diff options
Diffstat (limited to 'pkgs/build-support')
| -rw-r--r-- | pkgs/build-support/bintools-wrapper/add-hardening.sh | 2 | ||||
| -rw-r--r-- | pkgs/build-support/setup-hooks/auto-patchelf.sh | 1 |
2 files changed, 2 insertions, 1 deletions
diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh index 5e49b7bd905..4d289a334b7 100644 --- a/pkgs/build-support/bintools-wrapper/add-hardening.sh +++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh @@ -37,7 +37,7 @@ fi for flag in "${!hardeningEnableMap[@]}"; do case $flag in pie) - if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static " || "$*" =~ " -r " || "$*" =~ " -Ur " || "$*" =~ " -i ") ]]; then if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi hardeningLDFlags+=('-pie') fi diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 511371931de..70b1fc802b5 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -29,6 +29,7 @@ isExecutable() { isExeResult="$(LANG=C $READELF -h -l "$1" 2> /dev/null \ | grep '^ *Type: *EXEC\>\|^ *INTERP\>')" # not using grep -q, because it can cause Broken pipe + # https://unix.stackexchange.com/questions/305547/broken-pipe-when-grepping-output-but-only-with-i-flag [ -n "$isExeResult" ] } |