diff options
author | Ned Ludd <solar@gentoo.org> | 2007-01-25 15:38:57 +0000 |
---|---|---|
committer | Ned Ludd <solar@gentoo.org> | 2007-01-25 15:38:57 +0000 |
commit | a5ec5f3e17b75c65af15a9e0eb8585e66283f03b (patch) | |
tree | 2b20972a7cf5a922aa009ce7c24fc16d0b08b0ff | |
parent | Add patch from Priit Laes to fix parallel building. Closes bug #163545 (diff) | |
download | gentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.tar.gz gentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.tar.bz2 gentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.zip |
- version bump. Includes changes from psm to make paxtest a bit more portable
(Portage version: 2.1.2_rc2-r4)
-rw-r--r-- | app-admin/paxtest/ChangeLog | 10 | ||||
-rw-r--r-- | app-admin/paxtest/files/Makefile.psm5 | 207 | ||||
-rw-r--r-- | app-admin/paxtest/files/digest-paxtest-0.9.7_pre4 | 3 | ||||
-rw-r--r-- | app-admin/paxtest/paxtest-0.9.7_pre4.ebuild | 42 |
4 files changed, 260 insertions, 2 deletions
diff --git a/app-admin/paxtest/ChangeLog b/app-admin/paxtest/ChangeLog index aaa27d257436..35ad8e26db66 100644 --- a/app-admin/paxtest/ChangeLog +++ b/app-admin/paxtest/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-admin/paxtest -# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/ChangeLog,v 1.26 2006/09/08 05:51:14 corsair Exp $ +# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/ChangeLog,v 1.27 2007/01/25 15:38:57 solar Exp $ + +*paxtest-0.9.7_pre4 (23 Jan 2007) + + 23 Jan 2007; <solar@gentoo.org> +files/Makefile.psm5, + +paxtest-0.9.7_pre4.ebuild: + - version bump. Includes changes from psm to make paxtest a bit more portable 08 Sep 2006; Markus Rothe <corsair@gentoo.org> paxtest-0.9.6.ebuild: Back to ~ppc64 diff --git a/app-admin/paxtest/files/Makefile.psm5 b/app-admin/paxtest/files/Makefile.psm5 new file mode 100644 index 000000000000..54c94480c1c3 --- /dev/null +++ b/app-admin/paxtest/files/Makefile.psm5 @@ -0,0 +1,207 @@ +#!/usr/bin/make + +# tested with make-3.79.1/gcc-2.96 (shared) and make-3.80/gcc-3.3.2/3 (pie) +# make-3.79.1 does not support $$@ as target requirement (works for make-3.80) + +# preliminaries: +# Gentoo modifies the specs adding pie/nopie to enable/disable ET_DYN binaries + +CC := gcc +LD := ld +CC_PIC := -fPIC +GCC_SPCS := $(shell $(CC) -print-file-name=${GCC_SPECS:-specs}) + +check_gcc = $(shell if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \ + then echo "$(1)"; else echo "$(2)"; fi) + +check_as = $(shell if $(CC) -Wa,$(1) -Wa,-Z -c -o /dev/null -xassembler /dev/null > /dev/null 2>&1; \ + then echo "-Wa,$(1)"; fi) + +# stack protector has to be disabled for some tests +CC_SSP := $(call check_gcc,-fno-stack-protector,) +CC_SSP += $(call check_gcc,-fno-stack-protector-all,) + +ASFLAGS := $(call check_as,--noexecstack) + +CC_PIE := $(call check_gcc,-fPIE,-fPIC) + +SCRT_FILE = $(shell if test -r /usr/lib/Scrt1.o ; then echo "/usr/lib/Scrt1.o"; fi) + +ifneq ($(SCRT_FILE),) +LD_PIE = $(shell $(LD) --help | grep -q pie && echo "-Wl,-pie") +ifneq ($(LD_PIE),) +# Gentoo (hardened specs enabled) +CC_ETEXEC = $(shell grep -q "\!nopie" $(GCC_SPCS) && echo "-nopie") +LD_ETEXEC = $(CC_ETEXEC) +endif +else +# generic, local version +SCRT_FILE = crt1S.o +endif + +ifeq ($(LD_PIE),) +LD_PIE = -shared +PAX_DEP = $(SCRT_FILE) interp.o +endif + +# check for installed binaries +CHPAXBIN := $(shell if which chpax >/dev/null 2>&1 ; then echo chpax; fi) +PAXCTLBIN := $(shell if which paxctl >/dev/null 2>&1 ; then echo paxctl; fi) +# should somehow use this to see if we really need paxctl +# list=`paxctl -qQv /sbin/paxctl 2>/dev/null`; if echo $list | grep -q "PaX flags" ; then echo paxctl; fi +# instead we use both markings to have paxtest running correctly on all platforms + +ifneq ($(PAXCTLBIN),) +DUMMY := $(shell echo '${PAXCTLBIN} $$*' > paxbin) +endif + +# for some reason the .c files need it, else GNU_STACK=RWE +OPT_FLAGS := -O2 $(ASFLAGS) +PTHREAD := -lpthread +# define stripping of binaries/libs here, or set these on make's commandline, +# else you'll loose the chpax flags! +LDFLAGS := +SHLDFLAGS := +ifndef RUNDIR +RUNDIR := . +endif + +# The Hardened GCC compiler has stack protector on by default, this +# could interfere with the results of this test. + +CFLAGS := $(OPT_FLAGS) -DRUNDIR=\"${RUNDIR}\" $(CC_SSP) + +EXEC_TESTS = anonmap execbss execdata execheap execstack +MPROT_TESTS = mprotanon mprotbss mprotdata mprotheap mprotstack +MPROTSH_TESTS = mprotshbss mprotshdata writetext +RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randstack1 randstack2 +RET_TESTS = rettofunc1 rettofunc2 +RETX_TESTS = rettofunc1x rettofunc2x +SHLIB_TESTS = shlibbss shlibdata + +TESTS = $(EXEC_TESTS) $(MPROT_TESTS) $(MPROTSH_TESTS) $(RAND_TESTS) $(RET_TESTS) $(RETX_TESTS) $(SHLIB_TESTS) + +UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getstack1 getstack2 + +SHLIBS= shlibtest.so shlibtest2.so + +ifeq ($(CHPAXBIN),) +CHPAXVER := 0.7 +CHPAX := chpax-$(CHPAXVER) +CHPAXSRC := $(CHPAX)/aout.c $(CHPAX)/chpax.c $(CHPAX)/elf32.c $(CHPAX)/elf64.c $(CHPAX)/flags.c $(CHPAX)/io.c +CHPAXBIN := ./chpax +all: chpax $(SHLIBS) $(TESTS) $(UTILS) paxtest +else +all: $(SHLIBS) $(TESTS) $(UTILS) paxtest +endif + +# we need the failure handling, for kernels not supporting EI_PAX +DUMMY := $(shell echo '${CHPAXBIN} $$* 2>/dev/null ||:' >> paxbin; chmod +x paxbin) + +PAXBIN := ./paxbin +DL := -ldl + +clean: + -rm -f *.o *.s *~ core + -rm -f $(TESTS) $(UTILS) $(SHLIBS) + -rm -f paxtest paxtest.log a.out dumpspecs paxbin + +ifdef DESTDIR +ifdef BINDIR +ifdef RUNDIR +install: all + mkdir -p $(DESTDIR)/$(RUNDIR) + cp $(SHLIBS) $(TESTS) $(UTILS) $(DESTDIR)/$(RUNDIR) + mkdir -p $(DESTDIR)/$(BINDIR) + cp paxtest $(DESTDIR)/$(BINDIR) + chmod 755 $(DESTDIR)/$(BINDIR)/paxtest +endif +endif +endif + +chpax: $(CHPAXSRC:.c=.o) + $(CC) $(LDFLAGS) -o $@ $^ + +paxtest: $(TESTS) genpaxtest + sh genpaxtest $(TESTS) + +.S.o: + $(CC) $(CFLAGS) $(CC_PIE) $(ASFLAGS) -o $@ -c $< +.c.o: + $(CC) $(CFLAGS) -o $@ -c $< + +$(EXEC_TESTS) $(MPROT_TESTS): body.o + $(CC) $(CFLAGS) -o $@.o -c $@.c + $(CC) $(LDFLAGS) $(PTHREAD) -o $@ $< $@.o + +$(RAND_TESTS): randbody.o + $(CC) $(CFLAGS) -o $@.o -c $@.c + $(CC) $(LDFLAGS) -o $@ $< $@.o + +getamap: getamap.o + $(CC) $(LDFLAGS) -o $@ $@.o + +# get heap1/main1 are built w/o PIC +get%1.o: get%.c + $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@ -c $< + +# get heap2/main2 are built w/ PIC +get%2.o: get%.c + $(CC) $(CFLAGS) $(CC_PIE) -o $@ -c $< + +# Adamantix uses the PIC version (getheap2.o), not necessary for ET_EXEC +# build as ET_EXEC (not in Adamantix's Makefile) +getheap1: getheap1.o + $(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $< + +getmain1: getmain1.o + $(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $< + $(PAXBIN) -SPRXM $@ + +getheap2 getmain2: $(PAX_DEP) getheap2.o getmain2.o + $(CC) $(LDFLAGS) $(LD_PIE) -o $@ $(PAX_DEP) $@.o || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@) + +getshlib: getshlib.o + $(CC) $(LDFLAGS) -o $@ $< $(DL) + +# ET_EXEC and usage of "m" is not confirmed (as in Gentoo patch) +# Adamantix does not use it +# Pax Team does not want "m" for getstack1/2 +getstack1: getstack.o + $(CC) $(LDFLAGS) -o $@ $< + $(PAXBIN) -SRp $@ + +getstack2: getstack.o + $(CC) $(LDFLAGS) -o $@ $< + # disable segmexec, kernel else overrides pageexec + $(PAXBIN) -PRs $@ + +$(MPROTSH_TESTS): body.o shlibtest.so + $(CC) $(CFLAGS) -o $@.o -c $@.c + $(CC) $(LDFLAGS) $(PTHREAD) -o $@ $@.o $^ + +# used for RANDEXEC'd binaries +retbody.o: body.c + $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@ -c $< + +# build as ET_EXEC (recommended by PaX Team, not really a requirement) +$(RET_TESTS): retbody.o + $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@.o -c $@.c + $(CC) $(LDFLAGS) $(LD_ETEXEC) $(PTHREAD) -o $@ $< $@.o + +# build as ET_EXEC (not in Adamantix's Makefile) +$(RETX_TESTS): retbody.o + $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@.o -c $@.c + $(CC) $(LDFLAGS) $(LD_ETEXEC) $(PTHREAD) -o $@ $< $@.o + $(PAXBIN) -SPXM $@ + +# should also shlibbss.o and shlibdata.o be built w/ PIC? +# if yes, remove tes from target and dependency +shlibtes%.o: shlibtes%.c + $(CC) $(CFLAGS) $(CC_PIC) -o $@ -c $< + +shlib%.so: shlib%.o + $(CC) $(SHLDFLAGS) -shared -o $@ $< + +$(SHLIB_TESTS): body.o $(SHLIBS) shlibbss.o shlibdata.o + $(CC) $(LDFLAGS) $(PTHREAD) -o $@ body.o $@.o $(SHLIBS) $(DL) diff --git a/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4 b/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4 new file mode 100644 index 000000000000..acadd9d3e3b5 --- /dev/null +++ b/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4 @@ -0,0 +1,3 @@ +MD5 28469813c9b797e85afc766190630132 paxtest-0.9.7-pre4.tar.gz 34552 +RMD160 dab85b408f0efc7c3de39563fda852be23771427 paxtest-0.9.7-pre4.tar.gz 34552 +SHA256 033c60eeed8e7ddf877b60e239f5b79c76874f53c3b656c16ed0e02893d014b5 paxtest-0.9.7-pre4.tar.gz 34552 diff --git a/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild b/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild new file mode 100644 index 000000000000..50edad70c58f --- /dev/null +++ b/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild @@ -0,0 +1,42 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild,v 1.1 2007/01/25 15:38:57 solar Exp $ + +inherit eutils multilib + +MY_P=${P/_/-} +DESCRIPTION="PaX regression test suite" +HOMEPAGE="http://www.adamantix.org/paxtest/" +#SRC_URI="http://www.adamantix.org/paxtest/${MY_P}.tar.gz" +SRC_URI="http://pax.grsecurity.net/${MY_P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="" +# EI_PAX flags are not strip safe. +RESTRICT="nostrip" +S=${WORKDIR}/${MY_P} + +RDEPEND="" +DEPEND="${RDEPEND} + >=sys-apps/chpax-0.7 + sys-apps/paxctl" + +src_unpack() { + unpack ${A} + cd ${S} + cp ${FILESDIR}/Makefile.psm5 ${S}/Makefile || die + sed -i 's:-O2:${CFLAGS}:' ${S}/Makefile +} + +src_compile() { + emake DESTDIR=${D} BINDIR=${D}/usr/bin RUNDIR=/usr/$(get_libdir)/paxtest || die +} + +src_install() { + make DESTDIR="${D}" BINDIR=/usr/bin RUNDIR=/usr/$(get_libdir)/paxtest install || die + for doc in Changelog README ; do + [[ -f ${doc} ]] && dodoc ${doc} + done +} |