mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 08:23:09 +00:00
cc-wrapper, clang: use new mechanism to selectively unsupport zerocallusedregs
this allows a compiler derivation to provide a hardeningUnsupportedFlagsByTargetPlatform passthru attr that will be called with the targetPlatform to determine the unsupported hardening flags for that platform. we can do this because even though a clang compiler is multi-target by nature, cc-wrapper effectively fixes the target platform at wrapping time. otherwise we'd have to sniff the intended target at runtime, which wouldn't be fun at all. the advantage of using a new attribute instead of allowing hardeningUnsupportedFlags to optionally be a function is that hardeningUnsupportedFlags retains its simple overriding pattern for simple cases (i.e. `(prev.hardeningUnsupportedFlags or []) ++ [ "foo" ]` ) which will continue to work as long as the bottom-most function of hardeningUnsupportedFlagsByTargetPlatform falls back to hardeningUnsupportedFlags.
This commit is contained in:
parent
e79c133858
commit
506ec38e7f
@ -223,6 +223,15 @@ let
|
||||
|
||||
defaultHardeningFlags = bintools.defaultHardeningFlags or [];
|
||||
|
||||
# if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is
|
||||
# called with the targetPlatform as an argument and
|
||||
# cc.hardeningUnsupportedFlags is completely ignored - the function
|
||||
# is responsible for including the constant hardeningUnsupportedFlags
|
||||
# list however it sees fit.
|
||||
ccHardeningUnsupportedFlags = if cc ? hardeningUnsupportedFlagsByTargetPlatform
|
||||
then cc.hardeningUnsupportedFlagsByTargetPlatform targetPlatform
|
||||
else (cc.hardeningUnsupportedFlags or []);
|
||||
|
||||
darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin (
|
||||
if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx"
|
||||
else targetPlatform.darwinPlatform
|
||||
@ -584,7 +593,7 @@ stdenv.mkDerivation {
|
||||
## Hardening support
|
||||
##
|
||||
+ ''
|
||||
export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}"
|
||||
export hardening_unsupported_flags="${builtins.concatStringsSep " " ccHardeningUnsupportedFlags}"
|
||||
''
|
||||
|
||||
# Machine flags. These are necessary to support
|
||||
|
@ -7,7 +7,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
self = stdenv.mkDerivation (rec {
|
||||
self = stdenv.mkDerivation (finalAttrs: rec {
|
||||
pname = "clang";
|
||||
inherit version;
|
||||
|
||||
@ -99,9 +99,10 @@ let
|
||||
isClang = true;
|
||||
hardeningUnsupportedFlags = [
|
||||
"fortify3"
|
||||
# supported on x86_64/aarch64 only
|
||||
"zerocallusedregs"
|
||||
];
|
||||
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
|
||||
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
|
||||
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
|
||||
};
|
||||
|
||||
meta = llvm_meta // {
|
||||
|
@ -7,7 +7,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
self = stdenv.mkDerivation (rec {
|
||||
self = stdenv.mkDerivation (finalAttrs: rec {
|
||||
pname = "clang";
|
||||
inherit version;
|
||||
|
||||
@ -93,9 +93,10 @@ let
|
||||
isClang = true;
|
||||
hardeningUnsupportedFlags = [
|
||||
"fortify3"
|
||||
# supported on x86_64/aarch64 only
|
||||
"zerocallusedregs"
|
||||
];
|
||||
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
|
||||
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
|
||||
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
|
||||
};
|
||||
|
||||
meta = llvm_meta // {
|
||||
|
@ -7,7 +7,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
self = stdenv.mkDerivation (rec {
|
||||
self = stdenv.mkDerivation (finalAttrs: rec {
|
||||
pname = "clang";
|
||||
inherit version;
|
||||
|
||||
@ -97,9 +97,10 @@ let
|
||||
isClang = true;
|
||||
hardeningUnsupportedFlags = [
|
||||
"fortify3"
|
||||
# supported on x86_64/aarch64 only
|
||||
"zerocallusedregs"
|
||||
];
|
||||
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
|
||||
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
|
||||
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
|
||||
};
|
||||
|
||||
meta = llvm_meta // {
|
||||
|
@ -7,7 +7,7 @@
|
||||
}:
|
||||
|
||||
let
|
||||
self = stdenv.mkDerivation (rec {
|
||||
self = stdenv.mkDerivation (finalAttrs: rec {
|
||||
pname = "clang";
|
||||
inherit version;
|
||||
|
||||
@ -97,9 +97,10 @@ let
|
||||
isClang = true;
|
||||
hardeningUnsupportedFlags = [
|
||||
"fortify3"
|
||||
# supported on x86_64/aarch64 only
|
||||
"zerocallusedregs"
|
||||
];
|
||||
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
|
||||
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
|
||||
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
|
||||
};
|
||||
|
||||
meta = llvm_meta // {
|
||||
|
Loading…
Reference in New Issue
Block a user