stdenvAdapters: add withDefaultHardeningFlags

author: Robert Scott <code@humanleg.org.uk> 2023-10-04 22:34:13 +0100
committer: Robert Scott <code@humanleg.org.uk> 2023-12-09 16:32:15 +0000
commit: dc2247a3b56ba1bfef5bb48499eb0d36ad2e9ff3 (patch)
tree: 434e69bc0c19bf439703b2ace5d1aff16ad41e40 /pkgs/stdenv/adapters.nix
parent: 1a5bd697adecf27385b69352485baa52a6e02fe9 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/pkgs/stdenv/adapters.nix b/pkgs/stdenv/adapters.nix
index dd29871907188..aeacf96443d03 100644
--- a/pkgs/stdenv/adapters.nix
+++ b/pkgs/stdenv/adapters.nix
@@ -417,4 +417,18 @@ rec {
         "propagatedBuildInputs"
       ]);
     });
+
+  withDefaultHardeningFlags = defaultHardeningFlags: stdenv: let
+    bintools = let
+      bintools' = stdenv.cc.bintools;
+    in if bintools' ? override then (bintools'.override {
+      inherit defaultHardeningFlags;
+    }) else bintools';
+  in
+    stdenv.override (old: {
+      cc = if stdenv.cc == null then null else stdenv.cc.override {
+        inherit bintools;
+      };
+      allowedRequisites = lib.mapNullable (rs: rs ++ [ bintools ]) (stdenv.allowedRequisites or null);
+    });
 }
author	Robert Scott <code@humanleg.org.uk>	2023-10-04 22:34:13 +0100
committer	Robert Scott <code@humanleg.org.uk>	2023-12-09 16:32:15 +0000
commit	dc2247a3b56ba1bfef5bb48499eb0d36ad2e9ff3 (patch)
tree	434e69bc0c19bf439703b2ace5d1aff16ad41e40 /pkgs/stdenv/adapters.nix
parent	1a5bd697adecf27385b69352485baa52a6e02fe9 (diff)