Icedtea has effective treatment to compile on pax/grsec systems, but is getting outdated. Openjdk is moving ahead and despite current ebuilds label the compiled binaries well for a pax/grsec systems, I still need to manually label executables 4 times to make the packages compile. Based on the suggestion from Brad Spengler @ grsec I've created patches for current openjdk-11 and openjdk-17 ebuilds to let them compile. Please find them attached. I haven't elaborated whether all the changes are really necessary. I also realize, that it is possible to mass-modify the files using sed from the ebuild, but I opted for the patch approach for a less intrusive path - simply placing them in the appropriate patches directory.
I thought these could be helpful for someone on the list. BR: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057
openjdk-11-setarch-S.patch
Description: Binary data
openjdk-17-setarch-S.patch
Description: Binary data
