diff options
author | John Ericson <John.Ericson@Obsidian.Systems> | 2018-04-10 15:42:05 -0400 |
---|---|---|
committer | Charles Strahan <charles@cstrahan.com> | 2018-04-10 16:33:47 -0400 |
commit | 4c76d8787179ca3be2b117cbed0b94d1b2575b76 (patch) | |
tree | e7a0859d3ff5cf0609c18cf332d2cf6c906b4e39 /pkgs/build-support/cc-wrapper | |
parent | 386e77dae9f5ba2cead9984ee737a8a6b7069bf5 (diff) | |
download | nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar.gz nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar.bz2 nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar.lz nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar.xz nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.tar.zst nixlib-4c76d8787179ca3be2b117cbed0b94d1b2575b76.zip |
hardenning: Rejigger ifs and explicit declare and unset -v
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
-rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 7fdfb615f7fa..c8c95d2def42 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -1,4 +1,4 @@ -hardeningCFlags=() +declare -a hardeningCFlags=() declare -A hardeningEnableMap=() @@ -11,14 +11,14 @@ done # Remove unsupported flags. for flag in @hardening_unsupported_flags@; do - unset hardeningEnableMap[$flag] + unset -v hardeningEnableMap["$flag"] done if (( "${NIX_DEBUG:-0}" >= 1 )); then # Determine which flags were effectively disabled so we can report below. - allHardeningFlags=(fortify stackprotector pie pic strictoverflow format) + declare -a allHardeningFlags=(fortify stackprotector pie pic strictoverflow format) declare -A hardeningDisableMap=() - for flag in ${allHardeningFlags[@]}; do + for flag in "${allHardeningFlags[@]}"; do if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then hardeningDisableMap[$flag]=1 fi @@ -27,12 +27,12 @@ if (( "${NIX_DEBUG:-0}" >= 1 )); then printf 'HARDENING: disabled flags:' >&2 (( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2 echo >&2 -fi -if (( "${#hardeningEnableMap[@]}" )); then - if (( "${NIX_DEBUG:-0}" >= 1 )); then + if (( "${#hardeningEnableMap[@]}" )); then echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2; fi +fi + for flag in "${!hardeningEnableMap[@]}"; do case $flag in fortify) @@ -69,4 +69,3 @@ if (( "${#hardeningEnableMap[@]}" )); then ;; esac done -fi |