1 |
commit: d3b53be221b0288c4eb5155ad52fa8f27bda083d |
2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 27 21:28:02 2019 +0000 |
4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 27 21:29:14 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b53be2 |
7 |
|
8 |
net-libs/nodejs: Fix build on PAX enable kernel (bug 694100) |
9 |
|
10 |
We need to disable mprotect on two bins when we compile |
11 |
bug 694100. |
12 |
|
13 |
Closes: https://bugs.gentoo.org/694100 |
14 |
Reported-by: Attila Tóth <atoth <AT> atoth.sote.hu> |
15 |
Co-developed-by: Attila Tóth <atoth <AT> atoth.sote.hu> |
16 |
Signed-off-by: Magnus Granberg <zorry <AT> gentoo.org> |
17 |
Package-Manager: Portage-2.3.76, Repoman-2.3.16 |
18 |
|
19 |
.../nodejs/files/nodejs-13.2.0-paxmarking.patch | 71 ++++++++++++++++++++++ |
20 |
net-libs/nodejs/metadata.xml | 1 + |
21 |
net-libs/nodejs/nodejs-13.2.0.ebuild | 8 ++- |
22 |
net-libs/nodejs/nodejs-99999999.ebuild | 8 ++- |
23 |
4 files changed, 82 insertions(+), 6 deletions(-) |
24 |
|
25 |
diff --git a/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch |
26 |
new file mode 100644 |
27 |
index 00000000000..143e4166272 |
28 |
--- /dev/null |
29 |
+++ b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch |
30 |
@@ -0,0 +1,71 @@ |
31 |
+ Bug: 694100 |
32 |
+ Add actions for pax marking mkcodecache and node_mksnapshot |
33 |
+ to disable mprotect for pax enable kernel. |
34 |
+ Reported-by: Attila Tóth <atoth@××××××××××.hu> |
35 |
+ Co-developed-by: Attila Tóth <atoth@××××××××××.hu> |
36 |
+ Signed-off-by: Magnus Granberg <zorry@g.o> |
37 |
+ |
38 |
+--- a/node.gyp 2019-10-23 11:52:41.000000000 +0200 |
39 |
++++ a/node.gyp 2019-11-12 20:58:43.957881862 +0100 |
40 |
+@@ -233,7 +233,9 @@ |
41 |
+ 'deps/acorn-plugins/acorn-static-class-features/index.js', |
42 |
+ ], |
43 |
+ 'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)', |
44 |
++ 'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)', |
45 |
+ 'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)', |
46 |
++ 'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)', |
47 |
+ 'conditions': [ |
48 |
+ [ 'node_shared=="true"', { |
49 |
+ 'node_target_type%': 'shared_library', |
50 |
+@@ -436,10 +438,24 @@ |
51 |
+ ], |
52 |
+ 'actions': [ |
53 |
+ { |
54 |
++ 'action_name': 'run_pax_mkcodecache', |
55 |
++ 'inputs': [ |
56 |
++ '<(mkcodecache_exec)', |
57 |
++ ], |
58 |
++ 'outputs': [ |
59 |
++ '<(mkcodecache_u_exec)', |
60 |
++ ], |
61 |
++ 'action': [ |
62 |
++ 'bash', |
63 |
++ '-c', |
64 |
++ 'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)', |
65 |
++ ], |
66 |
++ }, |
67 |
++ { |
68 |
+ 'action_name': 'run_mkcodecache', |
69 |
+ 'process_outputs_as_sources': 1, |
70 |
+ 'inputs': [ |
71 |
+- '<(mkcodecache_exec)', |
72 |
++ '<(mkcodecache_u_exec)', |
73 |
+ ], |
74 |
+ 'outputs': [ |
75 |
+ '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc', |
76 |
+@@ -461,10 +477,24 @@ |
77 |
+ ], |
78 |
+ 'actions': [ |
79 |
+ { |
80 |
++ 'action_name': 'run_pax_mksnapshot', |
81 |
++ 'inputs': [ |
82 |
++ '<(node_mksnapshot_exec)', |
83 |
++ ], |
84 |
++ 'outputs': [ |
85 |
++ '<(node_mksnapshot_u_exec)', |
86 |
++ ], |
87 |
++ 'action': [ |
88 |
++ 'bash', |
89 |
++ '-c', |
90 |
++ 'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)', |
91 |
++ ], |
92 |
++ }, |
93 |
++ { |
94 |
+ 'action_name': 'node_mksnapshot', |
95 |
+ 'process_outputs_as_sources': 1, |
96 |
+ 'inputs': [ |
97 |
+- '<(node_mksnapshot_exec)', |
98 |
++ '<(node_mksnapshot_u_exec)', |
99 |
+ ], |
100 |
+ 'outputs': [ |
101 |
+ '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc', |
102 |
|
103 |
diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml |
104 |
index aaaba184187..3f344f0d8ed 100644 |
105 |
--- a/net-libs/nodejs/metadata.xml |
106 |
+++ b/net-libs/nodejs/metadata.xml |
107 |
@@ -7,6 +7,7 @@ |
108 |
<use> |
109 |
<flag name="inspector">Enable V8 inspector</flag> |
110 |
<flag name="npm">Enable NPM package manager</flag> |
111 |
+ <flag name="pax_kernel">Enable building under a PaX enabled kernel</flag> |
112 |
<flag name="snapshot">Enable snapshot creation for faster startup</flag> |
113 |
<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> |
114 |
</use> |
115 |
|
116 |
diff --git a/net-libs/nodejs/nodejs-13.2.0.ebuild b/net-libs/nodejs/nodejs-13.2.0.ebuild |
117 |
index 56bbeb5526f..8013ab7c39a 100644 |
118 |
--- a/net-libs/nodejs/nodejs-13.2.0.ebuild |
119 |
+++ b/net-libs/nodejs/nodejs-13.2.0.ebuild |
120 |
@@ -15,7 +15,7 @@ SRC_URI=" |
121 |
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" |
122 |
SLOT="0" |
123 |
KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" |
124 |
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" |
125 |
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" |
126 |
REQUIRED_USE=" |
127 |
inspector? ( icu ssl ) |
128 |
npm? ( ssl ) |
129 |
@@ -33,6 +33,7 @@ BDEPEND=" |
130 |
${PYTHON_DEPS} |
131 |
systemtap? ( dev-util/systemtap ) |
132 |
test? ( net-misc/curl ) |
133 |
+ pax_kernel? ( sys-apps/elfix ) |
134 |
" |
135 |
DEPEND=" |
136 |
${RDEPEND} |
137 |
@@ -86,6 +87,9 @@ src_prepare() { |
138 |
BUILDTYPE=Debug |
139 |
fi |
140 |
|
141 |
+ # We need to disable mprotect on two files when it builds Bug 694100. |
142 |
+ use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) |
143 |
+ |
144 |
default |
145 |
} |
146 |
|
147 |
@@ -124,8 +128,6 @@ src_configure() { |
148 |
} |
149 |
|
150 |
src_compile() { |
151 |
- emake -C out mksnapshot |
152 |
- pax-mark m "out/${BUILDTYPE}/mksnapshot" |
153 |
emake -C out |
154 |
} |
155 |
|
156 |
|
157 |
diff --git a/net-libs/nodejs/nodejs-99999999.ebuild b/net-libs/nodejs/nodejs-99999999.ebuild |
158 |
index e36828c990a..96dcccf3770 100644 |
159 |
--- a/net-libs/nodejs/nodejs-99999999.ebuild |
160 |
+++ b/net-libs/nodejs/nodejs-99999999.ebuild |
161 |
@@ -13,7 +13,7 @@ EGIT_REPO_URI="https://github.com/nodejs/node" |
162 |
LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" |
163 |
SLOT="0" |
164 |
KEYWORDS="" |
165 |
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" |
166 |
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" |
167 |
REQUIRED_USE=" |
168 |
inspector? ( icu ssl ) |
169 |
npm? ( ssl ) |
170 |
@@ -31,6 +31,7 @@ BDEPEND=" |
171 |
${PYTHON_DEPS} |
172 |
systemtap? ( dev-util/systemtap ) |
173 |
test? ( net-misc/curl ) |
174 |
+ pax_kernel? ( sys-apps/elfix ) |
175 |
" |
176 |
DEPEND=" |
177 |
${RDEPEND} |
178 |
@@ -82,6 +83,9 @@ src_prepare() { |
179 |
BUILDTYPE=Debug |
180 |
fi |
181 |
|
182 |
+ # We need to disable mprotect on two files when it builds Bug 694100. |
183 |
+ use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) |
184 |
+ |
185 |
default |
186 |
} |
187 |
|
188 |
@@ -120,8 +124,6 @@ src_configure() { |
189 |
} |
190 |
|
191 |
src_compile() { |
192 |
- emake -C out mksnapshot |
193 |
- pax-mark m "out/${BUILDTYPE}/mksnapshot" |
194 |
emake -C out |
195 |
} |