pyrox.dev
Merge pull request #7189 from arno01/hardenpostfix
postfix28 and postfix211: hardening with Canary, PIE, Full RELRO and FORTIFY_SOURCE
+3
-2
pkgs/servers/mail/postfix/2.11.nix
+3
-2
pkgs/servers/mail/postfix/2.11.nix
···
33
33
export sendmail_path=$out/bin/sendmail
34
34
35
35
make makefiles \
36
-
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \
37
-
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl'
36
+
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \
37
+
-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \
38
+
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now'
38
39
'';
39
40
40
41
installTargets = [ "non-interactive-package" ];
+1
-1
pkgs/servers/mail/postfix/default.nix
+1
-1
pkgs/servers/mail/postfix/default.nix
···
34
34
export sample_directory=$out/share/postfix/doc/samples
35
35
export readme_directory=$out/share/postfix/doc
36
36
37
-
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl'
37
+
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now'
38
38
'';
39
39
40
40
installPhase = ''