diff options
| author | Robert Scott <code@humanleg.org.uk> | 2023-09-03 21:32:36 +0100 |
|---|---|---|
| committer | Robert Scott <code@humanleg.org.uk> | 2023-09-28 21:49:14 +0100 |
| commit | 4c6fd59fcd6a3c5235ed4f946313329cefbed818 (patch) | |
| tree | 9b4b5195e3e54a2174c6a217b7a5d3e085822143 /pkgs/build-support | |
| parent | f0cf83a1a7d32f38b4742f08dbd2b5a13ac4e81f (diff) | |
| download | nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar.gz nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar.bz2 nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar.lz nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar.xz nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.tar.zst nixpkgs-4c6fd59fcd6a3c5235ed4f946313329cefbed818.zip | |
cc-wrapper: ensure NIX_HARDENING_ENABLE fortify3 implies fortify too
even if fortify3 is in hardening_unsupported_flags
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 8d02b4e5124..8cd63e46095 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -10,6 +10,13 @@ for flag in ${NIX_HARDENING_ENABLE_@suffixSalt@-}; do hardeningEnableMap["$flag"]=1 done +# fortify3 implies fortify enablement - make explicit before +# we filter unsupported flags because unsupporting fortify3 +# doesn't mean we should unsupport fortify too +if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then + hardeningEnableMap["fortify"]=1 +fi + # Remove unsupported flags. for flag in @hardening_unsupported_flags@; do unset -v "hardeningEnableMap[$flag]" @@ -19,7 +26,7 @@ for flag in @hardening_unsupported_flags@; do fi done -# make fortify and fortify3 mutually exclusive +# now make fortify and fortify3 mutually exclusive if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then unset -v "hardeningEnableMap['fortify']" fi |