diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-02-26 18:38:15 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-05 18:55:26 +0100 |
| commit | aff1f4ab948b921ceaf2b81610f2f82454302b4b (patch) | |
| tree | 6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/applications | |
| parent | a2e449e43e82e258b94c723d92a5e9af641967e7 (diff) | |
| download | nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.gz nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.bz2 nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.lz nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.xz nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.tar.zst nixpkgs-aff1f4ab948b921ceaf2b81610f2f82454302b4b.zip | |
Use general hardening flag toggle lists
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
Diffstat (limited to 'pkgs/applications')
66 files changed, 66 insertions, 74 deletions
diff --git a/pkgs/applications/audio/QmidiNet/default.nix b/pkgs/applications/audio/QmidiNet/default.nix index c0879e58aca..42c98cbb110 100644 --- a/pkgs/applications/audio/QmidiNet/default.nix +++ b/pkgs/applications/audio/QmidiNet/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1a1pj4w74wj1gcfv4a0vzcglmr5sw0xp0y56w8rk3ig4k11xi8sa"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ qt4 alsaLib libjack2 ]; diff --git a/pkgs/applications/audio/aacgain/default.nix b/pkgs/applications/audio/aacgain/default.nix index 80e3c5dc40a..a22866dc031 100644 --- a/pkgs/applications/audio/aacgain/default.nix +++ b/pkgs/applications/audio/aacgain/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation { sha256 = "07hl432vsscqg01b6wr99qmsj4gbx0i02x4k565432y6zpfmaxm0"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = '' cd mp4v2 diff --git a/pkgs/applications/audio/cdparanoia/default.nix b/pkgs/applications/audio/cdparanoia/default.nix index 9de3bef62ad..abe679f10bc 100644 --- a/pkgs/applications/audio/cdparanoia/default.nix +++ b/pkgs/applications/audio/cdparanoia/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1pv4zrajm46za0f6lv162iqffih57a8ly4pc69f7y0gfyigb8p80"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = "unset CC"; diff --git a/pkgs/applications/audio/csound/default.nix b/pkgs/applications/audio/csound/default.nix index 1cc0e56fe7e..e1c063d823d 100644 --- a/pkgs/applications/audio/csound/default.nix +++ b/pkgs/applications/audio/csound/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { enableParallelBuilding = true; - hardening_format = false; + hardeningDisable = [ "format" ]; src = fetchurl { url = mirror://sourceforge/csound/Csound6.04.tar.gz; diff --git a/pkgs/applications/audio/freewheeling/default.nix b/pkgs/applications/audio/freewheeling/default.nix index eae7ce390c0..1611975182b 100644 --- a/pkgs/applications/audio/freewheeling/default.nix +++ b/pkgs/applications/audio/freewheeling/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation { patches = [ ./am_path_sdl.patch ./xml.patch ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "A live looping instrument with JACK and MIDI support"; diff --git a/pkgs/applications/audio/jack-capture/default.nix b/pkgs/applications/audio/jack-capture/default.nix index 7a5095f3788..ec7f7a5c32d 100644 --- a/pkgs/applications/audio/jack-capture/default.nix +++ b/pkgs/applications/audio/jack-capture/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { cp jack_capture $out/bin/ ''; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "A program for recording soundfiles with jack"; diff --git a/pkgs/applications/audio/lingot/default.nix b/pkgs/applications/audio/lingot/default.nix index 92e39f7bb11..22ab37dc98a 100644 --- a/pkgs/applications/audio/lingot/default.nix +++ b/pkgs/applications/audio/lingot/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "0ygras6ndw2fylwxx86ac11pcr2y2bcfvvgiwrh92z6zncx254gc"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ pkgconfig intltool gtk alsaLib libglade ]; diff --git a/pkgs/applications/audio/mi2ly/default.nix b/pkgs/applications/audio/mi2ly/default.nix index 67ac74f5f5a..fa4ea6343e9 100644 --- a/pkgs/applications/audio/mi2ly/default.nix +++ b/pkgs/applications/audio/mi2ly/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation { sourceRoot="."; - hardening_format = false; + hardeningDisable = [ "format" ]; buildPhase = "./cc"; installPhase = '' diff --git a/pkgs/applications/audio/mp3info/default.nix b/pkgs/applications/audio/mp3info/default.nix index f2434619c47..d28cd7c9e06 100644 --- a/pkgs/applications/audio/mp3info/default.nix +++ b/pkgs/applications/audio/mp3info/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ ncurses pkgconfig gtk ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = '' sed -i Makefile \ diff --git a/pkgs/applications/audio/mp3val/default.nix b/pkgs/applications/audio/mp3val/default.nix index abea5521571..7477bea7602 100644 --- a/pkgs/applications/audio/mp3val/default.nix +++ b/pkgs/applications/audio/mp3val/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { install -Dv mp3val "$out/bin/mp3val" ''; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; meta = { description = "A tool for validating and repairing MPEG audio streams"; diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix index c5bcd5ab4e4..b68c44278ee 100644 --- a/pkgs/applications/audio/mpg321/default.nix +++ b/pkgs/applications/audio/mpg321/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = [ ("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no")) diff --git a/pkgs/applications/audio/musescore/default.nix b/pkgs/applications/audio/musescore/default.nix index b6a98268a9b..b89278a7fd9 100644 --- a/pkgs/applications/audio/musescore/default.nix +++ b/pkgs/applications/audio/musescore/default.nix @@ -13,8 +13,7 @@ stdenv.mkDerivation rec { sha256 = "12a83v4i830gj76z5744034y1vvwzgy27mjbjp508yh9bd328yqw"; }; - hardening_bindnow = false; - hardening_relro = false; + hardeningDisable = [ "relro" "bindnow" ]; makeFlags = [ "PREFIX=$(out)" diff --git a/pkgs/applications/audio/pd-plugins/cyclone/default.nix b/pkgs/applications/audio/pd-plugins/cyclone/default.nix index 460745ddddb..e4ec281cacb 100644 --- a/pkgs/applications/audio/pd-plugins/cyclone/default.nix +++ b/pkgs/applications/audio/pd-plugins/cyclone/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ puredata ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' for file in `grep -r -l g_canvas.h` diff --git a/pkgs/applications/audio/pd-plugins/maxlib/default.nix b/pkgs/applications/audio/pd-plugins/maxlib/default.nix index 1eb0e1be654..3b836d9eb33 100644 --- a/pkgs/applications/audio/pd-plugins/maxlib/default.nix +++ b/pkgs/applications/audio/pd-plugins/maxlib/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ puredata ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' for i in ${puredata}/include/pd/*; do diff --git a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix index 207967a978f..972a162b73f 100644 --- a/pkgs/applications/audio/pd-plugins/mrpeach/default.nix +++ b/pkgs/applications/audio/pd-plugins/mrpeach/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ puredata ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' for D in net osc diff --git a/pkgs/applications/audio/rakarrack/default.nix b/pkgs/applications/audio/rakarrack/default.nix index 647ed9036dc..822e0d5548b 100644 --- a/pkgs/applications/audio/rakarrack/default.nix +++ b/pkgs/applications/audio/rakarrack/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "1rpf63pdn54c4yg13k7cb1w1c7zsvl97c4qxcpz41c8l91xd55kn"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ ./fltk-path.patch ]; diff --git a/pkgs/applications/audio/zynaddsubfx/default.nix b/pkgs/applications/audio/zynaddsubfx/default.nix index c784b33700e..ece3cbef596 100644 --- a/pkgs/applications/audio/zynaddsubfx/default.nix +++ b/pkgs/applications/audio/zynaddsubfx/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { buildInputs = [ alsaLib libjack2 fftw fltk13 libjpeg minixml zlib liblo ]; nativeBuildInputs = [ cmake pkgconfig ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "High quality software synthesizer"; diff --git a/pkgs/applications/editors/ht/default.nix b/pkgs/applications/editors/ht/default.nix index 5ddcf34995f..2817bd168de 100644 --- a/pkgs/applications/editors/ht/default.nix +++ b/pkgs/applications/editors/ht/default.nix @@ -13,7 +13,7 @@ stdenv.mkDerivation rec { ncurses ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with lib; { description = "File editor/viewer/analyzer for executables"; diff --git a/pkgs/applications/editors/leafpad/default.nix b/pkgs/applications/editors/leafpad/default.nix index f3755db448c..a5b0f2e400a 100644 --- a/pkgs/applications/editors/leafpad/default.nix +++ b/pkgs/applications/editors/leafpad/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ intltool pkgconfig gtk ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = [ "--enable-chooser" diff --git a/pkgs/applications/graphics/cinepaint/default.nix b/pkgs/applications/graphics/cinepaint/default.nix index 7b8281b4e3c..4866ba92add 100644 --- a/pkgs/applications/graphics/cinepaint/default.nix +++ b/pkgs/applications/graphics/cinepaint/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { libXext libXpm libXau libXxf86vm pixman libpthreadstubs fltk ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ ./install.patch ]; diff --git a/pkgs/applications/graphics/giv/default.nix b/pkgs/applications/graphics/giv/default.nix index c33da655222..bd1a8d03ec4 100644 --- a/pkgs/applications/graphics/giv/default.nix +++ b/pkgs/applications/graphics/giv/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1q0806b66ajppxbv1i71wx5d3ydc1h3hsz23m6g4g80dhiai7dly"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; prePatch = '' sed -i s,/usr/bin/perl,${perl}/bin/perl, doc/eperl diff --git a/pkgs/applications/graphics/gqview/default.nix b/pkgs/applications/graphics/gqview/default.nix index ff069d0d972..822ef8ad435 100644 --- a/pkgs/applications/graphics/gqview/default.nix +++ b/pkgs/applications/graphics/gqview/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation { buildInputs = [pkgconfig gtk libpng]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "A fast image viewer"; diff --git a/pkgs/applications/graphics/meshlab/default.nix b/pkgs/applications/graphics/meshlab/default.nix index c3aed10d00c..fa1958059b8 100644 --- a/pkgs/applications/graphics/meshlab/default.nix +++ b/pkgs/applications/graphics/meshlab/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { patches = [ ./include-unistd.diff ]; - hardening_format = false; + hardeningDisable = [ "format" ]; buildPhase = '' mkdir -p "$out/include" diff --git a/pkgs/applications/graphics/qtpfsgui/default.nix b/pkgs/applications/graphics/qtpfsgui/default.nix index da6521199c5..e6a0453e533 100644 --- a/pkgs/applications/graphics/qtpfsgui/default.nix +++ b/pkgs/applications/graphics/qtpfsgui/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ qt4 exiv2 openexr fftwSinglePrec libtiff ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = '' export CPATH="${ilmbase}/include/OpenEXR:$CPATH" diff --git a/pkgs/applications/graphics/tesseract/default.nix b/pkgs/applications/graphics/tesseract/default.nix index b3db2fde4cb..375b0999548 100644 --- a/pkgs/applications/graphics/tesseract/default.nix +++ b/pkgs/applications/graphics/tesseract/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { buildInputs = [ autoconf automake libtool leptonica libpng libtiff ]; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = '' ./autogen.sh diff --git a/pkgs/applications/graphics/xfig/default.nix b/pkgs/applications/graphics/xfig/default.nix index 4f8f3ac16f4..6903837e5ad 100644 --- a/pkgs/applications/graphics/xfig/default.nix +++ b/pkgs/applications/graphics/xfig/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ imake makeWrapper ]; - hardening_format = false; + hardeningDisable = [ "format" ]; NIX_CFLAGS_COMPILE = "-I${libXpm}/include/X11"; diff --git a/pkgs/applications/inferno/default.nix b/pkgs/applications/inferno/default.nix index 3c970e40b48..b1574ea6963 100644 --- a/pkgs/applications/inferno/default.nix +++ b/pkgs/applications/inferno/default.nix @@ -46,7 +46,7 @@ stdenv.mkDerivation rec { --set INFERNO_ROOT "$out/share/inferno" ''; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; meta = { description = "A compact distributed operating system for building cross-platform distributed systems"; diff --git a/pkgs/applications/misc/epdfview/default.nix b/pkgs/applications/misc/epdfview/default.nix index 7810284973f..782ef4ae366 100644 --- a/pkgs/applications/misc/epdfview/default.nix +++ b/pkgs/applications/misc/epdfview/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig gtk poppler ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ (fetchpatch { name = "epdfview-0.1.8-glib2-headers.patch"; diff --git a/pkgs/applications/misc/gkrellm/default.nix b/pkgs/applications/misc/gkrellm/default.nix index 7c755a4f3d3..cf7fdafd742 100644 --- a/pkgs/applications/misc/gkrellm/default.nix +++ b/pkgs/applications/misc/gkrellm/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { buildInputs = [gettext pkgconfig glib gtk libX11 libSM libICE]; - hardening_format = false; + hardeningDisable = [ "format" ]; # Makefiles are patched to fix references to `/usr/X11R6' and to add # `-lX11' to make sure libX11's store path is in the RPATH. diff --git a/pkgs/applications/misc/grip/default.nix b/pkgs/applications/misc/grip/default.nix index 86127d56b01..e0ece09db18 100644 --- a/pkgs/applications/misc/grip/default.nix +++ b/pkgs/applications/misc/grip/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ gtk glib pkgconfig libgnome libgnomeui vte curl cdparanoia libid3tag ncurses libtool ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "GTK+-based audio CD player/ripper"; diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix index dac597fe67c..7c0d615f366 100644 --- a/pkgs/applications/misc/k2pdfopt/default.nix +++ b/pkgs/applications/misc/k2pdfopt/default.nix @@ -31,7 +31,7 @@ in stdenv.mkDerivation rec { openjpeg freetype jbig2dec djvulibre openssl ]; NIX_LDFLAGS = "-lX11 -lXext"; - hardening_format = false; + hardeningDisable = [ "format" ]; k2_pa = ./k2pdfopt.patch; tess_pa = ./tesseract.patch; diff --git a/pkgs/applications/misc/navit/default.nix b/pkgs/applications/misc/navit/default.nix index 67f474cefac..5f70d4b5c44 100644 --- a/pkgs/applications/misc/navit/default.nix +++ b/pkgs/applications/misc/navit/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1xx62l5srfhh9cfi7n3pxj8hpcgr1rpa0hzfmbrqadzv09z36723"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # 'cvs' is only for the autogen buildInputs = [ pkgconfig gtk SDL fontconfig freetype imlib2 SDL_image mesa diff --git a/pkgs/applications/misc/posterazor/default.nix b/pkgs/applications/misc/posterazor/default.nix index 43da0c92a42..b6d46cf9ed1 100644 --- a/pkgs/applications/misc/posterazor/default.nix +++ b/pkgs/applications/misc/posterazor/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1dqpdk8zl0smdg4fganp3hxb943q40619qmxjlga9jhjc01s7fq5"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ cmake unzip pkgconfig libXpm fltk13 freeimage ]; diff --git a/pkgs/applications/misc/sdcv/default.nix b/pkgs/applications/misc/sdcv/default.nix index 6a768d44958..8e781cd1c02 100644 --- a/pkgs/applications/misc/sdcv/default.nix +++ b/pkgs/applications/misc/sdcv/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { sha256 = "1cnyv7gd1qvz8ma8545d3aq726wxrx4km7ykl97831irx5wz0r51"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = ( if stdenv.isDarwin then [ ./sdcv.cpp.patch-darwin ./utils.hpp.patch ] diff --git a/pkgs/applications/misc/tasknc/default.nix b/pkgs/applications/misc/tasknc/default.nix index d725bba0307..b7b9d36b4cb 100644 --- a/pkgs/applications/misc/tasknc/default.nix +++ b/pkgs/applications/misc/tasknc/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0max5schga9hmf3vfqk2ic91dr6raxglyyjcqchzla280kxn5c28"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # # I know this is ugly, but the Makefile does strange things in this package, diff --git a/pkgs/applications/misc/vym/default.nix b/pkgs/applications/misc/vym/default.nix index a62f7cd2aa6..e595d771ec0 100644 --- a/pkgs/applications/misc/vym/default.nix +++ b/pkgs/applications/misc/vym/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig qt4 ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = '' qmake PREFIX="$out" diff --git a/pkgs/applications/misc/wordnet/default.nix b/pkgs/applications/misc/wordnet/default.nix index d5edf2a4d58..2f98bc66e9b 100644 --- a/pkgs/applications/misc/wordnet/default.nix +++ b/pkgs/applications/misc/wordnet/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation { buildInputs = [tcl tk xlibsWrapper makeWrapper]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' sed "13i#define USE_INTERP_RESULT 1" -i src/stubs.c diff --git a/pkgs/applications/networking/browsers/vimprobable2/default.nix b/pkgs/applications/networking/browsers/vimprobable2/default.nix index 3d40aa1f60c..2415c06dba4 100644 --- a/pkgs/applications/networking/browsers/vimprobable2/default.nix +++ b/pkgs/applications/networking/browsers/vimprobable2/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper gtk libsoup libX11 perl pkgconfig webkit gsettings_desktop_schemas ]; - hardening_format = false; + hardeningDisable = [ "format" ]; installFlags = "PREFIX=/ DESTDIR=$(out)"; diff --git a/pkgs/applications/networking/browsers/w3m/default.nix b/pkgs/applications/networking/browsers/w3m/default.nix index cc3e55f02e9..ae1bf5bffea 100644 --- a/pkgs/applications/networking/browsers/w3m/default.nix +++ b/pkgs/applications/networking/browsers/w3m/default.nix @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { ln -s $out/libexec/w3m/w3mimgdisplay $out/bin ''; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}" + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb"; diff --git a/pkgs/applications/networking/instant-messengers/silc-client/default.nix b/pkgs/applications/networking/instant-messengers/silc-client/default.nix index 156b138f290..b765c97fb8e 100644 --- a/pkgs/applications/networking/instant-messengers/silc-client/default.nix +++ b/pkgs/applications/networking/instant-messengers/silc-client/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation { dontDisableStatic = true; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = "--with-ncurses=${ncurses}"; diff --git a/pkgs/applications/networking/instant-messengers/vacuum/default.nix b/pkgs/applications/networking/instant-messengers/vacuum/default.nix index 181cd3301e3..12466379bf9 100644 --- a/pkgs/applications/networking/instant-messengers/vacuum/default.nix +++ b/pkgs/applications/networking/instant-messengers/vacuum/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { configurePhase = "qmake INSTALL_PREFIX=$out -recursive vacuum.pro"; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ qt4 openssl xproto libX11 libXScrnSaver scrnsaverproto xz diff --git a/pkgs/applications/networking/iptraf-ng/default.nix b/pkgs/applications/networking/iptraf-ng/default.nix index 8084d5133f1..746d79805f5 100644 --- a/pkgs/applications/networking/iptraf-ng/default.nix +++ b/pkgs/applications/networking/iptraf-ng/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { --localstatedir=$out/var --sbindir=$out/bin ''; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "A console-based network monitoring utility (fork of iptraf)"; diff --git a/pkgs/applications/networking/mailreaders/alpine/default.nix b/pkgs/applications/networking/mailreaders/alpine/default.nix index c77b51d7064..b86de98f950 100644 --- a/pkgs/applications/networking/mailreaders/alpine/default.nix +++ b/pkgs/applications/networking/mailreaders/alpine/default.nix @@ -18,8 +18,7 @@ stdenv.mkDerivation { ncurses tcl openssl pam kerberos openldap ]; - hardening_format = false; - hardening_fortify = false; + hardeningDisable = [ "format" "fortify" ]; configureFlags = [ "--with-ssl-include-dir=${openssl}/include/openssl" diff --git a/pkgs/applications/networking/mailreaders/realpine/default.nix b/pkgs/applications/networking/mailreaders/realpine/default.nix index 1ee42531465..3ff690a244b 100644 --- a/pkgs/applications/networking/mailreaders/realpine/default.nix +++ b/pkgs/applications/networking/mailreaders/realpine/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation { ncurses tcl openssl pam kerberos openldap ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configureFlags = [ "--with-ssl-include-dir=${openssl}/include/openssl" diff --git a/pkgs/applications/networking/remote/ssvnc/default.nix b/pkgs/applications/networking/remote/ssvnc/default.nix index 681ace6ab8f..ed64629fe24 100644 --- a/pkgs/applications/networking/remote/ssvnc/default.nix +++ b/pkgs/applications/networking/remote/ssvnc/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { configurePhase = "makeFlags=PREFIX=$out"; - hardening_format = false; + hardeningDisable = [ "format" ]; postInstall = '' sed -i -e 's|exec wish|exec ${tk}/bin/wish|' $out/lib/ssvnc/util/ssvnc.tcl diff --git a/pkgs/applications/science/electronics/caneda/default.nix b/pkgs/applications/science/electronics/caneda/default.nix index 152aec27d83..dc00cef8898 100644 --- a/pkgs/applications/science/electronics/caneda/default.nix +++ b/pkgs/applications/science/electronics/caneda/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { sha256 = "dfbcac97f5a1b41ad9a63392394f37fb294cbf78c576673c9bc4a5370957b2c8"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ cmake qt4 libxml2 libxslt ]; diff --git a/pkgs/applications/science/geometry/drgeo/default.nix b/pkgs/applications/science/geometry/drgeo/default.nix index c5c2cee62e8..22e64ee0566 100644 --- a/pkgs/applications/science/geometry/drgeo/default.nix +++ b/pkgs/applications/science/geometry/drgeo/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation rec { name = "drgeo-${version}"; version = "1.1.0"; - hardening_format = false; + hardeningDisable = [ "format" ]; src = fetchurl { url = "mirror://sourceforge/ofset/${name}.tar.gz"; diff --git a/pkgs/applications/science/logic/ltl2ba/default.nix b/pkgs/applications/science/logic/ltl2ba/default.nix index cb0c308b129..8eedafcd68b 100644 --- a/pkgs/applications/science/logic/ltl2ba/default.nix +++ b/pkgs/applications/science/logic/ltl2ba/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "16z0gc7a9dkarwn0l6rvg5jdhw1q4qyn4501zlchy0zxqddz0sx6"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = '' substituteInPlace Makefile \ diff --git a/pkgs/applications/science/logic/otter/default.nix b/pkgs/applications/science/logic/otter/default.nix index b0b001f7b3c..dd383f1fff6 100644 --- a/pkgs/applications/science/logic/otter/default.nix +++ b/pkgs/applications/science/logic/otter/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation { inherit (s) url sha256; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildPhase = '' find . -name Makefile | xargs sed -i -e "s@/bin/rm@$(type -P rm)@g" diff --git a/pkgs/applications/science/logic/prover9/default.nix b/pkgs/applications/science/logic/prover9/default.nix index f6ec3b840ac..9c09ea3db98 100644 --- a/pkgs/applications/science/logic/prover9/default.nix +++ b/pkgs/applications/science/logic/prover9/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "1l2i3d3h5z7nnbzilb6z92r0rbx0kh6yaxn2c5qhn3000xcfsay3"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' RM=$(type -tp rm) diff --git a/pkgs/applications/science/math/cbc/default.nix b/pkgs/applications/science/math/cbc/default.nix index f294750928e..7643c912db4 100644 --- a/pkgs/applications/science/math/cbc/default.nix +++ b/pkgs/applications/science/math/cbc/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation { enableParallelBuilding = true; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ zlib bzip2 ]; diff --git a/pkgs/applications/science/math/perseus/default.nix b/pkgs/applications/science/math/perseus/default.nix index d2694392efa..ae63716f106 100644 --- a/pkgs/applications/science/math/perseus/default.nix +++ b/pkgs/applications/science/math/perseus/default.nix @@ -5,7 +5,7 @@ stdenv.mkDerivation { version = "4-beta"; buildInputs = [unzip gcc48]; - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; src = fetchurl { url = "http://www.sas.upenn.edu/~vnanda/source/perseus_4_beta.zip"; diff --git a/pkgs/applications/science/math/qalculate-gtk/default.nix b/pkgs/applications/science/math/qalculate-gtk/default.nix index 77026eb490a..d27f998b793 100644 --- a/pkgs/applications/science/math/qalculate-gtk/default.nix +++ b/pkgs/applications/science/math/qalculate-gtk/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0b986x5yny9vrzgxlbyg80b23mxylxv2zz8ppd9svhva6vi8xsm4"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; nativeBuildInputs = [ intltool pkgconfig ]; buildInputs = [ libqalculate gtk gnome2.libglade gnome2.libgnome gnome2.scrollkeeper ]; diff --git a/pkgs/applications/science/math/yacas/default.nix b/pkgs/applications/science/math/yacas/default.nix index af284a2f82e..adf87c4ee5b 100644 --- a/pkgs/applications/science/math/yacas/default.nix +++ b/pkgs/applications/science/math/yacas/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1dmafm3w0lm5w211nwkfzaid1rvvmgskz7k4500pjhgdczi5sd78"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # Perl is only for the documentation nativeBuildInputs = [ perl ]; diff --git a/pkgs/applications/version-management/cvs/default.nix b/pkgs/applications/version-management/cvs/default.nix index 4912ce0b3e6..20d027da1f3 100644 --- a/pkgs/applications/version-management/cvs/default.nix +++ b/pkgs/applications/version-management/cvs/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation { patches = [ ./getcwd-chroot.patch ]; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = '' # Apply the Debian patches. diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index 2799c25527b..4e86e9328c8 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation { sha256 = "1zkbdmh5gvxalr8l1cwnirqq5raijmp2d0s36s6qabrlvqvq2yj7"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ ./docbook2texi.patch diff --git a/pkgs/applications/version-management/git-and-tools/qgit/default.nix b/pkgs/applications/version-management/git-and-tools/qgit/default.nix index 6240baac8f1..6cafe4f9624 100644 --- a/pkgs/applications/version-management/git-and-tools/qgit/default.nix +++ b/pkgs/applications/version-management/git-and-tools/qgit/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [qt libXext libX11]; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = "qmake PREFIX=$out"; diff --git a/pkgs/applications/version-management/redmine/default.nix b/pkgs/applications/version-management/redmine/default.nix index 982dcb1d56b..2f03d582a94 100644 --- a/pkgs/applications/version-management/redmine/default.nix +++ b/pkgs/applications/version-management/redmine/default.nix @@ -11,7 +11,7 @@ in stdenv.mkDerivation rec { sha256 = "0x0zwxyj4dwbk7l64s3lgny10mjf0ba8jwrbafsm4d72sncmacv0"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # taken from redmine (2.5.1-2~bpo70+3) in debian wheezy-backports # needed to separate run-time and build-time directories diff --git a/pkgs/applications/video/aegisub/default.nix b/pkgs/applications/video/aegisub/default.nix index 49e2662adb4..cbaea3eb18b 100644 --- a/pkgs/applications/video/aegisub/default.nix +++ b/pkgs/applications/video/aegisub/default.nix @@ -43,8 +43,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_bindnow = false; - hardening_relro = false; + hardeningDisable = [ "bindnow" "relro" ]; postInstall = "ln -s $out/bin/aegisub-* $out/bin/aegisub"; diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix index 513242271a1..fc3c679d414 100644 --- a/pkgs/applications/virtualization/OVMF/default.nix +++ b/pkgs/applications/virtualization/OVMF/default.nix @@ -17,9 +17,7 @@ stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" { # TODO: properly include openssl for secureBoot buildInputs = [nasm iasl] ++ stdenv.lib.optionals (secureBoot == true) [ openssl ]; - hardening_stackprotector = false; - hardening_pic = false; - hardening_fortify = false; + hardeningDisable = [ "stackprotector" "pic" "fortify" ]; unpackPhase = '' for file in \ diff --git a/pkgs/applications/virtualization/bochs/default.nix b/pkgs/applications/virtualization/bochs/default.nix index 705691b1682..952ae1f922d 100644 --- a/pkgs/applications/virtualization/bochs/default.nix +++ b/pkgs/applications/virtualization/bochs/default.nix @@ -146,7 +146,7 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE="-I${gtk}/include/gtk-2.0/ -I${libtool}/include/"; NIX_LDFLAGS="-L${libtool}/lib"; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "An open-source IA-32 (x86) PC emulator"; diff --git a/pkgs/applications/virtualization/cbfstool/default.nix b/pkgs/applications/virtualization/cbfstool/default.nix index 01832b55292..dc78236677f 100644 --- a/pkgs/applications/virtualization/cbfstool/default.nix +++ b/pkgs/applications/virtualization/cbfstool/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ iasl flex bison ]; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; buildPhase = '' export LEX=${flex}/bin/flex diff --git a/pkgs/applications/virtualization/seabios/default.nix b/pkgs/applications/virtualization/seabios/default.nix index a06523973b7..3bc95a1c392 100644 --- a/pkgs/applications/virtualization/seabios/default.nix +++ b/pkgs/applications/virtualization/seabios/default.nix @@ -12,8 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ iasl python ]; - hardening_pic = false; - hardening_stackprotector = false; + hardeningDisable = [ "pic" "stackprotector" ]; configurePhase = '' # build SeaBIOS for CSM diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix index d579a6445d1..1c85723c395 100644 --- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix +++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation { KERN_DIR = "${kernel.dev}/lib/modules/*/build"; - hardening_pic = false; + hardeningDisable = [ "pic" ]; buildInputs = [ patchelf cdrkit makeWrapper dbus ]; diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 0a3bd3898c2..23c4f34a553 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -75,9 +75,7 @@ stdenv.mkDerivation { pythonPath = [ pythonPackages.curses ]; - hardening_stackprotector = false; - hardening_fortify = false; - hardening_pic = false; + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; patches = stdenv.lib.optionals ((xenserverPatched == false) && (builtins.hasAttr "xenPatches" xenConfig)) xenConfig.xenPatches; diff --git a/pkgs/applications/window-managers/stalonetray/default.nix b/pkgs/applications/window-managers/stalonetray/default.nix index 43d0804222c..3b5af42a8be 100644 --- a/pkgs/applications/window-managers/stalonetray/default.nix +++ b/pkgs/applications/window-managers/stalonetray/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ libX11 xproto ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = with stdenv.lib; { description = "Stand alone tray"; |