From 92cc5b8c0c3f50237deced6f30f4d58a8e8f2dab Mon Sep 17 00:00:00 2001 From: "Ricardo M. Correia" Date: Sun, 26 Jan 2014 12:27:50 +0100 Subject: [PATCH] mesa-noglu: Add support for grsecurity --- pkgs/development/libraries/mesa/default.nix | 5 +++- .../libraries/mesa/glx_ro_text_segm.patch | 25 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 5 +++- 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/libraries/mesa/glx_ro_text_segm.patch diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 595c044f780..b1da4bd5636 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -2,6 +2,7 @@ , python, libxml2Python, file, expat, makedepend , libdrm, xorg, wayland, udev, llvm, libffi , libvdpau, libelf +, grsecEnabled , enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt , enableExtraFeatures ? false # not maintained }: @@ -41,6 +42,7 @@ stdenv.mkDerivation { patches = [ ./static-gallium.patch + ./glx_ro_text_segm.patch # fix for grsecurity/PaX # TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu), # as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog ]; @@ -79,7 +81,8 @@ stdenv.mkDerivation { "--enable-openvg" "--enable-gallium-egl" # not needed for EGL in Gallium, but OpenVG might be useful #"--enable-xvmc" # tests segfault with 9.1.{1,2,3} #"--enable-opencl" # ToDo: opencl seems to need libclc for clover - ]; + ] + ++ optional grsecEnabled "--enable-glx-rts"; # slight performance degradation, enable only for grsec nativeBuildInputs = [ pkgconfig python makedepend file flex bison ]; diff --git a/pkgs/development/libraries/mesa/glx_ro_text_segm.patch b/pkgs/development/libraries/mesa/glx_ro_text_segm.patch new file mode 100644 index 00000000000..95f01ba9e52 --- /dev/null +++ b/pkgs/development/libraries/mesa/glx_ro_text_segm.patch @@ -0,0 +1,25 @@ +diff --git a/configure.ac b/configure.ac +index 5068913..3d4271e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -429,6 +429,20 @@ AC_SUBST([GLESv2_LIB_GLOB]) + AC_SUBST([VG_LIB_GLOB]) + AC_SUBST([GLAPI_LIB_GLOB]) + ++ ++dnl readonly text segment on x86 hardened platforms ++AC_ARG_ENABLE([glx_rts], ++ [AS_HELP_STRING([--enable-glx-rts], ++ [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])], ++ [enable_glx_rts="$enableval"], ++ [enable_glx_rts=no]) ++if test "x$enable_glx_rts" = xyes; then ++ DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT" ++else ++ enable_glx_rts=no ++fi ++ ++ + dnl + dnl Arch/platform-specific settings + dnl diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8b2f61f905d..6ecd8850b05 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5483,7 +5483,10 @@ let mesaSupported = lib.elem system lib.platforms.mesaPlatforms; - mesa_original = callPackage ../development/libraries/mesa { }; + mesa_original = callPackage ../development/libraries/mesa { + grsecEnabled = config.grsecurity or false; + }; + mesa_noglu = if stdenv.isDarwin then darwinX11AndOpenGL // { driverLink = mesa_noglu; } else mesa_original;