diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh
index 0f62aa49542a..c81c3b2f2105 100644
--- a/pkgs/build-support/bintools-wrapper/add-hardening.sh
+++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh
@@ -1,4 +1,3 @@
-allHardeningFlags=(pie relro bindnow)
 hardeningFlags=()
 
 declare -A hardeningEnableMap=()
@@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
 done
 
 # Remove unsupported flags.
-if (( "${NIX_DEBUG:-0}" >= 1 )); then
-  declare -A hardeningDisableMap=()
-fi
 for flag in @hardening_unsupported_flags@; do
-  [[ -n ${hardeningEnableMap[$flag]} ]] || continue
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
-    hardeningDisableMap[$flag]=1
-  fi
   unset hardeningEnableMap[$flag]
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
   # Determine which flags were effectively disabled so we can report below.
+  allHardeningFlags=(pie relro bindnow)
+  declare -A hardeningDisableMap=()
   for flag in ${allHardeningFlags[@]}; do
     if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
       hardeningDisableMap[$flag]=1
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh
index 0b483c12e841..7fdfb615f7fa 100644
--- a/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -1,4 +1,3 @@
-allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
 hardeningCFlags=()
 
 declare -A hardeningEnableMap=()
@@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
 done
 
 # Remove unsupported flags.
-if (( "${NIX_DEBUG:-0}" >= 1 )); then
-  declare -A hardeningDisableMap=()
-fi
 for flag in @hardening_unsupported_flags@; do
-  [[ -n ${hardeningEnableMap[$flag]} ]] || continue
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
-    hardeningDisableMap[$flag]=1
-  fi
   unset hardeningEnableMap[$flag]
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
   # Determine which flags were effectively disabled so we can report below.
+  allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
+  declare -A hardeningDisableMap=()
   for flag in ${allHardeningFlags[@]}; do
     if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
       hardeningDisableMap[$flag]=1