about summary refs log tree commit diff
path: root/pkgs/applications
diff options
context:
space:
mode:
authorFranz Pletz <fpletz@fnordicwalking.de>2016-02-26 18:38:15 +0100
committerFranz Pletz <fpletz@fnordicwalking.de>2016-03-05 18:55:26 +0100
commitaff1f4ab948b921ceaf2b81610f2f82454302b4b (patch)
tree6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/applications
parenta2e449e43e82e258b94c723d92a5e9af641967e7 (diff)
downloadnixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.gz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.bz2
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.lz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.xz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.zst
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.zip
Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
Diffstat (limited to 'pkgs/applications')
-rw-r--r--pkgs/applications/audio/QmidiNet/default.nix2
-rw-r--r--pkgs/applications/audio/aacgain/default.nix2
-rw-r--r--pkgs/applications/audio/cdparanoia/default.nix2
-rw-r--r--pkgs/applications/audio/csound/default.nix2
-rw-r--r--pkgs/applications/audio/freewheeling/default.nix2
-rw-r--r--pkgs/applications/audio/jack-capture/default.nix2
-rw-r--r--pkgs/applications/audio/lingot/default.nix2
-rw-r--r--pkgs/applications/audio/mi2ly/default.nix2
-rw-r--r--pkgs/applications/audio/mp3info/default.nix2
-rw-r--r--pkgs/applications/audio/mp3val/default.nix2
-rw-r--r--pkgs/applications/audio/mpg321/default.nix2
-rw-r--r--pkgs/applications/audio/musescore/default.nix3
-rw-r--r--pkgs/applications/audio/pd-plugins/cyclone/default.nix2
-rw-r--r--pkgs/applications/audio/pd-plugins/maxlib/default.nix2
-rw-r--r--pkgs/applications/audio/pd-plugins/mrpeach/default.nix2
-rw-r--r--pkgs/applications/audio/rakarrack/default.nix2
-rw-r--r--pkgs/applications/audio/zynaddsubfx/default.nix2
-rw-r--r--pkgs/applications/editors/ht/default.nix2
-rw-r--r--pkgs/applications/editors/leafpad/default.nix2
-rw-r--r--pkgs/applications/graphics/cinepaint/default.nix2
-rw-r--r--pkgs/applications/graphics/giv/default.nix2
-rw-r--r--pkgs/applications/graphics/gqview/default.nix2
-rw-r--r--pkgs/applications/graphics/meshlab/default.nix2
-rw-r--r--pkgs/applications/graphics/qtpfsgui/default.nix2
-rw-r--r--pkgs/applications/graphics/tesseract/default.nix2
-rw-r--r--pkgs/applications/graphics/xfig/default.nix2
-rw-r--r--pkgs/applications/inferno/default.nix2
-rw-r--r--pkgs/applications/misc/epdfview/default.nix2
-rw-r--r--pkgs/applications/misc/gkrellm/default.nix2
-rw-r--r--pkgs/applications/misc/grip/default.nix2
-rw-r--r--pkgs/applications/misc/k2pdfopt/default.nix2
-rw-r--r--pkgs/applications/misc/navit/default.nix2
-rw-r--r--pkgs/applications/misc/posterazor/default.nix2
-rw-r--r--pkgs/applications/misc/sdcv/default.nix2
-rw-r--r--pkgs/applications/misc/tasknc/default.nix2
-rw-r--r--pkgs/applications/misc/vym/default.nix2
-rw-r--r--pkgs/applications/misc/wordnet/default.nix2
-rw-r--r--pkgs/applications/networking/browsers/vimprobable2/default.nix2
-rw-r--r--pkgs/applications/networking/browsers/w3m/default.nix2
-rw-r--r--pkgs/applications/networking/instant-messengers/silc-client/default.nix2
-rw-r--r--pkgs/applications/networking/instant-messengers/vacuum/default.nix2
-rw-r--r--pkgs/applications/networking/iptraf-ng/default.nix2
-rw-r--r--pkgs/applications/networking/mailreaders/alpine/default.nix3
-rw-r--r--pkgs/applications/networking/mailreaders/realpine/default.nix2
-rw-r--r--pkgs/applications/networking/remote/ssvnc/default.nix2
-rw-r--r--pkgs/applications/science/electronics/caneda/default.nix2
-rw-r--r--pkgs/applications/science/geometry/drgeo/default.nix2
-rw-r--r--pkgs/applications/science/logic/ltl2ba/default.nix2
-rw-r--r--pkgs/applications/science/logic/otter/default.nix2
-rw-r--r--pkgs/applications/science/logic/prover9/default.nix2
-rw-r--r--pkgs/applications/science/math/cbc/default.nix2
-rw-r--r--pkgs/applications/science/math/perseus/default.nix2
-rw-r--r--pkgs/applications/science/math/qalculate-gtk/default.nix2
-rw-r--r--pkgs/applications/science/math/yacas/default.nix2
-rw-r--r--pkgs/applications/version-management/cvs/default.nix2
-rw-r--r--pkgs/applications/version-management/git-and-tools/git/default.nix2
-rw-r--r--pkgs/applications/version-management/git-and-tools/qgit/default.nix2
-rw-r--r--pkgs/applications/version-management/redmine/default.nix2
-rw-r--r--pkgs/applications/video/aegisub/default.nix3
-rw-r--r--pkgs/applications/virtualization/OVMF/default.nix4
-rw-r--r--pkgs/applications/virtualization/bochs/default.nix2
-rw-r--r--pkgs/applications/virtualization/cbfstool/default.nix2
-rw-r--r--pkgs/applications/virtualization/seabios/default.nix3
-rw-r--r--pkgs/applications/virtualization/virtualbox/guest-additions/default.nix2
-rw-r--r--pkgs/applications/virtualization/xen/generic.nix4
-rw-r--r--pkgs/applications/window-managers/stalonetray/default.nix2
66 files changed, 66 insertions, 74 deletions
diff --git a/pkgs/applications/audio/QmidiNet/default.nix b/pkgs/applications/audio/QmidiNet/default.nix
index c0879e58aca6..42c98cbb1101 100644
--- a/pkgs/applications/audio/QmidiNet/default.nix
+++ b/pkgs/applications/audio/QmidiNet/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "1a1pj4w74wj1gcfv4a0vzcglmr5sw0xp0y56w8rk3ig4k11xi8sa";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ qt4 alsaLib libjack2 ];
 
diff --git a/pkgs/applications/audio/aacgain/default.nix b/pkgs/applications/audio/aacgain/default.nix
index 80e3c5dc40a7..a22866dc031a 100644
--- a/pkgs/applications/audio/aacgain/default.nix
+++ b/pkgs/applications/audio/aacgain/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
     sha256 = "07hl432vsscqg01b6wr99qmsj4gbx0i02x4k565432y6zpfmaxm0";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configurePhase = ''
     cd mp4v2
diff --git a/pkgs/applications/audio/cdparanoia/default.nix b/pkgs/applications/audio/cdparanoia/default.nix
index 9de3bef62ad3..abe679f10bc5 100644
--- a/pkgs/applications/audio/cdparanoia/default.nix
+++ b/pkgs/applications/audio/cdparanoia/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1pv4zrajm46za0f6lv162iqffih57a8ly4pc69f7y0gfyigb8p80";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = "unset CC";
 
diff --git a/pkgs/applications/audio/csound/default.nix b/pkgs/applications/audio/csound/default.nix
index 1cc0e56fe7e6..e1c063d823d6 100644
--- a/pkgs/applications/audio/csound/default.nix
+++ b/pkgs/applications/audio/csound/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   src = fetchurl {
     url = mirror://sourceforge/csound/Csound6.04.tar.gz;
diff --git a/pkgs/applications/audio/freewheeling/default.nix b/pkgs/applications/audio/freewheeling/default.nix
index eae7ce390c01..1611975182bc 100644
--- a/pkgs/applications/audio/freewheeling/default.nix
+++ b/pkgs/applications/audio/freewheeling/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation {
 
   patches = [ ./am_path_sdl.patch ./xml.patch ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "A live looping instrument with JACK and MIDI support";
diff --git a/pkgs/applications/audio/jack-capture/default.nix b/pkgs/applications/audio/jack-capture/default.nix
index 7a5095f37887..ec7f7a5c32db 100644
--- a/pkgs/applications/audio/jack-capture/default.nix
+++ b/pkgs/applications/audio/jack-capture/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
     cp jack_capture $out/bin/
   '';
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "A program for recording soundfiles with jack";
diff --git a/pkgs/applications/audio/lingot/default.nix b/pkgs/applications/audio/lingot/default.nix
index 92e39f7bb114..22ab37dc98af 100644
--- a/pkgs/applications/audio/lingot/default.nix
+++ b/pkgs/applications/audio/lingot/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
     sha256 = "0ygras6ndw2fylwxx86ac11pcr2y2bcfvvgiwrh92z6zncx254gc";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ pkgconfig intltool gtk alsaLib libglade ];
 
diff --git a/pkgs/applications/audio/mi2ly/default.nix b/pkgs/applications/audio/mi2ly/default.nix
index 67ac74f5f5a2..fa4ea6343e91 100644
--- a/pkgs/applications/audio/mi2ly/default.nix
+++ b/pkgs/applications/audio/mi2ly/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
 
   sourceRoot=".";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildPhase = "./cc";
   installPhase = ''
diff --git a/pkgs/applications/audio/mp3info/default.nix b/pkgs/applications/audio/mp3info/default.nix
index f2434619c475..d28cd7c9e06d 100644
--- a/pkgs/applications/audio/mp3info/default.nix
+++ b/pkgs/applications/audio/mp3info/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ ncurses pkgconfig gtk ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configurePhase =
     '' sed -i Makefile \
diff --git a/pkgs/applications/audio/mp3val/default.nix b/pkgs/applications/audio/mp3val/default.nix
index abea55215715..7477bea7602c 100644
--- a/pkgs/applications/audio/mp3val/default.nix
+++ b/pkgs/applications/audio/mp3val/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
     install -Dv mp3val "$out/bin/mp3val"
   '';
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   meta = {
     description = "A tool for validating and repairing MPEG audio streams";
diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix
index c5bcd5ab4e41..b68c44278ee1 100644
--- a/pkgs/applications/audio/mpg321/default.nix
+++ b/pkgs/applications/audio/mpg321/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = [
     ("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no"))
diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix
index b6a98268a9bc..b89278a7fd9a 100644
--- a/pkgs/applications/audio/musescore/default.nix
+++ b/pkgs/applications/audio/musescore/default.nix
@@ -13,8 +13,7 @@ stdenv.mkDerivation rec {
     sha256 = "12a83v4i830gj76z5744034y1vvwzgy27mjbjp508yh9bd328yqw";
   };
 
-  hardening_bindnow = false;
-  hardening_relro = false;
+  hardeningDisable = [ "relro" "bindnow" ];
 
   makeFlags = [
     "PREFIX=$(out)"
diff --git a/pkgs/applications/audio/pd-plugins/cyclone/default.nix b/pkgs/applications/audio/pd-plugins/cyclone/default.nix
index 460745ddddb8..e4ec281cacb8 100644
--- a/pkgs/applications/audio/pd-plugins/cyclone/default.nix
+++ b/pkgs/applications/audio/pd-plugins/cyclone/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ puredata ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     for file in `grep -r -l g_canvas.h`
diff --git a/pkgs/applications/audio/pd-plugins/maxlib/default.nix b/pkgs/applications/audio/pd-plugins/maxlib/default.nix
index 1eb0e1be6547..3b836d9eb330 100644
--- a/pkgs/applications/audio/pd-plugins/maxlib/default.nix
+++ b/pkgs/applications/audio/pd-plugins/maxlib/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ puredata ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     for i in ${puredata}/include/pd/*; do
diff --git a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix
index 207967a978f5..972a162b73f4 100644
--- a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix
+++ b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ puredata ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     for D in net osc
diff --git a/pkgs/applications/audio/rakarrack/default.nix b/pkgs/applications/audio/rakarrack/default.nix
index 647ed9036dc2..822e0d5548ba 100644
--- a/pkgs/applications/audio/rakarrack/default.nix
+++ b/pkgs/applications/audio/rakarrack/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation  rec {
     sha256 = "1rpf63pdn54c4yg13k7cb1w1c7zsvl97c4qxcpz41c8l91xd55kn";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [ ./fltk-path.patch ];
 
diff --git a/pkgs/applications/audio/zynaddsubfx/default.nix b/pkgs/applications/audio/zynaddsubfx/default.nix
index c784b33700e7..ece3cbef5960 100644
--- a/pkgs/applications/audio/zynaddsubfx/default.nix
+++ b/pkgs/applications/audio/zynaddsubfx/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation  rec {
   buildInputs = [ alsaLib libjack2 fftw fltk13 libjpeg minixml zlib liblo ];
   nativeBuildInputs = [ cmake pkgconfig ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "High quality software synthesizer";
diff --git a/pkgs/applications/editors/ht/default.nix b/pkgs/applications/editors/ht/default.nix
index 5ddcf34995f7..2817bd168dee 100644
--- a/pkgs/applications/editors/ht/default.nix
+++ b/pkgs/applications/editors/ht/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
     ncurses
   ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with lib; {
     description = "File editor/viewer/analyzer for executables";
diff --git a/pkgs/applications/editors/leafpad/default.nix b/pkgs/applications/editors/leafpad/default.nix
index f3755db448cd..a5b0f2e400a4 100644
--- a/pkgs/applications/editors/leafpad/default.nix
+++ b/pkgs/applications/editors/leafpad/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ intltool pkgconfig gtk ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = [
     "--enable-chooser"
diff --git a/pkgs/applications/graphics/cinepaint/default.nix b/pkgs/applications/graphics/cinepaint/default.nix
index 7b8281b4e3c6..4866ba92addd 100644
--- a/pkgs/applications/graphics/cinepaint/default.nix
+++ b/pkgs/applications/graphics/cinepaint/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
     libXext libXpm libXau libXxf86vm pixman libpthreadstubs fltk
   ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [ ./install.patch ];
 
diff --git a/pkgs/applications/graphics/giv/default.nix b/pkgs/applications/graphics/giv/default.nix
index c33da6552220..bd1a8d03ec49 100644
--- a/pkgs/applications/graphics/giv/default.nix
+++ b/pkgs/applications/graphics/giv/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "1q0806b66ajppxbv1i71wx5d3ydc1h3hsz23m6g4g80dhiai7dly";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   prePatch = ''
     sed -i s,/usr/bin/perl,${perl}/bin/perl, doc/eperl
diff --git a/pkgs/applications/graphics/gqview/default.nix b/pkgs/applications/graphics/gqview/default.nix
index ff069d0d9727..822ef8ad4353 100644
--- a/pkgs/applications/graphics/gqview/default.nix
+++ b/pkgs/applications/graphics/gqview/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
 
   buildInputs = [pkgconfig gtk libpng];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "A fast image viewer";
diff --git a/pkgs/applications/graphics/meshlab/default.nix b/pkgs/applications/graphics/meshlab/default.nix
index c3aed10d00ca..fa1958059b80 100644
--- a/pkgs/applications/graphics/meshlab/default.nix
+++ b/pkgs/applications/graphics/meshlab/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./include-unistd.diff ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildPhase = ''
     mkdir -p "$out/include"
diff --git a/pkgs/applications/graphics/qtpfsgui/default.nix b/pkgs/applications/graphics/qtpfsgui/default.nix
index da6521199c5a..e6a0453e533a 100644
--- a/pkgs/applications/graphics/qtpfsgui/default.nix
+++ b/pkgs/applications/graphics/qtpfsgui/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ qt4 exiv2 openexr fftwSinglePrec libtiff ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configurePhase = ''
     export CPATH="${ilmbase}/include/OpenEXR:$CPATH"
diff --git a/pkgs/applications/graphics/tesseract/default.nix b/pkgs/applications/graphics/tesseract/default.nix
index b3db2fde4cb2..375b09995488 100644
--- a/pkgs/applications/graphics/tesseract/default.nix
+++ b/pkgs/applications/graphics/tesseract/default.nix
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ autoconf automake libtool leptonica libpng libtiff ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
       ./autogen.sh
diff --git a/pkgs/applications/graphics/xfig/default.nix b/pkgs/applications/graphics/xfig/default.nix
index 4f8f3ac16f4b..6903837e5ad5 100644
--- a/pkgs/applications/graphics/xfig/default.nix
+++ b/pkgs/applications/graphics/xfig/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
 
   nativeBuildInputs = [ imake makeWrapper ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   NIX_CFLAGS_COMPILE = "-I${libXpm}/include/X11";
 
diff --git a/pkgs/applications/inferno/default.nix b/pkgs/applications/inferno/default.nix
index 3c970e40b482..b1574ea6963b 100644
--- a/pkgs/applications/inferno/default.nix
+++ b/pkgs/applications/inferno/default.nix
@@ -46,7 +46,7 @@ stdenv.mkDerivation rec {
       --set INFERNO_ROOT "$out/share/inferno"
   '';
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   meta = {
     description = "A compact distributed operating system for building cross-platform distributed systems";
diff --git a/pkgs/applications/misc/epdfview/default.nix b/pkgs/applications/misc/epdfview/default.nix
index 7810284973f3..782ef4ae3660 100644
--- a/pkgs/applications/misc/epdfview/default.nix
+++ b/pkgs/applications/misc/epdfview/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig gtk poppler ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [ (fetchpatch {
                 name = "epdfview-0.1.8-glib2-headers.patch";
diff --git a/pkgs/applications/misc/gkrellm/default.nix b/pkgs/applications/misc/gkrellm/default.nix
index 7c755a4f3d3e..cf7fdafd7429 100644
--- a/pkgs/applications/misc/gkrellm/default.nix
+++ b/pkgs/applications/misc/gkrellm/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [gettext pkgconfig glib gtk libX11 libSM libICE];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # Makefiles are patched to fix references to `/usr/X11R6' and to add
   # `-lX11' to make sure libX11's store path is in the RPATH.
diff --git a/pkgs/applications/misc/grip/default.nix b/pkgs/applications/misc/grip/default.nix
index 86127d56b01c..e0ece09db180 100644
--- a/pkgs/applications/misc/grip/default.nix
+++ b/pkgs/applications/misc/grip/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ gtk glib pkgconfig libgnome libgnomeui vte curl cdparanoia
     libid3tag ncurses libtool ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "GTK+-based audio CD player/ripper";
diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix
index dac597fe67cd..7c0d615f3663 100644
--- a/pkgs/applications/misc/k2pdfopt/default.nix
+++ b/pkgs/applications/misc/k2pdfopt/default.nix
@@ -31,7 +31,7 @@ in stdenv.mkDerivation rec {
                     openjpeg freetype jbig2dec djvulibre openssl ];
   NIX_LDFLAGS = "-lX11 -lXext";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   k2_pa = ./k2pdfopt.patch;
   tess_pa = ./tesseract.patch;
diff --git a/pkgs/applications/misc/navit/default.nix b/pkgs/applications/misc/navit/default.nix
index 67f474cefac8..5f70d4b5c449 100644
--- a/pkgs/applications/misc/navit/default.nix
+++ b/pkgs/applications/misc/navit/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "1xx62l5srfhh9cfi7n3pxj8hpcgr1rpa0hzfmbrqadzv09z36723";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # 'cvs' is only for the autogen
   buildInputs = [ pkgconfig gtk SDL fontconfig freetype imlib2 SDL_image mesa
diff --git a/pkgs/applications/misc/posterazor/default.nix b/pkgs/applications/misc/posterazor/default.nix
index 43da0c92a42f..b6d46cf9ed13 100644
--- a/pkgs/applications/misc/posterazor/default.nix
+++ b/pkgs/applications/misc/posterazor/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1dqpdk8zl0smdg4fganp3hxb943q40619qmxjlga9jhjc01s7fq5";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ cmake unzip pkgconfig libXpm fltk13 freeimage ];
 
diff --git a/pkgs/applications/misc/sdcv/default.nix b/pkgs/applications/misc/sdcv/default.nix
index 6a768d449582..8e781cd1c026 100644
--- a/pkgs/applications/misc/sdcv/default.nix
+++ b/pkgs/applications/misc/sdcv/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     sha256 = "1cnyv7gd1qvz8ma8545d3aq726wxrx4km7ykl97831irx5wz0r51";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = ( if stdenv.isDarwin
               then [ ./sdcv.cpp.patch-darwin ./utils.hpp.patch ]
diff --git a/pkgs/applications/misc/tasknc/default.nix b/pkgs/applications/misc/tasknc/default.nix
index d725bba03079..b7b9d36b4cb8 100644
--- a/pkgs/applications/misc/tasknc/default.nix
+++ b/pkgs/applications/misc/tasknc/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0max5schga9hmf3vfqk2ic91dr6raxglyyjcqchzla280kxn5c28";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   #
   # I know this is ugly, but the Makefile does strange things in this package,
diff --git a/pkgs/applications/misc/vym/default.nix b/pkgs/applications/misc/vym/default.nix
index a62f7cd2aa66..e595d771ec0c 100644
--- a/pkgs/applications/misc/vym/default.nix
+++ b/pkgs/applications/misc/vym/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig qt4 ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configurePhase = ''
     qmake PREFIX="$out"
diff --git a/pkgs/applications/misc/wordnet/default.nix b/pkgs/applications/misc/wordnet/default.nix
index d5edf2a4d584..2f98bc66e9b3 100644
--- a/pkgs/applications/misc/wordnet/default.nix
+++ b/pkgs/applications/misc/wordnet/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
 
   buildInputs = [tcl tk xlibsWrapper makeWrapper];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     sed "13i#define USE_INTERP_RESULT 1" -i src/stubs.c
diff --git a/pkgs/applications/networking/browsers/vimprobable2/default.nix b/pkgs/applications/networking/browsers/vimprobable2/default.nix
index 3d40aa1f60cc..2415c06dba42 100644
--- a/pkgs/applications/networking/browsers/vimprobable2/default.nix
+++ b/pkgs/applications/networking/browsers/vimprobable2/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   installFlags = "PREFIX=/ DESTDIR=$(out)";
 
diff --git a/pkgs/applications/networking/browsers/w3m/default.nix b/pkgs/applications/networking/browsers/w3m/default.nix
index cc3e55f02e91..ae1bf5bffea9 100644
--- a/pkgs/applications/networking/browsers/w3m/default.nix
+++ b/pkgs/applications/networking/browsers/w3m/default.nix
@@ -50,7 +50,7 @@ stdenv.mkDerivation rec {
     ln -s $out/libexec/w3m/w3mimgdisplay $out/bin
   '';
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}"
     + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb";
diff --git a/pkgs/applications/networking/instant-messengers/silc-client/default.nix b/pkgs/applications/networking/instant-messengers/silc-client/default.nix
index 156b138f290f..b765c97fb8e7 100644
--- a/pkgs/applications/networking/instant-messengers/silc-client/default.nix
+++ b/pkgs/applications/networking/instant-messengers/silc-client/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation {
 
   dontDisableStatic = true;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = "--with-ncurses=${ncurses}";
 
diff --git a/pkgs/applications/networking/instant-messengers/vacuum/default.nix b/pkgs/applications/networking/instant-messengers/vacuum/default.nix
index 181cd3301e38..12466379bf94 100644
--- a/pkgs/applications/networking/instant-messengers/vacuum/default.nix
+++ b/pkgs/applications/networking/instant-messengers/vacuum/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   configurePhase = "qmake INSTALL_PREFIX=$out -recursive vacuum.pro";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [
     qt4 openssl xproto libX11 libXScrnSaver scrnsaverproto xz
diff --git a/pkgs/applications/networking/iptraf-ng/default.nix b/pkgs/applications/networking/iptraf-ng/default.nix
index 8084d5133f16..746d79805f5c 100644
--- a/pkgs/applications/networking/iptraf-ng/default.nix
+++ b/pkgs/applications/networking/iptraf-ng/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
                 --localstatedir=$out/var --sbindir=$out/bin
   '';
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "A console-based network monitoring utility (fork of iptraf)";
diff --git a/pkgs/applications/networking/mailreaders/alpine/default.nix b/pkgs/applications/networking/mailreaders/alpine/default.nix
index c77b51d70648..b86de98f950d 100644
--- a/pkgs/applications/networking/mailreaders/alpine/default.nix
+++ b/pkgs/applications/networking/mailreaders/alpine/default.nix
@@ -18,8 +18,7 @@ stdenv.mkDerivation {
     ncurses tcl openssl pam kerberos openldap
   ];
 
-  hardening_format = false;
-  hardening_fortify = false;
+  hardeningDisable = [ "format" "fortify" ];
 
   configureFlags = [
     "--with-ssl-include-dir=${openssl}/include/openssl"
diff --git a/pkgs/applications/networking/mailreaders/realpine/default.nix b/pkgs/applications/networking/mailreaders/realpine/default.nix
index 1ee425314650..3ff690a244bc 100644
--- a/pkgs/applications/networking/mailreaders/realpine/default.nix
+++ b/pkgs/applications/networking/mailreaders/realpine/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
     ncurses tcl openssl pam kerberos openldap
   ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = [
     "--with-ssl-include-dir=${openssl}/include/openssl"
diff --git a/pkgs/applications/networking/remote/ssvnc/default.nix b/pkgs/applications/networking/remote/ssvnc/default.nix
index 681ace6ab8fc..ed64629fe244 100644
--- a/pkgs/applications/networking/remote/ssvnc/default.nix
+++ b/pkgs/applications/networking/remote/ssvnc/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   configurePhase = "makeFlags=PREFIX=$out";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   postInstall = ''
     sed -i -e 's|exec wish|exec ${tk}/bin/wish|' $out/lib/ssvnc/util/ssvnc.tcl
diff --git a/pkgs/applications/science/electronics/caneda/default.nix b/pkgs/applications/science/electronics/caneda/default.nix
index 152aec27d833..dc00cef88982 100644
--- a/pkgs/applications/science/electronics/caneda/default.nix
+++ b/pkgs/applications/science/electronics/caneda/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
     sha256 = "dfbcac97f5a1b41ad9a63392394f37fb294cbf78c576673c9bc4a5370957b2c8";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ cmake qt4 libxml2 libxslt ];
 
diff --git a/pkgs/applications/science/geometry/drgeo/default.nix b/pkgs/applications/science/geometry/drgeo/default.nix
index c5c2cee62e81..22e64ee0566b 100644
--- a/pkgs/applications/science/geometry/drgeo/default.nix
+++ b/pkgs/applications/science/geometry/drgeo/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
   name = "drgeo-${version}";
   version = "1.1.0";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   src = fetchurl {
     url = "mirror://sourceforge/ofset/${name}.tar.gz";
diff --git a/pkgs/applications/science/logic/ltl2ba/default.nix b/pkgs/applications/science/logic/ltl2ba/default.nix
index cb0c308b1291..8eedafcd68bb 100644
--- a/pkgs/applications/science/logic/ltl2ba/default.nix
+++ b/pkgs/applications/science/logic/ltl2ba/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "16z0gc7a9dkarwn0l6rvg5jdhw1q4qyn4501zlchy0zxqddz0sx6";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
     substituteInPlace Makefile \
diff --git a/pkgs/applications/science/logic/otter/default.nix b/pkgs/applications/science/logic/otter/default.nix
index b0b001f7b3c4..dd383f1fff64 100644
--- a/pkgs/applications/science/logic/otter/default.nix
+++ b/pkgs/applications/science/logic/otter/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
     inherit (s) url sha256;
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildPhase = ''
     find . -name Makefile | xargs sed -i -e "s@/bin/rm@$(type -P rm)@g"
diff --git a/pkgs/applications/science/logic/prover9/default.nix b/pkgs/applications/science/logic/prover9/default.nix
index f6ec3b840ac5..9c09ea3db980 100644
--- a/pkgs/applications/science/logic/prover9/default.nix
+++ b/pkgs/applications/science/logic/prover9/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
     sha256 = "1l2i3d3h5z7nnbzilb6z92r0rbx0kh6yaxn2c5qhn3000xcfsay3";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     RM=$(type -tp rm)
diff --git a/pkgs/applications/science/math/cbc/default.nix b/pkgs/applications/science/math/cbc/default.nix
index f294750928ed..7643c912db4b 100644
--- a/pkgs/applications/science/math/cbc/default.nix
+++ b/pkgs/applications/science/math/cbc/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ zlib bzip2 ];
 
diff --git a/pkgs/applications/science/math/perseus/default.nix b/pkgs/applications/science/math/perseus/default.nix
index d2694392efae..ae63716f106d 100644
--- a/pkgs/applications/science/math/perseus/default.nix
+++ b/pkgs/applications/science/math/perseus/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation {
   version = "4-beta";
   buildInputs = [unzip gcc48];
 
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   src = fetchurl {
     url = "http://www.sas.upenn.edu/~vnanda/source/perseus_4_beta.zip";
diff --git a/pkgs/applications/science/math/qalculate-gtk/default.nix b/pkgs/applications/science/math/qalculate-gtk/default.nix
index 77026eb490a1..d27f998b7932 100644
--- a/pkgs/applications/science/math/qalculate-gtk/default.nix
+++ b/pkgs/applications/science/math/qalculate-gtk/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0b986x5yny9vrzgxlbyg80b23mxylxv2zz8ppd9svhva6vi8xsm4";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   nativeBuildInputs = [ intltool pkgconfig ];
   buildInputs = [ libqalculate gtk gnome2.libglade gnome2.libgnome gnome2.scrollkeeper ];
diff --git a/pkgs/applications/science/math/yacas/default.nix b/pkgs/applications/science/math/yacas/default.nix
index af284a2f82e0..adf87c4ee5ba 100644
--- a/pkgs/applications/science/math/yacas/default.nix
+++ b/pkgs/applications/science/math/yacas/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1dmafm3w0lm5w211nwkfzaid1rvvmgskz7k4500pjhgdczi5sd78";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # Perl is only for the documentation
   nativeBuildInputs = [ perl ];
diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix
index 4912ce0b3e68..20d027da1f3c 100644
--- a/pkgs/applications/version-management/cvs/default.nix
+++ b/pkgs/applications/version-management/cvs/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
 
   patches = [ ./getcwd-chroot.patch ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
     # Apply the Debian patches.
diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix
index 2799c25527bb..4e86e9328c8a 100644
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
     sha256 = "1zkbdmh5gvxalr8l1cwnirqq5raijmp2d0s36s6qabrlvqvq2yj7";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [
     ./docbook2texi.patch
diff --git a/pkgs/applications/version-management/git-and-tools/qgit/default.nix b/pkgs/applications/version-management/git-and-tools/qgit/default.nix
index 6240baac8f19..6cafe4f96241 100644
--- a/pkgs/applications/version-management/git-and-tools/qgit/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/qgit/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [qt libXext libX11];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configurePhase = "qmake PREFIX=$out";
 
diff --git a/pkgs/applications/version-management/redmine/default.nix b/pkgs/applications/version-management/redmine/default.nix
index 982dcb1d56bf..2f03d582a94c 100644
--- a/pkgs/applications/version-management/redmine/default.nix
+++ b/pkgs/applications/version-management/redmine/default.nix
@@ -11,7 +11,7 @@ in stdenv.mkDerivation rec {
     sha256 = "0x0zwxyj4dwbk7l64s3lgny10mjf0ba8jwrbafsm4d72sncmacv0";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # taken from redmine (2.5.1-2~bpo70+3) in debian wheezy-backports
   # needed to separate run-time and build-time directories
diff --git a/pkgs/applications/video/aegisub/default.nix b/pkgs/applications/video/aegisub/default.nix
index 49e2662adb41..cbaea3eb18b2 100644
--- a/pkgs/applications/video/aegisub/default.nix
+++ b/pkgs/applications/video/aegisub/default.nix
@@ -43,8 +43,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  hardening_bindnow = false;
-  hardening_relro = false;
+  hardeningDisable = [ "bindnow" "relro" ];
 
   postInstall = "ln -s $out/bin/aegisub-* $out/bin/aegisub";
 
diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 513242271a18..fc3c679d414d 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -17,9 +17,7 @@ stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {
   # TODO: properly include openssl for secureBoot
   buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ];
 
-  hardening_stackprotector = false;
-  hardening_pic = false;
-  hardening_fortify = false;
+  hardeningDisable = [ "stackprotector" "pic" "fortify" ];
 
   unpackPhase = ''
     for file in \
diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix
index 705691b16826..952ae1f922d2 100644
--- a/pkgs/applications/virtualization/bochs/default.nix
+++ b/pkgs/applications/virtualization/bochs/default.nix
@@ -146,7 +146,7 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE="-I${gtk}/include/gtk-2.0/ -I${libtool}/include/";
   NIX_LDFLAGS="-L${libtool}/lib";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "An open-source IA-32 (x86) PC emulator";
diff --git a/pkgs/applications/virtualization/cbfstool/default.nix b/pkgs/applications/virtualization/cbfstool/default.nix
index 01832b552925..dc78236677fc 100644
--- a/pkgs/applications/virtualization/cbfstool/default.nix
+++ b/pkgs/applications/virtualization/cbfstool/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ iasl flex bison ];
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   buildPhase = ''
     export LEX=${flex}/bin/flex
diff --git a/pkgs/applications/virtualization/seabios/default.nix b/pkgs/applications/virtualization/seabios/default.nix
index a06523973b72..3bc95a1c392f 100644
--- a/pkgs/applications/virtualization/seabios/default.nix
+++ b/pkgs/applications/virtualization/seabios/default.nix
@@ -12,8 +12,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ iasl python ];
 
-  hardening_pic = false;
-  hardening_stackprotector = false;
+  hardeningDisable = [ "pic" "stackprotector" ];
 
   configurePhase = ''
     # build SeaBIOS for CSM
diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
index d579a6445d12..1c85723c3958 100644
--- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation {
 
   KERN_DIR = "${kernel.dev}/lib/modules/*/build";
 
-  hardening_pic = false;
+  hardeningDisable = [ "pic" ];
 
   buildInputs = [ patchelf cdrkit makeWrapper dbus ];
 
diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix
index 0a3bd3898c2c..23c4f34a5534 100644
--- a/pkgs/applications/virtualization/xen/generic.nix
+++ b/pkgs/applications/virtualization/xen/generic.nix
@@ -75,9 +75,7 @@ stdenv.mkDerivation {
 
   pythonPath = [ pythonPackages.curses ];
 
-  hardening_stackprotector = false;
-  hardening_fortify = false;
-  hardening_pic = false;
+  hardeningDisable = [ "stackprotector" "fortify" "pic" ];
 
   patches = stdenv.lib.optionals ((xenserverPatched == false) && (builtins.hasAttr "xenPatches" xenConfig)) xenConfig.xenPatches;
 
diff --git a/pkgs/applications/window-managers/stalonetray/default.nix b/pkgs/applications/window-managers/stalonetray/default.nix
index 43d0804222c7..3b5af42a8be2 100644
--- a/pkgs/applications/window-managers/stalonetray/default.nix
+++ b/pkgs/applications/window-managers/stalonetray/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ libX11 xproto ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "Stand alone tray";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 01:23:58 +0000