kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

stdenv: Fix hardening default for pkgsMusl to reenable -pie

Browse Source 
defaultHardeningFlags is set to enable pie for Musl, but is not
actually used because the default is never put into
NIX_HARDENING_ENABLE. That still works for cases other than Musl
only because NIX_HARDENING_ENABLE is defaulted in the binutils and
cc-wrapper setup-hook.sh scripts.
wip/yesman
Nathan Hawkins 4 years ago
parent b6b09ac7ae
commit 4e9dc46dea
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      pkgs/stdenv/generic/make-derivation.nix

2
pkgs/stdenv/generic/make-derivation.nix vendored
Unescape View File

@ -276,7 +276,7 @@ in rec {
in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
} // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
enableParallelChecking = attrs.enableParallelChecking or true;
} // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {
} // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
NIX_HARDENING_ENABLE = enabledHardeningOptions;
} // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];

Write Preview
Loading…
Cancel
Save