From 386e77dae9f5ba2cead9984ee737a8a6b7069bf5 Mon Sep 17 00:00:00 2001
From: Charles Strahan <charles@cstrahan.com>
Date: Tue, 10 Apr 2018 15:27:13 -0400
Subject: [PATCH] hardening: simplify reporting of disabled flags

---
 pkgs/build-support/bintools-wrapper/add-hardening.sh | 10 ++--------
 pkgs/build-support/cc-wrapper/add-hardening.sh       | 10 ++--------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/pkgs/build-support/bintools-wrapper/add-hardening.sh b/pkgs/build-support/bintools-wrapper/add-hardening.sh
index 0f62aa49542..c81c3b2f210 100644
--- a/pkgs/build-support/bintools-wrapper/add-hardening.sh
+++ b/pkgs/build-support/bintools-wrapper/add-hardening.sh
@@ -1,4 +1,3 @@
-allHardeningFlags=(pie relro bindnow)
 hardeningFlags=()
 
 declare -A hardeningEnableMap=()
@@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
 done
 
 # Remove unsupported flags.
-if (( "${NIX_DEBUG:-0}" >= 1 )); then
-  declare -A hardeningDisableMap=()
-fi
 for flag in @hardening_unsupported_flags@; do
-  [[ -n ${hardeningEnableMap[$flag]} ]] || continue
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
-    hardeningDisableMap[$flag]=1
-  fi
   unset hardeningEnableMap[$flag]
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
   # Determine which flags were effectively disabled so we can report below.
+  allHardeningFlags=(pie relro bindnow)
+  declare -A hardeningDisableMap=()
   for flag in ${allHardeningFlags[@]}; do
     if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
       hardeningDisableMap[$flag]=1
diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh
index 0b483c12e84..7fdfb615f7f 100644
--- a/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -1,4 +1,3 @@
-allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
 hardeningCFlags=()
 
 declare -A hardeningEnableMap=()
@@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
 done
 
 # Remove unsupported flags.
-if (( "${NIX_DEBUG:-0}" >= 1 )); then
-  declare -A hardeningDisableMap=()
-fi
 for flag in @hardening_unsupported_flags@; do
-  [[ -n ${hardeningEnableMap[$flag]} ]] || continue
-  if (( "${NIX_DEBUG:-0}" >= 1 )); then
-    hardeningDisableMap[$flag]=1
-  fi
   unset hardeningEnableMap[$flag]
 done
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
   # Determine which flags were effectively disabled so we can report below.
+  allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
+  declare -A hardeningDisableMap=()
   for flag in ${allHardeningFlags[@]}; do
     if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
       hardeningDisableMap[$flag]=1