From 601bd3e6e5fccbc198ee02aa36aaeada0642bd20 Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" <rcorreia@wizy.org> Date: Thu, 26 Dec 2013 11:40:40 +0100 Subject: [PATCH] oraclejdk7: Add support for grsecurity --- pkgs/development/compilers/jdk/jdk7-linux.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/development/compilers/jdk/jdk7-linux.nix b/pkgs/development/compilers/jdk/jdk7-linux.nix index f8b65166ea6c..7683ad81e597 100644 --- a/pkgs/development/compilers/jdk/jdk7-linux.nix +++ b/pkgs/development/compilers/jdk/jdk7-linux.nix @@ -2,6 +2,7 @@ , stdenv , requireFile , unzip +, file , xlibs ? null , installjdk ? true , pluginSupport ? true @@ -71,10 +72,20 @@ stdenv.mkDerivation rec { else abort "jdk requires i686-linux or x86_64 linux"; - buildInputs = if installjce then [ unzip ] else []; + nativeBuildInputs = [ file ] + ++ stdenv.lib.optional installjce unzip; installPhase = '' cd .. + + # Set PaX markings + exes=$(file $sourceRoot/bin/* $sourceRoot/jre/bin/* 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//') + for file in $exes; do + paxmark m "$file" + # On x86 for heap sizes over 700MB disable SEGMEXEC and PAGEEXEC as well. + ${stdenv.lib.optionalString stdenv.isi686 ''paxmark msp "$file"''} + done + if test -z "$installjdk"; then mv $sourceRoot/jre $out else