/[gentoo-x86]/eclass/pax-utils.eclass
Gentoo

Contents of /eclass/pax-utils.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (hide annotations) (download)
Fri Nov 24 15:11:55 2006 UTC (7 years, 4 months ago) by kevquinn
Branch: MAIN
Changes since 1.2: +34 -11 lines
Tidy up output and error handling.

1 kevquinn 1.1 # Copyright 1999-2006 Gentoo Foundation
2     # Distributed under the terms of the GNU General Public License v2
3 kevquinn 1.3 # $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.2 2006/11/15 22:14:25 kevquinn Exp $
4 kevquinn 1.1
5     # Author:
6     # Kevin F. Quinn <kevquinn@gentoo.org>
7     #
8     # This eclass provides support for manipulating PaX markings on ELF
9     # binaries, wrapping the use of the chpax and paxctl utilities.
10    
11     inherit eutils
12    
13     ##### pax-mark ####
14 kevquinn 1.2 # Mark a file for PaX, with the provided flags, and log it into
15     # a PaX database. Returns non-zero if flag marking failed.
16 kevquinn 1.1 #
17 kevquinn 1.2 # If paxctl is installed, but not chpax, then the legacy
18     # EI flags (which are not strip-safe) will not be set.
19     # If neither are installed, falls back to scanelf (which
20     # is always present, but currently doesn't quite do all
21     # that paxctl can do).
22 kevquinn 1.3 _pax_list_files() {
23     local m cmd
24     m=$1 ; shift
25     for f in $*; do
26     ${cmd} " ${f}"
27     done
28     }
29 kevquinn 1.1
30     pax-mark() {
31 kevquinn 1.3 local f flags fail=0 failures=""
32     flags=${1//-}
33 kevquinn 1.2 shift
34 kevquinn 1.1 if [[ -x /sbin/chpax ]]; then
35 kevquinn 1.3 einfo "Legacy EI PaX marking -${flags}"
36     _pax_list_files echo $*
37     for f in $*; do
38     /sbin/chpax -${flags} ${f} && continue
39     fail=1
40     failures="${failures} ${f}"
41     done
42 kevquinn 1.1 fi
43     if [[ -x /sbin/paxctl ]]; then
44 kevquinn 1.3 einfo "PT PaX marking -${flags}"
45     _pax_list_files echo $*
46     for f in $*; do
47     /sbin/paxctl -q${flags} ${f} && continue
48     /sbin/paxctl -qc${flags} ${f} && continue
49     /sbin/paxctl -qC${flags} ${f} && continue
50     fail=1
51     failures="${failures} ${f}"
52     done
53 kevquinn 1.2 elif [[ -x /usr/bin/scanelf ]]; then
54 kevquinn 1.3 einfo "Fallback PaX marking -${flags}"
55     _pax_list_files echo $*
56 kevquinn 1.2 /usr/bin/scanelf -Xxz ${flags} $*
57     else
58 kevquinn 1.3 failures="$*"
59 kevquinn 1.2 fail=1
60 kevquinn 1.1 fi
61 kevquinn 1.3 if [[ ${fail} == 1 ]]; then
62     ewarn "Failed to set PaX markings -${flags} for:"
63     _pax_list_files ewarn ${failures}
64     ewarn "Executables may be killed by PaX kernels."
65     fi
66 kevquinn 1.2 return ${fail}
67     }
68    
69     ##### host-is-pax
70     # Indicates whether the build machine has PaX or not; intended for use
71     # where the build process must be modified conditionally in order to satisfy PaX.
72     host-is-pax() {
73     # We need procfs to work this out. PaX is only available on Linux,
74     # so result is always false on non-linux machines (e.g. Gentoo/*BSD)
75     [[ -e /proc/self/status ]] || return 1
76     grep ^PaX: /proc/self/status > /dev/null
77     return $?
78 kevquinn 1.1 }

  ViewVC Help
Powered by ViewVC 1.1.20