diff options
Diffstat (limited to 'pkgs/stdenv/generic/make-derivation.nix')
| -rw-r--r-- | pkgs/stdenv/generic/make-derivation.nix | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index af68bf890ed29..3068ad726658e 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -115,10 +115,13 @@ let "format" "fortify" "fortify3" + "shadowstack" + "pacret" "pic" "pie" "relro" "stackprotector" + "stackclashprotection" "strictoverflow" "trivialautovarinit" "zerocallusedregs" @@ -262,7 +265,9 @@ let defaultHardeningFlags = (if stdenv.hasCC then stdenv.cc else {}).defaultHardeningFlags or # fallback safe-ish set of flags - (remove "pie" knownHardeningFlags); + (if with stdenv.hostPlatform; isOpenBSD && isStatic + then knownHardeningFlags # Need pie, in fact + else remove "pie" knownHardeningFlags); enabledHardeningOptions = if builtins.elem "all" hardeningDisable' then [] @@ -351,7 +356,7 @@ else let then attrs.name + hostSuffix else # we cannot coerce null to a string below - assert assertMsg (attrs ? version && attrs.version != null) "The ‘version’ attribute cannot be null."; + assert assertMsg (attrs ? version && attrs.version != null) "The `version` attribute cannot be null."; "${attrs.pname}${staticMarker}${hostSuffix}-${attrs.version}" ); }) // { @@ -567,14 +572,17 @@ let checkedEnv = let overlappingNames = attrNames (builtins.intersectAttrs env derivationArg); + prettyPrint = lib.generators.toPretty {}; + makeError = name: " - ${name}: in `env`: ${prettyPrint env.${name}}; in derivation arguments: ${prettyPrint derivationArg.${name}}"; + errors = lib.concatMapStringsSep "\n" makeError overlappingNames; in assert assertMsg envIsExportable "When using structured attributes, `env` must be an attribute set of environment variables."; assert assertMsg (overlappingNames == [ ]) - "The ‘env’ attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping: ${concatStringsSep ", " overlappingNames}"; + "The `env` attribute set cannot contain any attributes passed to derivation. The following attributes are overlapping:\n${errors}"; mapAttrs (n: v: assert assertMsg (isString v || isBool v || isInt v || isDerivation v) - "The ‘env’ attribute set can only contain derivation, string, boolean or integer attributes. The ‘${n}’ attribute is of type ${builtins.typeOf v}."; v) + "The `env` attribute set can only contain derivation, string, boolean or integer attributes. The `${n}` attribute is of type ${builtins.typeOf v}."; v) env; # Fixed-output derivations may not reference other paths, which means that |