Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Pavel Labushev <p.labushev@×××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Firefox won't compile on hardened profile
Date: Thu, 16 Feb 2012 07:43:53
Message-Id: 4F3CB370.3010605@gmail.com
In Reply to: Re: [gentoo-hardened] Firefox won't compile on hardened profile by Radek Madej
1 16.02.2012 04:38, Radek Madej wrote:
2
3 > 2) As suggested, disabling JIT will do the trick and it seems like recent
4 > versions of Firefox can actually have it disabled properly. So the ebuild for
5 > icecat/firefox will work for you, you just need this in src_configure() :
6 >
7 > if use pax_kernel; then
8 > mozconfig_annotate '' --disable-methodjit
9 > mozconfig_annotate '' --disable-tracejit
10 > fi
11
12 Here's the hack I use not to modify the ebuilds:
13
14 # cat /etc/portage/bashrc
15 LC_ALL="C"
16
17 if [ X"$EBUILD_PHASE" != "X" ]; then
18 if [ -f "/etc/portage/bashrc.d/${CATEGORY}/${PF}" ]; then
19 source "/etc/portage/bashrc.d/${CATEGORY}/${PF}"
20 elif [ -f "/etc/portage/bashrc.d/${CATEGORY}/${P}" ]; then
21 source "/etc/portage/bashrc.d/${CATEGORY}/${P}"
22 elif [ -f "/etc/portage/bashrc.d/${CATEGORY}/${PN}" ]; then
23 source "/etc/portage/bashrc.d/${CATEGORY}/${PN}"
24 fi
25
26 if [ -f "/etc/portage/bashrc.d/${CATEGORY}/${PF}.${EBUILD_PHASE}" ]; then
27 source "/etc/portage/bashrc.d/${CATEGORY}/${PF}.${EBUILD_PHASE}"
28 elif [ -f "/etc/portage/bashrc.d/${CATEGORY}/${P}.${EBUILD_PHASE}" ]; then
29 source "/etc/portage/bashrc.d/${CATEGORY}/${P}.${EBUILD_PHASE}"
30 elif [ -f "/etc/portage/bashrc.d/${CATEGORY}/${PN}.${EBUILD_PHASE}" ]; then
31 source "/etc/portage/bashrc.d/${CATEGORY}/${PN}.${EBUILD_PHASE}"
32 fi
33 fi
34
35 # cat /etc/portage/bashrc.d/www-client/firefox.compile
36 disable_unsafe_options() {
37 [ -f "$S"/.mozconfig ] || die
38 sed -i 's/ac_add_options.*--enable-.*jit.*//' "$S"/.mozconfig
39 sed -i 's/ac_add_options.*--enable-jemalloc.*//' "$S"/.mozconfig
40 echo >> "$S"/.mozconfig
41 local OPTIONS
42 OPTIONS="$OPTIONS --disable-jemalloc"
43 OPTIONS="$OPTIONS --disable-ctypes"
44 OPTIONS="$OPTIONS --disable-tracejit"
45 OPTIONS="$OPTIONS --disable-methodjit"
46 OPTIONS="$OPTIONS --disable-jit"
47 local O
48 for O in $OPTIONS ; do
49 echo "ac_add_options $O # fortify" >> "$S"/.mozconfig
50 done
51 }
52
53 disable_unsafe_options

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups