diff options
| author | Robin Gloster <mail@glob.in> | 2016-02-27 11:50:34 +0000 |
|---|---|---|
| committer | Robin Gloster <mail@glob.in> | 2016-02-27 11:50:34 +0000 |
| commit | cfffac2a904fb717b4843d6f9378ef3f3010a47e (patch) | |
| tree | 743b28dbdd51b16818c06674d4a65eda4b9bb220 | |
| parent | 14177f5e0bea88d75a5beaf167a4ba5744c06758 (diff) | |
| download | nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar.gz nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar.bz2 nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar.lz nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar.xz nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.tar.zst nixlib-cfffac2a904fb717b4843d6f9378ef3f3010a47e.zip | |
postfix: use hardening flags from stdenv
| -rw-r--r-- | pkgs/servers/mail/postfix/2.11.nix | 5 | ||||
| -rw-r--r-- | pkgs/servers/mail/postfix/3.0.nix | 5 | ||||
| -rw-r--r-- | pkgs/servers/mail/postfix/default.nix | 3 |
3 files changed, 7 insertions, 6 deletions
diff --git a/pkgs/servers/mail/postfix/2.11.nix b/pkgs/servers/mail/postfix/2.11.nix index 7c936bf12446..f2f155cbf3f3 100644 --- a/pkgs/servers/mail/postfix/2.11.nix +++ b/pkgs/servers/mail/postfix/2.11.nix @@ -36,9 +36,8 @@ stdenv.mkDerivation rec { export sendmail_path=$out/bin/sendmail make makefiles \ - CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \ - -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \ - AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now' + CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \ + AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl' ''; installTargets = [ "non-interactive-package" ]; diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 9ea151e597bb..8f102c330ddb 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -9,12 +9,11 @@ let ccargs = lib.concatStringsSep " " ([ "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl}/include/sasl" "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" - "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2" ] ++ lib.optional withPgSQL "-DHAS_PGSQL" ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${libmysql}/include/mysql" ] ++ lib.optional withSQLite "-DHAS_SQLITE"); auxlibs = lib.concatStringsSep " " ([ - "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now" + "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" ] ++ lib.optional withPgSQL "-lpq" ++ lib.optional withMySQL "-lmysqlclient" ++ lib.optional withSQLite "-lsqlite3"); @@ -37,6 +36,8 @@ in stdenv.mkDerivation rec { patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ./post-install-script.patch ]; + hardening_pie = true; + preBuild = '' sed -e '/^PATH=/d' -i postfix-install sed -e "s|@PACKAGE@|$out|" -i conf/post-install diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 578453c8c56f..42355b46021d 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -15,6 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [db openssl cyrus_sasl bison perl]; hardening_format = false; + hardening_pie = true; patches = [ ./postfix-2.2.9-db.patch @@ -41,7 +42,7 @@ stdenv.mkDerivation rec { export sample_directory=$out/share/postfix/doc/samples export readme_directory=$out/share/postfix/doc - make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now' + make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl' ''; installPhase = '' |