2010-08-01 Magnus Granberg #286280 We disable MPROTECT on the mono binary --- a/dev-lang/mono/mono-2.6.7.ebuild 2010-07-21 17:13:14.000000000 +0000 +++ b/dev-lang/mono/mono-2.6.7.ebuild 2010-08-01 17:53:30.000000000 +0000 @@ -4,7 +4,7 @@ EAPI=2 -inherit linux-info mono eutils flag-o-matic multilib go-mono +inherit linux-info mono eutils flag-o-matic multilib go-mono pax-utils DESCRIPTION="Mono runtime and class libraries, a C# compiler/interpreter" HOMEPAGE="http://www.go-mono.com" @@ -12,7 +12,7 @@ LICENSE="MIT LGPL-2.1 GPL-2 BSD-4 NPL-1.1 Ms-PL GPL-2-with-linking-exception IDPL" SLOT="0" KEYWORDS="~amd64 ~ppc ~x86" -IUSE="xen moonlight minimal" +IUSE="xen moonlight minimal hardened" #Bash requirement is for += operator COMMONDEPEND="!=app-shells/bash-3.2 + hardened? ( sys-apps/paxctl )" PDEPEND="dev-dotnet/pe-format" MAKEOPTS="${MAKEOPTS} -j1" @@ -55,6 +56,17 @@ eerror "See http://bugs.gentoo.org/261869 for more info." die "Please set CONFIG_SYSVIPC in your kernel .config" fi + if use hardened && host-is-pax ; then + if linux_chkconfig_present PAX_MPROTECT ; then + einfo "CONFIG_PAX_MPROTECT is set." + ewarn "We are disabling MPROTECT on the mono binary." + ewarn "Mono use a JiT trampoline function and it" + ewarn "will not work when MPROTECT is enable." + DISABLE_PAX_MPROTECT="yes" + else + DISABLE_PAX_MPROTECT="no" + fi + fi else ewarn "Was unable to determine your kernel .config" ewarn "Please note that if CONFIG_SYSVIPC is not set in your kernel .config, mono will hang while compiling." @@ -69,6 +81,11 @@ > "${WORKDIR}"/mono-2.2-libdir126.patch || die "Sedding patch file failed" go-mono_src_prepare + # we need to sed in the paxctl -m in the runtime/mono-wrapper.in so it don't + # get killed in the build proces when MPROTEC is enable. #286280 + if [[ $DISABLE_PAX_MPROTECT == "yes" ]] ; then + sed '/exec/ i\paxctl -m "$r/@mono_runtime@"' -i "${S}"/runtime/mono-wrapper.in + fi } src_configure() {