about summary refs log tree commit diff
path: root/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh')
-rw-r--r--nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh9
1 files changed, 8 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
index 8d02b4e5124d..8cd63e460951 100644
--- a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -10,6 +10,13 @@ for flag in ${NIX_HARDENING_ENABLE_@suffixSalt@-}; do
   hardeningEnableMap["$flag"]=1
 done
 
+# fortify3 implies fortify enablement - make explicit before
+# we filter unsupported flags because unsupporting fortify3
+# doesn't mean we should unsupport fortify too
+if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
+  hardeningEnableMap["fortify"]=1
+fi
+
 # Remove unsupported flags.
 for flag in @hardening_unsupported_flags@; do
   unset -v "hardeningEnableMap[$flag]"
@@ -19,7 +26,7 @@ for flag in @hardening_unsupported_flags@; do
   fi
 done
 
-# make fortify and fortify3 mutually exclusive
+# now make fortify and fortify3 mutually exclusive
 if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
   unset -v "hardeningEnableMap['fortify']"
 fi
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 03:22:15 +0000