Index: sun-jdk-1.5.0.09-r1.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.5.0.09-r1.ebuild,v retrieving revision 1.1 diff -u -r1.1 sun-jdk-1.5.0.09-r1.ebuild --- sun-jdk-1.5.0.09-r1.ebuild 22 Nov 2006 23:25:15 -0000 1.1 +++ sun-jdk-1.5.0.09-r1.ebuild 2 Dec 2006 11:37:51 -0000 @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 # $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.5.0.09-r1.ebuild,v 1.1 2006/11/22 23:25:15 caster Exp $ -inherit java-vm-2 eutils +inherit java-vm-2 eutils pax-utils MY_PVL=${PV%.*}_${PV##*.} MY_PVA=${PV//./_} @@ -52,9 +52,6 @@ PACKED_JARS="lib/tools.jar jre/lib/rt.jar jre/lib/jsse.jar jre/lib/charsets.jar jre/lib/ext/localedata.jar jre/lib/plugin.jar jre/lib/javaws.jar jre/lib/deploy.jar" -# this is needed for proper operating under a PaX kernel without activated grsecurity acl -CHPAX_CONSERVATIVE_FLAGS="pemsv" - src_unpack() { if [ ! -r ${DISTDIR}/${At} ]; then die "cannot read ${At}. Please check the permission and try again." @@ -65,6 +62,11 @@ src_install() { local dirs="bin include jre lib man" + + # Set PaX markings on all JDK/JRE executables to allow code-generation on + # the heap by the JIT compiler. + pax-mark m $(list-paxables ${S}{,/jre}/bin/*) + dodir /opt/${P} for i in $dirs ; do @@ -132,35 +134,12 @@ # Set as default VM if none exists java-vm-2_pkg_postinst - # if chpax is on the target system, set the appropriate PaX flags - # this will not hurt the binary, it modifies only unused ELF bits - # but may confuse things like AV scanners and automatic tripwire - if has_version sys-apps/chpax - then - echo - einfo "setting up conservative PaX flags for jar, javac and java" - - for paxkills in "jar" "javac" "java" "javah" "javadoc" - do - chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills - done - - # /opt/$VM/jre/bin/java_vm - chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm - - einfo "you should have seen lots of chpax output above now" - ewarn "make sure the grsec ACL contains those entries also" - ewarn "because enabling it will override the chpax setting" - ewarn "on the physical files - help for PaX and grsecurity" - ewarn "can be given by #gentoo-hardened + hardened@gentoo.org" - fi - if ! use X; then - local xwarn="virtual/x11 and/or" + local xwarn="virtual/x11 and/or " fi echo - ewarn "Some parts of Sun's JDK require ${xwarn} virtual/lpr to be installed." + ewarn "Some parts of Sun's JDK require ${xwarn}virtual/lpr to be installed." ewarn "Be careful which Java libraries you attempt to use." echo