| 1 |
commit: d3b53be221b0288c4eb5155ad52fa8f27bda083d |
| 2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Wed Nov 27 21:28:02 2019 +0000 |
| 4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Nov 27 21:29:14 2019 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b53be2 |
| 7 |
|
| 8 |
net-libs/nodejs: Fix build on PAX enable kernel (bug 694100) |
| 9 |
|
| 10 |
We need to disable mprotect on two bins when we compile |
| 11 |
bug 694100. |
| 12 |
|
| 13 |
Closes: https://bugs.gentoo.org/694100 |
| 14 |
Reported-by: Attila Tóth <atoth <AT> atoth.sote.hu> |
| 15 |
Co-developed-by: Attila Tóth <atoth <AT> atoth.sote.hu> |
| 16 |
Signed-off-by: Magnus Granberg <zorry <AT> gentoo.org> |
| 17 |
Package-Manager: Portage-2.3.76, Repoman-2.3.16 |
| 18 |
|
| 19 |
.../nodejs/files/nodejs-13.2.0-paxmarking.patch | 71 ++++++++++++++++++++++ |
| 20 |
net-libs/nodejs/metadata.xml | 1 + |
| 21 |
net-libs/nodejs/nodejs-13.2.0.ebuild | 8 ++- |
| 22 |
net-libs/nodejs/nodejs-99999999.ebuild | 8 ++- |
| 23 |
4 files changed, 82 insertions(+), 6 deletions(-) |
| 24 |
|
| 25 |
diff --git a/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch |
| 26 |
new file mode 100644 |
| 27 |
index 00000000000..143e4166272 |
| 28 |
--- /dev/null |
| 29 |
+++ b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch |
| 30 |
@@ -0,0 +1,71 @@ |
| 31 |
+ Bug: 694100 |
| 32 |
+ Add actions for pax marking mkcodecache and node_mksnapshot |
| 33 |
+ to disable mprotect for pax enable kernel. |
| 34 |
+ Reported-by: Attila Tóth <atoth@××××××××××.hu> |
| 35 |
+ Co-developed-by: Attila Tóth <atoth@××××××××××.hu> |
| 36 |
+ Signed-off-by: Magnus Granberg <zorry@g.o> |
| 37 |
+ |
| 38 |
+--- a/node.gyp 2019-10-23 11:52:41.000000000 +0200 |
| 39 |
++++ a/node.gyp 2019-11-12 20:58:43.957881862 +0100 |
| 40 |
+@@ -233,7 +233,9 @@ |
| 41 |
+ 'deps/acorn-plugins/acorn-static-class-features/index.js', |
| 42 |
+ ], |
| 43 |
+ 'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)', |
| 44 |
++ 'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)', |
| 45 |
+ 'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)', |
| 46 |
++ 'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)', |
| 47 |
+ 'conditions': [ |
| 48 |
+ [ 'node_shared=="true"', { |
| 49 |
+ 'node_target_type%': 'shared_library', |
| 50 |
+@@ -436,10 +438,24 @@ |
| 51 |
+ ], |
| 52 |
+ 'actions': [ |
| 53 |
+ { |
| 54 |
++ 'action_name': 'run_pax_mkcodecache', |
| 55 |
++ 'inputs': [ |
| 56 |
++ '<(mkcodecache_exec)', |
| 57 |
++ ], |
| 58 |
++ 'outputs': [ |
| 59 |
++ '<(mkcodecache_u_exec)', |
| 60 |
++ ], |
| 61 |
++ 'action': [ |
| 62 |
++ 'bash', |
| 63 |
++ '-c', |
| 64 |
++ 'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)', |
| 65 |
++ ], |
| 66 |
++ }, |
| 67 |
++ { |
| 68 |
+ 'action_name': 'run_mkcodecache', |
| 69 |
+ 'process_outputs_as_sources': 1, |
| 70 |
+ 'inputs': [ |
| 71 |
+- '<(mkcodecache_exec)', |
| 72 |
++ '<(mkcodecache_u_exec)', |
| 73 |
+ ], |
| 74 |
+ 'outputs': [ |
| 75 |
+ '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc', |
| 76 |
+@@ -461,10 +477,24 @@ |
| 77 |
+ ], |
| 78 |
+ 'actions': [ |
| 79 |
+ { |
| 80 |
++ 'action_name': 'run_pax_mksnapshot', |
| 81 |
++ 'inputs': [ |
| 82 |
++ '<(node_mksnapshot_exec)', |
| 83 |
++ ], |
| 84 |
++ 'outputs': [ |
| 85 |
++ '<(node_mksnapshot_u_exec)', |
| 86 |
++ ], |
| 87 |
++ 'action': [ |
| 88 |
++ 'bash', |
| 89 |
++ '-c', |
| 90 |
++ 'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)', |
| 91 |
++ ], |
| 92 |
++ }, |
| 93 |
++ { |
| 94 |
+ 'action_name': 'node_mksnapshot', |
| 95 |
+ 'process_outputs_as_sources': 1, |
| 96 |
+ 'inputs': [ |
| 97 |
+- '<(node_mksnapshot_exec)', |
| 98 |
++ '<(node_mksnapshot_u_exec)', |
| 99 |
+ ], |
| 100 |
+ 'outputs': [ |
| 101 |
+ '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc', |
| 102 |
|
| 103 |
diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml |
| 104 |
index aaaba184187..3f344f0d8ed 100644 |
| 105 |
--- a/net-libs/nodejs/metadata.xml |
| 106 |
+++ b/net-libs/nodejs/metadata.xml |
| 107 |
@@ -7,6 +7,7 @@ |
| 108 |
<use> |
| 109 |
<flag name="inspector">Enable V8 inspector</flag> |
| 110 |
<flag name="npm">Enable NPM package manager</flag> |
| 111 |
+ <flag name="pax_kernel">Enable building under a PaX enabled kernel</flag> |
| 112 |
<flag name="snapshot">Enable snapshot creation for faster startup</flag> |
| 113 |
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> |
| 114 |
</use> |
| 115 |
|
| 116 |
diff --git a/net-libs/nodejs/nodejs-13.2.0.ebuild b/net-libs/nodejs/nodejs-13.2.0.ebuild |
| 117 |
index 56bbeb5526f..8013ab7c39a 100644 |
| 118 |
--- a/net-libs/nodejs/nodejs-13.2.0.ebuild |
| 119 |
+++ b/net-libs/nodejs/nodejs-13.2.0.ebuild |
| 120 |
@@ -15,7 +15,7 @@ SRC_URI=" |
| 121 |
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" |
| 122 |
SLOT="0" |
| 123 |
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" |
| 124 |
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" |
| 125 |
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" |
| 126 |
REQUIRED_USE=" |
| 127 |
inspector? ( icu ssl ) |
| 128 |
npm? ( ssl ) |
| 129 |
@@ -33,6 +33,7 @@ BDEPEND=" |
| 130 |
${PYTHON_DEPS} |
| 131 |
systemtap? ( dev-util/systemtap ) |
| 132 |
test? ( net-misc/curl ) |
| 133 |
+ pax_kernel? ( sys-apps/elfix ) |
| 134 |
" |
| 135 |
DEPEND=" |
| 136 |
${RDEPEND} |
| 137 |
@@ -86,6 +87,9 @@ src_prepare() { |
| 138 |
BUILDTYPE=Debug |
| 139 |
fi |
| 140 |
|
| 141 |
+ # We need to disable mprotect on two files when it builds Bug 694100. |
| 142 |
+ use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) |
| 143 |
+ |
| 144 |
default |
| 145 |
} |
| 146 |
|
| 147 |
@@ -124,8 +128,6 @@ src_configure() { |
| 148 |
} |
| 149 |
|
| 150 |
src_compile() { |
| 151 |
- emake -C out mksnapshot |
| 152 |
- pax-mark m "out/${BUILDTYPE}/mksnapshot" |
| 153 |
emake -C out |
| 154 |
} |
| 155 |
|
| 156 |
|
| 157 |
diff --git a/net-libs/nodejs/nodejs-99999999.ebuild b/net-libs/nodejs/nodejs-99999999.ebuild |
| 158 |
index e36828c990a..96dcccf3770 100644 |
| 159 |
--- a/net-libs/nodejs/nodejs-99999999.ebuild |
| 160 |
+++ b/net-libs/nodejs/nodejs-99999999.ebuild |
| 161 |
@@ -13,7 +13,7 @@ EGIT_REPO_URI="https://github.com/nodejs/node" |
| 162 |
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" |
| 163 |
SLOT="0" |
| 164 |
KEYWORDS="" |
| 165 |
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" |
| 166 |
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" |
| 167 |
REQUIRED_USE=" |
| 168 |
inspector? ( icu ssl ) |
| 169 |
npm? ( ssl ) |
| 170 |
@@ -31,6 +31,7 @@ BDEPEND=" |
| 171 |
${PYTHON_DEPS} |
| 172 |
systemtap? ( dev-util/systemtap ) |
| 173 |
test? ( net-misc/curl ) |
| 174 |
+ pax_kernel? ( sys-apps/elfix ) |
| 175 |
" |
| 176 |
DEPEND=" |
| 177 |
${RDEPEND} |
| 178 |
@@ -82,6 +83,9 @@ src_prepare() { |
| 179 |
BUILDTYPE=Debug |
| 180 |
fi |
| 181 |
|
| 182 |
+ # We need to disable mprotect on two files when it builds Bug 694100. |
| 183 |
+ use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) |
| 184 |
+ |
| 185 |
default |
| 186 |
} |
| 187 |
|
| 188 |
@@ -120,8 +124,6 @@ src_configure() { |
| 189 |
} |
| 190 |
|
| 191 |
src_compile() { |
| 192 |
- emake -C out mksnapshot |
| 193 |
- pax-mark m "out/${BUILDTYPE}/mksnapshot" |
| 194 |
emake -C out |
| 195 |
} |
Archives