From 713db8d8f85412a9efde7539d8ebfeb5255ddb0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabi=C3=A1n=20Heredia=20Montiel?= Date: Sat, 19 Nov 2022 00:25:07 -0600 Subject: [PATCH] linux/hardened: make GCC_STRUCTLEAK optional since it isn't an option with GCC 12 --- pkgs/os-specific/linux/kernel/hardened/config.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 198cd8681646..efc64e81af55 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -65,8 +65,8 @@ assert (stdenv.hostPlatform.isx86_64 -> versions.majorMinor version != "5.4"); # Gather additional entropy at boot time for systems that may not have appropriate entropy sources. GCC_PLUGIN_LATENT_ENTROPY = yes; - GCC_PLUGIN_STRUCTLEAK = yes; # A port of the PaX structleak plugin - GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = yes; # Also cover structs passed by address + GCC_PLUGIN_STRUCTLEAK = option yes; # A port of the PaX structleak plugin + GCC_PLUGIN_STRUCTLEAK_BYREF_ALL = option yes; # Also cover structs passed by address GCC_PLUGIN_STACKLEAK = whenAtLeast "4.20" yes; # A port of the PaX stackleak plugin GCC_PLUGIN_RANDSTRUCT = whenOlder "5.19" yes; # A port of the PaX randstruct plugin GCC_PLUGIN_RANDSTRUCT_PERFORMANCE = whenOlder "5.19" yes;