robert at linuxfromscratch.org
Thu May 17 05:20:42 PDT 2007
Sun's Java can build with any/all hardening options, but creates non-pic
shared objects during the build, so it has to be built on a non-pax kernel.
No extra patches or Sed commands needed, it was strait forward.
There are binary packages here:
$ cat jdk-1.5.0_11-linux-i586-hardened.tar.md5
$ cat jdk-1.5.0_11-linux-i586-hardened.tar.sha1
$ cat jdk-1.5.0_11-linux-i586-hardened/README.1st
May 17th, 2007
Review the license terms and conditions at:
I do not know if this package is in conformance with Sun's licenses because
there are about 20 different licenses, and I don't know which ones apply here.
However, I do believe this package is in the spirit of Sun's intentions,
because it is provided for Non-Commercial Educational Java Development
Research use. I built and distributed this package so that PaX users would
have a JDK version with PT_PAX program headers, so legacy marking support
would not be needed.
This package was essentially built with:
'gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2'
'ld -z relro -z now -z combreloc -pie'
All the programs are position independent executable shared objects.
The 'i486-pc-linux-gnu-gcc-4.1.2.specs' file is the GCC specs used to build
This package was built with the following:
Binutils-2.17 with PT_PAX patch
Glibc-2.5 with PT_PAX patch
Glibc configured with --enable-kernel=22.214.171.124
Xorg-7.1, with a couple newer package versions, installed
Note: The JDK build system uses '-march=i586 -O3'.
I used the Beyond Linux From Scratch svn-20071505 JDK-1.5.0_11 instructions.
I make no claims regarding the stability or security of this package. I made
no source code modifications except what are in the Beyond Linux From Scratch
These files contain the filenames and checksums of the sources and patches I
You will almost certainly need to use the 'paxctl' program, not 'chpax', which
is available at the PaX web site.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the hlfs-dev