On Mon, Mar 21, 2011 at 8:26 AM, "Paweł Hajdan, Jr." wrote: > On 3/17/11 11:18 PM, Mike Frysinger wrote: >> also, this code is run at the pkg_* stage, so it's not the normal src host >> feature detection. and we're talking about minor output behavior. > > Is calling pax-mark in src_compile a misuse then? At least one ebuild I > maintain does that (and at least in one case it'd have to be either in > src_compile or src_test because the test binary has to be pax-mark-ed).
because the PaX markings live in the ELF itself, calling in src_* is valid. i might even propose that this should be done only in src_* steps and not the pkg_* steps. the less crap needed to execute at pkg_* time the better. > By the way, what do you think about using the "hardened" USE flag to > control the elog behavior, and forcing it on the hardened profile? In my > opinion it's a bit hacky. not worth the time > Would it make more sense to scan all installed files in pkg_postinst for > pax-mark-ed files, and then elog something? that'd work for me, and would make the output much more concise -mike
