diff options
author | Sergei Trofimovich <slyich@gmail.com> | 2022-04-18 14:51:00 +0100 |
---|---|---|
committer | Sergei Trofimovich <slyich@gmail.com> | 2022-04-18 16:06:50 +0100 |
commit | bf990cc3cc687f53b70497d282725b3cc77f0347 (patch) | |
tree | 676b90e96a41b026a42c0e202d3d6b68e0c50ea6 | |
parent | bc23b0571284140b8a08b83b5fccb3923afbfe51 (diff) |
glibc: unconditionally disable pie
glibc already has to be careful not to create extra dynamic relocations in ld.so. For that it enables -fPIC/-fPIE selectively.
-rw-r--r-- | pkgs/development/libraries/glibc/default.nix | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index 65a622f046736..ba782321559dd 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -40,13 +40,10 @@ callPackage ./common.nix { inherit stdenv; } { makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin") ''; - # The stackprotector and fortify hardening flags are autodetected by glibc - # and enabled by default if supported. Setting it for every gcc invocation - # does not work. - hardeningDisable = [ "stackprotector" "fortify" ] - # XXX: Not actually musl-speciic but since only musl enables pie by default, - # limit rebuilds by only disabling pie w/musl - ++ lib.optional stdenv.hostPlatform.isMusl "pie"; + # The pie, stackprotector and fortify hardening flags are autodetected by + # glibc and enabled by default if supported. Setting it for every gcc + # invocation does not work. + hardeningDisable = [ "fortify" "pie" "stackprotector" ]; NIX_CFLAGS_COMPILE = lib.concatStringsSep " " (builtins.concatLists [ |