gentoo-x86/eclass/pax-utils.eclass

# Copyright 1999-2006 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.1 2006/01/22 14:18:48 kevquinn Exp $

# Author:
#       Kevin F. Quinn <kevquinn@gentoo.org>
#
# This eclass provides support for manipulating PaX markings on ELF
# binaries, wrapping the use of the chpax and paxctl utilities.

inherit eutils

##### pax-mark ####
# Mark a file for PaX, with the provided flags, and log it into
# a PaX database.  Returns non-zero if flag marking failed.
#
# If paxctl is installed, but not chpax, then the legacy
# EI flags (which are not strip-safe) will not be set.
# If neither are installed, falls back to scanelf (which
# is always present, but currently doesn't quite do all
# that paxctl can do).

pax-mark() {
        local flags fail=0
        flags=$1
        shift
        if [[ -x /sbin/chpax ]]; then
                einfo "Legacy EI PaX marking $* with ${flags}"
                /sbin/chpax -${flags} $* || fail=1
        fi
        if [[ -x /sbin/paxctl ]]; then
                einfo "PT PaX marking $* with ${flags}"
                /sbin/paxctl -${flags} $* ||
                /sbin/paxctl -c${flags} $* ||
                /sbin/paxctl -C${flags} $* || fail=1
        elif [[ -x /usr/bin/scanelf ]]; then
                einfo "Fallback PaX marking $* with ${flags}"
                /usr/bin/scanelf -Xxz ${flags} $*
        else
                ewarn "Failed to set PaX markings ${flags} for files $*.  Executables may be killed by PaX kernels."
                fail=1
        fi
        return ${fail}
}

##### host-is-pax
# Indicates whether the build machine has PaX or not; intended for use
# where the build process must be modified conditionally in order to satisfy PaX.
host-is-pax() {
        # We need procfs to work this out.  PaX is only available on Linux,
        # so result is always false on non-linux machines (e.g. Gentoo/*BSD)
        [[ -e /proc/self/status ]] || return 1
        grep ^PaX: /proc/self/status > /dev/null
        return $?
}
1	kevquinn	1.1	# Copyright 1999-2006 Gentoo Foundation
2			# Distributed under the terms of the GNU General Public License v2
3	kevquinn	1.2	# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.1 2006/01/22 14:18:48 kevquinn Exp $
4	kevquinn	1.1
5			# Author:
6			# Kevin F. Quinn <kevquinn@gentoo.org>
7			#
8			# This eclass provides support for manipulating PaX markings on ELF
9			# binaries, wrapping the use of the chpax and paxctl utilities.
10
11			inherit eutils
12
13			##### pax-mark ####
14	kevquinn	1.2	# Mark a file for PaX, with the provided flags, and log it into
15			# a PaX database. Returns non-zero if flag marking failed.
16	kevquinn	1.1	#
17	kevquinn	1.2	# If paxctl is installed, but not chpax, then the legacy
18			# EI flags (which are not strip-safe) will not be set.
19			# If neither are installed, falls back to scanelf (which
20			# is always present, but currently doesn't quite do all
21			# that paxctl can do).
22	kevquinn	1.1
23			pax-mark() {
24	kevquinn	1.2	local flags fail=0
25			flags=$1
26			shift
27	kevquinn	1.1	if [[ -x /sbin/chpax ]]; then
28	kevquinn	1.2	einfo "Legacy EI PaX marking $* with ${flags}"
29			/sbin/chpax -${flags} $* \|\| fail=1
30	kevquinn	1.1	fi
31			if [[ -x /sbin/paxctl ]]; then
32	kevquinn	1.2	einfo "PT PaX marking $* with ${flags}"
33			/sbin/paxctl -${flags} $* \|\|
34			/sbin/paxctl -c${flags} $* \|\|
35			/sbin/paxctl -C${flags} $* \|\| fail=1
36			elif [[ -x /usr/bin/scanelf ]]; then
37			einfo "Fallback PaX marking $* with ${flags}"
38			/usr/bin/scanelf -Xxz ${flags} $*
39			else
40			ewarn "Failed to set PaX markings ${flags} for files $*. Executables may be killed by PaX kernels."
41			fail=1
42	kevquinn	1.1	fi
43	kevquinn	1.2	return ${fail}
44			}
45
46			##### host-is-pax
47			# Indicates whether the build machine has PaX or not; intended for use
48			# where the build process must be modified conditionally in order to satisfy PaX.
49			host-is-pax() {
50			# We need procfs to work this out. PaX is only available on Linux,
51			# so result is always false on non-linux machines (e.g. Gentoo/*BSD)
52			[[ -e /proc/self/status ]] \|\| return 1
53			grep ^PaX: /proc/self/status > /dev/null
54			return $?
55	kevquinn	1.1	}