pyrox.dev
glibc: expose enableCET as overridable argument, default "permissive"
this should be a gentler way to introduce CET-compiled
binaries into general usage
+4
-3
pkgs/development/libraries/glibc/common.nix
+4
-3
pkgs/development/libraries/glibc/common.nix
···
36
36
, withLinuxHeaders ? false
37
37
, profilingLibraries ? false
38
38
, withGd ? false
39
+
, enableCET ? false
39
40
, extraBuildInputs ? []
40
41
, extraNativeBuildInputs ? []
41
42
, ...
···
154
155
# and on aarch64 with binutils 2.30 or later.
155
156
# https://sourceware.org/glibc/wiki/PortStatus
156
157
"--enable-static-pie"
157
-
] ++ lib.optionals stdenv.hostPlatform.isx86_64 [
158
+
] ++ lib.optionals (enableCET != false) [
158
159
# Enable Intel Control-flow Enforcement Technology (CET) support
159
-
"--enable-cet"
160
+
"--enable-cet${if builtins.isString enableCET then "=${enableCET}" else ""}"
160
161
] ++ lib.optionals withLinuxHeaders [
161
162
"--enable-kernel=3.10.0" # RHEL 7 and derivatives, seems oldest still supported kernel
162
163
] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
···
208
209
passthru = { inherit version; minorRelease = version; };
209
210
}
210
211
211
-
// (removeAttrs args [ "withLinuxHeaders" "withGd" "postInstall" "makeFlags" ]) //
212
+
// (removeAttrs args [ "withLinuxHeaders" "withGd" "enableCET" "postInstall" "makeFlags" ]) //
212
213
213
214
{
214
215
src = fetchurl {
+2
-1
pkgs/development/libraries/glibc/default.nix
+2
-1
pkgs/development/libraries/glibc/default.nix
···
2
2
, withLinuxHeaders ? true
3
3
, profilingLibraries ? false
4
4
, withGd ? false
5
+
, enableCET ? if stdenv.hostPlatform.isx86_64 then "permissive" else false
5
6
, pkgsBuildBuild
6
7
, libgcc
7
8
}:
···
15
16
in
16
17
17
18
(callPackage ./common.nix { inherit stdenv; } {
18
-
inherit withLinuxHeaders withGd profilingLibraries;
19
+
inherit withLinuxHeaders withGd profilingLibraries enableCET;
19
20
pname = "glibc" + lib.optionalString withGd "-gd" + lib.optionalString (stdenv.cc.isGNU && libgcc==null) "-nolibgcc";
20
21
}).overrideAttrs(previousAttrs: {
21
22