From b6876d5c8613c02177feb059e15ec6549e72e379 Mon Sep 17 00:00:00 2001
From: Ben Wolsieffer <benwolsieffer@gmail.com>
Date: Tue, 10 Oct 2023 04:13:29 -0400
Subject: nixos/security/wrappers: don't force PIE hardening (#259509)

PIE causes problems with static binaries on ARM (see 76552e9). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
---
 nixos/modules/security/wrappers/wrapper.nix | 1 -
 1 file changed, 1 deletion(-)

(limited to 'nixos')

diff --git a/nixos/modules/security/wrappers/wrapper.nix b/nixos/modules/security/wrappers/wrapper.nix
index da2fca98d5c5..27d46c630af5 100644
--- a/nixos/modules/security/wrappers/wrapper.nix
+++ b/nixos/modules/security/wrappers/wrapper.nix
@@ -5,7 +5,6 @@ stdenv.mkDerivation {
   name = "security-wrapper";
   buildInputs = [ linuxHeaders ];
   dontUnpack = true;
-  hardeningEnable = [ "pie" ];
   CFLAGS = [
     ''-DSOURCE_PROG="${sourceProg}"''
   ] ++ (if debug then [
-- 
cgit 1.4.1