commit e0d2053b87da7184b60256bae136c4c54a53a3d9 · pyrox.dev/nixpkgs

+5 -5

pkgs/build-support/bintools-wrapper/add-hardening.sh

···

       37
       37
        
       for flag in "${!hardeningEnableMap[@]}"; do

     

       38
       38
        
         case $flag in

     

       39
       39
        
           pie)

     

       40
       40
       -
             if [[ ! (" $* " =~ " -shared " \

     

       41
       41
       -
                   || " $* " =~ " -static " \

     

       42
       42
       -
                   || " $* " =~ " -r " \

     

       43
       43
       -
                   || " $* " =~ " -Ur " \

     

       44
       44
       -
                   || " $* " =~ " -i ") ]]; then

     

       40
       40
       +
             if [[ ! (" ${params[*]} " =~ " -shared " \

     

       41
       41
       +
                   || " ${params[*]} " =~ " -static " \

     

       42
       42
       +
                   || " ${params[*]} " =~ " -r " \

     

       43
       43
       +
                   || " ${params[*]} " =~ " -Ur " \

     

       44
       44
       +
                   || " ${params[*]} " =~ " -i ") ]]; then

     

       45
       45
        
               if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi

     

       46
       46
        
               hardeningLDFlags+=('-pie')

     

       47
       47
        
             fi

+1 -1

pkgs/build-support/cc-wrapper/add-hardening.sh

···

       71
       71
        
             # NB: we do not use `+=` here, because PIE flags must occur before any PIC flags

     

       72
       72
        
             if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi

     

       73
       73
        
             hardeningCFlags=('-fPIE' "${hardeningCFlags[@]}")

     

       74
       74
       -
             if [[ ! (" $* " =~ " -shared " || " $* " =~ " -static ") ]]; then

     

       74
       74
       +
             if [[ ! (" ${params[*]} " =~ " -shared " || " ${params[*]} " =~ " -static ") ]]; then

     

       75
       75
        
               if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi

     

       76
       76
        
               hardeningCFlags=('-pie' "${hardeningCFlags[@]}")

     

       77
       77
        
             fi