dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

stdenv: fix custom hardening settings when using __structuredAttrs = true; (#353142)

Browse Source
This commit is contained in:
Philip Taron 2024-11-03 05:12:38 -08:00 committed by GitHub
commit a3071731e9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/stdenv/generic/make-derivation.nix
View File

@ -413,7 +413,7 @@ else let
enableParallelChecking = attrs.enableParallelChecking or true;
enableParallelInstalling = attrs.enableParallelInstalling or true;
} // optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
NIX_HARDENING_ENABLE = enabledHardeningOptions;
NIX_HARDENING_ENABLE = builtins.concatStringsSep " " enabledHardeningOptions;
} // optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? gcc.arch) {
requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.gcc.arch}" ];
} // optionalAttrs (stdenv.buildPlatform.isDarwin) (

7
pkgs/test/cc-wrapper/hardening.nix
View File

@ -178,6 +178,13 @@ in nameDrvAfterAttrName ({
ignorePie = false;
});
pieExplicitEnabledStructuredAttrs = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f2exampleWithStdEnv stdenv {
hardeningEnable = [ "pie" ];
__structuredAttrs = true;
}) {
ignorePie = false;
});
relROExplicitEnabled = checkTestBin (f2exampleWithStdEnv stdenv {
hardeningEnable = [ "relro" ];
}) {