commit da25f95bf4f0cbfdcb853f48e60229d6b30bb550 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

glibc: expose enableCET as overridable argument, default "permissive"

this should be a gentler way to introduce CET-compiled
binaries into general usage

Robert Scott 2 years ago da25f95b 9d21bcb0

+6 -4

2 changed files

expand all

unified split

pkgs

development

libraries

glibc

common.nix

default.nix

+4 -3

pkgs/development/libraries/glibc/common.nix

··· 36 , withLinuxHeaders ? false 37 , profilingLibraries ? false 38 , withGd ? false 39 , extraBuildInputs ? [] 40 , extraNativeBuildInputs ? [] 41 , ... ··· 154 # and on aarch64 with binutils 2.30 or later. 155 # https://sourceware.org/glibc/wiki/PortStatus 156 "--enable-static-pie" 157 - ] ++ lib.optionals stdenv.hostPlatform.isx86_64 [ 158 # Enable Intel Control-flow Enforcement Technology (CET) support 159 - "--enable-cet" 160 ] ++ lib.optionals withLinuxHeaders [ 161 "--enable-kernel=3.10.0" # RHEL 7 and derivatives, seems oldest still supported kernel 162 ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ ··· 208 passthru = { inherit version; minorRelease = version; }; 209 } 210 211 - // (removeAttrs args [ "withLinuxHeaders" "withGd" "postInstall" "makeFlags" ]) // 212 213 { 214 src = fetchurl {

··· 36 , withLinuxHeaders ? false 37 , profilingLibraries ? false 38 , withGd ? false 39 + , enableCET ? false 40 , extraBuildInputs ? [] 41 , extraNativeBuildInputs ? [] 42 , ... ··· 155 # and on aarch64 with binutils 2.30 or later. 156 # https://sourceware.org/glibc/wiki/PortStatus 157 "--enable-static-pie" 158 + ] ++ lib.optionals (enableCET != false) [ 159 # Enable Intel Control-flow Enforcement Technology (CET) support 160 + "--enable-cet${if builtins.isString enableCET then "=${enableCET}" else ""}" 161 ] ++ lib.optionals withLinuxHeaders [ 162 "--enable-kernel=3.10.0" # RHEL 7 and derivatives, seems oldest still supported kernel 163 ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ ··· 209 passthru = { inherit version; minorRelease = version; }; 210 } 211 212 + // (removeAttrs args [ "withLinuxHeaders" "withGd" "enableCET" "postInstall" "makeFlags" ]) // 213 214 { 215 src = fetchurl {

+2 -1

pkgs/development/libraries/glibc/default.nix

··· 2 , withLinuxHeaders ? true 3 , profilingLibraries ? false 4 , withGd ? false 5 , pkgsBuildBuild 6 , libgcc 7 }: ··· 15 in 16 17 (callPackage ./common.nix { inherit stdenv; } { 18 - inherit withLinuxHeaders withGd profilingLibraries; 19 pname = "glibc" + lib.optionalString withGd "-gd" + lib.optionalString (stdenv.cc.isGNU && libgcc==null) "-nolibgcc"; 20 }).overrideAttrs(previousAttrs: { 21

··· 2 , withLinuxHeaders ? true 3 , profilingLibraries ? false 4 , withGd ? false 5 + , enableCET ? if stdenv.hostPlatform.isx86_64 then "permissive" else false 6 , pkgsBuildBuild 7 , libgcc 8 }: ··· 16 in 17 18 (callPackage ./common.nix { inherit stdenv; } { 19 + inherit withLinuxHeaders withGd profilingLibraries enableCET; 20 pname = "glibc" + lib.optionalString withGd "-gd" + lib.optionalString (stdenv.cc.isGNU && libgcc==null) "-nolibgcc"; 21 }).overrideAttrs(previousAttrs: { 22