengine/default.nix
index 29a5349ecea..96b6cca75aa 100644
--- a/pkgs/development/libraries/qt-5/5.6/qtwebengine/default.nix
+++ b/pkgs/development/libraries/qt-5/5.6/qtwebengine/default.nix
@@ -11,6 +11,7 @@
 , coreutils
 , pkgconfig, python2
 
+, stdenv # lib.optional, needsPax
 }:
 
 qtSubmodule {
@@ -60,11 +61,14 @@ qtSubmodule {
   ];
   patches = [
     ./chromium-clang-update-py.patch
-  ];
+  ] ++ stdenv.lib.optional stdenv.needsPax ./qtwebengine-paxmark-mksnapshot.patch;
+
   postInstall = ''
     cat > $out/libexec/qt.conf <<EOF
     [Paths]
     Prefix = ..
     EOF
+
+    paxmark m $out/libexec/QtWebEngineProcess
   '';
 }
diff --git a/pkgs/development/libraries/qt-5/5.6/qtwebengine/qtwebengine-paxmark-mksnapshot.patch b/pkgs/development/libraries/qt-5/5.6/qtwebengine/qtwebengine-paxmark-mksnapshot.patch
new file mode 100644
index 00000000000..b3316188f7d
--- /dev/null
+++ b/pkgs/development/libraries/qt-5/5.6/qtwebengine/qtwebengine-paxmark-mksnapshot.patch
@@ -0,0 +1,46 @@
+--- qtwebengine-opensource-src-5.6.0-orig/src/3rdparty/chromium/v8/tools/gyp/v8.gyp	2016-03-04 01:48:36.000000000 +1100
++++ qtwebengine-opensource-src-5.6.0/src/3rdparty/chromium/v8/tools/gyp/v8.gyp	2016-05-01 19:15:44.052770543 +1000
+@@ -33,6 +33,7 @@
+     'embed_script%': "",
+     'v8_extra_library_files%': [],
+     'mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot<(EXECUTABLE_SUFFIX)',
++    'mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'remove_v8base_debug_symbols%': 0,
+   },
+   'includes': ['../../build/toolchain.gypi', '../../build/features.gypi'],
+@@ -1913,7 +1914,7 @@
+         ]
+     },
+     {
+-      'target_name': 'mksnapshot',
++      'target_name': 'mksnapshot_u',
+       'type': 'executable',
+       'dependencies': ['v8_base', 'v8_nosnapshot', 'v8_libplatform'],
+       'include_dirs+': [
+@@ -1936,5 +1937,26 @@
+         }],
+       ],
+     },
++    {
++      'target_name': 'mksnapshot',
++      'type': 'executable',
++      'dependencies': ['mksnapshot_u'],
++      'actions': [
++        {
++          'action_name': 'paxmark_m_mksnapshot',
++          'inputs': [
++            '<(mksnapshot_u_exec)',
++          ],
++          'outputs': [
++            '<(mksnapshot_exec)',
++          ],
++          'action': [
++            'sh',
++            '-c',
++            'cp <(mksnapshot_u_exec) <(mksnapshot_exec) && paxctl -czexm <(mksnapshot_exec)',
++          ],
++        },
++      ],
++    },
+   ],
+ }
diff --git a/pkgs/development/libraries/qt-5/5.7/default.nix b/pkgs/development/libraries/qt-5/5.7/default.nix
index b3a8b4d05eb..9c35e814a04 100644
--- a/pkgs/development/libraries/qt-5/5.7/default.nix
+++ b/pkgs/development/libraries/qt-5/5.7/default.nix
@@ -90,7 +90,7 @@ let
       qttranslations = callPackage ./qttranslations.nix {};
       qtwayland = callPackage ./qtwayland.nix {};
       qtwebchannel = callPackage ./qtwebchannel.nix {};
-      qtwebengine = callPackage ./qtwebengine.nix {};
+      qtwebengine = callPackage ./qtwebengine {};
       qtwebkit = callPackage ./qtwebkit {};
       qtwebsockets = callPackage ./qtwebsockets.nix {};
       qtx11extras = callPackage ./qtx11extras.nix {};
diff --git a/pkgs/development/libraries/qt-5/5.7/qtwebengine.nix b/pkgs/development/libraries/qt-5/5.7/qtwebengine/default.nix
index ab40dcd4c6e..e7cb8c0ec62 100644
--- a/pkgs/development/libraries/qt-5/5.7/qtwebengine.nix
+++ b/pkgs/development/libraries/qt-5/5.7/qtwebengine/default.nix
@@ -11,6 +11,7 @@
 , coreutils
 , pkgconfig, python2
 
+, stdenv # lib.optional, needsPax
 }:
 
 qtSubmodule {
@@ -53,10 +54,13 @@ qtSubmodule {
     libcap
     pciutils
   ];
+  patches = stdenv.lib.optional stdenv.needsPax ./qtwebengine-paxmark-mksnapshot.patch;
   postInstall = ''
     cat > $out/libexec/qt.conf <<EOF
     [Paths]
     Prefix = ..
     EOF
+
+    paxmark m $out/libexec/QtWebEngineProcess
   '';
 }
diff --git a/pkgs/development/libraries/qt-5/5.7/qtwebengine/qtwebengine-paxmark-mksnapshot.patch b/pkgs/development/libraries/qt-5/5.7/qtwebengine/qtwebengine-paxmark-mksnapshot.patch
new file mode 100644
index 00000000000..b3316188f7d
--- /dev/null
+++ b/pkgs/development/libraries/qt-5/5.7/qtwebengine/qtwebengine-paxmark-mksnapshot.patch
@@ -0,0 +1,46 @@
+--- qtwebengine-opensource-src-5.6.0-orig/src/3rdparty/chromium/v8/tools/gyp/v8.gyp	2016-03-04 01:48:36.000000000 +1100
++++ qtwebengine-opensource-src-5.6.0/src/3rdparty/chromium/v8/tools/gyp/v8.gyp	2016-05-01 19:15:44.052770543 +1000
+@@ -33,6 +33,7 @@
+     'embed_script%': "",
+     'v8_extra_library_files%': [],
+     'mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot<(EXECUTABLE_SUFFIX)',
++    'mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'remove_v8base_debug_symbols%': 0,
+   },
+   'includes': ['../../build/toolchain.gypi', '../../build/features.gypi'],
+@@ -1913,7 +1914,7 @@
+         ]
+     },
+     {
+-      'target_name': 'mksnapshot',
++      'target_name': 'mksnapshot_u',
+       'type': 'executable',
+       'dependencies': ['v8_base', 'v8_nosnapshot', 'v8_libplatform'],
+       'include_dirs+': [
+@@ -1936,5 +1937,26 @@
+         }],
+       ],
+     },
++    {
++      'target_name': 'mksnapshot',
++      'type': 'executable',
++      'dependencies': ['mksnapshot_u'],
++      'actions': [
++        {
++          'action_name': 'paxmark_m_mksnapshot',
++          'inputs': [
++            '<(mksnapshot_u_exec)',
++          ],
++          'outputs': [
++            '<(mksnapshot_exec)',
++          ],
++          'action': [
++            'sh',
++            '-c',
++            'cp <(mksnapshot_u_exec) <(mksnapshot_exec) && paxctl -czexm <(mksnapshot_exec)',
++          ],
++        },
++      ],
++    },
+   ],
+ }
author	Will Dietz <w@wdtz.org>	2016-12-07 13:12:47 -0600
committer	Will Dietz <w@wdtz.org>	2016-12-07 20:02:41 -0600
commit	7c29e476a76b691ca30cbbe07f75f589c11861e7 (patch)
tree	8abb14c179371da9746ecb3c8eb7d73f05e15f79 /pkgs/development/libraries/qt-5
parent	1c50bdd928cec055d2ca842e2cf567aba2584efc (diff)
download	nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.gz nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.bz2 nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.lz nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.xz nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.tar.zst nixpkgs-7c29e476a76b691ca30cbbe07f75f589c11861e7.zip