PR2920: PaX marking fails on filesystems which don't support extended attributes 2016-04-07 Andrew John Hughes <gnu_andrew@member.fsf.org> PR2920: PaX marking fails on filesystems which don't support extended attributes * Makefile.am: (icedtea): Pass true to pax-mark-vm to fail if PaX marking fails. (icedtea-debug): Likewise. (icedtea-boot): Likewise. (install-exec-local): Pass false to pax-mark-vm so that only a warning is produced if PaX marking fails on the installed version. * NEWS: Updated. * pax-mark-vm.in: Add a second option, FAIL_ON_ERROR, which will cause the script to exit if it can't PaX mark when set to true, but just issue a warning when set to false.

#!/bin/sh

JDK=${1}
FAIL_ON_ERROR=${2}

# Taken from Gentoo's pax-utils.eclass
list_paxables() {
	file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
}

if test "x@PAX_COMMAND@" != "x"; then
    if @PAX_COMMAND@ -m "${JDK}"/bin/java; then
	for paxable in `list_paxables "${JDK}"/bin/* "${JDK}"/jre/bin/*`; do
		echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}"
		@PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}"
	done
    else
	if test "x${FAIL_ON_ERROR}" = "xtrue"; then
	    echo "ERROR: Could not apply PaX markings to files in ${JDK}";
	    exit -1;
	else
	    echo "WARNING: Could not apply PaX markings to files in ${JDK}";
	fi
    fi
fi