Mercurial > hg > release > icedtea6-1.13

changeset 3263:8cb3232d660b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
PR3132: PaX marking fails on filesystems which don't support extended attributes 2016-04-07 Andrew John Hughes <gnu_andrew@member.fsf.org> PR3132: PaX marking fails on filesystems which don't support extended attributes * Makefile.am: (pax-mark-vm): Pass true to pax-mark-vm to fail if PaX marking fails. (pax-mark-vm-debug): Likewise. (pax-mark-vm-ecj): Likewise. * NEWS: Updated. * pax-mark-vm.in: Add a second option, FAIL_ON_ERROR, which will cause the script to exit if it can't PaX mark when set to true, but just issue a warning when set to false.
author Andrew John Hughes <gnu.andrew@redhat.com>
date Mon, 15 Aug 2016 06:26:24 +0100
parents f0018499e963
children 9057420d85df
files ChangeLog Makefile.am NEWS pax-mark-vm.in
diffstat 4 files changed, 33 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Mon Aug 15 06:16:39 2016 +0100
+++ b/ChangeLog	Mon Aug 15 06:26:24 2016 +0100
@@ -1,3 +1,19 @@
+2016-04-07  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR3132: PaX marking fails on filesystems which
+	don't support extended attributes
+	* Makefile.am:
+	(pax-mark-vm): Pass true to pax-mark-vm to fail
+	if PaX marking fails.
+	(pax-mark-vm-debug): Likewise.
+	(pax-mark-vm-ecj): Likewise.
+	* NEWS: Updated.
+	* pax-mark-vm.in:
+	Add a second option, FAIL_ON_ERROR, which will
+	cause the script to exit if it can't PaX mark
+	when set to true, but just issue a warning when
+	set to false.
+
 2016-08-14  Andrew John Hughes  <gnu.andrew@redhat.com>
 
 	PR3130: Avoid giving PAX_COMMAND a value if
--- a/Makefile.am	Mon Aug 15 06:16:39 2016 +0100
+++ b/Makefile.am	Mon Aug 15 06:26:24 2016 +0100
@@ -2059,7 +2059,7 @@
 
 stamps/pax-mark-vm.stamp: stamps/icedtea.stamp
 if WITH_PAX
-	$(abs_top_builddir)/pax-mark-vm $(BUILD_OUTPUT_DIR)/j2sdk-image
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_SDK_DIR) true
 endif
 	touch $@
 
@@ -2068,7 +2068,7 @@
 
 stamps/pax-mark-vm-debug.stamp: stamps/icedtea-debug.stamp
 if WITH_PAX
-	$(abs_top_builddir)/pax-mark-vm $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_DEBUG_SDK_DIR) true
 endif
 	touch $@
 
@@ -2292,7 +2292,7 @@
 
 stamps/pax-mark-vm-ecj.stamp: stamps/icedtea-ecj.stamp
 if WITH_PAX
-	$(abs_top_builddir)/pax-mark-vm $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_BOOT_SDK_DIR) true
 endif
 	touch $@
 
--- a/NEWS	Mon Aug 15 06:16:39 2016 +0100
+++ b/NEWS	Mon Aug 15 06:26:24 2016 +0100
@@ -28,6 +28,7 @@
   - PR3092: SystemTap is heavily confused by multiple JDKs
   - PR3117: Add tests for Java debug info and source files
   - PR3130: Avoid giving PAX_COMMAND a value if no PaX utility is available
+  - PR3132: PaX marking fails on filesystems which don't support extended attributes
   - PR3137: GTKLookAndFeel does not honor gtk-alternative-button-order
 
 New in release 1.13.11 (2016-05-05):
--- a/pax-mark-vm.in	Mon Aug 15 06:16:39 2016 +0100
+++ b/pax-mark-vm.in	Mon Aug 15 06:26:24 2016 +0100
@@ -1,13 +1,25 @@
 #!/bin/sh
 
+JDK=${1}
+FAIL_ON_ERROR=${2}
+
 # Taken from Gentoo's pax-utils.eclass
 list_paxables() {
        file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
 }
 
 if test "x@PAX_COMMAND@" != "x"; then
-       for paxable in `list_paxables "${1}"/bin/* "${1}"/jre/bin/*`; do
+    if @PAX_COMMAND@ -m "${JDK}"/bin/java; then
+	for paxable in `list_paxables "${JDK}"/bin/* "${JDK}"/jre/bin/*`; do
                echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}"
                @PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}"
        done
+    else
+	if test "x${FAIL_ON_ERROR}" = "xtrue"; then
+	    echo "ERROR: Could not apply PaX markings to files in ${JDK}";
+	    exit -1;
+	else
+	    echo "WARNING: Could not apply PaX markings to files in ${JDK}";
+	fi
+    fi
 fi