On 08/17 08:03, Adam Wolk wrote:
> Hi ports@,
>
> I bumped my snapshot yesterday (yeah it was long coming) and after the upgrade
> my rails app started crashing. It's served by nginx in this specific case but
> that doesn't matter for this specific issue.
>
> The app loads the ruby racer gem which is a binding to v8 which obviously
> contains a JIT and violatex W^X.
>
> I recompiled my lang/ruby with the wxneeded annotation and everything works
> again with one significant issue. The configure check fails by trying to
> execute
> a binary marked wxneeded outside the /usr/local mountpoint (/usr/pobj in this
> case). I passed compilation after moving my pobj to a wxneeded mountpoint.
>
> I'm CC'ing the port maintainer and adding my local patch. Should we mark the
> binaries as wxneeded and if yes how do we handle configure failing in default
> pobj location setup?
Adam,
I'm on the fence about this. Basically, you are asking all users of ruby to
accept additional insecurity, because you want to use an extension that most
users of ruby are not using.
As an occasional user of therubyracer, I can understand your frustration.
I think a better solution would be to allow users that want to allow W|X
to mark such executables themselves, instead of forcing all users to
accept insecurity for the convenience of a few. However, I'm not
qualified to determine if that is a feasible idea.
Now, ruby is not a special flower. This issue affects similar software
such as python, and we made a similar change for python a few days ago.
For consistency purposes, it would make sense to make this change for
ruby if we are making it for python. Because of that, if another
developer OKs it, I will commit it (after testing of course).
Thanks,
Jeremy
>
> Regards,
> Adam
> ? lang-ruby-wxneeded.diff
> Index: Makefile.inc
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/Makefile.inc,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile.inc
> --- Makefile.inc 16 Mar 2016 20:02:11 -0000 1.15
> +++ Makefile.inc 17 Aug 2016 18:03:26 -0000
> @@ -19,7 +19,7 @@ CONFIGURE_STYLE ?= gnu
> CONFIGURE_ARGS += --enable-shared
> CONFIGURE_ENV += PREFIX="${PREFIX}" \
> CPPFLAGS="-DOPENSSL_NO_STATIC_ENGINE
> -I${LOCALBASE}/include" \
> - LDFLAGS="-L${LOCALBASE}/lib"
> + LDFLAGS="-L${LOCALBASE}/lib -Wl,-z,wxneeded"
>
> REV ?= ${VERSION:R}
> SUB ?= ${MACHINE_ARCH:S/amd64/x86_64/}-openbsd
> Index: 1.8/Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/1.8/Makefile,v
> retrieving revision 1.41
> diff -u -p -r1.41 Makefile
> --- 1.8/Makefile 15 Jul 2016 15:53:05 -0000 1.41
> +++ 1.8/Makefile 17 Aug 2016 18:03:26 -0000
> @@ -20,7 +20,7 @@ PKGNAME-ri_docs= ruby-ri_docs-${VERSION}
> PKG_ARCH-ri_docs= *
> PKGSPEC-main= ruby->=1.8,<1.9
>
> -REVISION-main= 7
> +REVISION-main= 8
> REVISION-ri_docs= 1
>
> CONFIGURE_ARGS= --program-suffix=18 \
> Index: 2.0/Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/2.0/Makefile,v
> retrieving revision 1.28
> diff -u -p -r1.28 Makefile
> --- 2.0/Makefile 15 Jul 2016 15:53:05 -0000 1.28
> +++ 2.0/Makefile 17 Aug 2016 18:03:26 -0000
> @@ -16,7 +16,7 @@ PKGNAME-gdbm = ruby20-gdbm-${VERSION}.$
> PKGNAME-tk = ruby20-tk-${VERSION}.${PATCHLEVEL}
> PKGNAME-ri_docs = ruby20-ri_docs-${VERSION}.${PATCHLEVEL}
>
> -REVISION-main = 1
> +REVISION-main = 2
> PKG_ARCH-ri_docs = *
> WANTLIB-ri_docs = # empty
>
> Index: 2.1/Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/2.1/Makefile,v
> retrieving revision 1.23
> diff -u -p -r1.23 Makefile
> --- 2.1/Makefile 15 Jul 2016 15:53:05 -0000 1.23
> +++ 2.1/Makefile 17 Aug 2016 18:03:26 -0000
> @@ -15,7 +15,7 @@ PKGNAME-gdbm = ruby21-gdbm-${VERSION}
> PKGNAME-tk = ruby21-tk-${VERSION}
> PKGNAME-ri_docs = ruby21-ri_docs-${VERSION}
>
> -REVISION-main = 1
> +REVISION-main = 2
> PKG_ARCH-ri_docs = *
> WANTLIB-ri_docs = # empty
>
> Index: 2.2/Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/2.2/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- 2.2/Makefile 15 Jul 2016 15:53:05 -0000 1.15
> +++ 2.2/Makefile 17 Aug 2016 18:03:26 -0000
> @@ -15,7 +15,7 @@ PKGNAME-gdbm = ruby22-gdbm-${VERSION}
> PKGNAME-tk = ruby22-tk-${VERSION}
> PKGNAME-ri_docs = ruby22-ri_docs-${VERSION}
>
> -REVISION-main = 1
> +REVISION-main = 2
> PKG_ARCH-ri_docs = *
> WANTLIB-ri_docs = # empty
>
> Index: 2.3/Makefile
> ===================================================================
> RCS file: /cvs/ports/lang/ruby/2.3/Makefile,v
> retrieving revision 1.9
> diff -u -p -r1.9 Makefile
> --- 2.3/Makefile 15 Jul 2016 15:53:05 -0000 1.9
> +++ 2.3/Makefile 17 Aug 2016 18:03:26 -0000
> @@ -19,7 +19,7 @@ PKGNAME-gdbm = ruby23-gdbm-${VERSION}
> PKGNAME-tk = ruby23-tk-${VERSION}
> PKGNAME-ri_docs = ruby23-ri_docs-${VERSION}
>
> -REVISION-main = 1
> +REVISION-main = 2
> PKG_ARCH-ri_docs = *
> WANTLIB-ri_docs = # empty
>
