stdenv: Fix regression on ARM+static when enabling hardening (#115363)
4e9dc46dea
re-enabled hardening for Musl, which is good. Though static builds for ARM fail in various ways - cross armv7l static does not build - cross aarch64 static produces segfaulting dynamically linked binaries - native aarch64 static also produces segfaulting dynamically linked binaries It seems that for native x86_64-linux, static builds are fine though. This works around the issue by removing PIE from the hardening flags, keeping all other hardening flags. This is an improvement (I think) from before4e9dc46d
. Fixes #114953
This commit is contained in:
parent
924b214e05
commit
76552e95cc
@ -106,7 +106,12 @@ in rec {
|
|||||||
++ depsTargetTarget ++ depsTargetTargetPropagated) == 0;
|
++ depsTargetTarget ++ depsTargetTargetPropagated) == 0;
|
||||||
dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || (stdenv.noCC or false);
|
dontAddHostSuffix = attrs ? outputHash && !noNonNativeDeps || (stdenv.noCC or false);
|
||||||
supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
|
supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
|
||||||
defaultHardeningFlags = if stdenv.hostPlatform.isMusl
|
# Musl-based platforms will keep "pie", other platforms will not.
|
||||||
|
defaultHardeningFlags = if stdenv.hostPlatform.isMusl &&
|
||||||
|
# Except when:
|
||||||
|
# - static aarch64, where compilation works, but produces segfaulting dynamically linked binaries.
|
||||||
|
# - static armv7l, where compilation fails.
|
||||||
|
!((stdenv.hostPlatform.isAarch64 || stdenv.hostPlatform.isAarch32) && stdenv.hostPlatform.isStatic)
|
||||||
then supportedHardeningFlags
|
then supportedHardeningFlags
|
||||||
else lib.remove "pie" supportedHardeningFlags;
|
else lib.remove "pie" supportedHardeningFlags;
|
||||||
enabledHardeningOptions =
|
enabledHardeningOptions =
|
||||||
|
Loading…
Reference in New Issue
Block a user