nginx, nginxUnstable: hardening: only use when the compiler is gcc

8 years ago · 708c6094c5
parent 7b9684a5b5
commit 708c6094c5
2 changed files with 2 additions and 2 deletions
--- a/pkgs/servers/http/nginx/default.nix
+++ b/pkgs/servers/http/nginx/default.nix
@ -55,7 +55,7 @@ stdenv.mkDerivation rec {
  NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";

  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
-    + optionalString hardening ''
+    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
      configureFlagsArray=(
        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
--- a/pkgs/servers/http/nginx/unstable.nix
+++ b/pkgs/servers/http/nginx/unstable.nix
@ -53,7 +53,7 @@ stdenv.mkDerivation rec {
  NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";

  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
-    + optionalString hardening ''
+    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
      configureFlagsArray=(
        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
        --with-ld-opt="-pie -Wl,-z,relro,-z,now"