diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2014-03-15 09:05:40 +0100 |
---|---|---|
committer | Ricardo M. Correia <rcorreia@wizy.org> | 2014-05-15 13:25:49 +0200 |
commit | 3d3aea09b9da4cfc30faa6e145f4117d0cf4859f (patch) | |
tree | f64e7cc4ee967674d53668e724dfb499dbb8894b /pkgs/stdenv/generic | |
parent | 6021ce8b83f473673d842468adab58c3f7c61c87 (diff) | |
download | nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar.gz nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar.bz2 nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar.lz nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar.xz nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.tar.zst nixlib-3d3aea09b9da4cfc30faa6e145f4117d0cf4859f.zip |
fix paxmark on non-linux (a bug in grsecurity PR #1187)
Diffstat (limited to 'pkgs/stdenv/generic')
-rw-r--r-- | pkgs/stdenv/generic/builder.sh | 1 | ||||
-rw-r--r-- | pkgs/stdenv/generic/default.nix | 11 |
2 files changed, 9 insertions, 3 deletions
diff --git a/pkgs/stdenv/generic/builder.sh b/pkgs/stdenv/generic/builder.sh index fd4c17ca2519..60360e7b8256 100644 --- a/pkgs/stdenv/generic/builder.sh +++ b/pkgs/stdenv/generic/builder.sh @@ -12,6 +12,7 @@ cat "$setup" >> $out/setup sed -e "s^@initialPath@^$initialPath^g" \ -e "s^@gcc@^$gcc^g" \ -e "s^@shell@^$shell^g" \ + -e "s^@needsPax@^$needsPax^g" \ < $out/setup > $out/setup.tmp mv $out/setup.tmp $out/setup diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index 1e2d76bb9810..cba456313f39 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -31,11 +31,19 @@ let builder = shell; args = ["-e" ./builder.sh]; + /* TODO: special-cased @var@ substitutions are ugly. + However, using substituteAll* from setup.sh seems difficult, + as setup.sh can't be directly sourced. + Suggestion: split similar utility functions into a separate script. + */ setup = setupScript; inherit preHook initialPath gcc shell; + # Whether we should run paxctl to pax-mark binaries + needsPax = result.isLinux && !skipPaxMarking; + propagatedUserEnvPkgs = [gcc] ++ lib.filter lib.isDerivation initialPath; @@ -159,9 +167,6 @@ let || system == "armv6l-linux" || system == "armv7l-linux"; - # Whether we should run paxctl to pax-mark binaries - needsPax = isLinux && !skipPaxMarking; - # For convenience, bring in the library functions in lib/ so # packages don't have to do that themselves. inherit lib; |