diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-02-14 08:27:40 -0600 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-02-14 08:27:40 -0600 |
commit | f8b8c353ffcfb2a29178c1f7b145baebfab55f81 (patch) | |
tree | b95c9ca3dc42bb478ba8718c1c87f63146f02103 /nixos/modules/security/wrappers | |
parent | fb6d13c01aa22cdaffe45597495f390ef2989eda (diff) | |
download | nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar.gz nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar.bz2 nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar.lz nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar.xz nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.tar.zst nixpkgs-f8b8c353ffcfb2a29178c1f7b145baebfab55f81.zip |
Simplifying the wrapper program derivation
Diffstat (limited to 'nixos/modules/security/wrappers')
-rw-r--r-- | nixos/modules/security/wrappers/default.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 8c4353fdd96..96f4544c2fa 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -9,17 +9,15 @@ let wrappers); securityWrapper = pkgs.stdenv.mkDerivation { - name = "security-wrapper"; - unpackPhase = "true"; + name = "security-wrapper"; + phases = [ "installPhase" "fixupPhase" ]; + buildInputs = [ pkgs.libcap pkgs.libcap_ng pkgs.linuxHeaders ]; + hardeningEnable = [ "pie" ]; installPhase = '' mkdir -p $out/bin parentWrapperDir=$(dirname ${wrapperDir}) gcc -Wall -O2 -DWRAPPER_DIR=\"$parentWrapperDir\" \ - -Wformat -Wformat-security -Werror=format-security \ - -fstack-protector-strong --param ssp-buffer-size=4 \ - -D_FORTIFY_SOURCE=2 -fPIC \ - -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \ - -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include + -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper ''; }; |