Use general hardening flag toggle lists

The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow

2 files changed, 3 insertions, 3 deletions

diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix
index 3a0f2e0954da..9d208e8af4d5 100644
--- a/pkgs/servers/mail/postfix/3.0.nix
+++ b/pkgs/servers/mail/postfix/3.0.nix
@@ -41,7 +41,7 @@ in stdenv.mkDerivation rec {
     ./relative-symlinks.patch
   ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   preBuild = ''
     sed -e '/^PATH=/d' -i postfix-install
diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix
index 42355b46021d..886412b24cd9 100644
--- a/pkgs/servers/mail/postfix/default.nix
+++ b/pkgs/servers/mail/postfix/default.nix
@@ -14,8 +14,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [db openssl cyrus_sasl bison perl];
 
-  hardening_format = false;
-  hardening_pie = true;
+  hardeningDisable = [ "format" ];
+  hardeningEnable = [ "pie" ];
 
   patches = [
     ./postfix-2.2.9-db.patch