Bug#503173: set correct PAX flags with paxctl as package default on i386 and amd64

[Pierre Ynard]

> GRUB uses nested functions and so requires an executable stack. Sorry.

Okay, then the best is to have PAX_EMUTRAMP support in the kernel and
use paxctl -cE on the concerned binaries. I wrote a patch that does that
when building the package; maybe it's needed for the other binaries that
I haven't tested, and it should probably be linux-only, but that's the
idea.


diff -urNp grub2-1.99~rc1.orig/debian/control grub2-1.99~rc1/debian/control
--- grub2-1.99~rc1.orig/debian/control	2011-02-24 01:04:07.000000000 +0100
+++ grub2-1.99~rc1/debian/control	2011-02-24 01:04:42.000000000 +0100
@@ -31,6 +31,7 @@ Build-Depends: debhelper (>= 7.0.50~),
  qemu-system [i386 kfreebsd-i386 kopensolaris-i386 any-amd64],
  qemu-utils [!hurd-any],
  parted [!hurd-any],
+ paxctl,
 Build-Conflicts: autoconf2.13 
 Standards-Version: 3.8.4
 Homepage: http://www.gnu.org/software/grub/
diff -urNp grub2-1.99~rc1.orig/debian/rules grub2-1.99~rc1/debian/rules
--- grub2-1.99~rc1.orig/debian/rules	2011-02-24 01:04:07.000000000 +0100
+++ grub2-1.99~rc1/debian/rules	2011-02-24 01:04:42.000000000 +0100
@@ -90,10 +90,12 @@ build/stamps/configure-grub-common: $(AU
 
 build/stamps/build-grub-common build/stamps/build-grub-efi-ia32 build/stamps/build-grub-efi-amd64 build/stamps/build-grub-ieee1275 build/stamps/build-grub-coreboot build/stamps/build-grub-emu build/stamps/build-grub-yeeloong: build/stamps/build-%: build/stamps/configure-%
 	dh_auto_build
+	paxctl -cE build/$*/grub-{mkdevicemap,probe,script-check}
 	touch $@
 
 build/stamps/build-grub-pc: build/stamps/configure-grub-pc
 	dh_auto_build
+	paxctl -cE build/grub-pc/grub-{mkdevicemap,probe,script-check,setup}
 ifeq ($(with_check), yes)
 	dh_auto_test
 endif


Regards,

-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."