Author: Ralph Sennhaser The idea is to apply the pax markings before using a freshly built jdk. Be it for running tests or building additonal vms or after bootstrap to build the final jdk. There are currently two types of pax markings with the userspace utilities chpax and paxctl. Both types of pax marking are base on modifing the ELFs. A third type based on xattrs is in development. diff --git a/Makefile.am b/Makefile.am index 82ef261..e17fa5f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -421,7 +421,7 @@ else ICEDTEA_PATCHES += patches/nss-not-enabled-config.patch endif -if HAS_PAX +if WITH_PAX ICEDTEA_PATCHES += patches/no-test_gamma.patch endif @@ -450,7 +450,7 @@ ICEDTEA_ECJ_PATCHES += patches/ecj/cp40188-opengl.patch endif endif -if !HAS_PAX +if !WITH_PAX ICEDTEA_ECJ_PATCHES += patches/ecj/no-test_gamma.patch endif @@ -1359,6 +1359,7 @@ stamps/icedtea.stamp: stamps/bootstrap-directory-symlink.stamp \ $(ICEDTEA_ENV) \ -C openjdk \ $(ICEDTEA_BUILD_TARGET) + $(abs_top_builddir)/pax-mark-vm $(BUILD_OUTPUT_DIR)/j2sdk-image mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/$(INSTALL_ARCH_DIR) mkdir -p $(BUILD_OUTPUT_DIR)/j2re-image/lib/$(INSTALL_ARCH_DIR) mkdir -p $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/ext @@ -1586,6 +1587,7 @@ stamps/icedtea-ecj.stamp: stamps/bootstrap-directory-symlink-ecj.stamp \ $(ICEDTEA_ENV_ECJ) \ -C openjdk-ecj/ \ $(ICEDTEA_BUILD_TARGET) + $(abs_top_builddir)/pax-mark-vm $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image @echo "ecj-poured IcedTea is served:" \ $(ECJ_BUILD_OUTPUT_DIR) mkdir -p stamps diff --git a/acinclude.m4 b/acinclude.m4 index 503131c..e80b209 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1677,3 +1677,49 @@ AM_CONDITIONAL([CP39408_JAVAH], test x"${it_cv_cp39408_javah}" = "xyes") AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes") AC_PROVIDE([$0])dnl ]) + +AC_DEFUN_ONCE([IT_WITH_PAX], +[ + AC_MSG_CHECKING([for pax utility to use]) + AC_ARG_WITH([pax], + [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)], + [ + PAX_COMMAND=${withval} + if test "x${PAX_COMMAND}" = "xno"; then + PAX_COMMAND="not specified" + fi + ], + [ + PAX_COMMAND="not specified" + ]) + case "x${PAX_COMMAND}" in + xchpax) + case "${host_cpu}" in + i?86) + PAX_COMMAND_ARGS="-msp" + ;; + *) + PAX_COMMAND_ARGS="-m" + ;; + esac + ;; + xpaxctl) + case "${host_cpu}" in + i?86) + PAX_COMMAND_ARGS="-msp" + ;; + *) + PAX_COMMAND_ARGS="-m" + ;; + esac + ;; + *) + PAX_COMMAND="not specified" + PAX_COMMAND_ARGS="not specified" + ;; + esac + AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified") + AC_MSG_RESULT(${PAX_COMMAND}) + AC_SUBST(PAX_COMMAND) + AC_SUBST(PAX_COMMAND_ARGS) +]) diff --git a/configure.ac b/configure.ac index 580840e..f37ef68 100644 --- a/configure.ac +++ b/configure.ac @@ -51,7 +51,6 @@ IT_CHECK_GCC_VERSION IT_CHECK_NUMBER_OF_PARALLEL_JOBS IT_CP_SUPPORTS_REFLINK IT_CAN_HARDLINK_TO_SOURCE_TREE -IT_CHECK_FOR_PAX IT_LOCATE_NSS # Use xvfb-run if found to run gui tests (check-jdk). @@ -189,6 +188,9 @@ IT_WITH_TZDATA_DIR IT_GETDTDTYPE_CHECK IT_JAVAH +IT_WITH_PAX +AC_CONFIG_FILES([pax-mark-vm], [chmod +x pax-mark-vm]) + dnl pkgconfig cannot be used to find these headers and libraries. AC_CHECK_HEADERS([cups/cups.h cups/ppd.h],[] ,[AC_MSG_ERROR("CUPS headers were not found - diff --git a/pax-mark-vm.in b/pax-mark-vm.in new file mode 100644 index 0000000..bdff735 --- /dev/null +++ b/pax-mark-vm.in @@ -0,0 +1,13 @@ +#!/bin/sh + +# Taken from Gentoo's pax-utils.eclass +list_paxables() { + file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//' +} + +if test "@PAX_COMMAND@" != "not specified"; then + for paxable in `list_paxables "${1}"/bin/* "${1}"/jre/bin/*`; do + echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}" + @PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}" + done +fi