From 4c13b318017e0e3c244d1e0e1f552d8239b1fda7 Mon Sep 17 00:00:00 2001
From: Bernardo Meurer <bernardo@meurer.org>
Date: Tue, 1 Feb 2022 09:18:12 -0800
Subject: [PATCH] linux/kernel/common-config.nix: mark FORTIFY_SOURCE as
 optional

You cannot use it on clang-built kernels due to some LLVM bugs, namely:

* https://bugs.llvm.org/show_bug.cgi?id=50322
* https://bugs.llvm.org/show_bug.cgi?id=41459

so Kconfig forces it off, causing generate-config.pl to explode since it
is not marked optional.
---
 pkgs/os-specific/linux/kernel/common-config.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 830ddf49810a..34e1b10b32a8 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -452,7 +452,7 @@ let
     };
 
     security = {
-      FORTIFY_SOURCE                   = whenAtLeast "4.13" yes;
+      FORTIFY_SOURCE                   = whenAtLeast "4.13" (option yes);
 
       # https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
       DEBUG_LIST                       = yes;