stdenv: fix paxmark

On Linux, paxctl's setup hook should overwrite the paxmark stub, but the
stub is defined after the setup hooks are sourced, so the stub ends up
overwriting the real function.  The result is that paxmark fails to do
anything.  The fix is to define the stub before any setup hooks are
sourced.  Thanks to @vcunat for figuring this out.

Closes #15492

1 files changed, 5 insertions, 5 deletions

diff --git a/pkgs/stdenv/generic/setup.sh b/pkgs/stdenv/generic/setup.sh
index ce5feac3c66d..85e74461d2a4 100644
--- a/pkgs/stdenv/generic/setup.sh
+++ b/pkgs/stdenv/generic/setup.sh
@@ -236,6 +236,11 @@ BASH="$SHELL"
 export CONFIG_SHELL="$SHELL"
 
 
+# Dummy implementation of the paxmark function. On Linux, this is
+# overwritten by paxctl's setup hook.
+paxmark() { true; }
+
+
 # Execute the pre-hook.
 if [ -z "$shell" ]; then export shell=$SHELL; fi
 runHook preHook
@@ -369,11 +374,6 @@ fi
 export NIX_BUILD_CORES
 
 
-# Dummy implementation of the paxmark function. On Linux, this is
-# overwritten by paxctl's setup hook.
-paxmark() { true; }
-
-
 # Prevent OpenSSL-based applications from using certificates in
 # /etc/ssl.
 if [ -z "$SSL_CERT_FILE" ]; then