glibc: unconditionally disable pie

glibc already has to be careful not to create extra dynamic relocations in ld.so. For that it enables -fPIC/-fPIE selectively.
author: Sergei Trofimovich <slyich@gmail.com> 2022-04-18 14:51:00 +0100
committer: Sergei Trofimovich <slyich@gmail.com> 2022-04-18 16:06:50 +0100
commit: bf990cc3cc687f53b70497d282725b3cc77f0347 (patch)
tree: 676b90e96a41b026a42c0e202d3d6b68e0c50ea6
parent: bc23b0571284140b8a08b83b5fccb3923afbfe51 (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix
index 65a622f046736..ba782321559dd 100644
--- a/pkgs/development/libraries/glibc/default.nix
+++ b/pkgs/development/libraries/glibc/default.nix
@@ -40,13 +40,10 @@ callPackage ./common.nix { inherit stdenv; } {
       makeFlagsArray+=("bindir=$bin/bin" "sbindir=$bin/sbin" "rootsbindir=$bin/sbin")
     '';
 
-    # The stackprotector and fortify hardening flags are autodetected by glibc
-    # and enabled by default if supported. Setting it for every gcc invocation
-    # does not work.
-    hardeningDisable = [ "stackprotector" "fortify" ]
-    # XXX: Not actually musl-speciic but since only musl enables pie by default,
-    #      limit rebuilds by only disabling pie w/musl
-      ++ lib.optional stdenv.hostPlatform.isMusl "pie";
+    # The pie, stackprotector and fortify hardening flags are autodetected by
+    # glibc and enabled by default if supported. Setting it for every gcc
+    # invocation does not work.
+    hardeningDisable = [ "fortify" "pie" "stackprotector" ];
 
     NIX_CFLAGS_COMPILE = lib.concatStringsSep " "
       (builtins.concatLists [
author	Sergei Trofimovich <slyich@gmail.com>	2022-04-18 14:51:00 +0100
committer	Sergei Trofimovich <slyich@gmail.com>	2022-04-18 16:06:50 +0100
commit	bf990cc3cc687f53b70497d282725b3cc77f0347 (patch)
tree	676b90e96a41b026a42c0e202d3d6b68e0c50ea6
parent	bc23b0571284140b8a08b83b5fccb3923afbfe51 (diff)