about summary refs log tree commit diff
path: root/pkgs/stdenv
diff options
context:
space:
mode:
authorNathan Hawkins <utsl@utsl.org>2020-10-24 22:34:50 +0000
committerNathan Hawkins <utsl@utsl.org>2020-10-25 12:33:58 +0000
commit4e9dc46dea0ef8cf15c567fa863796bb23099d0b (patch)
treef32ba5de54d262affa5dda0b94fc63e3895665e8 /pkgs/stdenv
parentb6b09ac7ae3c3fbe7dd3d45625abe2fd650af025 (diff)
downloadnixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar.gz
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar.bz2
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar.lz
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar.xz
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.tar.zst
nixlib-4e9dc46dea0ef8cf15c567fa863796bb23099d0b.zip
stdenv: Fix hardening default for pkgsMusl to reenable -pie
defaultHardeningFlags is set to enable pie for Musl, but is not
actually used because the default is never put into
NIX_HARDENING_ENABLE. That still works for cases other than Musl
only because NIX_HARDENING_ENABLE is defaulted in the binutils and
cc-wrapper setup-hook.sh scripts.
Diffstat (limited to 'pkgs/stdenv')
-rw-r--r--pkgs/stdenv/generic/make-derivation.nix2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 491951e6121f..bc5c4701db2e 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -276,7 +276,7 @@ in rec {
           in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
         } // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
           enableParallelChecking = attrs.enableParallelChecking or true;
-        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {
+        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
           NIX_HARDENING_ENABLE = enabledHardeningOptions;
         } // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
           requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 01:09:36 +0000