From aff1f4ab948b921ceaf2b81610f2f82454302b4b Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Fri, 26 Feb 2016 18:38:15 +0100 Subject: Use general hardening flag toggle lists The following parameters are now available: * hardeningDisable To disable specific hardening flags * hardeningEnable To enable specific hardening flags Only the cc-wrapper supports this right now, but these may be reused by other wrappers, builders or setup hooks. cc-wrapper supports the following flags: * fortify * stackprotector * pie (disabled by default) * pic * strictoverflow * format * relro * bindnow --- pkgs/build-support/cc-wrapper/cc-wrapper.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'pkgs/build-support/cc-wrapper/cc-wrapper.sh') diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh index 6e12a0d8bc8f..a8a08e5e1443 100644 --- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh +++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh @@ -56,7 +56,6 @@ if [ "$nonFlagArgs" = 0 ]; then dontLink=1 fi - # Optionally filter out paths not refering to the store. params=("$@") if [ "$NIX_ENFORCE_PURITY" = 1 -a -n "$NIX_STORE" ]; then @@ -90,16 +89,17 @@ if [[ "@prog@" = *++ ]]; then fi fi +source @out@/nix-support/add-hardening.sh + # Add the flags for the C compiler proper. -extraAfter=($NIX_CFLAGS_COMPILE) +extraAfter=($NIX_CFLAGS_COMPILE ${hardeningCFlags[@]}) extraBefore=() - if [ "$dontLink" != 1 ]; then # Add the flags that should only be passed to the compiler when # linking. - extraAfter+=($NIX_CFLAGS_LINK) + extraAfter+=($NIX_CFLAGS_LINK ${hardeningLDFlags[@]}) # Add the flags that should be passed to the linker (and prevent # `ld-wrapper' from adding NIX_LDFLAGS again). -- cgit 1.4.1