pyrox.dev
Merge pull request #253194 from risicle/ris-nix-hardening-enable-fortify3-imply-fortify
cc-wrapper: ensure `NIX_HARDENING_ENABLE` `fortify3` implies `fortify` too
authored by
Robert Scott
and committed by
GitHub
25920d8d
2c2c0379
+8
-1
pkgs/build-support/cc-wrapper/add-hardening.sh
+8
-1
pkgs/build-support/cc-wrapper/add-hardening.sh
···
10
10
hardeningEnableMap["$flag"]=1
11
11
done
12
12
13
+
# fortify3 implies fortify enablement - make explicit before
14
+
# we filter unsupported flags because unsupporting fortify3
15
+
# doesn't mean we should unsupport fortify too
16
+
if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
17
+
hardeningEnableMap["fortify"]=1
18
+
fi
19
+
13
20
# Remove unsupported flags.
14
21
for flag in @hardening_unsupported_flags@; do
15
22
unset -v "hardeningEnableMap[$flag]"
···
19
26
fi
20
27
done
21
28
22
-
# make fortify and fortify3 mutually exclusive
29
+
# now make fortify and fortify3 mutually exclusive
23
30
if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
24
31
unset -v "hardeningEnableMap['fortify']"
25
32
fi