Commit graph

6 commits

Author SHA1 Message Date
Niklas Hambüchen
7cfaba911d manual: Hardening: Remove now-nonexistent ArchWiki link.
The page has been replaced by the much more general page
https://wiki.archlinux.org/title/Security#Packages
which is barely talking about hardening flags any more.
2021-07-05 22:57:52 +02:00
Niklas Hambüchen
ac36a0f9eb manual: hardening: Fix disabled flags prose being in previous section
This confused the hell out of me, as I didn't spot the

> The following flags are disabled by default ...

when reading about `pie`, because that sentence was hidden in the
previous hardening flag's section.

Also explain that `pie` hardening is on by default on musl.
2021-07-05 16:32:55 +02:00
Alyssa Ross
b0b5ef7286 stdenv: introduce dontAddStaticConfigureFlags
With removeUnknownConfigureFlags, it's impossible to express a package
that needs --enable-static, but will not accept --disable-shared,
without overriding the result of removeUnknownConfigureFlags _again_
in pkgs/top-level/static.nix.

It would be much better (and more in line with the rest of Nixpkgs) if
we encoded changes needed for static builds in package definitions
themselves, rather than in an ever-expanding list in static.nix.  This
is especially true when doing it in static.nix is going to require
multiple overrides to express what could be expressed with stdenv
options.

So as a step in that direction, and to fix the problem described
above, here I replace removeUnknownConfigureFlags with a new stdenv
option, dontAddStaticConfigureFlags.  With this mechanism, a package
that needs one but not both of the flags just needs to set
dontAddStaticConfigureFlags and then set up configureFlags manually
based on stdenv.hostPlatform.isStatic.
2021-06-11 14:16:05 -07:00
Jan Tojnar
3c78ad2561
doc: Use markdown syntax for xrefs
Syntax is taken from MyST:

https://myst-parser.readthedocs.io/en/latest/using/syntax.html#targets-and-cross-referencing
2021-06-07 06:34:59 +02:00
Jan Tojnar
6ecc641d08
doc: prepare for commonmark
We are still using Pandoc’s Markdown parser, which differs from CommonMark spec slightly.

Notably:
- Line breaks in lists behave differently.
- Admonitions do not support the simpler syntax https://github.com/jgm/commonmark-hs/issues/75
- The auto_identifiers uses a different algorithm – I made the previous ones explicit.
- Languages (classes) of code blocks cannot contain whitespace so we have to use “pycon” alias instead of Python “console” as GitHub’s linguist

While at it, I also fixed the following issues:
- ShellSesssion was used
- Removed some pointless docbook tags.
2021-06-07 06:34:59 +02:00
Jan Tojnar
f854ee87f0
doc: Port stdenv to Markdown
Added the following ids to avoid possible id conflicts from ids auto-generated from titles:

- setup-hook-perl
- setup-hook-python
- setup-hook-pkg-config
- setup-hook-automake
- setup-hook-autoconf
- setup-hook-libxml2
- setup-hook-gdk-pixbuf
2021-03-14 02:18:52 +01:00