From 3d3aea09b9da4cfc30faa6e145f4117d0cf4859f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Sat, 15 Mar 2014 09:05:40 +0100 Subject: [PATCH] fix paxmark on non-linux (a bug in grsecurity PR #1187) --- pkgs/stdenv/generic/builder.sh | 1 + pkgs/stdenv/generic/default.nix | 11 ++++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/stdenv/generic/builder.sh b/pkgs/stdenv/generic/builder.sh index fd4c17ca2519..60360e7b8256 100644 --- a/pkgs/stdenv/generic/builder.sh +++ b/pkgs/stdenv/generic/builder.sh @@ -12,6 +12,7 @@ cat "$setup" >> $out/setup sed -e "s^@initialPath@^$initialPath^g" \ -e "s^@gcc@^$gcc^g" \ -e "s^@shell@^$shell^g" \ + -e "s^@needsPax@^$needsPax^g" \ < $out/setup > $out/setup.tmp mv $out/setup.tmp $out/setup diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 1e2d76bb9810..cba456313f39 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -31,11 +31,19 @@ let builder = shell; args = ["-e" ./builder.sh]; + /* TODO: special-cased @var@ substitutions are ugly. + However, using substituteAll* from setup.sh seems difficult, + as setup.sh can't be directly sourced. + Suggestion: split similar utility functions into a separate script. + */ setup = setupScript; inherit preHook initialPath gcc shell; + # Whether we should run paxctl to pax-mark binaries + needsPax = result.isLinux && !skipPaxMarking; + propagatedUserEnvPkgs = [gcc] ++ lib.filter lib.isDerivation initialPath; @@ -159,9 +167,6 @@ let || system == "armv6l-linux" || system == "armv7l-linux"; - # Whether we should run paxctl to pax-mark binaries - needsPax = isLinux && !skipPaxMarking; - # For convenience, bring in the library functions in lib/ so # packages don't have to do that themselves. inherit lib;