/[gentoo-x86]/eclass/pax-utils.eclass
Gentoo

Contents of /eclass/pax-utils.eclass

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Fri Nov 24 15:11:55 2006 UTC (7 years, 11 months ago) by kevquinn
Branch: MAIN
Changes since 1.2: +34 -11 lines
Tidy up output and error handling.

1 # Copyright 1999-2006 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3 # $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.2 2006/11/15 22:14:25 kevquinn Exp $
4
5 # Author:
6 # Kevin F. Quinn <kevquinn@gentoo.org>
7 #
8 # This eclass provides support for manipulating PaX markings on ELF
9 # binaries, wrapping the use of the chpax and paxctl utilities.
10
11 inherit eutils
12
13 ##### pax-mark ####
14 # Mark a file for PaX, with the provided flags, and log it into
15 # a PaX database. Returns non-zero if flag marking failed.
16 #
17 # If paxctl is installed, but not chpax, then the legacy
18 # EI flags (which are not strip-safe) will not be set.
19 # If neither are installed, falls back to scanelf (which
20 # is always present, but currently doesn't quite do all
21 # that paxctl can do).
22 _pax_list_files() {
23 local m cmd
24 m=$1 ; shift
25 for f in $*; do
26 ${cmd} " ${f}"
27 done
28 }
29
30 pax-mark() {
31 local f flags fail=0 failures=""
32 flags=${1//-}
33 shift
34 if [[ -x /sbin/chpax ]]; then
35 einfo "Legacy EI PaX marking -${flags}"
36 _pax_list_files echo $*
37 for f in $*; do
38 /sbin/chpax -${flags} ${f} && continue
39 fail=1
40 failures="${failures} ${f}"
41 done
42 fi
43 if [[ -x /sbin/paxctl ]]; then
44 einfo "PT PaX marking -${flags}"
45 _pax_list_files echo $*
46 for f in $*; do
47 /sbin/paxctl -q${flags} ${f} && continue
48 /sbin/paxctl -qc${flags} ${f} && continue
49 /sbin/paxctl -qC${flags} ${f} && continue
50 fail=1
51 failures="${failures} ${f}"
52 done
53 elif [[ -x /usr/bin/scanelf ]]; then
54 einfo "Fallback PaX marking -${flags}"
55 _pax_list_files echo $*
56 /usr/bin/scanelf -Xxz ${flags} $*
57 else
58 failures="$*"
59 fail=1
60 fi
61 if [[ ${fail} == 1 ]]; then
62 ewarn "Failed to set PaX markings -${flags} for:"
63 _pax_list_files ewarn ${failures}
64 ewarn "Executables may be killed by PaX kernels."
65 fi
66 return ${fail}
67 }
68
69 ##### host-is-pax
70 # Indicates whether the build machine has PaX or not; intended for use
71 # where the build process must be modified conditionally in order to satisfy PaX.
72 host-is-pax() {
73 # We need procfs to work this out. PaX is only available on Linux,
74 # so result is always false on non-linux machines (e.g. Gentoo/*BSD)
75 [[ -e /proc/self/status ]] || return 1
76 grep ^PaX: /proc/self/status > /dev/null
77 return $?
78 }

  ViewVC Help
Powered by ViewVC 1.1.20