net-libs/nodejs: Fix build on PAX enable kernel (bug 694100)

We need to disable mprotect on two bins when we compile bug 694100. Closes: https://bugs.gentoo.org/694100 Reported-by: Attila Tóth <atoth@atoth.sote.hu> Co-developed-by: Attila Tóth <atoth@atoth.sote.hu> Signed-off-by: Magnus Granberg <zorry@gentoo.org> Package-Manager: Portage-2.3.76, Repoman-2.3.16
author: Magnus Granberg <zorry@gentoo.org> 2019-11-27 22:28:02 +0100
committer: Magnus Granberg <zorry@gentoo.org> 2019-11-27 22:29:14 +0100
commit: d3b53be221b0288c4eb5155ad52fa8f27bda083d (patch)
tree: cc60a1c4114028251f0db200c9ea2963cb42fd2c /net-libs/nodejs
parent: dev-tcltk/snack: removing old versions (diff)
download: gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.tar.gz
gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.tar.bz2
gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.zip
4 files changed, 82 insertions, 6 deletions
diff --git a/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch
new file mode 100644
index 000000000000..143e41662724
--- /dev/null
+++ b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch
@@ -0,0 +1,71 @@
+    Bug: 694100
+    Add actions for pax marking mkcodecache and node_mksnapshot
+    to disable mprotect for pax enable kernel.
+    Reported-by: Attila Tóth <atoth@atoth.sote.hu>
+    Co-developed-by: Attila Tóth <atoth@atoth.sote.hu>
+    Signed-off-by: Magnus Granberg <zorry@gentoo.org>
+    
+--- a/node.gyp	2019-10-23 11:52:41.000000000 +0200
++++ a/node.gyp	2019-11-12 20:58:43.957881862 +0100
+@@ -233,7 +233,9 @@
+       'deps/acorn-plugins/acorn-static-class-features/index.js',
+     ],
+     'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)',
++    'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)',
++    'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)',
+     'conditions': [
+       [ 'node_shared=="true"', {
+         'node_target_type%': 'shared_library',
+@@ -436,10 +438,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mkcodecache',
++              'inputs': [
++                '<(mkcodecache_exec)',
++              ],
++              'outputs': [
++                '<(mkcodecache_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'run_mkcodecache',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(mkcodecache_exec)',
++                '<(mkcodecache_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc',
+@@ -461,10 +477,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mksnapshot',
++              'inputs': [
++                '<(node_mksnapshot_exec)',
++              ],
++              'outputs': [
++                '<(node_mksnapshot_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'node_mksnapshot',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(node_mksnapshot_exec)',
++                '<(node_mksnapshot_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc',
diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml
index aaaba184187b..3f344f0d8eda 100644
--- a/net-libs/nodejs/metadata.xml
+++ b/net-libs/nodejs/metadata.xml
@@ -7,6 +7,7 @@
 	<use>
 		<flag name="inspector">Enable V8 inspector</flag>
 		<flag name="npm">Enable NPM package manager</flag>
+		<flag name="pax_kernel">Enable building under a PaX enabled kernel</flag>
 		<flag name="snapshot">Enable snapshot creation for faster startup</flag>
 		<flag name="systemtap">Enable SystemTAP/DTrace tracing</flag>
 	</use>
diff --git a/net-libs/nodejs/nodejs-13.2.0.ebuild b/net-libs/nodejs/nodejs-13.2.0.ebuild
index 56bbeb5526f4..8013ab7c39ae 100644
--- a/net-libs/nodejs/nodejs-13.2.0.ebuild
+++ b/net-libs/nodejs/nodejs-13.2.0.ebuild
@@ -15,7 +15,7 @@ SRC_URI="
 LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test"
 REQUIRED_USE="
 	inspector? ( icu ssl )
 	npm? ( ssl )
@@ -33,6 +33,7 @@ BDEPEND="
 	${PYTHON_DEPS}
 	systemtap? ( dev-util/systemtap )
 	test? ( net-misc/curl )
+	pax_kernel? ( sys-apps/elfix )
 "
 DEPEND="
 	${RDEPEND}
@@ -86,6 +87,9 @@ src_prepare() {
 		BUILDTYPE=Debug
 	fi
 
+	# We need to disable mprotect on two files when it builds Bug 694100.
+	use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch )
+
 	default
 }
 
@@ -124,8 +128,6 @@ src_configure() {
 }
 
 src_compile() {
-	emake -C out mksnapshot
-	pax-mark m "out/${BUILDTYPE}/mksnapshot"
 	emake -C out
 }
 
diff --git a/net-libs/nodejs/nodejs-99999999.ebuild b/net-libs/nodejs/nodejs-99999999.ebuild
index e36828c990ad..96dcccf3770e 100644
--- a/net-libs/nodejs/nodejs-99999999.ebuild
+++ b/net-libs/nodejs/nodejs-99999999.ebuild
@@ -13,7 +13,7 @@ EGIT_REPO_URI="https://github.com/nodejs/node"
 LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
 SLOT="0"
 KEYWORDS=""
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl systemtap test"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl systemtap test"
 REQUIRED_USE="
 	inspector? ( icu ssl )
 	npm? ( ssl )
@@ -31,6 +31,7 @@ BDEPEND="
 	${PYTHON_DEPS}
 	systemtap? ( dev-util/systemtap )
 	test? ( net-misc/curl )
+	pax_kernel? ( sys-apps/elfix )
 "
 DEPEND="
 	${RDEPEND}
@@ -82,6 +83,9 @@ src_prepare() {
 		BUILDTYPE=Debug
 	fi
 
+	# We need to disable mprotect on two files when it builds Bug 694100.
+	use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch )
+
 	default
 }
 
@@ -120,8 +124,6 @@ src_configure() {
 }
 
 src_compile() {
-	emake -C out mksnapshot
-	pax-mark m "out/${BUILDTYPE}/mksnapshot"
 	emake -C out
 }
author	Magnus Granberg <zorry@gentoo.org>	2019-11-27 22:28:02 +0100
committer	Magnus Granberg <zorry@gentoo.org>	2019-11-27 22:29:14 +0100
commit	d3b53be221b0288c4eb5155ad52fa8f27bda083d (patch)
tree	cc60a1c4114028251f0db200c9ea2963cb42fd2c /net-libs/nodejs
parent	dev-tcltk/snack: removing old versions (diff)
download	gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.tar.gz gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.tar.bz2 gentoo-d3b53be221b0288c4eb5155ad52fa8f27bda083d.zip