public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'hardened-stdenv' into staging

Browse Source 
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
This commit is contained in:
obadz
2016-08-22 01:19:35 +01:00
parent ba50fd7170 b092538811
commit 24a9183f90
468 changed files with 1777 additions and 1453 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
pkgs/development/haskell-modules/configuration-common.nix
View File

@@ -23,7 +23,12 @@ self: super: {
nanospec = dontCheck super.nanospec;
options = dontCheck super.options;
statistics = dontCheck super.statistics;
c2hs = if pkgs.stdenv.isDarwin then dontCheck super.c2hs else super.c2hs;
c2hs = dontCheck super.c2hs;
# fix errors caused by hardening flags
epanet-haskell = super.epanet-haskell.overrideDerivation (drv: {
hardeningDisable = [ "format" ];
});
# This test keeps being aborted because it runs too quietly for too long
Lazy-Pbkdf2 = if pkgs.stdenv.isi686 then dontCheck super.Lazy-Pbkdf2 else super.Lazy-Pbkdf2;
@@ -203,10 +208,24 @@ self: super: {
jwt = dontCheck super.jwt;
# https://github.com/NixOS/cabal2nix/issues/136 and https://github.com/NixOS/cabal2nix/issues/216
gio = addPkgconfigDepend (addBuildTool super.gio self.gtk2hs-buildtools) pkgs.glib;
glib = addPkgconfigDepend (addBuildTool super.glib self.gtk2hs-buildtools) pkgs.glib;
gtk3 = super.gtk3.override { inherit (pkgs) gtk3; };
gtk = addPkgconfigDepend (addBuildTool super.gtk self.gtk2hs-buildtools) pkgs.gtk;
gio = pkgs.lib.overrideDerivation (addPkgconfigDepend (
addBuildTool super.gio self.gtk2hs-buildtools
) pkgs.glib) (drv: {
hardeningDisable = [ "fortify" ];
});
glib = pkgs.lib.overrideDerivation (addPkgconfigDepend (
addBuildTool super.glib self.gtk2hs-buildtools
) pkgs.glib) (drv: {
hardeningDisable = [ "fortify" ];
});
gtk3 = pkgs.lib.overrideDerivation (super.gtk3.override { inherit (pkgs) gtk3; }) (drv: {
hardeningDisable = [ "fortify" ];
});
gtk = pkgs.lib.overrideDerivation (addPkgconfigDepend (
addBuildTool super.gtk self.gtk2hs-buildtools
) pkgs.gtk) (drv: {
hardeningDisable = [ "fortify" ];
});
gtksourceview2 = (addPkgconfigDepend super.gtksourceview2 pkgs.gtk2).override { inherit (pkgs.gnome2) gtksourceview; };
gtksourceview3 = super.gtksourceview3.override { inherit (pkgs.gnome3) gtksourceview; };
@@ -385,7 +404,9 @@ self: super: {
lensref = dontCheck super.lensref;
liquidhaskell = dontCheck super.liquidhaskell;
lucid = dontCheck super.lucid; #https://github.com/chrisdone/lucid/issues/25
lvmrun = dontCheck super.lvmrun;
lvmrun = pkgs.lib.overrideDerivation (dontCheck super.lvmrun) (drv: {
hardeningDisable = [ "format" ];
});
memcache = dontCheck super.memcache;
milena = dontCheck super.milena;
nats-queue = dontCheck super.nats-queue;
@@ -933,7 +954,9 @@ self: super: {
# Tools that use gtk2hs-buildtools now depend on them in a custom-setup stanza
cairo = addBuildTool super.cairo self.gtk2hs-buildtools;
pango = addBuildTool super.pango self.gtk2hs-buildtools;
pango = (addBuildTool super.pango self.gtk2hs-buildtools).overrideDerivation (drv: {
hardeningDisable = [ "fortify" ];
});
# Fix tests which would otherwise fail with "Couldn't launch intero process."
intero = overrideCabal super.intero (drv: {