diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2018-04-10 15:44:55 -0400 |
|---|---|---|
| committer | Charles Strahan <charles@cstrahan.com> | 2018-04-10 16:33:47 -0400 |
| commit | ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f (patch) | |
| tree | 02f02e9431ad2a25989c2d1cff1c7422772632e9 /pkgs/build-support/cc-wrapper | |
| parent | 21818ae592a10ec5067cdb396e209099cf7eb020 (diff) | |
| download | nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar.gz nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar.bz2 nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar.lz nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar.xz nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.tar.zst nixpkgs-ac4d74b6d9af98a47bafad27c47c52fd1ce1d53f.zip | |
hardening: Reindent
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
| -rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 68 |
1 files changed, 34 insertions, 34 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index e33399f0b62..026e4867144 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -35,38 +35,38 @@ if (( "${NIX_DEBUG:-0}" >= 1 )); then fi for flag in "${!hardeningEnableMap[@]}"; do - case $flag in - fortify) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi - hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') - ;; - stackprotector) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi - hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') - ;; - pie) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi - hardeningCFlags+=('-fPIE') - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi - hardeningCFlags+=('-pie') - fi - ;; - pic) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi - hardeningCFlags+=('-fPIC') - ;; - strictoverflow) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi - hardeningCFlags+=('-fno-strict-overflow') - ;; - format) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi - hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') - ;; - *) - # Ignore unsupported. Checked in Nix that at least *some* - # tool supports each flag. - ;; - esac + case $flag in + fortify) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi + hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') + ;; + stackprotector) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi + hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4') + ;; + pie) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi + hardeningCFlags+=('-fPIE') + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi + hardeningCFlags+=('-pie') + fi + ;; + pic) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi + hardeningCFlags+=('-fPIC') + ;; + strictoverflow) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi + hardeningCFlags+=('-fno-strict-overflow') + ;; + format) + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi + hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') + ;; + *) + # Ignore unsupported. Checked in Nix that at least *some* + # tool supports each flag. + ;; + esac done |