stdenv: Fix hardening default for pkgsMusl to reenable -pie
defaultHardeningFlags is set to enable pie for Musl, but is not actually used because the default is never put into NIX_HARDENING_ENABLE. That still works for cases other than Musl only because NIX_HARDENING_ENABLE is defaulted in the binutils and cc-wrapper setup-hook.sh scripts.
This commit is contained in:
parent
b6b09ac7ae
commit
4e9dc46dea
1 changed files with 1 additions and 1 deletions
|
@ -276,7 +276,7 @@ in rec {
|
||||||
in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
|
in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
|
||||||
} // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
|
} // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
|
||||||
enableParallelChecking = attrs.enableParallelChecking or true;
|
enableParallelChecking = attrs.enableParallelChecking or true;
|
||||||
} // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {
|
} // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
|
||||||
NIX_HARDENING_ENABLE = enabledHardeningOptions;
|
NIX_HARDENING_ENABLE = enabledHardeningOptions;
|
||||||
} // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
|
} // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
|
||||||
requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];
|
requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];
|
||||||
|
|
Loading…
Reference in a new issue