Unverified Commit 1b146a8c authored by Jörg Thalheim's avatar Jörg Thalheim
Browse files

treewide: remove paxutils from stdenv 

More then one year ago we removed grsecurity kernels from nixpkgs:
https://github.com/NixOS/nixpkgs/pull/25277

This removes now also paxutils from stdenv.
parent 0a2efa12

doc/stdenv.xml

+0 −24
Original line number Diff line number Diff line
@@ -2433,30 +2433,6 @@ addEnvHooks "$hostOffset" myBashFunction 
      </para>

     </listitem>

    </varlistentry>

    <varlistentry>

     <term>

      paxctl

     </term>

     <listitem>

      <para>

       Defines the <varname>paxmark</varname> helper for setting per-executable

       PaX flags on Linux (where it is available by default; on all other

       platforms, <varname>paxmark</varname> is a no-op). For example, to

       disable secure memory protections on the executable

       <replaceable>foo</replaceable>

<programlisting>

      postFixup = ''

        paxmark m $out/bin/<replaceable>foo</replaceable>

      '';

    </programlisting>

       The <literal>m</literal> flag is the most common flag and is typically

       required for applications that employ JIT compilation or otherwise need

       to execute code generated at run-time. Disabling PaX protections should

       be considered a last resort: if possible, problematic features should be

       disabled or patched to work with PaX.

      </para>

     </listitem>

    </varlistentry>

    <varlistentry>

     <term>

      autoPatchelfHook

pkgs/applications/altcoins/parity-ui/default.nix

+0 −2
Original line number Diff line number Diff line
@@ -34,8 +34,6 @@ in stdenv.mkDerivation rec { 


    find $out/share/parity-ui -name "*.node" -exec patchelf --set-rpath "${uiEnv.libPath}:$out/share/parity-ui" {} \;



    paxmark m $out/share/parity-ui/parity-ui



    mkdir -p $out/bin

    ln -s $out/share/parity-ui/parity-ui $out/bin/parity-ui

  '';

pkgs/applications/editors/atom/default.nix

+0 −3
Original line number Diff line number Diff line
@@ -70,9 +70,6 @@ let 
      ln -s ${pkgs.git}/bin/git $dugite/git/libexec/git-core/git



      find $share -name "*.node" -exec patchelf --set-rpath "${atomEnv.libPath}:$share" {} \;



      paxmark m $share/atom

      paxmark m $share/resources/app/apm/bin/node

    '';



    meta = with stdenv.lib; {

pkgs/applications/networking/browsers/chromium/common.nix

+0 −2
Original line number Diff line number Diff line
@@ -282,8 +282,6 @@ let 
          MENUNAME="Chromium"

          process_template chrome/app/resources/manpage.1.in "${buildPath}/chrome.1"

        )

      '' + optionalString (target == "mksnapshot" || target == "chrome") ''

        paxmark m "${buildPath}/${target}"

      '';

      targets = extraAttrs.buildTargets or [];

      commands = map buildCommand targets;

pkgs/applications/networking/browsers/firefox/common.nix

+0 −8
Original line number Diff line number Diff line
@@ -263,20 +263,12 @@ stdenv.mkDerivation rec { 
  enableParallelBuilding = true;

  doCheck = false; # "--disable-tests" above



  preInstall = ''

    # The following is needed for startup cache creation on grsecurity kernels.

    paxmark m dist/bin/xpcshell

  '';



  installPhase = if stdenv.isDarwin then ''

    mkdir -p $out/Applications

    cp -LR dist/Firefox.app $out/Applications

  '' else null;



  postInstall = lib.optionalString stdenv.isLinux ''

    # For grsecurity kernels

    paxmark m $out/lib/firefox*/{firefox,firefox-bin,plugin-container}



    # Remove SDK cruft. FIXME: move to a separate output?

    rm -rf $out/share/idl $out/include $out/lib/firefox-devel-*