oraclejdk8: Add support for grsecurity

2014-06-22 21:37:09 +09:00 · 2014-06-22 21:37:09 +09:00 · 4f745ce8b2
parent a056940066
commit 4f745ce8b2
1 changed files with 12 additions and 1 deletions
--- a/pkgs/development/compilers/jdk/jdk-linux-base.nix
+++ b/pkgs/development/compilers/jdk/jdk-linux-base.nix
@ -12,6 +12,7 @@
 , stdenv
 , requireFile
 , unzip
+, file
 , xlibs ? null
 , installjdk ? true
 , pluginSupport ? true
@ -79,13 +80,23 @@ stdenv.mkDerivation rec {
    else
      abort "jdk requires i686-linux or x86_64 linux";

-  buildInputs = if installjce then [ unzip ] else [];
+  nativeBuildInputs = [ file ]
+    ++ stdenv.lib.optional installjce unzip;

  # See: https://github.com/NixOS/patchelf/issues/10
  dontStrip = 1;
  
  installPhase = ''
    cd ..
+
+    # Set PaX markings
+    exes=$(file $sourceRoot/bin/* $sourceRoot/jre/bin/* 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//')
+    for file in $exes; do
+      paxmark m "$file"
+      # On x86 for heap sizes over 700MB disable SEGMEXEC and PAGEEXEC as well.
+      ${stdenv.lib.optionalString stdenv.isi686 ''paxmark msp "$file"''}
+    done
+
    if test -z "$installjdk"; then
      mv $sourceRoot/jre $out
    else