added chpax behaviour for proper operation of blackdown under PaX kernels

3 files changed, 29 insertions, 4 deletions

diff --git a/dev-java/blackdown-jdk/ChangeLog b/dev-java/blackdown-jdk/ChangeLog
index 2c6cf1a7620a..669be2c7fa7b 100644
--- a/dev-java/blackdown-jdk/ChangeLog
+++ b/dev-java/blackdown-jdk/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for dev-java/blackdown-jdk
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/blackdown-jdk/ChangeLog,v 1.37 2003/09/01 11:29:05 weeve Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/blackdown-jdk/ChangeLog,v 1.38 2003/10/03 10:57:22 pappy Exp $
+
+  03 Oct 2003; Alexander Gabert <pappy@gentoo.org> blackdown-jdk-1.4.1.ebuild:
+  added chpax behaviour for proper operation of blackdown under PaX kernels
 
   01 Sep 2003; Jason Wever <weeve@gentoo.org> blackdown-jdk-1.4.1.ebuild:
   Added fixes for bugs #26629 and #26925.
diff --git a/dev-java/blackdown-jdk/Manifest b/dev-java/blackdown-jdk/Manifest
index a805c4aed56a..85c734da69f2 100644
--- a/dev-java/blackdown-jdk/Manifest
+++ b/dev-java/blackdown-jdk/Manifest
@@ -1,8 +1,8 @@
 MD5 56b513b890fb03f41c60b16d2a654cb1 blackdown-jdk-1.3.1-r9.ebuild 2253
 MD5 5e775ad400b1d5df2c493f4e4a4bc403 blackdown-jdk-1.3.1-r8.ebuild 2139
 MD5 f1391b92d8e59a114d34a269cfc3a503 blackdown-jdk-1.3.1-r10.ebuild 2356
-MD5 b5cd1770fe7f569a082d79c3c59075fa blackdown-jdk-1.4.1.ebuild 3386
-MD5 1127fcf604a979bff1cfe3b0c375502a ChangeLog 7243
+MD5 dec747c672851cace85252885355868c blackdown-jdk-1.4.1.ebuild 3386
+MD5 8e35c9dcc5292fdabea33ae59eaf8bb3 ChangeLog 7243
 MD5 e7a8ef2d520a5ea61f264e9718b8d4c2 blackdown-jdk-1.3.1-r7.ebuild 2316
 MD5 a6ec7d7724fbd068ffb39b5be56134ed metadata.xml 157
 MD5 ac654d06ac05f2084d3eba1fdd187133 files/blackdown-jdk-1.3.1 727
diff --git a/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild b/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild
index 6f570818c12c..36bfa9530779 100644
--- a/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild
+++ b/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2003 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild,v 1.9 2003/09/08 21:21:14 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/blackdown-jdk/blackdown-jdk-1.4.1.ebuild,v 1.10 2003/10/03 10:57:22 pappy Exp $
 
 IUSE="doc"
 
@@ -18,6 +18,9 @@ else
 fi
 SRC_URI="${SRC_URI} sparc? ( ${J_URI}/sparc/${JREV}/j2sdk-${PV}-${JREV}-linux-sparc-gcc3.2.bin )"
 
+# this is needed for proper operating under a PaX kernel without activated grsecurity acl
+CHPAX_CONSERVATIVE_FLAGS="pemsv"
+
 HOMEPAGE="http://www.blackdown.org"
 
 SLOT="1.4.1"
@@ -104,5 +107,24 @@ src_install () {
 pkg_postinst () {
 	# Set as default system VM if none exists
 	java_pkg_postinst
+
+	# if chpax is on the target system, set the appropriate PaX flags
+	# this will not hurt the binary, it modifies only unused ELF bits
+	# but may confuse things like AV scanners and automatic tripwire
+	if has_version "sys-apps/chpax"
+	then
+		einfo "setting up conservative PaX flags for jar and javac"
+
+		for paxkills in "jar" "javac"
+		do
+			chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills
+		done
+
+		einfo "you should have seen lots of chpax output above now"
+		ewarn "make sure the grsec ACL contains those entries also"
+		ewarn "because enabling it will override the chpax setting"
+		ewarn "on the physical files - help for PaX and grsecurity"
+		ewarn "can be given by #gentoo-hardened + pappy@gentoo.org"
+	fi
 }