about summary refs log tree commit diff
path: root/pkgs/servers/mail/postfix/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/servers/mail/postfix/default.nix')
-rw-r--r--pkgs/servers/mail/postfix/default.nix6
1 files changed, 4 insertions, 2 deletions
diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix
index 99371f41b0f1..43cdffd660cd 100644
--- a/pkgs/servers/mail/postfix/default.nix
+++ b/pkgs/servers/mail/postfix/default.nix
@@ -9,12 +9,11 @@ let
   ccargs = lib.concatStringsSep " " ([
     "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl.dev}/include/sasl"
     "-DHAS_DB_BYPASS_MAKEDEFS_CHECK"
-    "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2"
    ] ++ lib.optional withPgSQL "-DHAS_PGSQL"
      ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${lib.getDev libmysql}/include/mysql" ]
      ++ lib.optional withSQLite "-DHAS_SQLITE");
    auxlibs = lib.concatStringsSep " " ([
-     "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now"
+     "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl"
    ] ++ lib.optional withPgSQL "-lpq"
      ++ lib.optional withMySQL "-lmysqlclient"
      ++ lib.optional withSQLite "-lsqlite3");
@@ -35,6 +34,9 @@ in stdenv.mkDerivation rec {
                 ++ lib.optional withMySQL libmysql
                 ++ lib.optional withSQLite sqlite;
 
+  hardeningDisable = [ "format" ];
+  hardeningEnable = [ "pie" ];
+
   patches = [
     ./postfix-script-shell.patch
     ./postfix-3.0-no-warnings.patch
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 08:59:15 +0000