From f6d3b7a2ae01ccd9934a6437915acd3eade2a184 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Sat, 23 Jan 2016 21:19:59 +0000
Subject: switch hardening flags

---
 pkgs/development/compilers/dev86/default.nix              | 2 +-
 pkgs/development/compilers/gcc/4.5/default.nix            | 2 +-
 pkgs/development/compilers/gcc/4.9/default.nix            | 2 +-
 pkgs/development/compilers/go/1.4.nix                     | 2 +-
 pkgs/development/compilers/go/1.5.nix                     | 2 +-
 pkgs/development/haskell-modules/configuration-common.nix | 2 +-
 pkgs/development/libraries/CoinMP/default.nix             | 2 +-
 pkgs/development/libraries/audio/libbs2b/default.nix      | 2 +-
 pkgs/development/libraries/fribidi/default.nix            | 2 +-
 pkgs/development/libraries/gd/default.nix                 | 2 +-
 pkgs/development/libraries/gettext/default.nix            | 2 +-
 pkgs/development/libraries/giflib/libungif.nix            | 2 +-
 pkgs/development/libraries/glibc/common.nix               | 2 +-
 pkgs/development/libraries/glibc/default.nix              | 3 ++-
 pkgs/development/libraries/gnu-efi/default.nix            | 2 --
 pkgs/development/libraries/libelf/default.nix             | 2 +-
 pkgs/development/libraries/libgphoto2/default.nix         | 2 +-
 pkgs/development/libraries/libvisual/default.nix          | 2 +-
 pkgs/development/libraries/pupnp/default.nix              | 2 +-
 pkgs/development/libraries/speechd/default.nix            | 2 +-
 pkgs/development/tools/misc/elfutils/default.nix          | 2 +-
 21 files changed, 21 insertions(+), 22 deletions(-)

(limited to 'pkgs/development')

diff --git a/pkgs/development/compilers/dev86/default.nix b/pkgs/development/compilers/dev86/default.nix
index b8083c9ed6b..0ee0a622b1e 100644
--- a/pkgs/development/compilers/dev86/default.nix
+++ b/pkgs/development/compilers/dev86/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
     sha256 = "33398b87ca85e2b69e4062cf59f2f7354af46da5edcba036c6f97bae17b8d00e";
   };
 
-  noHardening_format = true;
+  hardening_format = false;
 
   makeFlags = "PREFIX=$(out)";
 
diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix
index 4f1b017302a..8c4afb31c50 100644
--- a/pkgs/development/compilers/gcc/4.5/default.nix
+++ b/pkgs/development/compilers/gcc/4.5/default.nix
@@ -134,7 +134,7 @@ stdenv.mkDerivation ({
     inherit langC langCC langFortran langJava langAda;
   };
 
-  noHardening_all = true;
+  #hardening_all = false;
 
   patches =
     [ ]
diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix
index c7d63099be1..1d97a66008c 100644
--- a/pkgs/development/compilers/gcc/4.9/default.nix
+++ b/pkgs/development/compilers/gcc/4.9/default.nix
@@ -218,7 +218,7 @@ stdenv.mkDerivation ({
 
   inherit patches;
 
-  noHardening_format = true;
+  hardening_format = false;
 
   postPatch =
     if (stdenv.isGNU
diff --git a/pkgs/development/compilers/go/1.4.nix b/pkgs/development/compilers/go/1.4.nix
index fdfc9d45646..0d2d2ae2857 100644
--- a/pkgs/development/compilers/go/1.4.nix
+++ b/pkgs/development/compilers/go/1.4.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pcre ];
   propagatedBuildInputs = lib.optional stdenv.isDarwin Security;
 
-  noHardening_all = true;
+  #hardening_all = false;
 
   # I'm not sure what go wants from its 'src', but the go installation manual
   # describes an installation keeping the src.
diff --git a/pkgs/development/compilers/go/1.5.nix b/pkgs/development/compilers/go/1.5.nix
index 26ffabced6a..750aec567a8 100644
--- a/pkgs/development/compilers/go/1.5.nix
+++ b/pkgs/development/compilers/go/1.5.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
     Security Foundation
   ];
 
-  noHardening_all = true;
+  #hardening_all = false;
 
   # I'm not sure what go wants from its 'src', but the go installation manual
   # describes an installation keeping the src.
diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix
index 1982ca21802..25f2f1b6440 100644
--- a/pkgs/development/haskell-modules/configuration-common.nix
+++ b/pkgs/development/haskell-modules/configuration-common.nix
@@ -45,7 +45,7 @@ self: super: {
   options = dontCheck super.options;
   statistics = dontCheck super.statistics;
   c2hs = let c2hs_ = pkgs.stdenv.lib.overrideDerivation super.c2hs (drv: {
-        noHardening_format = true;
+        hardening_format = false;
         doCheck = false;
       });
     in if pkgs.stdenv.isDarwin then dontCheck c2hs_ else c2hs_;
diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix
index bdd380fd4b8..be44ef62885 100644
--- a/pkgs/development/libraries/CoinMP/default.nix
+++ b/pkgs/development/libraries/CoinMP/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6";
   };
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = with stdenv.lib; {
     homepage = https://projects.coin-or.org/CoinMP/;
diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix
index e9a13b6ff87..4a64bc260bd 100644
--- a/pkgs/development/libraries/audio/libbs2b/default.nix
+++ b/pkgs/development/libraries/audio/libbs2b/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig libsndfile ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = {
     homepage = "http://bs2b.sourceforge.net/";
diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix
index 5d0e451c54c..09828665541 100644
--- a/pkgs/development/libraries/fribidi/default.nix
+++ b/pkgs/development/libraries/fribidi/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
     sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b";
   };
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = with stdenv.lib; {
     homepage = http://fribidi.org/;
diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix
index 5ca1de273b4..a24a8416866 100644
--- a/pkgs/development/libraries/gd/default.nix
+++ b/pkgs/development/libraries/gd/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   propagatedBuildInputs = [libjpeg fontconfig]; # urgh
 
-  noHardening_format = true;
+  hardening_format = false;
 
   configureFlags = "--without-x";
 
diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix
index cbdb448723a..566263c15ed 100644
--- a/pkgs/development/libraries/gettext/default.nix
+++ b/pkgs/development/libraries/gettext/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation (rec {
 
   outputs = [ "out" "doc" ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else "";
 
diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix
index 45384b825c1..1cc4ae0201b 100644
--- a/pkgs/development/libraries/giflib/libungif.nix
+++ b/pkgs/development/libraries/giflib/libungif.nix
@@ -7,6 +7,6 @@ stdenv.mkDerivation {
     md5 = "efdfcf8e32e35740288a8c5625a70ccb";
   };
 
-  noHardening_format = true;
+  hardening_format = false;
 }
 
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index 6e9aa497f77..2c13ac59146 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -214,7 +214,7 @@ stdenv.mkDerivation ({
 }
 
 // stdenv.lib.optionalAttrs (name == "glibc-locales") {
-  noHardening_stackprotector = true;
+  hardening_stackprotector = false;
 }
 
 // stdenv.lib.optionalAttrs (hurdHeaders != null) {
diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix
index a2ecedbe7e9..f9096084bd2 100644
--- a/pkgs/development/libraries/glibc/default.nix
+++ b/pkgs/development/libraries/glibc/default.nix
@@ -25,7 +25,8 @@ in
 
     builder = ./builder.sh;
 
-    noHardening_all = true;
+    hardening_stackprotector = false;
+    hardening_fortify = false;
 
     # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for
     # any program we run, because the gcc will have been placed at a new
diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix
index e6209ad93f6..e674aae2b58 100644
--- a/pkgs/development/libraries/gnu-efi/default.nix
+++ b/pkgs/development/libraries/gnu-efi/default.nix
@@ -9,8 +9,6 @@ stdenv.mkDerivation rec {
     sha256 = "1jxlypkgb8bd1c114x96i699ib0glb5aca9dv56j377x2ldg4c65";
   };
 
-  noHardening_all = true;
-
   buildInputs = [ pciutils ];
 
   makeFlags = [
diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix
index 048902f4fc4..88bce7f8661 100644
--- a/pkgs/development/libraries/libelf/default.nix
+++ b/pkgs/development/libraries/libelf/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation (rec {
   };
 
   doCheck = true;
-  
+
   # For cross-compiling, native glibc is needed for the "gencat" program.
   crossAttrs = {
     nativeBuildInputs = [ glibc ];
diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix
index 3df793df73f..682a42e2db9 100644
--- a/pkgs/development/libraries/libgphoto2/default.nix
+++ b/pkgs/development/libraries/libgphoto2/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
   # These are mentioned in the Requires line of libgphoto's pkg-config file.
   propagatedBuildInputs = [ libexif ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = {
     homepage = http://www.gphoto.org/proj/libgphoto2/;
diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix
index a2c9c52937e..a9320f1af7b 100644
--- a/pkgs/development/libraries/libvisual/default.nix
+++ b/pkgs/development/libraries/libvisual/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig glib ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = {
     description = "An abstraction library for audio visualisations";
diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix
index 267b434da52..430a09aeede 100644
--- a/pkgs/development/libraries/pupnp/default.nix
+++ b/pkgs/development/libraries/pupnp/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k";
   };
 
-  noHardening_all = true;
+  #hardening_all = false;
 
   meta = {
     description = "libupnp, an open source UPnP development kit for Linux";
diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix
index cbd731aef68..d94b4159e93 100644
--- a/pkgs/development/libraries/speechd/default.nix
+++ b/pkgs/development/libraries/speechd/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ dotconf glib pkgconfig ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   meta = {
     description = "Common interface to speech synthesis";
diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix
index a412d7e537c..464ad791095 100644
--- a/pkgs/development/tools/misc/elfutils/default.nix
+++ b/pkgs/development/tools/misc/elfutils/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./glibc-2.21.patch ];
 
-  noHardening_format = true;
+  hardening_format = false;
 
   # We need bzip2 in NativeInputs because otherwise we can't unpack the src,
   # as the host-bzip2 will be in the path.
-- 
cgit 1.4.1