diff options
author | Robin Gloster <mail@glob.in> | 2016-03-08 20:51:35 +0000 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2016-03-08 20:51:35 +0000 |
commit | 9a5b070b4591a554b9cf36490d54c0ae28f5c22e (patch) | |
tree | 71408bdff4dddcc4f6b49422219c13342ae4c779 /pkgs/build-support/cc-wrapper | |
parent | 965abb6d54b57b3f4839f9a472f2a60ca2f4de12 (diff) | |
download | nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar.gz nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar.bz2 nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar.lz nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar.xz nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.tar.zst nixlib-9a5b070b4591a554b9cf36490d54c0ae28f5c22e.zip |
hardening: debug with NIX_DEBUG
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
-rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening b/pkgs/build-support/cc-wrapper/add-hardening index ab8ce610e27a..abfd49766db2 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening +++ b/pkgs/build-support/cc-wrapper/add-hardening @@ -14,30 +14,39 @@ if [[ ! $hardeningDisable == "all" ]]; then if [[ ! "${hardeningDisable[@]}" =~ "$flag" ]]; then case $flag in fortify) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling fortify; fi hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') ;; stackprotector) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling stackprotector; fi hardeningCFlags+=('-fstack-protector-strong' '--param ssp-buffer-size=4') ;; pie) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling CFlags -fPIE; fi hardeningCFlags+=('-fPIE') if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling LDFlags -pie; fi hardeningLDFlags+=('-pie') fi ;; pic) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling pic; fi hardeningCFlags+=('-fPIC') ;; strictoverflow) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling strictoverflow; fi hardeningCFlags+=('-fno-strict-overflow') ;; format) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling format; fi hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; relro) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling relro; fi hardeningLDFlags+=('-z relro') ;; bindnow) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling bindnow; fi hardeningLDFlags+=('-z now') ;; *) |