Simplifying the wrapper program derivation

1 files changed, 5 insertions, 7 deletions

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 8c4353fdd96..96f4544c2fa 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -9,17 +9,15 @@ let
       wrappers);
 
   securityWrapper = pkgs.stdenv.mkDerivation {
-    name         = "security-wrapper";
-    unpackPhase  = "true";
+    name            = "security-wrapper";
+    phases          = [ "installPhase" "fixupPhase" ];
+    buildInputs     = [ pkgs.libcap pkgs.libcap_ng pkgs.linuxHeaders ];
+    hardeningEnable = [ "pie" ];
     installPhase = ''
       mkdir -p $out/bin
       parentWrapperDir=$(dirname ${wrapperDir})
       gcc -Wall -O2 -DWRAPPER_DIR=\"$parentWrapperDir\" \
-          -Wformat -Wformat-security -Werror=format-security \
-          -fstack-protector-strong --param ssp-buffer-size=4 \
-          -D_FORTIFY_SOURCE=2 -fPIC \
-          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \
-          -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include
+          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper
     '';
   };