nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 15:03:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #253194 from risicle/ris-nix-hardening-enable-fortify3-imply-fortify

Browse Source 
cc-wrapper: ensure `NIX_HARDENING_ENABLE` `fortify3` implies `fortify` too
This commit is contained in:
Robert Scott 2023-10-23 19:23:02 +01:00 committed by GitHub
commit 25920d8de2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -10,6 +10,13 @@ for flag in ${NIX_HARDENING_ENABLE_@suffixSalt@-}; do
hardeningEnableMap["$flag"]=1
done
# fortify3 implies fortify enablement - make explicit before
# we filter unsupported flags because unsupporting fortify3
# doesn't mean we should unsupport fortify too
if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
hardeningEnableMap["fortify"]=1
fi
# Remove unsupported flags.
for flag in @hardening_unsupported_flags@; do
unset -v "hardeningEnableMap[$flag]"
@ -19,7 +26,7 @@ for flag in @hardening_unsupported_flags@; do
fi
done
# make fortify and fortify3 mutually exclusive
# now make fortify and fortify3 mutually exclusive
if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
unset -v "hardeningEnableMap['fortify']"
fi