paxctl-ng is swiss army knife for setting PT_PAX and *XATTR_PAX* flags on an ELF binary.
Created attachment 337736 [details, diff] gir-paxctl-lt-wrapper ( POSIX compliant )
Created attachment 337738 [details, diff] webkit-gtk-1.11.4-r300.ebuild.diff
This should probably be handled at eclass level as well.
(In reply to comment #3) > This should probably be handled at eclass level as well. It can't. This is a build time pax marking that is needed. It has to be updated to fix both possible markings, both PT_PAX and XATTR_PAX. I didn't test Alphat-PC's patch but it looks like its heading in the right direction.
(In reply to comment #4) > (In reply to comment #3) > > This should probably be handled at eclass level as well. > > It can't. This is a build time pax marking that is needed. It has to be > updated to fix both possible markings, both PT_PAX and XATTR_PAX. I didn't > test Alphat-PC's patch but it looks like its heading in the right direction. The latest version of elfix-0.8.2 includes a bash script, /usr/sbin/pax-mark, which is a wrapper to paxctl-ng/paxctl/scanelf/setfattr which attemps to set XT or PT pax markings as the eclass does. The difference is that this can be called from any point in a build process, so anywhere you see paxctl hard coded in ebuilds you should be able to replace it with /usr/sbin/pax-mark. As I write this, I realize I should probably change the name on the next bump to avoid a name collision with pax-mark from the eclass :(
@hardened, feel free to commit if it works for you
is this still needed with current versions?
