[pkgsrc/trunk]: pkgsrc/mk Import mini-framework for paxctl(8) on NetBSD/{amd6...

[khorben <khorben%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f5c8a6d2b28f
branches:  trunk
changeset: 347667:f5c8a6d2b28f
user:      khorben <khorben%pkgsrc.org@localhost>
date:      Thu May 26 16:03:04 2016 +0000

description:
Import mini-framework for paxctl(8) on NetBSD/{amd64,i386}

This allows setting flags for PaX on select binaries. Two new variables
are introduced for packages: NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE.
They both expect a list of binaries are known to not support PaX ASLR
and/or PaX MPROTECT, respectively.

"Please commit" wiz@

diffstat:

 mk/bsd.pkg.mk            |   6 +++++-
 mk/pax.mk                |  48 ++++++++++++++++++++++++++++++++++++++++++++++++
 mk/tools/tools.NetBSD.mk |   6 +++++-
 3 files changed, 58 insertions(+), 2 deletions(-)

diffs (92 lines):

diff -r 4336951fe1de -r f5c8a6d2b28f mk/bsd.pkg.mk
--- a/mk/bsd.pkg.mk     Thu May 26 15:42:20 2016 +0000
+++ b/mk/bsd.pkg.mk     Thu May 26 16:03:04 2016 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: bsd.pkg.mk,v 1.2018 2016/03/23 11:50:01 jperkin Exp $
+#      $NetBSD: bsd.pkg.mk,v 1.2019 2016/05/26 16:03:04 khorben Exp $
 #
 # This file is in the public domain.
 #
@@ -678,6 +678,10 @@
 
 .include "install/bin-install.mk"
 
+# Handle PaX flags
+#
+.include "pax.mk"
+
 .PHONY: show-pkgtools-version
 .if !target(show-pkgtools-version)
 show-pkgtools-version:
diff -r 4336951fe1de -r f5c8a6d2b28f mk/pax.mk
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/mk/pax.mk Thu May 26 16:03:04 2016 +0000
@@ -0,0 +1,48 @@
+# $NetBSD: pax.mk,v 1.1 2016/05/26 16:03:04 khorben Exp $
+#
+# Infrastructure support for binaries known to fail with PaX enabled.
+#
+# User-settable variables:
+# PAXCTL
+#      The path to the paxctl(8) binary
+#
+# Package-settable variables:
+#
+# NOT_PAX_ASLR_SAFE
+#      The list of binaries which do not support PaX ASLR.
+#
+# NOT_PAX_MPROTECT_SAFE
+#      The list of binaries which do not support PaX MPROTECT.
+
+.if !defined(PAX_MK)
+
+. if defined(TOOLS_PLATFORM.paxctl)
+PAXCTL=        ${TOOLS_PLATFORM.paxctl}
+.  if !empty(NOT_PAX_ASLR_SAFE)
+_INSTALL_ALL_TARGETS+=         post-install-pax-aslr-binaries
+
+.PHONY: post-install-pax-aslr-binaries
+post-install: post-install-pax-aslr-binaries
+post-install-pax-aslr-binaries:
+       @${STEP_MSG} "Setting PaX ASLR flags"
+       ${RUN}                                                          \
+       for binary in ${NOT_PAX_ASLR_SAFE}; do                          \
+               ${PAXCTL} +a ${DESTDIR}${PREFIX}/$$binary;              \
+       done
+.  endif
+
+.  if !empty(NOT_PAX_MPROTECT_SAFE)
+_INSTALL_ALL_TARGETS+=         post-install-pax-mprotect-binaries
+
+.PHONY: post-install-pax-mprotect-binaries
+post-install: post-install-pax-mprotect-binaries
+post-install-pax-mprotect-binaries:
+       @${STEP_MSG} "Setting PaX MPROTECT flags"
+       ${RUN}                                                          \
+       for binary in ${NOT_PAX_MPROTECT_SAFE}; do                      \
+               ${PAXCTL} +m ${DESTDIR}${PREFIX}/$$binary;              \
+       done
+.  endif
+. endif
+
+.endif
diff -r 4336951fe1de -r f5c8a6d2b28f mk/tools/tools.NetBSD.mk
--- a/mk/tools/tools.NetBSD.mk  Thu May 26 15:42:20 2016 +0000
+++ b/mk/tools/tools.NetBSD.mk  Thu May 26 16:03:04 2016 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: tools.NetBSD.mk,v 1.57 2015/09/08 11:36:34 jperkin Exp $
+# $NetBSD: tools.NetBSD.mk,v 1.58 2016/05/26 16:03:04 khorben Exp $
 #
 # System-supplied tools for the NetBSD operating system.
 
@@ -83,6 +83,10 @@
 TOOLS_PLATFORM.openssl?=       /usr/bin/openssl
 TOOLS_PLATFORM.patch?=         /usr/bin/patch
 TOOLS_PLATFORM.pax?=           /bin/pax
+.if empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-386) || \
+       empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-x86_64)
+TOOLS_PLATFORM.paxctl?=                /usr/sbin/paxctl
+.endif
 TOOLS_PLATFORM.printf?=                /usr/bin/printf
 TOOLS_PLATFORM.pwd?=           /bin/pwd
 .if empty(USE_CROSS_COMPILE:M[yY][eE][sS])