diff options
Diffstat (limited to 'pkgs/servers')
-rw-r--r-- | pkgs/servers/beanstalkd/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/firebird/default.nix | 4 | ||||
-rw-r--r-- | pkgs/servers/gpm/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/http/nginx/generic.nix | 11 | ||||
-rw-r--r-- | pkgs/servers/icecast/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/irc/charybdis/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/default.nix | 6 | ||||
-rw-r--r-- | pkgs/servers/mail/postfix/pfixtools.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/memcached/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/nosql/mongodb/default.nix | 3 | ||||
-rw-r--r-- | pkgs/servers/nosql/riak/2.1.1.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/openafs-client/default.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/sip/freeswitch/default.nix | 12 | ||||
-rw-r--r-- | pkgs/servers/sql/virtuoso/7.x.nix | 2 | ||||
-rw-r--r-- | pkgs/servers/x11/xorg/builder.sh | 1 | ||||
-rw-r--r-- | pkgs/servers/x11/xorg/default.nix | 4 | ||||
-rw-r--r-- | pkgs/servers/x11/xorg/overrides.nix | 4 |
17 files changed, 44 insertions, 19 deletions
diff --git a/pkgs/servers/beanstalkd/default.nix b/pkgs/servers/beanstalkd/default.nix index cea7ca0b337f..ef4621fb9a65 100644 --- a/pkgs/servers/beanstalkd/default.nix +++ b/pkgs/servers/beanstalkd/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "0n9dlmiddcfl7i0f1lwfhqiwyvf26493fxfcmn8jm30nbqciwfwj"; }; + hardeningDisable = [ "fortify" ]; + meta = with stdenv.lib; { homepage = http://kr.github.io/beanstalkd/; description = "A simple, fast work queue"; diff --git a/pkgs/servers/firebird/default.nix b/pkgs/servers/firebird/default.nix index 3e778317169c..3e258ee6d3f1 100644 --- a/pkgs/servers/firebird/default.nix +++ b/pkgs/servers/firebird/default.nix @@ -11,7 +11,7 @@ # icu version missmatch may cause such error when selecting from a table: # "Collation unicode for character set utf8 is not installed" - # icu 3.0 can still be build easily by nix (by dropping the #elif case and + # icu 3.0 can still be built easily by nix (by dropping the #elif case and # make | make) icu ? null @@ -65,6 +65,8 @@ stdenv.mkDerivation rec { sha256 = "0887a813wffp44hnc2gmwbc4ylpqw3fh3hz3bf6q3648344a9fdv"; }; + hardeningDisable = [ "format" ]; + # configurePhase = '' # sed -i 's@cp /usr/share/automake-.*@@' autogen.sh # sh autogen.sh $configureFlags --prefix=$out diff --git a/pkgs/servers/gpm/default.nix b/pkgs/servers/gpm/default.nix index a9fac485f905..ac5e0b7c1b1c 100644 --- a/pkgs/servers/gpm/default.nix +++ b/pkgs/servers/gpm/default.nix @@ -15,6 +15,8 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ automake autoconf libtool flex bison texinfo ]; buildInputs = [ ncurses ]; + hardeningDisable = [ "format" ]; + preConfigure = '' ./autogen.sh ''; diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index 6817f18bd1db..b1d70907e28c 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -49,14 +49,9 @@ stdenv.mkDerivation { NIX_CFLAGS_COMPILE = [ "-I${libxml2.dev}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations"; - preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules) - + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) '' - configureFlagsArray=( - --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2" - --with-ld-opt="-pie -Wl,-z,relro,-z,now" - ) - '' - ; + preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules); + + hardeningEnable = [ "pie" ]; postInstall = '' mv $out/sbin $out/bin diff --git a/pkgs/servers/icecast/default.nix b/pkgs/servers/icecast/default.nix index 9beb961de207..d241b59c3feb 100644 --- a/pkgs/servers/icecast/default.nix +++ b/pkgs/servers/icecast/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { buildInputs = [ libxml2 libxslt curl libvorbis libtheora speex libkate libopus ]; + hardeningEnable = [ "pie" ]; + meta = { description = "Server software for streaming multimedia"; diff --git a/pkgs/servers/irc/charybdis/default.nix b/pkgs/servers/irc/charybdis/default.nix index df4250c81fa7..89eeeaecb34a 100644 --- a/pkgs/servers/irc/charybdis/default.nix +++ b/pkgs/servers/irc/charybdis/default.nix @@ -21,6 +21,8 @@ stdenv.mkDerivation rec { "--with-program-prefix=charybdis-" ]; + hardeningDisable = [ "format" ]; + buildInputs = [ bison flex openssl ]; meta = with stdenv.lib; { diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 99371f41b0f1..43cdffd660cd 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -9,12 +9,11 @@ let ccargs = lib.concatStringsSep " " ([ "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl.dev}/include/sasl" "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" - "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2" ] ++ lib.optional withPgSQL "-DHAS_PGSQL" ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${lib.getDev libmysql}/include/mysql" ] ++ lib.optional withSQLite "-DHAS_SQLITE"); auxlibs = lib.concatStringsSep " " ([ - "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now" + "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" ] ++ lib.optional withPgSQL "-lpq" ++ lib.optional withMySQL "-lmysqlclient" ++ lib.optional withSQLite "-lsqlite3"); @@ -35,6 +34,9 @@ in stdenv.mkDerivation rec { ++ lib.optional withMySQL libmysql ++ lib.optional withSQLite sqlite; + hardeningDisable = [ "format" ]; + hardeningEnable = [ "pie" ]; + patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch diff --git a/pkgs/servers/mail/postfix/pfixtools.nix b/pkgs/servers/mail/postfix/pfixtools.nix index 3e7ef9f23db5..b17beeb095f2 100644 --- a/pkgs/servers/mail/postfix/pfixtools.nix +++ b/pkgs/servers/mail/postfix/pfixtools.nix @@ -38,6 +38,8 @@ stdenv.mkDerivation { --replace /bin/bash ${bash}/bin/bash; ''; + NIX_CFLAGS_COMPILE = "-Wno-error=unused-result"; + makeFlags = "DESTDIR=$(out) prefix="; meta = { diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix index 9d110d9c1461..5e4edd0b0322 100644 --- a/pkgs/servers/memcached/default.nix +++ b/pkgs/servers/memcached/default.nix @@ -10,6 +10,8 @@ stdenv.mkDerivation rec { buildInputs = [cyrus_sasl libevent]; + hardeningEnable = [ "pie" ]; + meta = with stdenv.lib; { description = "A distributed memory object caching system"; repositories.git = https://github.com/memcached/memcached.git; diff --git a/pkgs/servers/nosql/mongodb/default.nix b/pkgs/servers/nosql/mongodb/default.nix index 127d807133e0..d18de78bdde3 100644 --- a/pkgs/servers/nosql/mongodb/default.nix +++ b/pkgs/servers/nosql/mongodb/default.nix @@ -19,6 +19,7 @@ let version = "3.2.1"; #"stemmer" -- not nice to package yet (no versioning, no makefile, no shared libs). "yaml" ] ++ optionals stdenv.isLinux [ "tcmalloc" ]; + buildInputs = [ sasl boost gperftools pcre-cpp snappy zlib libyamlcpp sasl openssl libpcap @@ -92,6 +93,8 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; + hardeningEnable = [ "pie" ]; + meta = { description = "A scalable, high-performance, open source NoSQL database"; homepage = http://www.mongodb.org; diff --git a/pkgs/servers/nosql/riak/2.1.1.nix b/pkgs/servers/nosql/riak/2.1.1.nix index c62cea180be7..b66e99f0afbe 100644 --- a/pkgs/servers/nosql/riak/2.1.1.nix +++ b/pkgs/servers/nosql/riak/2.1.1.nix @@ -34,6 +34,8 @@ stdenv.mkDerivation rec { src = srcs.riak; + hardeningDisable = [ "format" ]; + postPatch = '' sed -i deps/node_package/priv/base/env.sh \ -e 's@{{platform_data_dir}}@''${RIAK_DATA_DIR:-/var/db/riak}@' \ diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 40d3edcf21a4..52a7941d0932 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -14,6 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses ]; + hardeningDisable = [ "pic" ]; + preConfigure = '' ln -s "${kernel.dev}/lib/modules/"*/build $TMP/linux diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index efa70875549f..1cce4c518ea9 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -1,18 +1,20 @@ { fetchurl, stdenv, ncurses, curl, pkgconfig, gnutls, readline, openssl, perl, libjpeg -, libzrtpcpp, gcc48 }: +, libzrtpcpp }: stdenv.mkDerivation rec { - name = "freeswitch-1.2.3"; + name = "freeswitch-1.6.6"; src = fetchurl { - url = http://files.freeswitch.org/freeswitch-1.2.3.tar.bz2; + url = "http://files.freeswitch.org/releases/freeswitch/${name}.tar.bz2"; sha256 = "0kfvn5f75c6r6yp18almjz9p6llvpm66gpbxcjswrg3ddgbkzg0k"; }; buildInputs = [ ncurses curl pkgconfig gnutls readline openssl perl libjpeg - libzrtpcpp gcc48 ]; + libzrtpcpp ]; - NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; + NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "format" ]; meta = { description = "Cross-Platform Scalable FREE Multi-Protocol Soft Switch"; diff --git a/pkgs/servers/sql/virtuoso/7.x.nix b/pkgs/servers/sql/virtuoso/7.x.nix index 192bdc9dcb1e..7a8db3f2962c 100644 --- a/pkgs/servers/sql/virtuoso/7.x.nix +++ b/pkgs/servers/sql/virtuoso/7.x.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { meta = with stdenv.lib; { description = "SQL/RDF database used by, e.g., KDE-nepomuk"; homepage = http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/; - #configure: The current version [...] can only be build on 64bit platforms + #configure: The current version [...] can only be built on 64bit platforms platforms = [ "x86_64-linux" "x86_64-darwin" ]; maintainers = [ maintainers.urkud ]; }; diff --git a/pkgs/servers/x11/xorg/builder.sh b/pkgs/servers/x11/xorg/builder.sh index c9e53f3800d3..055886374df4 100644 --- a/pkgs/servers/x11/xorg/builder.sh +++ b/pkgs/servers/x11/xorg/builder.sh @@ -46,5 +46,4 @@ fi enableParallelBuilding=1 - genericBuild diff --git a/pkgs/servers/x11/xorg/default.nix b/pkgs/servers/x11/xorg/default.nix index da74fcb4ca6d..6d09116a867a 100644 --- a/pkgs/servers/x11/xorg/default.nix +++ b/pkgs/servers/x11/xorg/default.nix @@ -9,7 +9,9 @@ let mkDerivation = name: attrs: let newAttrs = (overrides."${name}" or (x: x)) attrs; stdenv = newAttrs.stdenv or args.stdenv; - in stdenv.mkDerivation (removeAttrs newAttrs [ "stdenv" ]); + in stdenv.mkDerivation ((removeAttrs newAttrs [ "stdenv" ]) // { + hardeningDisable = [ "bindnow" "relro" ]; + }); overrides = import ./overrides.nix {inherit args xorg;}; diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix index ebd09e3096ee..10b0b3ce2ad6 100644 --- a/pkgs/servers/x11/xorg/overrides.nix +++ b/pkgs/servers/x11/xorg/overrides.nix @@ -561,4 +561,8 @@ in configureFlags = "--with-cpp=${args.mcpp}/bin/mcpp"; }; + sessreg = attrs: attrs // { + preBuild = "sed -i 's|gcc -E|gcc -E -P|' man/Makefile"; + }; + } |