diff options
Diffstat (limited to 'pkgs/os-specific/linux')
32 files changed, 35 insertions, 39 deletions
diff --git a/pkgs/os-specific/linux/acpi-call/default.nix b/pkgs/os-specific/linux/acpi-call/default.nix index 05a5549fae2..65223a32bad 100644 --- a/pkgs/os-specific/linux/acpi-call/default.nix +++ b/pkgs/os-specific/linux/acpi-call/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation { sha256 = "0jl19irz9x9pxab2qp4z8c3jijv2m30zhmnzi6ygbrisqqlg4c75"; }; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preBuild = '' sed -e 's/break/true/' -i examples/turn_off_gpu.sh diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix index 41c4f48ddb8..aabd36f945f 100644 --- a/pkgs/os-specific/linux/batman-adv/default.nix +++ b/pkgs/os-specific/linux/batman-adv/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "0r5faf12ifpj8h1fklkzvy4ck359cadk8xh1l3n7vimh67hxbxbz"; }; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preBuild = '' makeFlags="KERNELPATH=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/pkgs/os-specific/linux/bbswitch/default.nix b/pkgs/os-specific/linux/bbswitch/default.nix index 2c91bfbd10f..67b843fac4d 100644 --- a/pkgs/os-specific/linux/bbswitch/default.nix +++ b/pkgs/os-specific/linux/bbswitch/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation { sha256 = "1lbr6pyyby4k9rn2ry5qc38kc738d0442jhhq57vmdjb6hxjya7m"; }) ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preBuild = '' substituteInPlace Makefile \ diff --git a/pkgs/os-specific/linux/blcr/default.nix b/pkgs/os-specific/linux/blcr/default.nix index 78a576234ac..c2e3fa4b9e1 100644 --- a/pkgs/os-specific/linux/blcr/default.nix +++ b/pkgs/os-specific/linux/blcr/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation { buildInputs = [ perl makeWrapper ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' configureFlagsArray=( diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index cc3cfe2465d..2785a57ac8a 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { sha256 = "16ii9sqracvh2r1gfzhmlypl269nnbkpvrwa7270k35d3bigk9h5"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ ./busybox-in-store.patch ]; diff --git a/pkgs/os-specific/linux/criu/default.nix b/pkgs/os-specific/linux/criu/default.nix index aacdfc496ee..6567e478636 100644 --- a/pkgs/os-specific/linux/criu/default.nix +++ b/pkgs/os-specific/linux/criu/default.nix @@ -23,7 +23,8 @@ stdenv.mkDerivation rec { configurePhase = "make config PREFIX=$out"; makeFlags = "PREFIX=$(out)"; - hardening_stackprotector = false; + + hardeningDisable = [ "stackprotector" ]; installPhase = '' mkdir -p $out/etc/logrotate.d diff --git a/pkgs/os-specific/linux/dietlibc/default.nix b/pkgs/os-specific/linux/dietlibc/default.nix index 09d7651c249..7a2d94100fa 100644 --- a/pkgs/os-specific/linux/dietlibc/default.nix +++ b/pkgs/os-specific/linux/dietlibc/default.nix @@ -12,7 +12,8 @@ stdenv.mkDerivation { inherit glibc; kernelHeaders = glibc.linuxHeaders; - hardening_stackprotector = false; + + hardeningDisable = [ "stackprotector" ]; patches = [ diff --git a/pkgs/os-specific/linux/disk-indicator/default.nix b/pkgs/os-specific/linux/disk-indicator/default.nix index 8eba742ebfb..4c2d0c88576 100644 --- a/pkgs/os-specific/linux/disk-indicator/default.nix +++ b/pkgs/os-specific/linux/disk-indicator/default.nix @@ -19,7 +19,8 @@ stdenv.mkDerivation { buildPhase = "make -f makefile"; NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; - hardening_fortify = false; + + hardeningDisable = [ "fortify" ]; installPhase = '' mkdir -p "$out/bin" diff --git a/pkgs/os-specific/linux/facetimehd/default.nix b/pkgs/os-specific/linux/facetimehd/default.nix index 48494bd6b18..b25a65b2ab4 100644 --- a/pkgs/os-specific/linux/facetimehd/default.nix +++ b/pkgs/os-specific/linux/facetimehd/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { export INSTALL_MOD_PATH="$out" ''; - hardening_pic = false; + hardeningDisable = [ "pic" ]; makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/pkgs/os-specific/linux/gogoclient/default.nix b/pkgs/os-specific/linux/gogoclient/default.nix index 93c334b9593..e86c751331b 100644 --- a/pkgs/os-specific/linux/gogoclient/default.nix +++ b/pkgs/os-specific/linux/gogoclient/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { makeFlags = ["target=linux"]; installFlags = ["installdir=$(out)"]; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [openssl]; diff --git a/pkgs/os-specific/linux/ifenslave/default.nix b/pkgs/os-specific/linux/ifenslave/default.nix index a5cd2411819..b9390d1d589 100644 --- a/pkgs/os-specific/linux/ifenslave/default.nix +++ b/pkgs/os-specific/linux/ifenslave/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { cp -a ifenslave $out/bin ''; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "Utility for enslaving networking interfaces under a bond"; diff --git a/pkgs/os-specific/linux/jool/default.nix b/pkgs/os-specific/linux/jool/default.nix index 7c956e3c244..79094ebb3e3 100644 --- a/pkgs/os-specific/linux/jool/default.nix +++ b/pkgs/os-specific/linux/jool/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation { src = sourceAttrs.src; - hardening_pic = false; + hardeningDisable = [ "pic" ]; prePatch = '' sed -e 's@/lib/modules/\$(.*)@${kernel.dev}/lib/modules/${kernel.modDirVersion}@' -i mod/*/Makefile diff --git a/pkgs/os-specific/linux/kernel-headers/3.18.nix b/pkgs/os-specific/linux/kernel-headers/3.18.nix index be54d7a4e6a..22650747ba2 100644 --- a/pkgs/os-specific/linux/kernel-headers/3.18.nix +++ b/pkgs/os-specific/linux/kernel-headers/3.18.nix @@ -35,7 +35,7 @@ stdenv.mkDerivation { buildInputs = [perl]; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; extraIncludeDirs = if cross != null then diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix index 5a22b5e2432..85a4b98982a 100644 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ b/pkgs/os-specific/linux/kernel/manual-config.nix @@ -225,16 +225,12 @@ stdenv.mkDerivation ((drvAttrs config stdenv.platform (kernelPatches ++ nativeKe nativeBuildInputs = [ perl bc nettools openssl ] ++ optional (stdenv.platform.uboot != null) (ubootChooser stdenv.platform.uboot); - hardening_format = false; - hardening_fortify = false; - hardening_stackprotector = false; + hardeningDisable = [ "format" "fortify" "stackprotector" "pic" ]; makeFlags = commonMakeFlags ++ [ "ARCH=${stdenv.platform.kernelArch}" ]; - hardening_pic = false; - karch = stdenv.platform.kernelArch; crossAttrs = let cp = stdenv.cross.platform; in diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix index 98593ea85a9..d1a2fabf814 100644 --- a/pkgs/os-specific/linux/kexectools/default.nix +++ b/pkgs/os-specific/linux/kexectools/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { sha256 = "1qrfka9xvy77k0rg3k0cf7xai0f9vpgsbs4l3bs8r4nvzy37j2di"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ zlib ]; diff --git a/pkgs/os-specific/linux/klibc/default.nix b/pkgs/os-specific/linux/klibc/default.nix index b05b0dc4463..ffa381d0f29 100644 --- a/pkgs/os-specific/linux/klibc/default.nix +++ b/pkgs/os-specific/linux/klibc/default.nix @@ -21,8 +21,7 @@ stdenv.mkDerivation { nativeBuildInputs = [ perl ]; - hardening_format = false; - hardening_stackprotector = false; + hardeningDisable = [ "format" "stackprotector" ]; makeFlags = commonMakeFlags ++ [ "KLIBCARCH=${stdenv.platform.kernelArch}" diff --git a/pkgs/os-specific/linux/lttng-modules/default.nix b/pkgs/os-specific/linux/lttng-modules/default.nix index f6a5e30afa0..0bcc6dd5143 100644 --- a/pkgs/os-specific/linux/lttng-modules/default.nix +++ b/pkgs/os-specific/linux/lttng-modules/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "0sk7cyjf5ylmxqrrrz5zmmw4c0dmxh1f98aj870gmcnxfa76y4mx"; }; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' export KERNELDIR="${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" diff --git a/pkgs/os-specific/linux/multipath-tools/default.nix b/pkgs/os-specific/linux/multipath-tools/default.nix index 8aee4b73fdd..409eb31e14f 100644 --- a/pkgs/os-specific/linux/multipath-tools/default.nix +++ b/pkgs/os-specific/linux/multipath-tools/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1yd6l1l1c62xjr1xnij2x49kr416anbgfs4y06r86kp9hkmz2g7i"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; postPatch = '' sed -i -re ' diff --git a/pkgs/os-specific/linux/netatop/default.nix b/pkgs/os-specific/linux/netatop/default.nix index e95cd4e133c..35781dc7f95 100644 --- a/pkgs/os-specific/linux/netatop/default.nix +++ b/pkgs/os-specific/linux/netatop/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation { buildInputs = [ zlib ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' patchShebangs mkversion diff --git a/pkgs/os-specific/linux/numad/default.nix b/pkgs/os-specific/linux/numad/default.nix index 959de19ead2..7310e7e36ad 100644 --- a/pkgs/os-specific/linux/numad/default.nix +++ b/pkgs/os-specific/linux/numad/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "08zd1yc3w00yv4mvvz5sq1gf91f6p2s9ljcd72m33xgnkglj60v4"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ ./numad-linker-flags.patch diff --git a/pkgs/os-specific/linux/paxctl/default.nix b/pkgs/os-specific/linux/paxctl/default.nix index 50aa77104c2..7ef98eb2353 100644 --- a/pkgs/os-specific/linux/paxctl/default.nix +++ b/pkgs/os-specific/linux/paxctl/default.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { ]; # FIXME needs gcc 4.9 in bootstrap tools - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; setupHook = ./setup-hook.sh; diff --git a/pkgs/os-specific/linux/phc-intel/default.nix b/pkgs/os-specific/linux/phc-intel/default.nix index 56ff6c473b4..56c12e9a4f0 100644 --- a/pkgs/os-specific/linux/phc-intel/default.nix +++ b/pkgs/os-specific/linux/phc-intel/default.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation rec { buildInputs = [ which ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; makeFlags = with kernel; [ "DESTDIR=$(out)" diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 5a03df98346..102b935be29 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { sha256 = "14ifhplawipfd6971mxw76dv3ygwc0n8sbz2l3f0vvkin6x88bsj"; }; - hardening_pic = false; + hardeningDisable = [ "pic" ]; patchPhase = '' substituteInPlace ./Makefile --replace /lib/modules/ "${kernel.dev}/lib/modules/" diff --git a/pkgs/os-specific/linux/setools/default.nix b/pkgs/os-specific/linux/setools/default.nix index 6e8d9d3cf7a..5f539b9a97e 100644 --- a/pkgs/os-specific/linux/setools/default.nix +++ b/pkgs/os-specific/linux/setools/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { "--with-tcl=${tcl}/lib" ]; - hardening_format = false; + hardeningDisable = [ "format" ]; NIX_CFLAGS_COMPILE = "-fstack-protector-all"; NIX_LDFLAGS = "-L${libsepol}/lib -L${libselinux}/lib"; diff --git a/pkgs/os-specific/linux/spl/default.nix b/pkgs/os-specific/linux/spl/default.nix index 67e2f16848b..3fbfa4fdc53 100644 --- a/pkgs/os-specific/linux/spl/default.nix +++ b/pkgs/os-specific/linux/spl/default.nix @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { buildInputs = [ autoconf automake libtool ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' ./autogen.sh diff --git a/pkgs/os-specific/linux/sysdig/default.nix b/pkgs/os-specific/linux/sysdig/default.nix index 00f9a66f0cd..358f7d38efa 100644 --- a/pkgs/os-specific/linux/sysdig/default.nix +++ b/pkgs/os-specific/linux/sysdig/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { cmake zlib luajit ncurses perl jsoncpp libb64 openssl curl ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; cmakeFlags = [ "-DUSE_BUNDLED_DEPS=OFF" diff --git a/pkgs/os-specific/linux/syslinux/default.nix b/pkgs/os-specific/linux/syslinux/default.nix index 3ace0f5c5ed..a68ab9c478c 100644 --- a/pkgs/os-specific/linux/syslinux/default.nix +++ b/pkgs/os-specific/linux/syslinux/default.nix @@ -16,8 +16,7 @@ stdenv.mkDerivation rec { buildInputs = [ libuuid makeWrapper ]; enableParallelBuilding = false; # Fails very rarely with 'No rule to make target: ...' - hardening_stackprotector = false; - hardening_pic = false; + hardeningDisable = [ "pic" "stackprotector" ]; preBuild = '' substituteInPlace Makefile --replace /bin/pwd $(type -P pwd) diff --git a/pkgs/os-specific/linux/tp_smapi/default.nix b/pkgs/os-specific/linux/tp_smapi/default.nix index 116a0344450..dceb777ad72 100644 --- a/pkgs/os-specific/linux/tp_smapi/default.nix +++ b/pkgs/os-specific/linux/tp_smapi/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "6aef02b92d10360ac9be0db29ae390636be55017990063a092a285c70b54e666"; }; - hardening_pic = false; + hardeningDisable = [ "pic" ]; makeFlags = [ "KBASE=${kernel.dev}/lib/modules/${kernel.modDirVersion}" diff --git a/pkgs/os-specific/linux/v4l2loopback/default.nix b/pkgs/os-specific/linux/v4l2loopback/default.nix index 8b44f3388d3..376a407d993 100644 --- a/pkgs/os-specific/linux/v4l2loopback/default.nix +++ b/pkgs/os-specific/linux/v4l2loopback/default.nix @@ -9,8 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1crkhxlnskqrfj3f7jmiiyi5m75zmj7n0s26xz07wcwdzdf2p568"; }; - hardening_pic = false; - hardening_format = false; + hardeningDisable = [ "format" "pic" ]; preBuild = '' substituteInPlace Makefile --replace "modules_install" "INSTALL_MOD_PATH=$out modules_install" diff --git a/pkgs/os-specific/linux/v86d/default.nix b/pkgs/os-specific/linux/v86d/default.nix index 17255aa1283..073a6ded998 100644 --- a/pkgs/os-specific/linux/v86d/default.nix +++ b/pkgs/os-specific/linux/v86d/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-klibc" "--with-x86emu" ]; - hardening_stackprotector = false; + hardeningDisable = [ "stackprotector" ]; makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/source" diff --git a/pkgs/os-specific/linux/xf86-video-nested/default.nix b/pkgs/os-specific/linux/xf86-video-nested/default.nix index 96f353a64da..8b712553be9 100644 --- a/pkgs/os-specific/linux/xf86-video-nested/default.nix +++ b/pkgs/os-specific/linux/xf86-video-nested/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { pkgconfig renderproto utilmacros xorgserver ]; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; CFLAGS = "-I${pixman}/include/pixman-1"; diff --git a/pkgs/os-specific/linux/zfs/default.nix b/pkgs/os-specific/linux/zfs/default.nix index 0a61bdcea85..c49f393dd16 100644 --- a/pkgs/os-specific/linux/zfs/default.nix +++ b/pkgs/os-specific/linux/zfs/default.nix @@ -38,7 +38,7 @@ stdenv.mkDerivation rec { # for zdb to get the rpath to libgcc_s, needed for pthread_cancel to work NIX_CFLAGS_LINK = "-lgcc_s"; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' substituteInPlace ./module/zfs/zfs_ctldir.c --replace "umount -t zfs" "${utillinux}/bin/umount -t zfs" |