diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-02-26 18:38:15 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-05 18:55:26 +0100 |
| commit | aff1f4ab948b921ceaf2b81610f2f82454302b4b (patch) | |
| tree | 6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/development/libraries | |
| parent | a2e449e43e82e258b94c723d92a5e9af641967e7 (diff) | |
| download | nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.gz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.bz2 nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.lz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.xz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.zst nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.zip | |
Use general hardening flag toggle lists
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
Diffstat (limited to 'pkgs/development/libraries')
55 files changed, 56 insertions, 61 deletions
diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix index be44ef628853..079c0a5cf6f7 100644 --- a/pkgs/development/libraries/CoinMP/default.nix +++ b/pkgs/development/libraries/CoinMP/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { homepage = https://projects.coin-or.org/CoinMP/; diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix index 9ca9db1e4511..faf3a0c73255 100644 --- a/pkgs/development/libraries/accelio/default.nix +++ b/pkgs/development/libraries/accelio/default.nix @@ -15,8 +15,7 @@ stdenv.mkDerivation rec { sha256 = "172frqk2n43g0arhazgcwfvj0syf861vdzdpxl7idr142bb0ykf7"; }; - hardening_pic = false; - hardening_format = false; + hardeningDisable = [ "format" "pic" ]; patches = [ ./fix-printfs.patch ]; diff --git a/pkgs/development/libraries/allegro/default.nix b/pkgs/development/libraries/allegro/default.nix index 50d3eec4f3f7..997a8d223054 100644 --- a/pkgs/development/libraries/allegro/default.nix +++ b/pkgs/development/libraries/allegro/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { xf86dgaproto xf86miscproto xf86vidmodeproto libXxf86vm openal mesa ]; - hardening_format = false; + hardeningDisable = [ "format" ]; cmakeFlags = [ "-DCMAKE_SKIP_RPATH=ON" ]; diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix index 4a64bc260bd8..7195110b0bb9 100644 --- a/pkgs/development/libraries/audio/libbs2b/default.nix +++ b/pkgs/development/libraries/audio/libbs2b/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libsndfile ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { homepage = "http://bs2b.sourceforge.net/"; diff --git a/pkgs/development/libraries/cgui/default.nix b/pkgs/development/libraries/cgui/default.nix index 3e5076d2509d..da9d1122cc54 100644 --- a/pkgs/development/libraries/cgui/default.nix +++ b/pkgs/development/libraries/cgui/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { sh fix.sh unix ''; - hardening_format = false; + hardeningDisable = [ "format" ]; makeFlags = [ "SYSTEM_DIR=$(out)" ]; diff --git a/pkgs/development/libraries/cloog/0.18.0.nix b/pkgs/development/libraries/cloog/0.18.0.nix index 3dc9587c9215..359bde2e0582 100644 --- a/pkgs/development/libraries/cloog/0.18.0.nix +++ b/pkgs/development/libraries/cloog/0.18.0.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { doCheck = true; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; meta = { description = "Library that generates loops for scanning polyhedra"; diff --git a/pkgs/development/libraries/cwiid/default.nix b/pkgs/development/libraries/cwiid/default.nix index 0b7d96b5cc18..5af34145197e 100644 --- a/pkgs/development/libraries/cwiid/default.nix +++ b/pkgs/development/libraries/cwiid/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { rev = "fadf11e89b579bcc0336a0692ac15c93785f3f82"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = "--without-python"; diff --git a/pkgs/development/libraries/db/db-4.4.nix b/pkgs/development/libraries/db/db-4.4.nix index 327da38e986a..00875d73f418 100644 --- a/pkgs/development/libraries/db/db-4.4.nix +++ b/pkgs/development/libraries/db/db-4.4.nix @@ -5,5 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.4.patch ]; sha256 = "0y9vsq8dkarx1mhhip1vaciz6imbbyv37c1dm8b20l7p064bg2i9"; branch = "4.4"; - drvArgs = { hardening_format = false; }; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.5.nix b/pkgs/development/libraries/db/db-4.5.nix index 6d3b15d256e6..84b5ea67420a 100644 --- a/pkgs/development/libraries/db/db-4.5.nix +++ b/pkgs/development/libraries/db/db-4.5.nix @@ -5,5 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./cygwin-4.5.patch ./register-race-fix.patch ]; sha256 = "0bd81k0qv5i8w5gbddrvld45xi9k1gvmcrfm0393v0lrm37dab7m"; branch = "4.5"; - drvArgs = { hardening_format = false; }; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.7.nix b/pkgs/development/libraries/db/db-4.7.nix index 0735099729a6..6016d112d517 100644 --- a/pkgs/development/libraries/db/db-4.7.nix +++ b/pkgs/development/libraries/db/db-4.7.nix @@ -4,5 +4,5 @@ import ./generic.nix (args // rec { version = "4.7.25"; sha256 = "0gi667v9cw22c03hddd6xd6374l0pczsd56b7pba25c9sdnxjkzi"; branch = "4.7"; - drvArgs = { hardening_format = false; }; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/db/db-4.8.nix b/pkgs/development/libraries/db/db-4.8.nix index 78c0a15c4e0b..40869a865ae5 100644 --- a/pkgs/development/libraries/db/db-4.8.nix +++ b/pkgs/development/libraries/db/db-4.8.nix @@ -5,5 +5,5 @@ import ./generic.nix (args // rec { extraPatches = [ ./clang-4.8.patch ]; sha256 = "0ampbl2f0hb1nix195kz1syrqqxpmvnvnfvphambj7xjrl3iljg0"; branch = "4.8"; - drvArgs = { hardening_format = false; }; + drvArgs = { hardeningDisable = [ "format" ]; }; }) diff --git a/pkgs/development/libraries/faac/default.nix b/pkgs/development/libraries/faac/default.nix index 505f00532875..1ab01033f4df 100644 --- a/pkgs/development/libraries/faac/default.nix +++ b/pkgs/development/libraries/faac/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { ++ optional mp4v2Support "--with-mp4v2" ++ optional drmSupport "--enable-drm"; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ ] ++ optional mp4v2Support mp4v2; diff --git a/pkgs/development/libraries/fox/default.nix b/pkgs/development/libraries/fox/default.nix index 78b7e9a63fc0..d47a028cbf86 100644 --- a/pkgs/development/libraries/fox/default.nix +++ b/pkgs/development/libraries/fox/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "C++ based class library for building Graphical User Interfaces"; diff --git a/pkgs/development/libraries/fox/fox-1.6.nix b/pkgs/development/libraries/fox/fox-1.6.nix index 007609403e2e..ce778e4a3473 100644 --- a/pkgs/development/libraries/fox/fox-1.6.nix +++ b/pkgs/development/libraries/fox/fox-1.6.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { branch = "1.6"; diff --git a/pkgs/development/libraries/freetds/default.nix b/pkgs/development/libraries/freetds/default.nix index bb4aeaeee27f..3ed308a34920 100644 --- a/pkgs/development/libraries/freetds/default.nix +++ b/pkgs/development/libraries/freetds/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "0r946axzxs0czsmr7283w7vmk5jx3jnxxc32d2ncxsrsh2yli0ba"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = stdenv.lib.optional odbcSupport [ unixODBC ]; diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix index 09828665541b..d138015e6bb8 100644 --- a/pkgs/development/libraries/fribidi/default.nix +++ b/pkgs/development/libraries/fribidi/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { homepage = http://fribidi.org/; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index a24a84168668..b581bce24b19 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation { propagatedBuildInputs = [libjpeg fontconfig]; # urgh - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = "--without-x"; diff --git a/pkgs/development/libraries/gdal/default.nix b/pkgs/development/libraries/gdal/default.nix index 829c395cc7be..8f00bee8911a 100644 --- a/pkgs/development/libraries/gdal/default.nix +++ b/pkgs/development/libraries/gdal/default.nix @@ -18,7 +18,7 @@ composableDerivation.composableDerivation {} (fixed: rec { ++ (with pythonPackages; [ python numpy wrapPython ]) ++ (stdenv.lib.optionals netcdfSupport [ netcdf hdf5 curl ]); - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ # This ensures that the python package is installed into gdal's prefix, diff --git a/pkgs/development/libraries/gdal/gdal-1_11.nix b/pkgs/development/libraries/gdal/gdal-1_11.nix index 4c6ec24a16c6..2640159725a7 100644 --- a/pkgs/development/libraries/gdal/gdal-1_11.nix +++ b/pkgs/development/libraries/gdal/gdal-1_11.nix @@ -19,7 +19,7 @@ composableDerivation.composableDerivation {} (fixed: rec { ./python.patch ]; - hardening_format = false; + hardeningDisable = [ "format" ]; # Don't use optimization for gcc >= 4.3. That's said to be causing segfaults. # Unset CC and CXX as they confuse libtool. diff --git a/pkgs/development/libraries/gdome2/default.nix b/pkgs/development/libraries/gdome2/default.nix index e9c32da20692..e9643da221ef 100644 --- a/pkgs/development/libraries/gdome2/default.nix +++ b/pkgs/development/libraries/gdome2/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation { sha256 = "0hyms5s3hziajp3qbwdwqjc2xcyhb783damqg8wxjpwfxyi81fzl"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [pkgconfig glib libxml2 gtkdoc]; propagatedBuildInputs = [glib libxml2]; diff --git a/pkgs/development/libraries/geoclue/default.nix b/pkgs/development/libraries/geoclue/default.nix index e8d43e6652f1..754c85ecf030 100644 --- a/pkgs/development/libraries/geoclue/default.nix +++ b/pkgs/development/libraries/geoclue/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [dbus glib dbus_glib]; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = '' sed -e '/-Werror/d' -i configure diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index 9b24ccc79e82..2fcd5dd1a80b 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -12,9 +12,8 @@ stdenv.mkDerivation rec { outputs = [ "out" "doc" ]; - # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; - hardening_format = false; + # FIXME stackprotector needs gcc 4.9 in bootstrap tools + hardeningDisable = [ "format" "stackprotector" ]; LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; diff --git a/pkgs/development/libraries/giflib/4.1.nix b/pkgs/development/libraries/giflib/4.1.nix index 114e0e587b66..59204e7e7e5a 100644 --- a/pkgs/development/libraries/giflib/4.1.nix +++ b/pkgs/development/libraries/giflib/4.1.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "1v9b7ywz7qg8hli0s9vv1b8q9xxb2xvqq2mg1zpr73xwqpcwxhg1"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { branch = "4.1"; diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix index 1cc4ae0201b9..fd9d4b7e81a9 100644 --- a/pkgs/development/libraries/giflib/libungif.nix +++ b/pkgs/development/libraries/giflib/libungif.nix @@ -7,6 +7,6 @@ stdenv.mkDerivation { md5 = "efdfcf8e32e35740288a8c5625a70ccb"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; } diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 7bbf5562f7c2..50be7d8a7346 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -166,7 +166,7 @@ stdenv.mkDerivation ({ preBuild = lib.optionalString withGd "unset NIX_DONT_SET_RPATH"; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; meta = { homepage = http://www.gnu.org/software/libc/; diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 85a49999b484..c2109bd4158d 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -22,8 +22,7 @@ in builder = ./builder.sh; - hardening_stackprotector = false; - hardening_fortify = false; + hardeningDisable = [ "stackprotector" "fortify" ]; # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # any program we run, because the gcc will have been placed at a new diff --git a/pkgs/development/libraries/gmp/5.1.x.nix b/pkgs/development/libraries/gmp/5.1.x.nix index 0db619b36586..e803c7c56ac2 100644 --- a/pkgs/development/libraries/gmp/5.1.x.nix +++ b/pkgs/development/libraries/gmp/5.1.x.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ m4 ]; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; patches = if stdenv.isDarwin then [ ./need-size-t.patch ] else null; diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix index 21be466a9b2d..e2861a880c87 100644 --- a/pkgs/development/libraries/gnu-efi/default.nix +++ b/pkgs/development/libraries/gnu-efi/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ pciutils ]; - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; makeFlags = [ "PREFIX=\${out}" diff --git a/pkgs/development/libraries/isl/0.11.1.nix b/pkgs/development/libraries/isl/0.11.1.nix index c56c5b3892af..f62d898cff74 100644 --- a/pkgs/development/libraries/isl/0.11.1.nix +++ b/pkgs/development/libraries/isl/0.11.1.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; meta = { homepage = http://www.kotnet.org/~skimo/isl/; diff --git a/pkgs/development/libraries/java/swt/default.nix b/pkgs/development/libraries/java/swt/default.nix index 855b800ba9f3..9fcffb1edb23 100644 --- a/pkgs/development/libraries/java/swt/default.nix +++ b/pkgs/development/libraries/java/swt/default.nix @@ -28,7 +28,7 @@ in stdenv.mkDerivation rec { builder = ./builder.sh; - hardening_format = false; + hardeningDisable = [ "format" ]; # Alas, the Eclipse Project apparently doesn't produce source-only # releases of SWT. So we just grab a binary release and extract diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix index cb0c8a7f5c17..309f17b81429 100644 --- a/pkgs/development/libraries/libelf/default.nix +++ b/pkgs/development/libraries/libelf/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation (rec { doCheck = true; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; # For cross-compiling, native glibc is needed for the "gencat" program. crossAttrs = { diff --git a/pkgs/development/libraries/libf2c/default.nix b/pkgs/development/libraries/libf2c/default.nix index 8edc53cb7eec..0d9d89589ffb 100644 --- a/pkgs/development/libraries/libf2c/default.nix +++ b/pkgs/development/libraries/libf2c/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { buildInputs = [ unzip ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "F2c converts Fortran 77 source code to C"; diff --git a/pkgs/development/libraries/libgeotiff/default.nix b/pkgs/development/libraries/libgeotiff/default.nix index 4d9fa09ad752..d30ea6e5324b 100644 --- a/pkgs/development/libraries/libgeotiff/default.nix +++ b/pkgs/development/libraries/libgeotiff/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation { buildInputs = [ libtiff ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "Library implementing attempt to create a tiff based interchange format for georeferenced raster imagery"; diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix index 682a42e2db9d..a8511006d041 100644 --- a/pkgs/development/libraries/libgphoto2/default.nix +++ b/pkgs/development/libraries/libgphoto2/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { # These are mentioned in the Requires line of libgphoto's pkg-config file. propagatedBuildInputs = [ libexif ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { homepage = http://www.gphoto.org/proj/libgphoto2/; diff --git a/pkgs/development/libraries/libmpc/default.nix b/pkgs/development/libraries/libmpc/default.nix index cc883ba67b29..95e8dd9af48f 100644 --- a/pkgs/development/libraries/libmpc/default.nix +++ b/pkgs/development/libraries/libmpc/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { doCheck = true; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; meta = { description = "Library for multiprecision complex arithmetic with exact rounding"; diff --git a/pkgs/development/libraries/librsync/0.9.nix b/pkgs/development/libraries/librsync/0.9.nix index d3dd293f975b..5f249582610f 100644 --- a/pkgs/development/libraries/librsync/0.9.nix +++ b/pkgs/development/libraries/librsync/0.9.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = if stdenv.isCygwin then "--enable-static" else "--enable-shared"; diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix index a9320f1af7b0..50a1f5ac3377 100644 --- a/pkgs/development/libraries/libvisual/default.nix +++ b/pkgs/development/libraries/libvisual/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "An abstraction library for audio visualisations"; diff --git a/pkgs/development/libraries/mp4v2/default.nix b/pkgs/development/libraries/mp4v2/default.nix index 5281ab2c480b..ab3c3ed8c5a7 100644 --- a/pkgs/development/libraries/mp4v2/default.nix +++ b/pkgs/development/libraries/mp4v2/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { # `faac' expects `mp4.h'. postInstall = "ln -s mp4v2/mp4v2.h $out/include/mp4.h"; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { homepage = http://code.google.com/p/mp4v2; diff --git a/pkgs/development/libraries/mpfr/default.nix b/pkgs/development/libraries/mpfr/default.nix index 2c6438857272..c63dc2c3dee9 100644 --- a/pkgs/development/libraries/mpfr/default.nix +++ b/pkgs/development/libraries/mpfr/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ gmp ]; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; configureFlags = stdenv.lib.optional stdenv.isSunOS "--disable-thread-safe" ++ diff --git a/pkgs/development/libraries/nvidia-texture-tools/default.nix b/pkgs/development/libraries/nvidia-texture-tools/default.nix index cd8268faa658..f35d363e5755 100644 --- a/pkgs/development/libraries/nvidia-texture-tools/default.nix +++ b/pkgs/development/libraries/nvidia-texture-tools/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [ cmake libpng ilmbase libtiff zlib libjpeg mesa libX11 ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' # Fix build due to missing dependnecies. diff --git a/pkgs/development/libraries/opencascade/6.5.nix b/pkgs/development/libraries/opencascade/6.5.nix index a1143757c77e..86ab85cbb9ae 100644 --- a/pkgs/development/libraries/opencascade/6.5.nix +++ b/pkgs/development/libraries/opencascade/6.5.nix @@ -26,7 +26,7 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 + " -DGLX_GLXEXT_LEGACY"; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = [ "--with-tcl=${tcl}/lib" "--with-tk=${tk}/lib" "--with-qt=${qt4}" "--with-ftgl=${ftgl}" "--with-freetype=${freetype}" ]; diff --git a/pkgs/development/libraries/opencascade/default.nix b/pkgs/development/libraries/opencascade/default.nix index bcf1b747180e..79c24be75146 100644 --- a/pkgs/development/libraries/opencascade/default.nix +++ b/pkgs/development/libraries/opencascade/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { # https://bugs.freedesktop.org/show_bug.cgi?id=83631 NIX_CFLAGS_COMPILE = "-DGLX_GLXEXT_LEGACY"; - hardening_format = false; + hardeningDisable = [ "format" ]; postInstall = '' mv $out/inc $out/include diff --git a/pkgs/development/libraries/opencv/3.x.nix b/pkgs/development/libraries/opencv/3.x.nix index 16765083c55c..4f0ed3cd0ea9 100644 --- a/pkgs/development/libraries/opencv/3.x.nix +++ b/pkgs/development/libraries/opencv/3.x.nix @@ -49,8 +49,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_bindnow = false; - hardening_relro = false; + hardeningDisable = [ "bindnow" "relro" ]; meta = { description = "Open Computer Vision Library with more than 500 algorithms"; diff --git a/pkgs/development/libraries/opencv/default.nix b/pkgs/development/libraries/opencv/default.nix index d5904e742b63..4259e9d4d69f 100644 --- a/pkgs/development/libraries/opencv/default.nix +++ b/pkgs/development/libraries/opencv/default.nix @@ -20,8 +20,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_bindnow = false; - hardening_relro = false; + hardeningDisable = [ "bindnow" "relro" ]; meta = { description = "Open Computer Vision Library with more than 500 algorithms"; diff --git a/pkgs/development/libraries/pdf2xml/default.nix b/pkgs/development/libraries/pdf2xml/default.nix index b73be0626230..2d15e632152c 100644 --- a/pkgs/development/libraries/pdf2xml/default.nix +++ b/pkgs/development/libraries/pdf2xml/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation { patches = [./pdf2xml.patch]; - hardening_format = false; + hardeningDisable = [ "format" ]; preBuild = '' cp Makefile.linux Makefile diff --git a/pkgs/development/libraries/portmidi/default.nix b/pkgs/development/libraries/portmidi/default.nix index 4b55cffe94ff..5c056762a39b 100644 --- a/pkgs/development/libraries/portmidi/default.nix +++ b/pkgs/development/libraries/portmidi/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { buildInputs = [ unzip cmake /*jdk*/ alsaLib ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { homepage = "http://portmedia.sourceforge.net/portmidi/"; diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index 22dbef1bac2d..ad864410b16b 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; }; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; meta = { description = "libupnp, an open source UPnP development kit for Linux"; diff --git a/pkgs/development/libraries/qhull/default.nix b/pkgs/development/libraries/qhull/default.nix index e8a67d3bc42a..011e133720fb 100644 --- a/pkgs/development/libraries/qhull/default.nix +++ b/pkgs/development/libraries/qhull/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { cmakeFlags = "-DMAN_INSTALL_DIR=share/man/man1 -DDOC_INSTALL_DIR=share/doc/qhull"; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { homepage = http://www.qhull.org/; diff --git a/pkgs/development/libraries/qt-3/default.nix b/pkgs/development/libraries/qt-3/default.nix index 8a11cc7087bb..728d220bb42f 100644 --- a/pkgs/development/libraries/qt-3/default.nix +++ b/pkgs/development/libraries/qt-3/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ which ]; propagatedBuildInputs = [libpng xlibsWrapper libXft libXrender zlib libjpeg]; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = " -v diff --git a/pkgs/development/libraries/qtscriptgenerator/default.nix b/pkgs/development/libraries/qtscriptgenerator/default.nix index de87c6b73c6f..499c6f18453a 100644 --- a/pkgs/development/libraries/qtscriptgenerator/default.nix +++ b/pkgs/development/libraries/qtscriptgenerator/default.nix @@ -32,7 +32,7 @@ stdenv.mkDerivation { cp -av plugins/script/* $out/lib/qt4/plugins/script ''; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "QtScript bindings generator"; diff --git a/pkgs/development/libraries/smpeg/default.nix b/pkgs/development/libraries/smpeg/default.nix index 49d889f8b6ac..fe52571e1478 100644 --- a/pkgs/development/libraries/smpeg/default.nix +++ b/pkgs/development/libraries/smpeg/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ SDL gtk mesa ]; diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix index d94b4159e93e..94489e992a6f 100644 --- a/pkgs/development/libraries/speechd/default.nix +++ b/pkgs/development/libraries/speechd/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ dotconf glib pkgconfig ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "Common interface to speech synthesis"; diff --git a/pkgs/development/libraries/tidyp/default.nix b/pkgs/development/libraries/tidyp/default.nix index 818029dbb248..ba95da77b72c 100644 --- a/pkgs/development/libraries/tidyp/default.nix +++ b/pkgs/development/libraries/tidyp/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0f5ky0ih4vap9c6j312jn73vn8m2bj69pl2yd3a5nmv35k9zmc10"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "A program that can validate your HTML, as well as modify it to be more clean and standard"; diff --git a/pkgs/development/libraries/xmlrpc-c/default.nix b/pkgs/development/libraries/xmlrpc-c/default.nix index 0d787092a3cd..0b5f08bdf9b3 100644 --- a/pkgs/development/libraries/xmlrpc-c/default.nix +++ b/pkgs/development/libraries/xmlrpc-c/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { (cd tools/xmlrpc && make && make install) ''; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "A lightweight RPC library based on XML and HTTP"; diff --git a/pkgs/development/libraries/zlib/default.nix b/pkgs/development/libraries/zlib/default.nix index 2871985a0826..77ab0f8ffa9c 100644 --- a/pkgs/development/libraries/zlib/default.nix +++ b/pkgs/development/libraries/zlib/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation (rec { ''; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; # As zlib takes part in the stdenv building, we don't want references # to the bootstrap-tools libgcc (as uses to happen on arm/mips) |