summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNed Ludd <solar@gentoo.org>2007-01-25 15:38:57 +0000
committerNed Ludd <solar@gentoo.org>2007-01-25 15:38:57 +0000
commita5ec5f3e17b75c65af15a9e0eb8585e66283f03b (patch)
tree2b20972a7cf5a922aa009ce7c24fc16d0b08b0ff
parentAdd patch from Priit Laes to fix parallel building. Closes bug #163545 (diff)
downloadgentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.tar.gz
gentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.tar.bz2
gentoo-2-a5ec5f3e17b75c65af15a9e0eb8585e66283f03b.zip
- version bump. Includes changes from psm to make paxtest a bit more portable
(Portage version: 2.1.2_rc2-r4)
-rw-r--r--app-admin/paxtest/ChangeLog10
-rw-r--r--app-admin/paxtest/files/Makefile.psm5207
-rw-r--r--app-admin/paxtest/files/digest-paxtest-0.9.7_pre43
-rw-r--r--app-admin/paxtest/paxtest-0.9.7_pre4.ebuild42
4 files changed, 260 insertions, 2 deletions
diff --git a/app-admin/paxtest/ChangeLog b/app-admin/paxtest/ChangeLog
index aaa27d257436..35ad8e26db66 100644
--- a/app-admin/paxtest/ChangeLog
+++ b/app-admin/paxtest/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for app-admin/paxtest
-# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/ChangeLog,v 1.26 2006/09/08 05:51:14 corsair Exp $
+# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/ChangeLog,v 1.27 2007/01/25 15:38:57 solar Exp $
+
+*paxtest-0.9.7_pre4 (23 Jan 2007)
+
+ 23 Jan 2007; <solar@gentoo.org> +files/Makefile.psm5,
+ +paxtest-0.9.7_pre4.ebuild:
+ - version bump. Includes changes from psm to make paxtest a bit more portable
08 Sep 2006; Markus Rothe <corsair@gentoo.org> paxtest-0.9.6.ebuild:
Back to ~ppc64
diff --git a/app-admin/paxtest/files/Makefile.psm5 b/app-admin/paxtest/files/Makefile.psm5
new file mode 100644
index 000000000000..54c94480c1c3
--- /dev/null
+++ b/app-admin/paxtest/files/Makefile.psm5
@@ -0,0 +1,207 @@
+#!/usr/bin/make
+
+# tested with make-3.79.1/gcc-2.96 (shared) and make-3.80/gcc-3.3.2/3 (pie)
+# make-3.79.1 does not support $$@ as target requirement (works for make-3.80)
+
+# preliminaries:
+# Gentoo modifies the specs adding pie/nopie to enable/disable ET_DYN binaries
+
+CC := gcc
+LD := ld
+CC_PIC := -fPIC
+GCC_SPCS := $(shell $(CC) -print-file-name=${GCC_SPECS:-specs})
+
+check_gcc = $(shell if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \
+ then echo "$(1)"; else echo "$(2)"; fi)
+
+check_as = $(shell if $(CC) -Wa,$(1) -Wa,-Z -c -o /dev/null -xassembler /dev/null > /dev/null 2>&1; \
+ then echo "-Wa,$(1)"; fi)
+
+# stack protector has to be disabled for some tests
+CC_SSP := $(call check_gcc,-fno-stack-protector,)
+CC_SSP += $(call check_gcc,-fno-stack-protector-all,)
+
+ASFLAGS := $(call check_as,--noexecstack)
+
+CC_PIE := $(call check_gcc,-fPIE,-fPIC)
+
+SCRT_FILE = $(shell if test -r /usr/lib/Scrt1.o ; then echo "/usr/lib/Scrt1.o"; fi)
+
+ifneq ($(SCRT_FILE),)
+LD_PIE = $(shell $(LD) --help | grep -q pie && echo "-Wl,-pie")
+ifneq ($(LD_PIE),)
+# Gentoo (hardened specs enabled)
+CC_ETEXEC = $(shell grep -q "\!nopie" $(GCC_SPCS) && echo "-nopie")
+LD_ETEXEC = $(CC_ETEXEC)
+endif
+else
+# generic, local version
+SCRT_FILE = crt1S.o
+endif
+
+ifeq ($(LD_PIE),)
+LD_PIE = -shared
+PAX_DEP = $(SCRT_FILE) interp.o
+endif
+
+# check for installed binaries
+CHPAXBIN := $(shell if which chpax >/dev/null 2>&1 ; then echo chpax; fi)
+PAXCTLBIN := $(shell if which paxctl >/dev/null 2>&1 ; then echo paxctl; fi)
+# should somehow use this to see if we really need paxctl
+# list=`paxctl -qQv /sbin/paxctl 2>/dev/null`; if echo $list | grep -q "PaX flags" ; then echo paxctl; fi
+# instead we use both markings to have paxtest running correctly on all platforms
+
+ifneq ($(PAXCTLBIN),)
+DUMMY := $(shell echo '${PAXCTLBIN} $$*' > paxbin)
+endif
+
+# for some reason the .c files need it, else GNU_STACK=RWE
+OPT_FLAGS := -O2 $(ASFLAGS)
+PTHREAD := -lpthread
+# define stripping of binaries/libs here, or set these on make's commandline,
+# else you'll loose the chpax flags!
+LDFLAGS :=
+SHLDFLAGS :=
+ifndef RUNDIR
+RUNDIR := .
+endif
+
+# The Hardened GCC compiler has stack protector on by default, this
+# could interfere with the results of this test.
+
+CFLAGS := $(OPT_FLAGS) -DRUNDIR=\"${RUNDIR}\" $(CC_SSP)
+
+EXEC_TESTS = anonmap execbss execdata execheap execstack
+MPROT_TESTS = mprotanon mprotbss mprotdata mprotheap mprotstack
+MPROTSH_TESTS = mprotshbss mprotshdata writetext
+RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randstack1 randstack2
+RET_TESTS = rettofunc1 rettofunc2
+RETX_TESTS = rettofunc1x rettofunc2x
+SHLIB_TESTS = shlibbss shlibdata
+
+TESTS = $(EXEC_TESTS) $(MPROT_TESTS) $(MPROTSH_TESTS) $(RAND_TESTS) $(RET_TESTS) $(RETX_TESTS) $(SHLIB_TESTS)
+
+UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getstack1 getstack2
+
+SHLIBS= shlibtest.so shlibtest2.so
+
+ifeq ($(CHPAXBIN),)
+CHPAXVER := 0.7
+CHPAX := chpax-$(CHPAXVER)
+CHPAXSRC := $(CHPAX)/aout.c $(CHPAX)/chpax.c $(CHPAX)/elf32.c $(CHPAX)/elf64.c $(CHPAX)/flags.c $(CHPAX)/io.c
+CHPAXBIN := ./chpax
+all: chpax $(SHLIBS) $(TESTS) $(UTILS) paxtest
+else
+all: $(SHLIBS) $(TESTS) $(UTILS) paxtest
+endif
+
+# we need the failure handling, for kernels not supporting EI_PAX
+DUMMY := $(shell echo '${CHPAXBIN} $$* 2>/dev/null ||:' >> paxbin; chmod +x paxbin)
+
+PAXBIN := ./paxbin
+DL := -ldl
+
+clean:
+ -rm -f *.o *.s *~ core
+ -rm -f $(TESTS) $(UTILS) $(SHLIBS)
+ -rm -f paxtest paxtest.log a.out dumpspecs paxbin
+
+ifdef DESTDIR
+ifdef BINDIR
+ifdef RUNDIR
+install: all
+ mkdir -p $(DESTDIR)/$(RUNDIR)
+ cp $(SHLIBS) $(TESTS) $(UTILS) $(DESTDIR)/$(RUNDIR)
+ mkdir -p $(DESTDIR)/$(BINDIR)
+ cp paxtest $(DESTDIR)/$(BINDIR)
+ chmod 755 $(DESTDIR)/$(BINDIR)/paxtest
+endif
+endif
+endif
+
+chpax: $(CHPAXSRC:.c=.o)
+ $(CC) $(LDFLAGS) -o $@ $^
+
+paxtest: $(TESTS) genpaxtest
+ sh genpaxtest $(TESTS)
+
+.S.o:
+ $(CC) $(CFLAGS) $(CC_PIE) $(ASFLAGS) -o $@ -c $<
+.c.o:
+ $(CC) $(CFLAGS) -o $@ -c $<
+
+$(EXEC_TESTS) $(MPROT_TESTS): body.o
+ $(CC) $(CFLAGS) -o $@.o -c $@.c
+ $(CC) $(LDFLAGS) $(PTHREAD) -o $@ $< $@.o
+
+$(RAND_TESTS): randbody.o
+ $(CC) $(CFLAGS) -o $@.o -c $@.c
+ $(CC) $(LDFLAGS) -o $@ $< $@.o
+
+getamap: getamap.o
+ $(CC) $(LDFLAGS) -o $@ $@.o
+
+# get heap1/main1 are built w/o PIC
+get%1.o: get%.c
+ $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@ -c $<
+
+# get heap2/main2 are built w/ PIC
+get%2.o: get%.c
+ $(CC) $(CFLAGS) $(CC_PIE) -o $@ -c $<
+
+# Adamantix uses the PIC version (getheap2.o), not necessary for ET_EXEC
+# build as ET_EXEC (not in Adamantix's Makefile)
+getheap1: getheap1.o
+ $(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $<
+
+getmain1: getmain1.o
+ $(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $<
+ $(PAXBIN) -SPRXM $@
+
+getheap2 getmain2: $(PAX_DEP) getheap2.o getmain2.o
+ $(CC) $(LDFLAGS) $(LD_PIE) -o $@ $(PAX_DEP) $@.o || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@)
+
+getshlib: getshlib.o
+ $(CC) $(LDFLAGS) -o $@ $< $(DL)
+
+# ET_EXEC and usage of "m" is not confirmed (as in Gentoo patch)
+# Adamantix does not use it
+# Pax Team does not want "m" for getstack1/2
+getstack1: getstack.o
+ $(CC) $(LDFLAGS) -o $@ $<
+ $(PAXBIN) -SRp $@
+
+getstack2: getstack.o
+ $(CC) $(LDFLAGS) -o $@ $<
+ # disable segmexec, kernel else overrides pageexec
+ $(PAXBIN) -PRs $@
+
+$(MPROTSH_TESTS): body.o shlibtest.so
+ $(CC) $(CFLAGS) -o $@.o -c $@.c
+ $(CC) $(LDFLAGS) $(PTHREAD) -o $@ $@.o $^
+
+# used for RANDEXEC'd binaries
+retbody.o: body.c
+ $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@ -c $<
+
+# build as ET_EXEC (recommended by PaX Team, not really a requirement)
+$(RET_TESTS): retbody.o
+ $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@.o -c $@.c
+ $(CC) $(LDFLAGS) $(LD_ETEXEC) $(PTHREAD) -o $@ $< $@.o
+
+# build as ET_EXEC (not in Adamantix's Makefile)
+$(RETX_TESTS): retbody.o
+ $(CC) $(CFLAGS) $(CC_ETEXEC) -o $@.o -c $@.c
+ $(CC) $(LDFLAGS) $(LD_ETEXEC) $(PTHREAD) -o $@ $< $@.o
+ $(PAXBIN) -SPXM $@
+
+# should also shlibbss.o and shlibdata.o be built w/ PIC?
+# if yes, remove tes from target and dependency
+shlibtes%.o: shlibtes%.c
+ $(CC) $(CFLAGS) $(CC_PIC) -o $@ -c $<
+
+shlib%.so: shlib%.o
+ $(CC) $(SHLDFLAGS) -shared -o $@ $<
+
+$(SHLIB_TESTS): body.o $(SHLIBS) shlibbss.o shlibdata.o
+ $(CC) $(LDFLAGS) $(PTHREAD) -o $@ body.o $@.o $(SHLIBS) $(DL)
diff --git a/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4 b/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4
new file mode 100644
index 000000000000..acadd9d3e3b5
--- /dev/null
+++ b/app-admin/paxtest/files/digest-paxtest-0.9.7_pre4
@@ -0,0 +1,3 @@
+MD5 28469813c9b797e85afc766190630132 paxtest-0.9.7-pre4.tar.gz 34552
+RMD160 dab85b408f0efc7c3de39563fda852be23771427 paxtest-0.9.7-pre4.tar.gz 34552
+SHA256 033c60eeed8e7ddf877b60e239f5b79c76874f53c3b656c16ed0e02893d014b5 paxtest-0.9.7-pre4.tar.gz 34552
diff --git a/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild b/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild
new file mode 100644
index 000000000000..50edad70c58f
--- /dev/null
+++ b/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild
@@ -0,0 +1,42 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/paxtest/paxtest-0.9.7_pre4.ebuild,v 1.1 2007/01/25 15:38:57 solar Exp $
+
+inherit eutils multilib
+
+MY_P=${P/_/-}
+DESCRIPTION="PaX regression test suite"
+HOMEPAGE="http://www.adamantix.org/paxtest/"
+#SRC_URI="http://www.adamantix.org/paxtest/${MY_P}.tar.gz"
+SRC_URI="http://pax.grsecurity.net/${MY_P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+# EI_PAX flags are not strip safe.
+RESTRICT="nostrip"
+S=${WORKDIR}/${MY_P}
+
+RDEPEND=""
+DEPEND="${RDEPEND}
+ >=sys-apps/chpax-0.7
+ sys-apps/paxctl"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}
+ cp ${FILESDIR}/Makefile.psm5 ${S}/Makefile || die
+ sed -i 's:-O2:${CFLAGS}:' ${S}/Makefile
+}
+
+src_compile() {
+ emake DESTDIR=${D} BINDIR=${D}/usr/bin RUNDIR=/usr/$(get_libdir)/paxtest || die
+}
+
+src_install() {
+ make DESTDIR="${D}" BINDIR=/usr/bin RUNDIR=/usr/$(get_libdir)/paxtest install || die
+ for doc in Changelog README ; do
+ [[ -f ${doc} ]] && dodoc ${doc}
+ done
+}