cc-wrapper: add zerocallusedregs hardening flag

this uses the value `used-gpr` which seems to be a commonly chosen value for general use
author: Robert Scott <code@humanleg.org.uk> 2023-10-08 22:56:46 +0100
committer: Robert Scott <code@humanleg.org.uk> 2024-01-20 13:48:33 +0000
commit: 40868719b0ff142d0df5fba0f2ec7f370e072048 (patch)
tree: 40fba5f80f1034999349bd589b9dc0419f12384b /pkgs/stdenv/darwin
parent: 81f22730b09c9b201c576195964d7b715f96c90a (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/pkgs/stdenv/darwin/default.nix b/pkgs/stdenv/darwin/default.nix
index c94c56daae1c2..eb5403860cad5 100644
--- a/pkgs/stdenv/darwin/default.nix
+++ b/pkgs/stdenv/darwin/default.nix
@@ -341,7 +341,10 @@ in
                 ln -s ${bootstrapTools}/lib/clang $out/lib
                 ln -s ${bootstrapTools}/include   $out
               '';
-              passthru.isFromBootstrapFiles = true;
+              passthru = {
+                isFromBootstrapFiles = true;
+                hardeningUnsupportedFlags = [ "fortify3" "zerocallusedregs" ];
+              };
             };
             clang-unwrapped = selfTools.libclang;
             libllvm = self.stdenv.mkDerivation {
author	Robert Scott <code@humanleg.org.uk>	2023-10-08 22:56:46 +0100
committer	Robert Scott <code@humanleg.org.uk>	2024-01-20 13:48:33 +0000
commit	40868719b0ff142d0df5fba0f2ec7f370e072048 (patch)
tree	40fba5f80f1034999349bd589b9dc0419f12384b /pkgs/stdenv/darwin
parent	81f22730b09c9b201c576195964d7b715f96c90a (diff)