public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cc-wrapper: check ld hardening capabilities in stdenv

Browse Source
This commit is contained in:
Franz Pletz 2016-08-23 18:13:31 +02:00
parent 9e211203da
commit 3c06e5f6f7
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/build-support/cc-wrapper/add-hardening.sh
View File

@ -4,8 +4,12 @@ hardeningCFlags=()
hardeningLDFlags=() hardeningLDFlags=()
hardeningDisable=${hardeningDisable:-""} hardeningDisable=${hardeningDisable:-""}
if [[ "$($LD -z 2>&1)" =~ "unknown option" ]]; then if [[ -z "@ld_supports_bindnow@" ]]; then
hardeningDisable+=" bindnow relro" hardeningDisable+=" bindnow"
fi
if [[ -z "@ld_supports_relro@" ]]; then
hardeningDisable+=" relro"
fi fi
if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi if [[ -n "$NIX_DEBUG" ]]; then echo HARDENING: Value of '$hardeningDisable': $hardeningDisable >&2; fi

6
pkgs/build-support/cc-wrapper/default.nix
View File

@ -237,8 +237,12 @@ stdenv.mkDerivation {
cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook cat $out/nix-support/setup-hook.tmp >> $out/nix-support/setup-hook
rm $out/nix-support/setup-hook.tmp rm $out/nix-support/setup-hook.tmp
# some linkers on some platforms don't support -z
export ld_supports_bindnow=$([[ "$($ldPath/ld -z now 2>&1 || true)" =~ "un(known|recognized) option" ]])
export ld_supports_relro=$([[ "$($ldPath/ld -z relro 2>&1 || true)" =~ "un(known|recognized) option" ]])
substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh substituteAll ${./add-flags.sh} $out/nix-support/add-flags.sh
cp -p ${./add-hardening.sh} $out/nix-support/add-hardening.sh substituteAll ${./add-hardening.sh} $out/nix-support/add-hardening.sh
cp -p ${./utils.sh} $out/nix-support/utils.sh cp -p ${./utils.sh} $out/nix-support/utils.sh
'' ''
+ extraBuildCommands; + extraBuildCommands;