public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mesa-noglu: Add support for grsecurity

Browse Source
This commit is contained in:
Ricardo M. Correia 2014-01-26 12:27:50 +01:00
parent 667008d56f
commit 92cc5b8c0c
3 changed files with 33 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/development/libraries/mesa/default.nix
View File

@ -2,6 +2,7 @@
, python, libxml2Python, file, expat, makedepend , python, libxml2Python, file, expat, makedepend
, libdrm, xorg, wayland, udev, llvm, libffi , libdrm, xorg, wayland, udev, llvm, libffi
, libvdpau, libelf , libvdpau, libelf
, grsecEnabled
, enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt , enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt
, enableExtraFeatures ? false # not maintained , enableExtraFeatures ? false # not maintained
}: }:
@ -41,6 +42,7 @@ stdenv.mkDerivation {
patches = [ patches = [
./static-gallium.patch ./static-gallium.patch
./glx_ro_text_segm.patch # fix for grsecurity/PaX
# TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu), # TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu),
# as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog # as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog
]; ];
@ -79,7 +81,8 @@ stdenv.mkDerivation {
"--enable-openvg" "--enable-gallium-egl" # not needed for EGL in Gallium, but OpenVG might be useful "--enable-openvg" "--enable-gallium-egl" # not needed for EGL in Gallium, but OpenVG might be useful
#"--enable-xvmc" # tests segfault with 9.1.{1,2,3} #"--enable-xvmc" # tests segfault with 9.1.{1,2,3}
#"--enable-opencl" # ToDo: opencl seems to need libclc for clover #"--enable-opencl" # ToDo: opencl seems to need libclc for clover
]; ]
++ optional grsecEnabled "--enable-glx-rts"; # slight performance degradation, enable only for grsec
nativeBuildInputs = [ pkgconfig python makedepend file flex bison ]; nativeBuildInputs = [ pkgconfig python makedepend file flex bison ];

25
pkgs/development/libraries/mesa/glx_ro_text_segm.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/configure.ac b/configure.ac
index 5068913..3d4271e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -429,6 +429,20 @@ AC_SUBST([GLESv2_LIB_GLOB])
AC_SUBST([VG_LIB_GLOB])
AC_SUBST([GLAPI_LIB_GLOB])
+
+dnl readonly text segment on x86 hardened platforms
+AC_ARG_ENABLE([glx_rts],
+ [AS_HELP_STRING([--enable-glx-rts],
+ [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])],
+ [enable_glx_rts="$enableval"],
+ [enable_glx_rts=no])
+if test "x$enable_glx_rts" = xyes; then
+ DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT"
+else
+ enable_glx_rts=no
+fi
+
+
dnl
dnl Arch/platform-specific settings
dnl

5
pkgs/top-level/all-packages.nix
View File

@ -5483,7 +5483,10 @@ let
mesaSupported = lib.elem system lib.platforms.mesaPlatforms; mesaSupported = lib.elem system lib.platforms.mesaPlatforms;
mesa_original = callPackage ../development/libraries/mesa { }; mesa_original = callPackage ../development/libraries/mesa {
grsecEnabled = config.grsecurity or false;
};
mesa_noglu = if stdenv.isDarwin mesa_noglu = if stdenv.isDarwin
then darwinX11AndOpenGL // { driverLink = mesa_noglu; } then darwinX11AndOpenGL // { driverLink = mesa_noglu; }
else mesa_original; else mesa_original;