Sun's Java can build with any/all hardening options, but creates non-pic shared objects during the build, so it has to be built on a non-pax kernel. No extra patches or Sed commands needed, it was strait forward.
There are binary packages here: http://68.209.156.155/~ashes/hardened-jdk/ $ cat jdk-1.5.0_11-linux-i586-hardened.tar.md5 ede68cb1bccf7e8ad6ff17782eaa36db jdk-1.5.0_11-linux-i586-hardened.tar $ cat jdk-1.5.0_11-linux-i586-hardened.tar.sha1 17c3fbbfd0a41cbd3185d6b76f5aee3928a7feb7 jdk-1.5.0_11-linux-i586-hardened.tar $ cat jdk-1.5.0_11-linux-i586-hardened/README.1st May 17th, 2007 Review the license terms and conditions at: http://java.sun.com/ I do not know if this package is in conformance with Sun's licenses because there are about 20 different licenses, and I don't know which ones apply here. However, I do believe this package is in the spirit of Sun's intentions, because it is provided for Non-Commercial Educational Java Development Research use. I built and distributed this package so that PaX users would have a JDK version with PT_PAX program headers, so legacy marking support would not be needed. This package was essentially built with: 'gcc -fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2' 'ld -z relro -z now -z combreloc -pie' All the programs are position independent executable shared objects. The 'i486-pc-linux-gnu-gcc-4.1.2.specs' file is the GCC specs used to build this package. This package was built with the following: i486-pc-linux-gnu GCC-4.1.2 Binutils-2.17 with PT_PAX patch Glibc-2.5 with PT_PAX patch Glibc configured with --enable-kernel=2.6.21.1 Xorg-7.1, with a couple newer package versions, installed to /usr Mesa-6.5 Note: The JDK build system uses '-march=i586 -O3'. I used the Beyond Linux From Scratch svn-20071505 JDK-1.5.0_11 instructions. I make no claims regarding the stability or security of this package. I made no source code modifications except what are in the Beyond Linux From Scratch book. These files contain the filenames and checksums of the sources and patches I used: sources.md5.txt sources.sha1.txt You will almost certainly need to use the 'paxctl' program, not 'chpax', which is available at the PaX web site. Enjoy
pgparxK8AS7yO.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
