mesa-noglu: Add support for grsecurity

11 years ago · 92cc5b8c0c
parent 667008d56f
commit 92cc5b8c0c
3 changed files with 33 additions and 2 deletions
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@ -2,6 +2,7 @@
 , python, libxml2Python, file, expat, makedepend
 , libdrm, xorg, wayland, udev, llvm, libffi
 , libvdpau, libelf
+, grsecEnabled
 , enableTextureFloats ? false # Texture floats are patented, see docs/patents.txt
 , enableExtraFeatures ? false # not maintained
 }:
@ -41,6 +42,7 @@ stdenv.mkDerivation {

  patches = [
    ./static-gallium.patch
+    ./glx_ro_text_segm.patch # fix for grsecurity/PaX
   # TODO: revive ./dricore-gallium.patch when it gets ported (from Ubuntu),
   #  as it saved ~35 MB in $drivers; watch https://launchpad.net/ubuntu/+source/mesa/+changelog
  ];
@ -79,7 +81,8 @@ stdenv.mkDerivation {
      "--enable-openvg" "--enable-gallium-egl" # not needed for EGL in Gallium, but OpenVG might be useful
      #"--enable-xvmc" # tests segfault with 9.1.{1,2,3}
      #"--enable-opencl" # ToDo: opencl seems to need libclc for clover
-    ];
+    ]
+    ++ optional grsecEnabled "--enable-glx-rts"; # slight performance degradation, enable only for grsec

  nativeBuildInputs = [ pkgconfig python makedepend file flex bison ];

--- a/pkgs/development/libraries/mesa/glx_ro_text_segm.patch
+++ b/pkgs/development/libraries/mesa/glx_ro_text_segm.patch
@ -0,0 +1,25 @@
+diff --git a/configure.ac b/configure.ac
+index 5068913..3d4271e 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -429,6 +429,20 @@ AC_SUBST([GLESv2_LIB_GLOB])
+ AC_SUBST([VG_LIB_GLOB])
+ AC_SUBST([GLAPI_LIB_GLOB])
+ 
+
+dnl readonly text segment on x86 hardened platforms
+AC_ARG_ENABLE([glx_rts],
+    [AS_HELP_STRING([--enable-glx-rts],
+        [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])],
+    [enable_glx_rts="$enableval"],
+    [enable_glx_rts=no])
+if test "x$enable_glx_rts" = xyes; then
+    DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT"
+else
+    enable_glx_rts=no
+fi
+
+
+ dnl
+ dnl Arch/platform-specific settings
+ dnl
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -5483,7 +5483,10 @@ let

  mesaSupported = lib.elem system lib.platforms.mesaPlatforms;

-  mesa_original = callPackage ../development/libraries/mesa { };
+  mesa_original = callPackage ../development/libraries/mesa {
+    grsecEnabled = config.grsecurity or false;
+  };
+
  mesa_noglu = if stdenv.isDarwin
    then darwinX11AndOpenGL // { driverLink = mesa_noglu; }
    else mesa_original;