diff options
author | Robert Scott <code@humanleg.org.uk> | 2023-10-23 19:23:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-23 19:23:02 +0100 |
commit | 25920d8de2f828907aa4059e9330a1edfecceeb8 (patch) | |
tree | 109e9b6ec637a5d7efba0e045a94bf351f044a66 /pkgs/build-support/cc-wrapper | |
parent | 2c2c0379b759c234413de63478847266cdc8ed93 (diff) | |
parent | 4c6fd59fcd6a3c5235ed4f946313329cefbed818 (diff) |
Merge pull request #253194 from risicle/ris-nix-hardening-enable-fortify3-imply-fortify
cc-wrapper: ensure `NIX_HARDENING_ENABLE` `fortify3` implies `fortify` too
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
-rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 8d02b4e5124d8..8cd63e4609518 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -10,6 +10,13 @@ for flag in ${NIX_HARDENING_ENABLE_@suffixSalt@-}; do hardeningEnableMap["$flag"]=1 done +# fortify3 implies fortify enablement - make explicit before +# we filter unsupported flags because unsupporting fortify3 +# doesn't mean we should unsupport fortify too +if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then + hardeningEnableMap["fortify"]=1 +fi + # Remove unsupported flags. for flag in @hardening_unsupported_flags@; do unset -v "hardeningEnableMap[$flag]" @@ -19,7 +26,7 @@ for flag in @hardening_unsupported_flags@; do fi done -# make fortify and fortify3 mutually exclusive +# now make fortify and fortify3 mutually exclusive if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then unset -v "hardeningEnableMap['fortify']" fi |