Commit 4e9dc46d authored by Nathan Hawkins's avatar Nathan Hawkins
Browse files

stdenv: Fix hardening default for pkgsMusl to reenable -pie 

defaultHardeningFlags is set to enable pie for Musl, but is not
actually used because the default is never put into
NIX_HARDENING_ENABLE. That still works for cases other than Musl
only because NIX_HARDENING_ENABLE is defaulted in the binutils and
cc-wrapper setup-hook.sh scripts.
parent b6b09ac7

pkgs/stdenv/generic/make-derivation.nix

+1 −1
Original line number Diff line number Diff line
@@ -276,7 +276,7 @@ in rec { 
          in [ "--cross-file=${crossFile}" ] ++ mesonFlags;

        } // lib.optionalAttrs (attrs.enableParallelBuilding or false) {

          enableParallelChecking = attrs.enableParallelChecking or true;

        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {

        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {

          NIX_HARDENING_ENABLE = enabledHardeningOptions;

        } // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {

          requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];