summary refs log tree commit diff
path: root/pkgs/stdenv
diff options
context:
space:
mode:
authorgithub-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>2021-03-24 00:41:10 +0000
committerGitHub <noreply@github.com>2021-03-24 00:41:10 +0000
commit2417360191bb320dc34c6c7b2c403a23c832b3f9 (patch)
treeb647c61336739722c8eb93d4e5b876f7079cb28d /pkgs/stdenv
parentca7fa2ef7bc14112069ce78edd705a0d5d4745ff (diff)
parent9677d30d773021b9237e8130f5ba2879bf954354 (diff)
downloadnixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar.gz
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar.bz2
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar.lz
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar.xz
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.tar.zst
nixpkgs-2417360191bb320dc34c6c7b2c403a23c832b3f9.zip
Merge master into staging-next
Diffstat (limited to 'pkgs/stdenv')
-rw-r--r--pkgs/stdenv/generic/make-derivation.nix7


1 files changed, 6 insertions, 1 deletions
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
index 19c3d8965a7..2b89b37f786 100644
--- a/pkgs/stdenv/generic/make-derivation.nix
+++ b/pkgs/stdenv/generic/make-derivation.nix
@@ -106,7 +106,12 @@ in rec {
                                       ++ depsTargetTarget ++ depsTargetTargetPropagated) == 0;
       dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || (stdenv.noCC or false);
       supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
-      defaultHardeningFlags = if stdenv.hostPlatform.isMusl
+                              # Musl-based platforms will keep "pie", other platforms will not.
+      defaultHardeningFlags = if stdenv.hostPlatform.isMusl &&
+                                # Except when:
+                                #    - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries.
+                                #    - static armv7l, where compilation fails.
+                                !((stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isAarch32) && stdenv.hostPlatform.isStatic)
                               then supportedHardeningFlags
                               else lib.remove "pie" supportedHardeningFlags;
       enabledHardeningOptions =

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-01 15:50:32 +0000