You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
4.7 KiB
164 lines
4.7 KiB
Author: Ralph Sennhaser <sera@gentoo.org>
|
|
|
|
The idea is to apply the pax markings before using a freshly built jdk. Be it
|
|
for running tests or building additonal vms or after bootstrap to build the
|
|
final jdk.
|
|
|
|
There are currently two types of pax markings with the userspace utilities
|
|
chpax and paxctl. Both types of pax marking are base on modifing the ELFs. A
|
|
third type based on xattrs is in development.
|
|
|
|
diff --git a/Makefile.am b/Makefile.am
|
|
index 82ef261..e17fa5f 100644
|
|
--- a/Makefile.am
|
|
+++ b/Makefile.am
|
|
@@ -421,8 +421,10 @@ else
|
|
ICEDTEA_PATCHES += patches/nss-not-enabled-config.patch
|
|
endif
|
|
|
|
-if HAS_PAX
|
|
-ICEDTEA_PATCHES += patches/no-test_gamma.patch
|
|
+if WITH_PAX
|
|
+ICEDTEA_PATCHES += \
|
|
+ patches/no-test_gamma.patch \
|
|
+ patches/pax-mark-rmic-java.patch
|
|
endif
|
|
|
|
ICEDTEA_PATCHES += $(DISTRIBUTION_PATCHES)
|
|
@@ -450,7 +450,7 @@ ICEDTEA_ECJ_PATCHES += patches/ecj/cp40188-opengl.patch
|
|
endif
|
|
endif
|
|
|
|
-if !HAS_PAX
|
|
+if !WITH_PAX
|
|
ICEDTEA_ECJ_PATCHES += patches/ecj/no-test_gamma.patch
|
|
endif
|
|
|
|
@@ -1359,6 +1359,7 @@ stamps/icedtea.stamp: stamps/bootstrap-directory-symlink.stamp \
|
|
$(ICEDTEA_ENV) \
|
|
-C openjdk \
|
|
$(ICEDTEA_BUILD_TARGET)
|
|
+ $(abs_top_builddir)/pax-mark-vm $(BUILD_OUTPUT_DIR)/j2sdk-image
|
|
mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/$(INSTALL_ARCH_DIR)
|
|
mkdir -p $(BUILD_OUTPUT_DIR)/j2re-image/lib/$(INSTALL_ARCH_DIR)
|
|
mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/ext
|
|
@@ -1586,6 +1587,7 @@ stamps/icedtea-ecj.stamp: stamps/bootstrap-directory-symlink-ecj.stamp \
|
|
$(ICEDTEA_ENV_ECJ) \
|
|
-C openjdk-ecj/ \
|
|
$(ICEDTEA_BUILD_TARGET)
|
|
+ $(abs_top_builddir)/pax-mark-vm $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image
|
|
@echo "ecj-poured IcedTea is served:" \
|
|
$(ECJ_BUILD_OUTPUT_DIR)
|
|
mkdir -p stamps
|
|
diff --git a/acinclude.m4 b/acinclude.m4
|
|
index 503131c..e80b209 100644
|
|
--- a/acinclude.m4
|
|
+++ b/acinclude.m4
|
|
@@ -1677,3 +1677,49 @@ AM_CONDITIONAL([CP39408_JAVAH], test x"${it_cv_cp39408_javah}" = "xyes")
|
|
AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes")
|
|
AC_PROVIDE([$0])dnl
|
|
])
|
|
+
|
|
+AC_DEFUN_ONCE([IT_WITH_PAX],
|
|
+[
|
|
+ AC_MSG_CHECKING([for pax utility to use])
|
|
+ AC_ARG_WITH([pax],
|
|
+ [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)],
|
|
+ [
|
|
+ PAX_COMMAND=${withval}
|
|
+ if test "x${PAX_COMMAND}" = "xno"; then
|
|
+ PAX_COMMAND="not specified"
|
|
+ fi
|
|
+ ],
|
|
+ [
|
|
+ PAX_COMMAND="not specified"
|
|
+ ])
|
|
+ case "x${PAX_COMMAND}" in
|
|
+ xchpax)
|
|
+ case "${host_cpu}" in
|
|
+ i?86)
|
|
+ PAX_COMMAND_ARGS="-msp"
|
|
+ ;;
|
|
+ *)
|
|
+ PAX_COMMAND_ARGS="-m"
|
|
+ ;;
|
|
+ esac
|
|
+ ;;
|
|
+ xpaxctl)
|
|
+ case "${host_cpu}" in
|
|
+ i?86)
|
|
+ PAX_COMMAND_ARGS="-msp"
|
|
+ ;;
|
|
+ *)
|
|
+ PAX_COMMAND_ARGS="-m"
|
|
+ ;;
|
|
+ esac
|
|
+ ;;
|
|
+ *)
|
|
+ PAX_COMMAND="not specified"
|
|
+ PAX_COMMAND_ARGS="not specified"
|
|
+ ;;
|
|
+ esac
|
|
+ AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified")
|
|
+ AC_MSG_RESULT(${PAX_COMMAND})
|
|
+ AC_SUBST(PAX_COMMAND)
|
|
+ AC_SUBST(PAX_COMMAND_ARGS)
|
|
+])
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 580840e..f37ef68 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -51,7 +51,6 @@ IT_CHECK_GCC_VERSION
|
|
IT_CHECK_NUMBER_OF_PARALLEL_JOBS
|
|
IT_CP_SUPPORTS_REFLINK
|
|
IT_CAN_HARDLINK_TO_SOURCE_TREE
|
|
-IT_CHECK_FOR_PAX
|
|
IT_LOCATE_NSS
|
|
|
|
# Use xvfb-run if found to run gui tests (check-jdk).
|
|
@@ -189,6 +188,9 @@ IT_WITH_TZDATA_DIR
|
|
IT_GETDTDTYPE_CHECK
|
|
IT_JAVAH
|
|
|
|
+IT_WITH_PAX
|
|
+AC_CONFIG_FILES([pax-mark-vm], [chmod +x pax-mark-vm])
|
|
+
|
|
dnl pkgconfig cannot be used to find these headers and libraries.
|
|
AC_CHECK_HEADERS([cups/cups.h cups/ppd.h],[]
|
|
,[AC_MSG_ERROR("CUPS headers were not found -
|
|
diff --git a/pax-mark-vm.in b/pax-mark-vm.in
|
|
new file mode 100644
|
|
index 0000000..bdff735
|
|
--- /dev/null
|
|
+++ b/pax-mark-vm.in
|
|
@@ -0,0 +1,13 @@
|
|
+#!/bin/sh
|
|
+
|
|
+# Taken from Gentoo's pax-utils.eclass
|
|
+list_paxables() {
|
|
+ file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
|
|
+}
|
|
+
|
|
+if test "@PAX_COMMAND@" != "not specified"; then
|
|
+ for paxable in `list_paxables "${1}"/bin/* "${1}"/jre/bin/*`; do
|
|
+ echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}"
|
|
+ @PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}"
|
|
+ done
|
|
+fi
|
|
diff --git a/patches/pax-mark-rmic-java.patch b/patches/pax-mark-rmic-java.patch
|
|
new file mode 100644
|
|
index 0000000..ad80f3a
|
|
--- /dev/null
|
|
+++ b/patches/pax-mark-rmic-java.patch
|
|
@@ -0,0 +1,10 @@
|
|
+--- openjdk/jdk/make/com/sun/jmx/Makefile
|
|
++++ openjdk/jdk/make/com/sun/jmx/Makefile
|
|
+@@ -119,6 +119,7 @@
|
|
+
|
|
+ $(CLASSDESTDIR)/%_Stub.class: $(CLASSDESTDIR)/%.class
|
|
+ $(prep-target)
|
|
++ "$(TOPDIR)"/../../pax-mark-vm "$(OUTPUTDIR)"
|
|
+ $(RMIC) -classpath "$(CLASSDESTDIR)" \
|
|
+ -d $(CLASSDESTDIR) \
|
|
+ -v1.2 \
|