Thu May 26 16:03:04 2016 UTC ()
Import mini-framework for paxctl(8) on NetBSD/{amd64,i386}

This allows setting flags for PaX on select binaries. Two new variables
are introduced for packages: NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE.
They both expect a list of binaries are known to not support PaX ASLR
and/or PaX MPROTECT, respectively.

"Please commit" wiz@


(khorben)
diff -r1.2018 -r1.2019 pkgsrc/mk/bsd.pkg.mk
diff -r0 -r1.1 pkgsrc/mk/pax.mk
diff -r1.57 -r1.58 pkgsrc/mk/tools/tools.NetBSD.mk
cvs diff -r1.2018 -r1.2019 pkgsrc/mk/bsd.pkg.mk (expand / switch to context diff)
--- pkgsrc/mk/bsd.pkg.mk 2016/03/23 11:50:01 1.2018
+++ pkgsrc/mk/bsd.pkg.mk 2016/05/26 16:03:04 1.2019
@@ -1,4 +1,4 @@
-#	$NetBSD: bsd.pkg.mk,v 1.2018 2016/03/23 11:50:01 jperkin Exp $
+#	$NetBSD: bsd.pkg.mk,v 1.2019 2016/05/26 16:03:04 khorben Exp $
 #
 # This file is in the public domain.
 #
@@ -677,6 +677,10 @@
 _SHORT_UNAME_R=	${:!${UNAME} -r!:C@\.([0-9]*)[_.-].*@.\1@} # n.n[_.]anything => n.n
 
 .include "install/bin-install.mk"
+
+# Handle PaX flags
+#
+.include "pax.mk"
 
 .PHONY: show-pkgtools-version
 .if !target(show-pkgtools-version)
File Added: pkgsrc/mk/pax.mk
# $NetBSD: pax.mk,v 1.1 2016/05/26 16:03:04 khorben Exp $
#
# Infrastructure support for binaries known to fail with PaX enabled.
#
# User-settable variables:
# PAXCTL
#	The path to the paxctl(8) binary
#
# Package-settable variables:
#
# NOT_PAX_ASLR_SAFE
#	The list of binaries which do not support PaX ASLR.
#
# NOT_PAX_MPROTECT_SAFE
#	The list of binaries which do not support PaX MPROTECT.

.if !defined(PAX_MK)

. if defined(TOOLS_PLATFORM.paxctl)
PAXCTL=	${TOOLS_PLATFORM.paxctl}
.  if !empty(NOT_PAX_ASLR_SAFE)
_INSTALL_ALL_TARGETS+=		post-install-pax-aslr-binaries

.PHONY: post-install-pax-aslr-binaries
post-install: post-install-pax-aslr-binaries
post-install-pax-aslr-binaries:
	@${STEP_MSG} "Setting PaX ASLR flags"
	${RUN}								\
	for binary in ${NOT_PAX_ASLR_SAFE}; do				\
		${PAXCTL} +a ${DESTDIR}${PREFIX}/$$binary;		\
	done
.  endif

.  if !empty(NOT_PAX_MPROTECT_SAFE)
_INSTALL_ALL_TARGETS+=		post-install-pax-mprotect-binaries

.PHONY: post-install-pax-mprotect-binaries
post-install: post-install-pax-mprotect-binaries
post-install-pax-mprotect-binaries:
	@${STEP_MSG} "Setting PaX MPROTECT flags"
	${RUN}								\
	for binary in ${NOT_PAX_MPROTECT_SAFE}; do			\
		${PAXCTL} +m ${DESTDIR}${PREFIX}/$$binary;		\
	done
.  endif
. endif

.endif
cvs diff -r1.57 -r1.58 pkgsrc/mk/tools/tools.NetBSD.mk (expand / switch to context diff)
--- pkgsrc/mk/tools/tools.NetBSD.mk 2015/09/08 11:36:34 1.57
+++ pkgsrc/mk/tools/tools.NetBSD.mk 2016/05/26 16:03:04 1.58
@@ -1,4 +1,4 @@
-# $NetBSD: tools.NetBSD.mk,v 1.57 2015/09/08 11:36:34 jperkin Exp $
+# $NetBSD: tools.NetBSD.mk,v 1.58 2016/05/26 16:03:04 khorben Exp $
 #
 # System-supplied tools for the NetBSD operating system.
 
@@ -83,6 +83,10 @@
 TOOLS_PLATFORM.openssl?=	/usr/bin/openssl
 TOOLS_PLATFORM.patch?=		/usr/bin/patch
 TOOLS_PLATFORM.pax?=		/bin/pax
+.if empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-386) || \
+	empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-x86_64)
+TOOLS_PLATFORM.paxctl?=		/usr/sbin/paxctl
+.endif
 TOOLS_PLATFORM.printf?=		/usr/bin/printf
 TOOLS_PLATFORM.pwd?=		/bin/pwd
 .if empty(USE_CROSS_COMPILE:M[yY][eE][sS])