stdenv: Fix hardening default for pkgsMusl to reenable -pie

defaultHardeningFlags is set to enable pie for Musl, but is not
actually used because the default is never put into
NIX_HARDENING_ENABLE. That still works for cases other than Musl
only because NIX_HARDENING_ENABLE is defaulted in the binutils and
cc-wrapper setup-hook.sh scripts.
This commit is contained in:
Nathan Hawkins 2020-10-24 22:34:50 +00:00
parent b6b09ac7ae
commit 4e9dc46dea

View file

@ -276,7 +276,7 @@ in rec {
in [ "--cross-file=${crossFile}" ] ++ mesonFlags; in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
} // lib.optionalAttrs (attrs.enableParallelBuilding or false) { } // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
enableParallelChecking = attrs.enableParallelChecking or true; enableParallelChecking = attrs.enableParallelChecking or true;
} // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) { } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
NIX_HARDENING_ENABLE = enabledHardeningOptions; NIX_HARDENING_ENABLE = enabledHardeningOptions;
} // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) { } // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ]; requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];