commit: d3b53be221b0288c4eb5155ad52fa8f27bda083d Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> AuthorDate: Wed Nov 27 21:28:02 2019 +0000 Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> CommitDate: Wed Nov 27 21:29:14 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3b53be2
net-libs/nodejs: Fix build on PAX enable kernel (bug 694100) We need to disable mprotect on two bins when we compile bug 694100. Closes: https://bugs.gentoo.org/694100 Reported-by: Attila Tóth <atoth <AT> atoth.sote.hu> Co-developed-by: Attila Tóth <atoth <AT> atoth.sote.hu> Signed-off-by: Magnus Granberg <zorry <AT> gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.16 .../nodejs/files/nodejs-13.2.0-paxmarking.patch | 71 ++++++++++++++++++++++ net-libs/nodejs/metadata.xml | 1 + net-libs/nodejs/nodejs-13.2.0.ebuild | 8 ++- net-libs/nodejs/nodejs-99999999.ebuild | 8 ++- 4 files changed, 82 insertions(+), 6 deletions(-) diff --git a/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch new file mode 100644 index 00000000000..143e4166272 --- /dev/null +++ b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch @@ -0,0 +1,71 @@ + Bug: 694100 + Add actions for pax marking mkcodecache and node_mksnapshot + to disable mprotect for pax enable kernel. + Reported-by: Attila Tóth <[email protected]> + Co-developed-by: Attila Tóth <[email protected]> + Signed-off-by: Magnus Granberg <[email protected]> + +--- a/node.gyp 2019-10-23 11:52:41.000000000 +0200 ++++ a/node.gyp 2019-11-12 20:58:43.957881862 +0100 +@@ -233,7 +233,9 @@ + 'deps/acorn-plugins/acorn-static-class-features/index.js', + ], + 'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)', ++ 'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)', + 'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)', ++ 'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)', + 'conditions': [ + [ 'node_shared=="true"', { + 'node_target_type%': 'shared_library', +@@ -436,10 +438,24 @@ + ], + 'actions': [ + { ++ 'action_name': 'run_pax_mkcodecache', ++ 'inputs': [ ++ '<(mkcodecache_exec)', ++ ], ++ 'outputs': [ ++ '<(mkcodecache_u_exec)', ++ ], ++ 'action': [ ++ 'bash', ++ '-c', ++ 'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)', ++ ], ++ }, ++ { + 'action_name': 'run_mkcodecache', + 'process_outputs_as_sources': 1, + 'inputs': [ +- '<(mkcodecache_exec)', ++ '<(mkcodecache_u_exec)', + ], + 'outputs': [ + '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc', +@@ -461,10 +477,24 @@ + ], + 'actions': [ + { ++ 'action_name': 'run_pax_mksnapshot', ++ 'inputs': [ ++ '<(node_mksnapshot_exec)', ++ ], ++ 'outputs': [ ++ '<(node_mksnapshot_u_exec)', ++ ], ++ 'action': [ ++ 'bash', ++ '-c', ++ 'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)', ++ ], ++ }, ++ { + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ +- '<(node_mksnapshot_exec)', ++ '<(node_mksnapshot_u_exec)', + ], + 'outputs': [ + '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc', diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml index aaaba184187..3f344f0d8ed 100644 --- a/net-libs/nodejs/metadata.xml +++ b/net-libs/nodejs/metadata.xml @@ -7,6 +7,7 @@ <use> <flag name="inspector">Enable V8 inspector</flag> <flag name="npm">Enable NPM package manager</flag> + <flag name="pax_kernel">Enable building under a PaX enabled kernel</flag> <flag name="snapshot">Enable snapshot creation for faster startup</flag> <flag name="systemtap">Enable SystemTAP/DTrace tracing</flag> </use> diff --git a/net-libs/nodejs/nodejs-13.2.0.ebuild b/net-libs/nodejs/nodejs-13.2.0.ebuild index 56bbeb5526f..8013ab7c39a 100644 --- a/net-libs/nodejs/nodejs-13.2.0.ebuild +++ b/net-libs/nodejs/nodejs-13.2.0.ebuild @@ -15,7 +15,7 @@ SRC_URI=" LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" SLOT="0" KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" -IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" +IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" REQUIRED_USE=" inspector? ( icu ssl ) npm? ( ssl ) @@ -33,6 +33,7 @@ BDEPEND=" ${PYTHON_DEPS} systemtap? ( dev-util/systemtap ) test? ( net-misc/curl ) + pax_kernel? ( sys-apps/elfix ) " DEPEND=" ${RDEPEND} @@ -86,6 +87,9 @@ src_prepare() { BUILDTYPE=Debug fi + # We need to disable mprotect on two files when it builds Bug 694100. + use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) + default } @@ -124,8 +128,6 @@ src_configure() { } src_compile() { - emake -C out mksnapshot - pax-mark m "out/${BUILDTYPE}/mksnapshot" emake -C out } diff --git a/net-libs/nodejs/nodejs-99999999.ebuild b/net-libs/nodejs/nodejs-99999999.ebuild index e36828c990a..96dcccf3770 100644 --- a/net-libs/nodejs/nodejs-99999999.ebuild +++ b/net-libs/nodejs/nodejs-99999999.ebuild @@ -13,7 +13,7 @@ EGIT_REPO_URI="https://github.com/nodejs/node"; LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" SLOT="0" KEYWORDS="" -IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test" +IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test" REQUIRED_USE=" inspector? ( icu ssl ) npm? ( ssl ) @@ -31,6 +31,7 @@ BDEPEND=" ${PYTHON_DEPS} systemtap? ( dev-util/systemtap ) test? ( net-misc/curl ) + pax_kernel? ( sys-apps/elfix ) " DEPEND=" ${RDEPEND} @@ -82,6 +83,9 @@ src_prepare() { BUILDTYPE=Debug fi + # We need to disable mprotect on two files when it builds Bug 694100. + use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) + default } @@ -120,8 +124,6 @@ src_configure() { } src_compile() { - emake -C out mksnapshot - pax-mark m "out/${BUILDTYPE}/mksnapshot" emake -C out }
