diff options
| author | Robert Scott <code@humanleg.org.uk> | 2024-02-11 14:41:52 +0000 |
|---|---|---|
| committer | Robert Scott <code@humanleg.org.uk> | 2024-03-24 13:43:27 +0000 |
| commit | da25f95bf4f0cbfdcb853f48e60229d6b30bb550 (patch) | |
| tree | 5e13bdabf9aee66d41d0d929a70f6a6fb021ab6b /pkgs/development/libraries/glibc/common.nix | |
| parent | 9d21bcb0df1f515a5eba8a0e3db2eb892f75ff15 (diff) | |
glibc: expose enableCET as overridable argument, default "permissive"
this should be a gentler way to introduce CET-compiled binaries into general usage
Diffstat (limited to 'pkgs/development/libraries/glibc/common.nix')
| -rw-r--r-- | pkgs/development/libraries/glibc/common.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 4d6fb5a54b398..c2776a157764d 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -36,6 +36,7 @@ , withLinuxHeaders ? false , profilingLibraries ? false , withGd ? false +, enableCET ? false , extraBuildInputs ? [] , extraNativeBuildInputs ? [] , ... @@ -154,9 +155,9 @@ stdenv.mkDerivation ({ # and on aarch64 with binutils 2.30 or later. # https://sourceware.org/glibc/wiki/PortStatus "--enable-static-pie" - ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ + ] ++ lib.optionals (enableCET != false) [ # Enable Intel Control-flow Enforcement Technology (CET) support - "--enable-cet" + "--enable-cet${if builtins.isString enableCET then "=${enableCET}" else ""}" ] ++ lib.optionals withLinuxHeaders [ "--enable-kernel=3.10.0" # RHEL 7 and derivatives, seems oldest still supported kernel ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ @@ -208,7 +209,7 @@ stdenv.mkDerivation ({ passthru = { inherit version; minorRelease = version; }; } -// (removeAttrs args [ "withLinuxHeaders" "withGd" "postInstall" "makeFlags" ]) // +// (removeAttrs args [ "withLinuxHeaders" "withGd" "enableCET" "postInstall" "makeFlags" ]) // { src = fetchurl { |