diff options
author | Sergei Trofimovich <slyich@gmail.com> | 2022-10-08 07:30:17 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-10-08 07:30:17 +0100 |
commit | 7d7030c6d5f2ed10d9ddd91199dd09b94ce5d003 (patch) | |
tree | c0df0f37d0e4955ad3adfbe892bf7ee813794115 /pkgs/build-support/cc-wrapper | |
parent | 790e625cd92a5f03eff92d9a6a80e5326b5d047a (diff) | |
parent | 2a9fc04635c6c0b9a822f3c0aafeade1422fb8d9 (diff) |
Merge pull request #193871 from trofi/FORTIFY-unset-and-set
cc-wrapper/add-hardening.sh: always unset _FORTIFY_SOURCE before re-s…
Diffstat (limited to 'pkgs/build-support/cc-wrapper')
-rw-r--r-- | pkgs/build-support/cc-wrapper/add-hardening.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index e5d296f6c9c52..b23fda1fed756 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -38,7 +38,9 @@ for flag in "${!hardeningEnableMap[@]}"; do case $flag in fortify) if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi - hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') + # Use -U_FORTIFY_SOURCE to avoid warnings on toolchains that explicitly + # set -D_FORTIFY_SOURCE=0 (like 'clang -fsanitize=address'). + hardeningCFlags+=('-O2' '-U_FORTIFY_SOURCE' '-D_FORTIFY_SOURCE=2') ;; stackprotector) if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi |