pyrox.dev
treewide: Use `(( "${NIX_DEBUG:-0}" >= 1) ))` consistently
+11
-11
pkgs/build-support/cc-wrapper/add-hardening.sh
+11
-11
pkgs/build-support/cc-wrapper/add-hardening.sh
···
16
16
hardeningDisableMap[$flag]=1
17
17
done
18
18
19
-
if [[ -n "${NIX_DEBUG:-}" ]]; then
19
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
20
20
printf 'HARDENING: disabled flags:' >&2
21
21
(( "${#hardeningDisableMap[@]}" )) && printf ' %q' "${!hardeningDisableMap[@]}" >&2
22
22
echo >&2
23
23
fi
24
24
25
25
if [[ -z "${hardeningDisableMap[all]:-}" ]]; then
26
-
if [[ -n "${NIX_DEBUG:-}" ]]; then
26
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
27
27
echo 'HARDENING: Is active (not completely disabled with "all" flag)' >&2;
28
28
fi
29
29
for flag in "${hardeningFlags[@]}"
···
31
31
if [[ -z "${hardeningDisableMap[$flag]:-}" ]]; then
32
32
case $flag in
33
33
fortify)
34
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling fortify >&2; fi
34
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling fortify >&2; fi
35
35
hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2')
36
36
;;
37
37
stackprotector)
38
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling stackprotector >&2; fi
38
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling stackprotector >&2; fi
39
39
hardeningCFlags+=('-fstack-protector-strong' '--param' 'ssp-buffer-size=4')
40
40
;;
41
41
pie)
42
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling CFlags -fPIE >&2; fi
42
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling CFlags -fPIE >&2; fi
43
43
hardeningCFlags+=('-fPIE')
44
44
if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then
45
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling LDFlags -pie >&2; fi
45
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling LDFlags -pie >&2; fi
46
46
hardeningCFlags+=('-pie')
47
47
hardeningLDFlags+=('-pie')
48
48
fi
49
49
;;
50
50
pic)
51
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling pic >&2; fi
51
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling pic >&2; fi
52
52
hardeningCFlags+=('-fPIC')
53
53
;;
54
54
strictoverflow)
55
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling strictoverflow >&2; fi
55
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi
56
56
hardeningCFlags+=('-fno-strict-overflow')
57
57
;;
58
58
format)
59
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling format >&2; fi
59
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi
60
60
hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security')
61
61
;;
62
62
relro)
63
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling relro >&2; fi
63
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling relro >&2; fi
64
64
hardeningLDFlags+=('-z' 'relro')
65
65
;;
66
66
bindnow)
67
-
if [[ -n "${NIX_DEBUG:-}" ]]; then echo HARDENING: enabling bindnow >&2; fi
67
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling bindnow >&2; fi
68
68
hardeningLDFlags+=('-z' 'now')
69
69
;;
70
70
*)
+1
-1
pkgs/build-support/cc-wrapper/cc-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/cc-wrapper.sh
···
161
161
fi
162
162
163
163
# Optionally print debug info.
164
-
if [ -n "${NIX_DEBUG:-}" ]; then
164
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
165
165
# Old bash workaround, see ld-wrapper for explanation.
166
166
echo "extra flags before to @prog@:" >&2
167
167
printf " %q\n" ${extraBefore+"${extraBefore[@]}"} >&2
+1
-1
pkgs/build-support/cc-wrapper/gnat-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/gnat-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/gnatlink-wrapper.sh
···
24
24
#export NIX_@infixSalt@_LDFLAGS_SET=1
25
25
26
26
# Optionally print debug info.
27
-
if [ -n "${NIX_DEBUG:-}" ]; then
27
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
28
28
echo "extra flags before to @prog@:" >&2
29
29
printf " %q\n" "${extraBefore[@]}" >&2
30
30
echo "original flags to @prog@:" >&2
+1
-1
pkgs/build-support/cc-wrapper/ld-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/ld-wrapper.sh
+1
-1
pkgs/build-support/cc-wrapper/utils.sh
+1
-1
pkgs/build-support/cc-wrapper/utils.sh
+3
-3
pkgs/stdenv/generic/setup.sh
+3
-3
pkgs/stdenv/generic/setup.sh
···
269
269
addToSearchPath PATH "$i/bin"
270
270
done
271
271
272
-
if [ "${NIX_DEBUG:-}" = 1 ]; then
272
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
273
273
echo "initial path: $PATH"
274
274
fi
275
275
···
429
429
430
430
431
431
PATH="${_PATH-}${_PATH:+${PATH:+:}}$PATH"
432
-
if [ "${NIX_DEBUG:-}" = 1 ]; then
432
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
433
433
echo "final path: $PATH"
434
434
fi
435
435
···
539
539
local -a args=()
540
540
541
541
for varName in $(awk 'BEGIN { for (v in ENVIRON) if (v ~ /^[a-z][a-zA-Z0-9_]*$/) print v }'); do
542
-
if [ "${NIX_DEBUG:-}" = "1" ]; then
542
+
if (( "${NIX_DEBUG:-0}" >= 1 )); then
543
543
printf "@%s@ -> %q\n" "${varName}" "${!varName}"
544
544
fi
545
545
args+=("--subst-var" "$varName")