Mercurial > hg > release > icedtea7-2.6

--- a/ChangeLog	Fri Oct 28 07:49:21 2016 +0100
+++ b/ChangeLog	Fri Nov 04 02:47:21 2016 +0000
@@ -1,3 +1,22 @@
+2016-04-07  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR3131: PaX marking fails on filesystems which
+	don't support extended attributes
+	* Makefile.am:
+	(icedtea): Pass true to pax-mark-vm to fail
+	if PaX marking fails.
+	(icedtea-debug): Likewise.
+	(icedtea-boot): Likewise.
+	(install-exec-local): Pass false to pax-mark-vm
+	so that only a warning is produced if PaX marking
+	fails on the installed version.
+	* NEWS: Updated.
+	* pax-mark-vm.in:
+	Add a second option, FAIL_ON_ERROR, which will
+	cause the script to exit if it can't PaX mark
+	when set to true, but just issue a warning when
+	set to false.
+
 2016-10-27  Andrew John Hughes  <gnu_andrew@member.fsf.org>

 	* Makefile.am,
--- a/Makefile.am	Fri Oct 28 07:49:21 2016 +0100
+++ b/Makefile.am	Fri Nov 04 02:47:21 2016 +0000
@@ -2033,7 +2033,7 @@
 	  $(ICEDTEA_ENV) \
 	  -C openjdk/ \
 	  $(ICEDTEA_BUILD_TARGET)
-	$(abs_top_builddir)/pax-mark-vm $(BUILD_SDK_DIR)
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_SDK_DIR) true
 	mkdir -p $(BUILD_SDK_DIR)/jre/lib/$(INSTALL_ARCH_DIR)
 	mkdir -p $(BUILD_JRE_DIR)/lib/$(INSTALL_ARCH_DIR)
 	mkdir -p $(BUILD_SDK_DIR)/jre/lib/ext
@@ -2185,7 +2185,7 @@
 	  $(ICEDTEA_ENV) \
 	  -C openjdk/ \
 	  $(ICEDTEA_DEBUG_BUILD_TARGET)
-	$(abs_top_builddir)/pax-mark-vm $(BUILD_DEBUG_SDK_DIR)
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_DEBUG_SDK_DIR) true
 	mkdir -p $(BUILD_DEBUG_SDK_DIR)/jre/lib/$(INSTALL_ARCH_DIR)
 	mkdir -p $(BUILD_DEBUG_JRE_DIR)/lib/$(INSTALL_ARCH_DIR)
 	mkdir -p $(BUILD_DEBUG_SDK_DIR)/jre/lib/ext
@@ -2359,7 +2359,7 @@
 	  $(ICEDTEA_ENV_BOOT) \
 	  -C openjdk-boot \
 	  $(ICEDTEA_BUILD_TARGET)
-	$(abs_top_builddir)/pax-mark-vm $(BUILD_BOOT_SDK_DIR)
+	$(abs_top_builddir)/pax-mark-vm $(BUILD_BOOT_SDK_DIR) true
 # Fix permissions on JARs updated during build if PR1437 bug is present
 if PR1437_PRESENT
 	if [ -e $(BUILD_BOOT_SDK_DIR)/lib/sa-jdi.jar ] ; then \
@@ -3257,7 +3257,7 @@
 	for files in $(BUILD_SDK_DIR)/tapset/*.stp; do \
 	  $(call install_file,$${files},$(DESTDIR)${prefix}/tapset,$(INSTALL_DATA));\
 	done
-	$(abs_top_builddir)/pax-mark-vm $(DESTDIR)${prefix}
+	$(abs_top_builddir)/pax-mark-vm $(DESTDIR)${prefix} false

 install-data-local:
 	${mkinstalldirs} $(DESTDIR)${prefix}
--- a/NEWS	Fri Oct 28 07:49:21 2016 +0100
+++ b/NEWS	Fri Nov 04 02:47:21 2016 +0000
@@ -50,6 +50,7 @@
   - S8149611, PR3160, G592292: Add tests for Unsafe.copySwapMemory
 * Bug fixes
   - S8078628, PR3151: Zero build fails with pre-compiled headers disabled
+  - PR3131: PaX marking fails on filesystems which don't support extended attributes
 * AArch64 port
   - S8167200, PR3204: AArch64: Broken stack pointer adjustment in interpreter
   - PR3211: AArch64 build fails with pre-compiled headers disabled
--- a/pax-mark-vm.in	Fri Oct 28 07:49:21 2016 +0100
+++ b/pax-mark-vm.in	Fri Nov 04 02:47:21 2016 +0000
@@ -1,13 +1,25 @@
 #!/bin/sh

+JDK=${1}
+FAIL_ON_ERROR=${2}
+
 # Taken from Gentoo's pax-utils.eclass
 list_paxables() {
 	file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
 }

 if test "x@PAX_COMMAND@" != "x"; then
-	for paxable in `list_paxables "${1}"/bin/* "${1}"/jre/bin/*`; do
+    if @PAX_COMMAND@ -m "${JDK}"/bin/java; then
+	for paxable in `list_paxables "${JDK}"/bin/* "${JDK}"/jre/bin/*`; do
 		echo "PaX mark @PAX_COMMAND_ARGS@ ${paxable}"
 		@PAX_COMMAND@ @PAX_COMMAND_ARGS@ "${paxable}"
 	done
+    else
+	if test "x${FAIL_ON_ERROR}" = "xtrue"; then
+	    echo "ERROR: Could not apply PaX markings to files in ${JDK}";
+	    exit -1;
+	else
+	    echo "WARNING: Could not apply PaX markings to files in ${JDK}";
+	fi
+    fi
 fi