Thu May 26 16:03:04 2016 UTC ()
Import mini-framework for paxctl(8) on NetBSD/{amd64,i386}
This allows setting flags for PaX on select binaries. Two new variables
are introduced for packages: NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE.
They both expect a list of binaries are known to not support PaX ASLR
and/or PaX MPROTECT, respectively.
"Please commit" wiz@
(khorben)
diff -r1.2018 -r1.2019 pkgsrc/mk/bsd.pkg.mk
diff -r0 -r1.1 pkgsrc/mk/pax.mk
diff -r1.57 -r1.58 pkgsrc/mk/tools/tools.NetBSD.mk
--- pkgsrc/mk/bsd.pkg.mk 2016/03/23 11:50:01 1.2018
+++ pkgsrc/mk/bsd.pkg.mk 2016/05/26 16:03:04 1.2019
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.pkg.mk,v 1.2018 2016/03/23 11:50:01 jperkin Exp $
+# $NetBSD: bsd.pkg.mk,v 1.2019 2016/05/26 16:03:04 khorben Exp $
#
# This file is in the public domain.
#
@@ -677,6 +677,10 @@
_SHORT_UNAME_R= ${:!${UNAME} -r!:C@\.([0-9]*)[_.-].*@.\1@} # n.n[_.]anything => n.n
.include "install/bin-install.mk"
+
+# Handle PaX flags
+#
+.include "pax.mk"
.PHONY: show-pkgtools-version
.if !target(show-pkgtools-version)
# $NetBSD: pax.mk,v 1.1 2016/05/26 16:03:04 khorben Exp $
#
# Infrastructure support for binaries known to fail with PaX enabled.
#
# User-settable variables:
# PAXCTL
# The path to the paxctl(8) binary
#
# Package-settable variables:
#
# NOT_PAX_ASLR_SAFE
# The list of binaries which do not support PaX ASLR.
#
# NOT_PAX_MPROTECT_SAFE
# The list of binaries which do not support PaX MPROTECT.
.if !defined(PAX_MK)
. if defined(TOOLS_PLATFORM.paxctl)
PAXCTL= ${TOOLS_PLATFORM.paxctl}
. if !empty(NOT_PAX_ASLR_SAFE)
_INSTALL_ALL_TARGETS+= post-install-pax-aslr-binaries
.PHONY: post-install-pax-aslr-binaries
post-install: post-install-pax-aslr-binaries
post-install-pax-aslr-binaries:
@${STEP_MSG} "Setting PaX ASLR flags"
${RUN} \
for binary in ${NOT_PAX_ASLR_SAFE}; do \
${PAXCTL} +a ${DESTDIR}${PREFIX}/$$binary; \
done
. endif
. if !empty(NOT_PAX_MPROTECT_SAFE)
_INSTALL_ALL_TARGETS+= post-install-pax-mprotect-binaries
.PHONY: post-install-pax-mprotect-binaries
post-install: post-install-pax-mprotect-binaries
post-install-pax-mprotect-binaries:
@${STEP_MSG} "Setting PaX MPROTECT flags"
${RUN} \
for binary in ${NOT_PAX_MPROTECT_SAFE}; do \
${PAXCTL} +m ${DESTDIR}${PREFIX}/$$binary; \
done
. endif
. endif
.endif
--- pkgsrc/mk/tools/tools.NetBSD.mk 2015/09/08 11:36:34 1.57
+++ pkgsrc/mk/tools/tools.NetBSD.mk 2016/05/26 16:03:04 1.58