Use general hardening flag toggle lists

The following parameters are now available: * hardeningDisable To disable specific hardening flags * hardeningEnable To enable specific hardening flags Only the cc-wrapper supports this right now, but these may be reused by other wrappers, builders or setup hooks. cc-wrapper supports the following flags: * fortify * stackprotector * pie (disabled by default) * pic * strictoverflow * format * relro * bindnow
author: Franz Pletz <fpletz@fnordicwalking.de> 2016-02-26 18:38:15 +0100
committer: Franz Pletz <fpletz@fnordicwalking.de> 2016-03-05 18:55:26 +0100
commit: aff1f4ab948b921ceaf2b81610f2f82454302b4b (patch)
tree: 6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/tools
parent: a2e449e43e82e258b94c723d92a5e9af641967e7 (diff)
download: nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.gz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.bz2
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.lz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.xz
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.zst
nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.zip
74 files changed, 76 insertions, 80 deletions
diff --git a/pkgs/tools/X11/xbindkeys-config/default.nix b/pkgs/tools/X11/xbindkeys-config/default.nix
index b4fc755bd84a..cef071bb3b61 100644
--- a/pkgs/tools/X11/xbindkeys-config/default.nix
+++ b/pkgs/tools/X11/xbindkeys-config/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     sha256 = "1rs3li2hyig6cdzvgqlbz0vw6x7rmgr59qd6m0cvrai8xhqqykda";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     homepage = https://packages.debian.org/source/xbindkeys-config;
diff --git a/pkgs/tools/admin/tightvnc/default.nix b/pkgs/tools/admin/tightvnc/default.nix
index 24fec4e33bbd..e7164bf07b6c 100644
--- a/pkgs/tools/admin/tightvnc/default.nix
+++ b/pkgs/tools/admin/tightvnc/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
   inherit xauth fontDirectories perl;
   gcc = stdenv.cc.cc;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ xlibsWrapper zlib libjpeg imake gccmakedep libXmu libXaw
                   libXpm libXp xauth openssh ];
diff --git a/pkgs/tools/archivers/sharutils/default.nix b/pkgs/tools/archivers/sharutils/default.nix
index d1f13b77f0c1..41043cda5b65 100644
--- a/pkgs/tools/archivers/sharutils/default.nix
+++ b/pkgs/tools/archivers/sharutils/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1mallg1gprimlggdisfzdmh1xi676jsfdlfyvanlcw72ny8fsj3g";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
      # Fix for building on Glibc 2.16.  Won't be needed once the
diff --git a/pkgs/tools/archivers/unzip/default.nix b/pkgs/tools/archivers/unzip/default.nix
index 20f7038067db..da0983fc0970 100644
--- a/pkgs/tools/archivers/unzip/default.nix
+++ b/pkgs/tools/archivers/unzip/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
     sha256 = "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [
     ./CVE-2014-8139.diff
diff --git a/pkgs/tools/archivers/xarchive/default.nix b/pkgs/tools/archivers/xarchive/default.nix
index 6407fe4f350b..115fc8e3aff1 100644
--- a/pkgs/tools/archivers/xarchive/default.nix
+++ b/pkgs/tools/archivers/xarchive/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ gtk2 pkgconfig ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "A GTK+ front-end for command line archiving tools";
diff --git a/pkgs/tools/archivers/zip/default.nix b/pkgs/tools/archivers/zip/default.nix
index 8be743c8dd0a..145b81c95bc8 100644
--- a/pkgs/tools/archivers/zip/default.nix
+++ b/pkgs/tools/archivers/zip/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
     sha256 = "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   makefile = "unix/Makefile";
   buildFlags = if stdenv.isCygwin then "cygwin" else "generic";
diff --git a/pkgs/tools/bootloaders/refind/default.nix b/pkgs/tools/bootloaders/refind/default.nix
index f27dd3c5be67..f38b24c0fc07 100644
--- a/pkgs/tools/bootloaders/refind/default.nix
+++ b/pkgs/tools/bootloaders/refind/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ unzip gnu-efi efibootmgr dosfstools imagemagick ];
 
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   HOSTARCH =
     if stdenv.system == "x86_64-linux" then "x64"
diff --git a/pkgs/tools/cd-dvd/cdrdao/default.nix b/pkgs/tools/cd-dvd/cdrdao/default.nix
index 2de5736a4c22..7e7558f69e69 100644
--- a/pkgs/tools/cd-dvd/cdrdao/default.nix
+++ b/pkgs/tools/cd-dvd/cdrdao/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ lame libvorbis libmad pkgconfig libao ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # Adjust some headers to match glibc 2.12 ... patch is a diff between
   # the cdrdao CVS head and the 1.2.3 release.
diff --git a/pkgs/tools/cd-dvd/cdrkit/default.nix b/pkgs/tools/cd-dvd/cdrkit/default.nix
index 34bb109a1715..0b10f30497d2 100644
--- a/pkgs/tools/cd-dvd/cdrkit/default.nix
+++ b/pkgs/tools/cd-dvd/cdrkit/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [cmake libcap zlib bzip2];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # efi-boot-patch extracted from http://arm.koji.fedoraproject.org/koji/rpminfo?rpmID=174244
   patches = [ ./include-path.patch ./cdrkit-1.1.9-efi-boot.patch ];
diff --git a/pkgs/tools/cd-dvd/dvdisaster/default.nix b/pkgs/tools/cd-dvd/dvdisaster/default.nix
index 38e86c8ff1f2..7db35e2b80e2 100644
--- a/pkgs/tools/cd-dvd/dvdisaster/default.nix
+++ b/pkgs/tools/cd-dvd/dvdisaster/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
     sha256 = "0f8gjnia2fxcbmhl8b3qkr5b7idl8m855dw7xw2fnmbqwvcm6k4w";
   };
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   nativeBuildInputs = [ gettext pkgconfig which ];
   buildInputs = [ glib gtk2 ];
diff --git a/pkgs/tools/compression/xz/default.nix b/pkgs/tools/compression/xz/default.nix
index 6ddebe6b99d0..986f940b9069 100644
--- a/pkgs/tools/compression/xz/default.nix
+++ b/pkgs/tools/compression/xz/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
   postInstall = "rm -rf $out/share/doc";
 
   # FIXME needs gcc 4.9 in bootstrap tools
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   meta = with stdenv.lib; {
     homepage = http://tukaani.org/xz/;
diff --git a/pkgs/tools/filesystems/fusesmb/default.nix b/pkgs/tools/filesystems/fusesmb/default.nix
index c53400e6afdd..5a3451810a12 100644
--- a/pkgs/tools/filesystems/fusesmb/default.nix
+++ b/pkgs/tools/filesystems/fusesmb/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
       ln -fs ${samba}/lib/libsmbclient.so $out/lib/libsmbclient.so.0
     '';
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Samba mounted via FUSE";
diff --git a/pkgs/tools/filesystems/udftools/default.nix b/pkgs/tools/filesystems/udftools/default.nix
index d3964b1e4275..5613bac9b1a5 100644
--- a/pkgs/tools/filesystems/udftools/default.nix
+++ b/pkgs/tools/filesystems/udftools/default.nix
@@ -11,7 +11,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses readline ];
 
   patches = [ ./gcc5.patch ];
-  hardening_fortify = false;
+
+  hardeningDisable = [ "fortify" ];
 
   preConfigure = ''
     sed -e '1i#include <limits.h>' -i cdrwtool/cdrwtool.c -i pktsetup/pktsetup.c
diff --git a/pkgs/tools/graphics/barcode/default.nix b/pkgs/tools/graphics/barcode/default.nix
index 7e6c99313418..d6a31bd5c7f7 100644
--- a/pkgs/tools/graphics/barcode/default.nix
+++ b/pkgs/tools/graphics/barcode/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "1indapql5fjz0bysyc88cmc54y8phqrbi7c76p71fgjp45jcyzp8";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "GNU barcode generator";
diff --git a/pkgs/tools/graphics/editres/default.nix b/pkgs/tools/graphics/editres/default.nix
index c3d9a859f3ff..cdf38d1218ad 100644
--- a/pkgs/tools/graphics/editres/default.nix
+++ b/pkgs/tools/graphics/editres/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--with-appdefaultdir=$(out)/share/X11/app-defaults/editres";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     homepage = "http://cgit.freedesktop.org/xorg/app/editres/";
diff --git a/pkgs/tools/graphics/ggobi/default.nix b/pkgs/tools/graphics/ggobi/default.nix
index 03326aa4562f..e7fb3e773c1d 100644
--- a/pkgs/tools/graphics/ggobi/default.nix
+++ b/pkgs/tools/graphics/ggobi/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--with-all-plugins";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "Visualization program for exploring high-dimensional data";
diff --git a/pkgs/tools/graphics/graphviz/2.0.nix b/pkgs/tools/graphics/graphviz/2.0.nix
index e08b1309d414..6f236509a310 100644
--- a/pkgs/tools/graphics/graphviz/2.0.nix
+++ b/pkgs/tools/graphics/graphviz/2.0.nix
@@ -14,8 +14,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [pkgconfig xlibsWrapper libpng libjpeg expat libXaw yacc libtool fontconfig pango gd];
 
-  hardening_format = false;
-  hardening_fortify = false;
+  hardeningDisable = [ "format" "fortify" ];
 
   configureFlags =
     [ "--with-pngincludedir=${libpng}/include"
diff --git a/pkgs/tools/graphics/graphviz/2.32.nix b/pkgs/tools/graphics/graphviz/2.32.nix
index 7f11f076dcc8..ede6624ac59d 100644
--- a/pkgs/tools/graphics/graphviz/2.32.nix
+++ b/pkgs/tools/graphics/graphviz/2.32.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
     ]
     ++ stdenv.lib.optional (xorg == null) "--without-x";
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   preBuild = ''
     sed -e 's@am__append_5 *=.*@am_append_5 =@' -i lib/gvc/Makefile
diff --git a/pkgs/tools/graphics/graphviz/default.nix b/pkgs/tools/graphics/graphviz/default.nix
index 9a9621dd784e..82f958321bdd 100644
--- a/pkgs/tools/graphics/graphviz/default.nix
+++ b/pkgs/tools/graphics/graphviz/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
     sha256 = "17l5czpvv5ilmg17frg0w4qwf89jzh2aglm9fgx0l0aakn6j7al1";
   };
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   patches =
     [ ./0001-vimdot-lookup-vim-in-PATH.patch
diff --git a/pkgs/tools/graphics/nifskope/default.nix b/pkgs/tools/graphics/nifskope/default.nix
index e28a2e164885..392527a21198 100644
--- a/pkgs/tools/graphics/nifskope/default.nix
+++ b/pkgs/tools/graphics/nifskope/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # Inspired by linux-install/nifskope.spec.in.
   installPhase =
diff --git a/pkgs/tools/graphics/plotutils/default.nix b/pkgs/tools/graphics/plotutils/default.nix
index dc145a0d8623..abcbabea596c 100644
--- a/pkgs/tools/graphics/plotutils/default.nix
+++ b/pkgs/tools/graphics/plotutils/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--enable-libplotter"; # required for pstoedit
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   doCheck = true;
 
diff --git a/pkgs/tools/graphics/pngcheck/default.nix b/pkgs/tools/graphics/pngcheck/default.nix
index f67e7202521b..496b1d355729 100644
--- a/pkgs/tools/graphics/pngcheck/default.nix
+++ b/pkgs/tools/graphics/pngcheck/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0pzkj1bb4kdybk6vbfq9s0wzdm5szmrgixkas3xmbpv4mhws1w3p";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   makefile = "Makefile.unx";
   makeFlags = "ZPATH=${zlib}/lib";
diff --git a/pkgs/tools/graphics/qrcode/default.nix b/pkgs/tools/graphics/qrcode/default.nix
index a1aefbff33c6..f2a85c73c2af 100644
--- a/pkgs/tools/graphics/qrcode/default.nix
+++ b/pkgs/tools/graphics/qrcode/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
     inherit (s) rev url sha256;
   };
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   installPhase = ''
     mkdir -p "$out"/{bin,share/doc/qrcode}
diff --git a/pkgs/tools/graphics/transfig/default.nix b/pkgs/tools/graphics/transfig/default.nix
index c584ed282d6b..898031cbaf3f 100644
--- a/pkgs/tools/graphics/transfig/default.nix
+++ b/pkgs/tools/graphics/transfig/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   buildInputs = [zlib libjpeg libpng imake];
   inherit libpng;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [prefixPatch1 prefixPatch2 prefixPatch3 varargsPatch gensvgPatch];
 
diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix
index f0e53696fc5c..b96c469e3468 100644
--- a/pkgs/tools/graphics/zbar/default.nix
+++ b/pkgs/tools/graphics/zbar/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--disable-video" ];
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   meta = with stdenv.lib; {
     description = "Bar code reader";
diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix
index 6e7c6daca56d..a06d3d0729a1 100644
--- a/pkgs/tools/misc/coreutils/default.nix
+++ b/pkgs/tools/misc/coreutils/default.nix
@@ -20,7 +20,7 @@ let
     };
 
     # FIXME needs gcc 4.9 in bootstrap tools
-    hardening_stackprotector = false;
+    hardeningDisable = [ "stackprotector" ];
 
     patches = optional stdenv.isCygwin ./coreutils-8.23-4.cygwin.patch;
 
diff --git a/pkgs/tools/misc/ddccontrol/default.nix b/pkgs/tools/misc/ddccontrol/default.nix
index d537c0f506fc..132707106af0 100644
--- a/pkgs/tools/misc/ddccontrol/default.nix
+++ b/pkgs/tools/misc/ddccontrol/default.nix
@@ -37,7 +37,7 @@ stdenv.mkDerivation {
       ddccontrol-db
     ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   prePatch = ''
       newPath=$(echo "${ddccontrol-db}/share/ddccontrol-db" | sed "s/\\//\\\\\\//g")
diff --git a/pkgs/tools/misc/detox/default.nix b/pkgs/tools/misc/detox/default.nix
index 4475010f3b85..7d17dee8b53c 100644
--- a/pkgs/tools/misc/detox/default.nix
+++ b/pkgs/tools/misc/detox/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
 
   buildInputs = [flex];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     homepage = http://detox.sourceforge.net/;
diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix
index f99b83a2a0a5..80fb3c6a694c 100644
--- a/pkgs/tools/misc/expect/default.nix
+++ b/pkgs/tools/misc/expect/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ tcl ];
   nativeBuildInputs = [ makeWrapper ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     sed -i "s,/bin/stty,$(type -p stty),g" configure
diff --git a/pkgs/tools/misc/gbdfed/default.nix b/pkgs/tools/misc/gbdfed/default.nix
index d3b62149bdf3..1ba4bceb7876 100644
--- a/pkgs/tools/misc/gbdfed/default.nix
+++ b/pkgs/tools/misc/gbdfed/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./Makefile.patch ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Bitmap Font Editor";
diff --git a/pkgs/tools/misc/grub/2.0x.nix b/pkgs/tools/misc/grub/2.0x.nix
index f3c09ef686a9..d56f9b3ce0f0 100644
--- a/pkgs/tools/misc/grub/2.0x.nix
+++ b/pkgs/tools/misc/grub/2.0x.nix
@@ -52,7 +52,7 @@ stdenv.mkDerivation rec {
     ++ optional doCheck qemu
     ++ optional zfsSupport zfs;
 
-  hardening_all = false;
+  hardeningDisable = [ "all" ];
 
   preConfigure =
     '' for i in "tests/util/"*.in
diff --git a/pkgs/tools/misc/grub/default.nix b/pkgs/tools/misc/grub/default.nix
index c0579b918164..a690ef2084b2 100644
--- a/pkgs/tools/misc/grub/default.nix
+++ b/pkgs/tools/misc/grub/default.nix
@@ -36,7 +36,7 @@ stdenv.mkDerivation {
   # autoreconfHook required for the splashimage patch.
   buildInputs = [ autoreconfHook texinfo ];
 
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   prePatch = ''
     unpackFile $gentooPatches
diff --git a/pkgs/tools/misc/grub/trusted.nix b/pkgs/tools/misc/grub/trusted.nix
index 39c1ce9c0c11..fc8784decc5f 100644
--- a/pkgs/tools/misc/grub/trusted.nix
+++ b/pkgs/tools/misc/grub/trusted.nix
@@ -47,8 +47,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses libusb freetype gettext devicemapper ]
     ++ optional doCheck qemu;
 
-  hardening_stackprotector = false;
-  hardening_pic = false;
+  hardeningDisable = [ "stackprotector" "pic" ];
 
   preConfigure =
     '' for i in "tests/util/"*.in
diff --git a/pkgs/tools/misc/gummiboot/default.nix b/pkgs/tools/misc/gummiboot/default.nix
index b73d83201e0e..7946a3b062fc 100644
--- a/pkgs/tools/misc/gummiboot/default.nix
+++ b/pkgs/tools/misc/gummiboot/default.nix
@@ -5,7 +5,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ gnu-efi pkgconfig libxslt utillinux ];
 
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   # Sigh, gummiboot should be able to find this in buildInputs
   configureFlags = [
diff --git a/pkgs/tools/misc/ipxe/default.nix b/pkgs/tools/misc/ipxe/default.nix
index 0830eb51b3ca..78f49588e8c3 100644
--- a/pkgs/tools/misc/ipxe/default.nix
+++ b/pkgs/tools/misc/ipxe/default.nix
@@ -19,8 +19,7 @@ stdenv.mkDerivation {
   preConfigure = "cd src";
 
   # not possible due to assembler code
-  hardening_pic = false;
-  hardening_stackprotector = false;
+  hardeningDisable = [ "pic" "stackprotector" ];
 
   makeFlags =
     [ "ECHO_E_BIN_ECHO=echo" "ECHO_E_BIN_ECHO_E=echo" # No /bin/echo here.
diff --git a/pkgs/tools/misc/memtest86+/default.nix b/pkgs/tools/misc/memtest86+/default.nix
index 097c26071fcf..62d490ea4f9e 100644
--- a/pkgs/tools/misc/memtest86+/default.nix
+++ b/pkgs/tools/misc/memtest86+/default.nix
@@ -22,8 +22,7 @@ stdenv.mkDerivation rec {
 
   NIX_CFLAGS_COMPILE = "-I. -std=gnu90";
 
-  hardening_pic = false;
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" "pic" ];
 
   buildFlags = "memtest.bin";
 
diff --git a/pkgs/tools/misc/pal/default.nix b/pkgs/tools/misc/pal/default.nix
index a65bd1fe8ec1..f92069e7b9f5 100644
--- a/pkgs/tools/misc/pal/default.nix
+++ b/pkgs/tools/misc/pal/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ glib gettext readline pkgconfig ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     homepage = http://palcal.sourceforge.net/;
diff --git a/pkgs/tools/misc/sutils/default.nix b/pkgs/tools/misc/sutils/default.nix
index 48c47cc3d8db..8d4f00ee8478 100644
--- a/pkgs/tools/misc/sutils/default.nix
+++ b/pkgs/tools/misc/sutils/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
      sha256 = "0xqk42vl82chy458d64fj68a4md4bxaip8n3xw9skxz0a1sgvks8";
    };
 
-   hardening_format = false;
+   hardeningDisable = [ "format" ];
 
    prePatch = ''sed -i "s@/usr/local@$out@" Makefile'';
 
diff --git a/pkgs/tools/misc/uucp/default.nix b/pkgs/tools/misc/uucp/default.nix
index cba343863bef..4ef050b409e5 100644
--- a/pkgs/tools/misc/uucp/default.nix
+++ b/pkgs/tools/misc/uucp/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0b5nhl9vvif1w3wdipjsk8ckw49jj1w85xw1mmqi3zbcpazia306";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Unix-unix cp over serial line, also includes cu program";
diff --git a/pkgs/tools/misc/vorbisgain/default.nix b/pkgs/tools/misc/vorbisgain/default.nix
index 292023a1b582..567783f63138 100644
--- a/pkgs/tools/misc/vorbisgain/default.nix
+++ b/pkgs/tools/misc/vorbisgain/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "1v1h6mhnckmvvn7345hzi9abn5z282g4lyyl4nnbqwnrr98v0vfx";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ unzip libogg libvorbis ];
 
diff --git a/pkgs/tools/misc/wv/default.nix b/pkgs/tools/misc/wv/default.nix
index 3d828a55121e..debc2c239ad6 100644
--- a/pkgs/tools/misc/wv/default.nix
+++ b/pkgs/tools/misc/wv/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ zlib imagemagick libpng glib pkgconfig libgsf libxml2 bzip2 ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Converter from Microsoft Word formats to human-editable ones";
diff --git a/pkgs/tools/misc/xfstests/default.nix b/pkgs/tools/misc/xfstests/default.nix
index cef5fee9cf93..31b6e74917e8 100644
--- a/pkgs/tools/misc/xfstests/default.nix
+++ b/pkgs/tools/misc/xfstests/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ acl autoreconfHook attr gawk libaio libuuid libxfs openssl perl ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patchPhase = ''
     # Patch the destination directory
diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix
index 0729f35db59b..d262f7fc9e0c 100644
--- a/pkgs/tools/networking/chrony/default.nix
+++ b/pkgs/tools/networking/chrony/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ readline texinfo nss nspr ] ++ stdenv.lib.optional stdenv.isLinux libcap;
   nativeBuildInputs = [ pkgconfig ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   configureFlags = [
     "--chronyvardir=$(out)/var/lib/chrony"
diff --git a/pkgs/tools/networking/dhcpdump/default.nix b/pkgs/tools/networking/dhcpdump/default.nix
index 915562bd7791..91232b4ffa74 100644
--- a/pkgs/tools/networking/dhcpdump/default.nix
+++ b/pkgs/tools/networking/dhcpdump/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [libpcap perl];
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   installPhase = ''
     mkdir -pv $out/bin
diff --git a/pkgs/tools/networking/dnsmasq/default.nix b/pkgs/tools/networking/dnsmasq/default.nix
index 6032e53f0baa..b05f4e8e80ee 100644
--- a/pkgs/tools/networking/dnsmasq/default.nix
+++ b/pkgs/tools/networking/dnsmasq/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
     "LOCALEDIR=$(out)/share/locale"
   ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   postBuild = optionalString stdenv.isLinux ''
     make -C contrib/wrt
diff --git a/pkgs/tools/networking/eggdrop/default.nix b/pkgs/tools/networking/eggdrop/default.nix
index 90bc8b54f28f..a9f2419b1368 100644
--- a/pkgs/tools/networking/eggdrop/default.nix
+++ b/pkgs/tools/networking/eggdrop/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ tcl ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
     prefix=$out/eggdrop
diff --git a/pkgs/tools/networking/iperf/2.nix b/pkgs/tools/networking/iperf/2.nix
index 414ff692d10d..13f8cedc673d 100644
--- a/pkgs/tools/networking/iperf/2.nix
+++ b/pkgs/tools/networking/iperf/2.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0nr6c81x55ihs7ly2dwq19v9i1n6wiyad1gacw3aikii0kzlwsv3";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     homepage = "http://sourceforge.net/projects/iperf/"; 
diff --git a/pkgs/tools/networking/mailutils/default.nix b/pkgs/tools/networking/mailutils/default.nix
index 53e17e6cecdc..140d58e3163e 100644
--- a/pkgs/tools/networking/mailutils/default.nix
+++ b/pkgs/tools/networking/mailutils/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     sha256 = "0szbqa12zqzldqyw97lxqax3ja2adis83i7brdfsxmrfw68iaf65";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   patches = [ ./path-to-cat.patch ./no-gets.patch ];
 
diff --git a/pkgs/tools/networking/netboot/default.nix b/pkgs/tools/networking/netboot/default.nix
index 349dba12538c..7a1eac59eeae 100644
--- a/pkgs/tools/networking/netboot/default.nix
+++ b/pkgs/tools/networking/netboot/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ yacc lzo db4 ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "Mini PXE server";
diff --git a/pkgs/tools/networking/ntp/default.nix b/pkgs/tools/networking/ntp/default.nix
index 47fa2708821a..b2242fe54546 100644
--- a/pkgs/tools/networking/ntp/default.nix
+++ b/pkgs/tools/networking/ntp/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ libcap openssl ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   postInstall = ''
     rm -rf $out/share/doc
diff --git a/pkgs/tools/networking/openfortivpn/default.nix b/pkgs/tools/networking/openfortivpn/default.nix
index 25af3e11cafb..c1f78c911a1a 100644
--- a/pkgs/tools/networking/openfortivpn/default.nix
+++ b/pkgs/tools/networking/openfortivpn/default.nix
@@ -17,7 +17,7 @@ in stdenv.mkDerivation {
 
   buildInputs = [ openssl ppp autoreconfHook ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
     substituteInPlace src/tunnel.c --replace "/usr/sbin/pppd" "${ppp}/bin/pppd"
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 7ade847b97be..6e497a0093e1 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -63,7 +63,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   postInstall = ''
     # Install ssh-copy-id, it's very useful.
diff --git a/pkgs/tools/networking/radvd/default.nix b/pkgs/tools/networking/radvd/default.nix
index 8b0b3d9a736c..fc4ca793199d 100644
--- a/pkgs/tools/networking/radvd/default.nix
+++ b/pkgs/tools/networking/radvd/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig libdaemon bison flex check ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   meta = with stdenv.lib; {
     homepage = http://www.litech.org/radvd/;
diff --git a/pkgs/tools/networking/socat/default.nix b/pkgs/tools/networking/socat/default.nix
index e59e6d460803..36c6a2deead0 100644
--- a/pkgs/tools/networking/socat/default.nix
+++ b/pkgs/tools/networking/socat/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./enable-ecdhe.patch ./libressl-fixes.patch ];
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   meta = {
     description = "A utility for bidirectional data transfer between two independent data channels";
diff --git a/pkgs/tools/networking/telnet/default.nix b/pkgs/tools/networking/telnet/default.nix
index 3fe6144b72ca..3a5117653c83 100644
--- a/pkgs/tools/networking/telnet/default.nix
+++ b/pkgs/tools/networking/telnet/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
     sha256 = "0cs7ks22dhcn5qfjv2vl6ikhw93x68gg33zdn5f5cxgg81kx5afn";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ncurses];
 
diff --git a/pkgs/tools/networking/trickle/default.nix b/pkgs/tools/networking/trickle/default.nix
index 22f991d8fe2a..1c8829a07b27 100644
--- a/pkgs/tools/networking/trickle/default.nix
+++ b/pkgs/tools/networking/trickle/default.nix
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
 
   configureFlags = "--with-libevent";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     description = "Lightweight userspace bandwidth shaper";
diff --git a/pkgs/tools/networking/uwimap/default.nix b/pkgs/tools/networking/uwimap/default.nix
index 1c7c946000eb..e7c771618480 100644
--- a/pkgs/tools/networking/uwimap/default.nix
+++ b/pkgs/tools/networking/uwimap/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation {
     # -fPIC is required to compile php with imap on x86_64 systems
     + stdenv.lib.optionalString stdenv.isx86_64 " EXTRACFLAGS=-fPIC";
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [ openssl ]
     ++ stdenv.lib.optional (!stdenv.isDarwin) pam;
diff --git a/pkgs/tools/networking/vde2/default.nix b/pkgs/tools/networking/vde2/default.nix
index ba9552d4faea..81d43fa501cf 100644
--- a/pkgs/tools/networking/vde2/default.nix
+++ b/pkgs/tools/networking/vde2/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ openssl libpcap python ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = {
     homepage = http://vde.sourceforge.net/;
diff --git a/pkgs/tools/package-management/checkinstall/default.nix b/pkgs/tools/package-management/checkinstall/default.nix
index f1d7985e9a50..c47f1664cd6e 100644
--- a/pkgs/tools/package-management/checkinstall/default.nix
+++ b/pkgs/tools/package-management/checkinstall/default.nix
@@ -44,7 +44,7 @@ stdenv.mkDerivation {
 
   buildInputs = [gettext];
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   preBuild = ''
     makeFlagsArray=(PREFIX=$out)
diff --git a/pkgs/tools/package-management/clib/default.nix b/pkgs/tools/package-management/clib/default.nix
index d52243dcea5c..cb365b9b4f76 100644
--- a/pkgs/tools/package-management/clib/default.nix
+++ b/pkgs/tools/package-management/clib/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0hbi5hf4w0iim96h89j7krxv61x92ffxjbldxp3zk92m5sgpldnm";
   };
 
-  hardening_fortify = false;
+  hardeningDisable = [ "fortify" ];
 
   makeFlags = "PREFIX=$(out)";
 
diff --git a/pkgs/tools/security/fprint_demo/default.nix b/pkgs/tools/security/fprint_demo/default.nix
index 273d692ebaa6..8efd04690dbe 100644
--- a/pkgs/tools/security/fprint_demo/default.nix
+++ b/pkgs/tools/security/fprint_demo/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ libfprint gtk2 ];
   nativeBuildInputs = [ pkgconfig autoreconfHook ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     homepage = "http://www.freedesktop.org/wiki/Software/fprint/fprint_demo/";
diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix
index 1a2bc6a31082..506b1d398d54 100644
--- a/pkgs/tools/security/tboot/default.nix
+++ b/pkgs/tools/security/tboot/default.nix
@@ -12,8 +12,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ];
 
-  hardening_pic = false;
-  hardening_stackprotector = false;
+  hardeningDisable = [ "pic" "stackprotector" ];
 
   configurePhase = ''
     for a in lcptools utils tb_polgen; do
diff --git a/pkgs/tools/system/cron/default.nix b/pkgs/tools/system/cron/default.nix
index 805336cfe44b..26f088fd54a2 100644
--- a/pkgs/tools/system/cron/default.nix
+++ b/pkgs/tools/system/cron/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
 
   unpackCmd = "(mkdir cron && cd cron && sh $curSrc)";
 
-  hardening_pie = true;
+  hardeningEnable = [ "pie" ];
 
   preBuild = ''
     substituteInPlace Makefile --replace ' -o root' ' ' --replace 111 755
diff --git a/pkgs/tools/system/foremost/default.nix b/pkgs/tools/system/foremost/default.nix
index 0696af07166b..0114c1d41ff6 100644
--- a/pkgs/tools/system/foremost/default.nix
+++ b/pkgs/tools/system/foremost/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preInstall = ''
     mkdir -p $out/{bin,share/man/man8}
diff --git a/pkgs/tools/system/gdmap/default.nix b/pkgs/tools/system/gdmap/default.nix
index 1456b6fca7c4..7800bfa08313 100644
--- a/pkgs/tools/system/gdmap/default.nix
+++ b/pkgs/tools/system/gdmap/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./get_sensitive.patch ./set_flags.patch ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     homepage = http://gdmap.sourceforge.net;
diff --git a/pkgs/tools/system/rsyslog/default.nix b/pkgs/tools/system/rsyslog/default.nix
index ef54bde3db56..e19dbb028474 100644
--- a/pkgs/tools/system/rsyslog/default.nix
+++ b/pkgs/tools/system/rsyslog/default.nix
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     rabbitmq-c hiredis
   ] ++ stdenv.lib.optional stdenv.isLinux systemd;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   configureFlags = [
     "--sysconfdir=/etc"
diff --git a/pkgs/tools/system/which/default.nix b/pkgs/tools/system/which/default.nix
index 956fd590b14c..fc0889012c2e 100644
--- a/pkgs/tools/system/which/default.nix
+++ b/pkgs/tools/system/which/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
   };
 
   # FIXME needs gcc 4.9 in bootstrap tools
-  hardening_stackprotector = false;
+  hardeningDisable = [ "stackprotector" ];
 
   meta = with stdenv.lib; {
     homepage = http://ftp.gnu.org/gnu/which/;
diff --git a/pkgs/tools/text/a2ps/default.nix b/pkgs/tools/text/a2ps/default.nix
index bcbf2b66a860..4a32e972a5b3 100644
--- a/pkgs/tools/text/a2ps/default.nix
+++ b/pkgs/tools/text/a2ps/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ libpaper gperf file ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "An Anyithing to PostScript converter and pretty-printer";
diff --git a/pkgs/tools/text/patchutils/default.nix b/pkgs/tools/text/patchutils/default.nix
index 98f9c0483c2d..75922a6c830c 100644
--- a/pkgs/tools/text/patchutils/default.nix
+++ b/pkgs/tools/text/patchutils/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./drop-comments.patch ]; # we would get into a cycle when using fetchpatch on this one
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   meta = with stdenv.lib; {
     description = "Tools to manipulate patch files";
diff --git a/pkgs/tools/text/untex/default.nix b/pkgs/tools/text/untex/default.nix
index 33f72b029a1e..ec99e8b4a27a 100644
--- a/pkgs/tools/text/untex/default.nix
+++ b/pkgs/tools/text/untex/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "07p836jydd5yjy905m5ylnnac1h4cc4jsr41panqb808mlsiwmmy";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   unpackPhase = "tar xf $src";
   installTargets = "install install.man";
diff --git a/pkgs/tools/typesetting/tex/tetex/default.nix b/pkgs/tools/typesetting/tex/tetex/default.nix
index cffe0b39d229..c3d226a2acb0 100644
--- a/pkgs/tools/typesetting/tex/tetex/default.nix
+++ b/pkgs/tools/typesetting/tex/tetex/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ flex bison zlib libpng ncurses ed ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   # fixes "error: conflicting types for 'calloc'", etc.
   preBuild = stdenv.lib.optionalString stdenv.isDarwin ''
diff --git a/pkgs/tools/typesetting/tex/texlive-new/bin.nix b/pkgs/tools/typesetting/tex/texlive-new/bin.nix
index 3585c4d04af8..2cc673939038 100644
--- a/pkgs/tools/typesetting/tex/texlive-new/bin.nix
+++ b/pkgs/tools/typesetting/tex/texlive-new/bin.nix
@@ -64,7 +64,7 @@ core = stdenv.mkDerivation rec {
     perl
   ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   preConfigure = ''
     rm -r libs/{cairo,freetype2,gd,gmp,graphite2,harfbuzz,icu,libpaper,libpng} \
@@ -123,7 +123,7 @@ core-big = stdenv.mkDerivation {
 
   inherit (common) src;
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = core.buildInputs ++ [ core cairo harfbuzz icu graphite2 ];
 
diff --git a/pkgs/tools/video/mjpegtools/default.nix b/pkgs/tools/video/mjpegtools/default.nix
index 989649c580f2..bfffbae65b59 100644
--- a/pkgs/tools/video/mjpegtools/default.nix
+++ b/pkgs/tools/video/mjpegtools/default.nix
@@ -15,5 +15,5 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ gtk libdv libjpeg libpng libX11 pkgconfig SDL SDL_gfx ];
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 }
diff --git a/pkgs/tools/video/vncrec/default.nix b/pkgs/tools/video/vncrec/default.nix
index a16dc169b98e..81860f22e897 100644
--- a/pkgs/tools/video/vncrec/default.nix
+++ b/pkgs/tools/video/vncrec/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
     sha256 = "1yp6r55fqpdhc8cgrgh9i0mzxmkls16pgf8vfcpng1axr7cigyhc";
   };
 
-  hardening_format = false;
+  hardeningDisable = [ "format" ];
 
   buildInputs = [
     libX11 xproto imake gccmakedep libXt libXmu libXaw
author	Franz Pletz <fpletz@fnordicwalking.de>	2016-02-26 18:38:15 +0100
committer	Franz Pletz <fpletz@fnordicwalking.de>	2016-03-05 18:55:26 +0100
commit	aff1f4ab948b921ceaf2b81610f2f82454302b4b (patch)
tree	6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/tools
parent	a2e449e43e82e258b94c723d92a5e9af641967e7 (diff)
download	nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.gz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.bz2 nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.lz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.xz nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.zst nixlib-aff1f4ab948b921ceaf2b81610f2f82454302b4b.zip