From aff1f4ab948b921ceaf2b81610f2f82454302b4b Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Fri, 26 Feb 2016 18:38:15 +0100
Subject: Use general hardening flag toggle lists

The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
---
 pkgs/tools/security/tboot/default.nix | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'pkgs/tools/security/tboot')

diff --git a/pkgs/tools/security/tboot/default.nix b/pkgs/tools/security/tboot/default.nix
index 1a2bc6a310829..506b1d398d54e 100644
--- a/pkgs/tools/security/tboot/default.nix
+++ b/pkgs/tools/security/tboot/default.nix
@@ -12,8 +12,7 @@ stdenv.mkDerivation rec {
 
   patches = [ ./tboot-add-well-known-secret-option-to-lcp_writepol.patch ];
 
-  hardening_pic = false;
-  hardening_stackprotector = false;
+  hardeningDisable = [ "pic" "stackprotector" ];
 
   configurePhase = ''
     for a in lcptools utils tb_polgen; do
-- 
cgit 1.4.1