diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-08-23 18:13:31 +0200 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-08-23 18:13:31 +0200 |
commit | 3c06e5f6f792299a496b1c30a75583c1685a3581 (patch) | |
tree | aeaff08cb63b29ee96b0fff5621f5bc89f2c8d0d /pkgs/build-support/cc-wrapper | |
parent | 9e211203da6386ccb811cea78a190484e55ee0e4 (diff) | |
download | nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar.gz nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar.bz2 nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar.lz nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar.xz nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.tar.zst nixlib-3c06e5f6f792299a496b1c30a75583c1685a3581.zip |
cc-wrapper: check ld hardening capabilities in stdenv
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
-rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 8 | ||||
-rw-r--r-- | pkgs/build-support/cc-wrapper/default.nix | 6 |
2 files changed, 11 insertions, 3 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index be15bc692a20..60e62ffad608 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -4,8 +4,12 @@ hardeningCFlags=() hardeningLDFlags=() hardeningDisable=${hardeningDisable:-""} -if [[ "$($LD -z 2>&1)" =~ "unknown option" ]]; then - hardeningDisable+=" bindnow relro" +if [[ -z "@ld_supports_bindnow@" ]]; then + hardeningDisable+=" bindnow" +fi + +if [[ -z "@ld_supports_relro@" ]]; then + hardeningDisable+=" relro" fi if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 10bd5f77f72d..08ca8195b68b 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -237,8 +237,12 @@ stdenv.mkDerivation { cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook rm $out/nix-support/setup-hook.tmp + # some linkers on some platforms don't support -z + export ld_supports_bindnow=$([[ "$($ldPath/ld -z now 2>&1 || true)" =~ "un(known|recognized) option" ]]) + export ld_supports_relro=$([[ "$($ldPath/ld -z relro 2>&1 || true)" =~ "un(known|recognized) option" ]]) + substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh - cp -p ${./add-hardening.sh} $out/nix-support/add-hardening.sh + substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh cp -p ${./utils.sh} $out/nix-support/utils.sh '' + extraBuildCommands; |