From bf990cc3cc687f53b70497d282725b3cc77f0347 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Mon, 18 Apr 2022 14:51:00 +0100 Subject: [PATCH] glibc: unconditionally disable pie glibc already has to be careful not to create extra dynamic relocations in ld.so. For that it enables -fPIC/-fPIE selectively. --- pkgs/development/libraries/glibc/default.nix | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 65a622f04673..ba782321559d 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -40,13 +40,10 @@ callPackage ./common.nix { inherit stdenv; } { makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin") ''; - # The stackprotector and fortify hardening flags are autodetected by glibc - # and enabled by default if supported. Setting it for every gcc invocation - # does not work. - hardeningDisable = [ "stackprotector" "fortify" ] - # XXX: Not actually musl-speciic but since only musl enables pie by default, - # limit rebuilds by only disabling pie w/musl - ++ lib.optional stdenv.hostPlatform.isMusl "pie"; + # The pie, stackprotector and fortify hardening flags are autodetected by + # glibc and enabled by default if supported. Setting it for every gcc + # invocation does not work. + hardeningDisable = [ "fortify" "pie" "stackprotector" ]; NIX_CFLAGS_COMPILE = lib.concatStringsSep " " (builtins.concatLists [