From 601bd3e6e5fccbc198ee02aa36aaeada0642bd20 Mon Sep 17 00:00:00 2001
From: "Ricardo M. Correia" <rcorreia@wizy.org>
Date: Thu, 26 Dec 2013 11:40:40 +0100
Subject: [PATCH] oraclejdk7: Add support for grsecurity

---
 pkgs/development/compilers/jdk/jdk7-linux.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pkgs/development/compilers/jdk/jdk7-linux.nix b/pkgs/development/compilers/jdk/jdk7-linux.nix
index f8b65166ea6c..7683ad81e597 100644
--- a/pkgs/development/compilers/jdk/jdk7-linux.nix
+++ b/pkgs/development/compilers/jdk/jdk7-linux.nix
@@ -2,6 +2,7 @@
 , stdenv
 , requireFile
 , unzip
+, file
 , xlibs ? null
 , installjdk ? true
 , pluginSupport ? true
@@ -71,10 +72,20 @@ stdenv.mkDerivation rec {
     else
       abort "jdk requires i686-linux or x86_64 linux";
 
-  buildInputs = if installjce then [ unzip ] else [];
+  nativeBuildInputs = [ file ]
+    ++ stdenv.lib.optional installjce unzip;
 
   installPhase = ''
     cd ..
+
+    # Set PaX markings
+    exes=$(file $sourceRoot/bin/* $sourceRoot/jre/bin/* 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//')
+    for file in $exes; do
+      paxmark m "$file"
+      # On x86 for heap sizes over 700MB disable SEGMEXEC and PAGEEXEC as well.
+      ${stdenv.lib.optionalString stdenv.isi686 ''paxmark msp "$file"''}
+    done
+
     if test -z "$installjdk"; then
       mv $sourceRoot/jre $out
     else