From aff1f4ab948b921ceaf2b81610f2f82454302b4b Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Fri, 26 Feb 2016 18:38:15 +0100 Subject: Use general hardening flag toggle lists The following parameters are now available: * hardeningDisable To disable specific hardening flags * hardeningEnable To enable specific hardening flags Only the cc-wrapper supports this right now, but these may be reused by other wrappers, builders or setup hooks. cc-wrapper supports the following flags: * fortify * stackprotector * pie (disabled by default) * pic * strictoverflow * format * relro * bindnow --- pkgs/applications/misc/epdfview/default.nix | 2 +- pkgs/applications/misc/gkrellm/default.nix | 2 +- pkgs/applications/misc/grip/default.nix | 2 +- pkgs/applications/misc/k2pdfopt/default.nix | 2 +- pkgs/applications/misc/navit/default.nix | 2 +- pkgs/applications/misc/posterazor/default.nix | 2 +- pkgs/applications/misc/sdcv/default.nix | 2 +- pkgs/applications/misc/tasknc/default.nix | 2 +- pkgs/applications/misc/vym/default.nix | 2 +- pkgs/applications/misc/wordnet/default.nix | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) (limited to 'pkgs/applications/misc') diff --git a/pkgs/applications/misc/epdfview/default.nix b/pkgs/applications/misc/epdfview/default.nix index 7810284973f..782ef4ae366 100644 --- a/pkgs/applications/misc/epdfview/default.nix +++ b/pkgs/applications/misc/epdfview/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig gtk poppler ]; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = [ (fetchpatch { name = "epdfview-0.1.8-glib2-headers.patch"; diff --git a/pkgs/applications/misc/gkrellm/default.nix b/pkgs/applications/misc/gkrellm/default.nix index 7c755a4f3d3..cf7fdafd742 100644 --- a/pkgs/applications/misc/gkrellm/default.nix +++ b/pkgs/applications/misc/gkrellm/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { buildInputs = [gettext pkgconfig glib gtk libX11 libSM libICE]; - hardening_format = false; + hardeningDisable = [ "format" ]; # Makefiles are patched to fix references to `/usr/X11R6' and to add # `-lX11' to make sure libX11's store path is in the RPATH. diff --git a/pkgs/applications/misc/grip/default.nix b/pkgs/applications/misc/grip/default.nix index 86127d56b01..e0ece09db18 100644 --- a/pkgs/applications/misc/grip/default.nix +++ b/pkgs/applications/misc/grip/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ gtk glib pkgconfig libgnome libgnomeui vte curl cdparanoia libid3tag ncurses libtool ]; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "GTK+-based audio CD player/ripper"; diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix index dac597fe67c..7c0d615f366 100644 --- a/pkgs/applications/misc/k2pdfopt/default.nix +++ b/pkgs/applications/misc/k2pdfopt/default.nix @@ -31,7 +31,7 @@ in stdenv.mkDerivation rec { openjpeg freetype jbig2dec djvulibre openssl ]; NIX_LDFLAGS = "-lX11 -lXext"; - hardening_format = false; + hardeningDisable = [ "format" ]; k2_pa = ./k2pdfopt.patch; tess_pa = ./tesseract.patch; diff --git a/pkgs/applications/misc/navit/default.nix b/pkgs/applications/misc/navit/default.nix index 67f474cefac..5f70d4b5c44 100644 --- a/pkgs/applications/misc/navit/default.nix +++ b/pkgs/applications/misc/navit/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "1xx62l5srfhh9cfi7n3pxj8hpcgr1rpa0hzfmbrqadzv09z36723"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # 'cvs' is only for the autogen buildInputs = [ pkgconfig gtk SDL fontconfig freetype imlib2 SDL_image mesa diff --git a/pkgs/applications/misc/posterazor/default.nix b/pkgs/applications/misc/posterazor/default.nix index 43da0c92a42..b6d46cf9ed1 100644 --- a/pkgs/applications/misc/posterazor/default.nix +++ b/pkgs/applications/misc/posterazor/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1dqpdk8zl0smdg4fganp3hxb943q40619qmxjlga9jhjc01s7fq5"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ cmake unzip pkgconfig libXpm fltk13 freeimage ]; diff --git a/pkgs/applications/misc/sdcv/default.nix b/pkgs/applications/misc/sdcv/default.nix index 6a768d44958..8e781cd1c02 100644 --- a/pkgs/applications/misc/sdcv/default.nix +++ b/pkgs/applications/misc/sdcv/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { sha256 = "1cnyv7gd1qvz8ma8545d3aq726wxrx4km7ykl97831irx5wz0r51"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; patches = ( if stdenv.isDarwin then [ ./sdcv.cpp.patch-darwin ./utils.hpp.patch ] diff --git a/pkgs/applications/misc/tasknc/default.nix b/pkgs/applications/misc/tasknc/default.nix index d725bba0307..b7b9d36b4cb 100644 --- a/pkgs/applications/misc/tasknc/default.nix +++ b/pkgs/applications/misc/tasknc/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0max5schga9hmf3vfqk2ic91dr6raxglyyjcqchzla280kxn5c28"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # # I know this is ugly, but the Makefile does strange things in this package, diff --git a/pkgs/applications/misc/vym/default.nix b/pkgs/applications/misc/vym/default.nix index a62f7cd2aa6..e595d771ec0 100644 --- a/pkgs/applications/misc/vym/default.nix +++ b/pkgs/applications/misc/vym/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig qt4 ]; - hardening_format = false; + hardeningDisable = [ "format" ]; configurePhase = '' qmake PREFIX="$out" diff --git a/pkgs/applications/misc/wordnet/default.nix b/pkgs/applications/misc/wordnet/default.nix index d5edf2a4d58..2f98bc66e9b 100644 --- a/pkgs/applications/misc/wordnet/default.nix +++ b/pkgs/applications/misc/wordnet/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation { buildInputs = [tcl tk xlibsWrapper makeWrapper]; - hardening_format = false; + hardeningDisable = [ "format" ]; patchPhase = '' sed "13i#define USE_INTERP_RESULT 1" -i src/stubs.c -- cgit 1.4.1