Merge commit '87807e64a5ef5206b745a40af118c7be8db73681'

author: Alyssa Ross <hi@alyssa.is> 2021-07-09 12:30:28 +0000
committer: Alyssa Ross <hi@alyssa.is> 2021-07-23 09:11:31 +0000
commit: 55cc63c079f49e81d695a25bc2f5b3902f2bd290 (patch)
tree: e705335d97f50b927c76ccb4a3fbde9fab8372b9 /nixpkgs/pkgs/stdenv/generic/make-derivation.nix
parent: c26eb6f74d9393127a21eee7a9620a920769f613 (diff)
parent: 87807e64a5ef5206b745a40af118c7be8db73681 (diff)
download: nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.gz
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.bz2
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.lz
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.xz
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.zst
nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/stdenv/generic/make-derivation.nix b/nixpkgs/pkgs/stdenv/generic/make-derivation.nix
index 4536024c5118..d6704d59111a 100644
--- a/nixpkgs/pkgs/stdenv/generic/make-derivation.nix
+++ b/nixpkgs/pkgs/stdenv/generic/make-derivation.nix
@@ -110,7 +110,9 @@ in rec {
                                       ++ depsTargetTarget ++ depsTargetTargetPropagated) == 0;
       dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || !stdenv.hasCC;
       supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
-                              # Musl-based platforms will keep "pie", other platforms will not.
+      # Musl-based platforms will keep "pie", other platforms will not.
+      # If you change this, make sure to update section `{#sec-hardening-in-nixpkgs}`
+      # in the nixpkgs manual to inform users about the defaults.
       defaultHardeningFlags = if stdenv.hostPlatform.isMusl &&
                                 # Except when:
                                 #    - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries.
author	Alyssa Ross <hi@alyssa.is>	2021-07-09 12:30:28 +0000
committer	Alyssa Ross <hi@alyssa.is>	2021-07-23 09:11:31 +0000
commit	55cc63c079f49e81d695a25bc2f5b3902f2bd290 (patch)
tree	e705335d97f50b927c76ccb4a3fbde9fab8372b9 /nixpkgs/pkgs/stdenv/generic/make-derivation.nix
parent	c26eb6f74d9393127a21eee7a9620a920769f613 (diff)
parent	87807e64a5ef5206b745a40af118c7be8db73681 (diff)
download	nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.gz nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.bz2 nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.lz nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.xz nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.tar.zst nixlib-55cc63c079f49e81d695a25bc2f5b3902f2bd290.zip