public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hardening: simplify reporting of disabled flags

Browse Source
This commit is contained in:
Charles Strahan 2018-04-10 15:27:13 -04:00
parent 273ce83f29
commit 386e77dae9
No known key found for this signature in database
GPG Key ID: BB47AB4B8489B5A5
2 changed files with 4 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkgs/build-support/bintools-wrapper/add-hardening.sh
View File

@ -1,4 +1,3 @@
allHardeningFlags=(pie relro bindnow)
hardeningFlags=() hardeningFlags=()
declare -A hardeningEnableMap=() declare -A hardeningEnableMap=()
@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
done done
# Remove unsupported flags. # Remove unsupported flags.
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -A hardeningDisableMap=()
fi
for flag in @hardening_unsupported_flags@; do for flag in @hardening_unsupported_flags@; do
[[ -n ${hardeningEnableMap[$flag]} ]] || continue
if (( "${NIX_DEBUG:-0}" >= 1 )); then
hardeningDisableMap[$flag]=1
fi
unset hardeningEnableMap[$flag] unset hardeningEnableMap[$flag]
done done
if (( "${NIX_DEBUG:-0}" >= 1 )); then if (( "${NIX_DEBUG:-0}" >= 1 )); then
# Determine which flags were effectively disabled so we can report below. # Determine which flags were effectively disabled so we can report below.
allHardeningFlags=(pie relro bindnow)
declare -A hardeningDisableMap=()
for flag in ${allHardeningFlags[@]}; do for flag in ${allHardeningFlags[@]}; do
if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
hardeningDisableMap[$flag]=1 hardeningDisableMap[$flag]=1

10
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -1,4 +1,3 @@
allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
hardeningCFlags=() hardeningCFlags=()
declare -A hardeningEnableMap=() declare -A hardeningEnableMap=()
@ -11,19 +10,14 @@ for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
done done
# Remove unsupported flags. # Remove unsupported flags.
if (( "${NIX_DEBUG:-0}" >= 1 )); then
declare -A hardeningDisableMap=()
fi
for flag in @hardening_unsupported_flags@; do for flag in @hardening_unsupported_flags@; do
[[ -n ${hardeningEnableMap[$flag]} ]] || continue
if (( "${NIX_DEBUG:-0}" >= 1 )); then
hardeningDisableMap[$flag]=1
fi
unset hardeningEnableMap[$flag] unset hardeningEnableMap[$flag]
done done
if (( "${NIX_DEBUG:-0}" >= 1 )); then if (( "${NIX_DEBUG:-0}" >= 1 )); then
# Determine which flags were effectively disabled so we can report below. # Determine which flags were effectively disabled so we can report below.
allHardeningFlags=(fortify stackprotector pie pic strictoverflow format)
declare -A hardeningDisableMap=()
for flag in ${allHardeningFlags[@]}; do for flag in ${allHardeningFlags[@]}; do
if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then if [[ -z "${hardeningEnableMap[$flag]-}" ]]; then
hardeningDisableMap[$flag]=1 hardeningDisableMap[$flag]=1