Use a hardened stdenv by default
This commit is contained in:
		
							parent
							
								
									c5f092c6a7
								
							
						
					
					
						commit
						954e9903ad
					
				| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "1pv4zrajm46za0f6lv162iqffih57a8ly4pc69f7y0gfyigb8p80"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   preConfigure = "unset CC"; | ||||
| 
 | ||||
|   patches = stdenv.lib.optionals stdenv.isDarwin [ | ||||
|  | ||||
| @ -9,6 +9,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   configureFlags = [ | ||||
|     ("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no")) | ||||
|   ]; | ||||
|  | ||||
| @ -50,6 +50,8 @@ stdenv.mkDerivation rec { | ||||
|     ln -s $out/libexec/w3m/w3mimgdisplay $out/bin | ||||
|   ''; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}" | ||||
|     + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb"; | ||||
| 
 | ||||
|  | ||||
| @ -21,6 +21,8 @@ stdenv.mkDerivation { | ||||
|     sha256 = "03bvb8s5j8i54qbi3yayl42bv0wf2fpgnh1a2lkhbj79zi7b77zs"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [ | ||||
|     ./docbook2texi.patch | ||||
|     ./symlinks-in-bin.patch | ||||
|  | ||||
| @ -75,6 +75,8 @@ stdenv.mkDerivation { | ||||
| 
 | ||||
|   pythonPath = [ pythonPackages.curses ]; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   patches = stdenv.lib.optionals ((xenserverPatched == false) && (builtins.hasAttr "xenPatches" xenConfig)) xenConfig.xenPatches; | ||||
| 
 | ||||
|   postPatch = '' | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "0a8xdaxzz2wc0n1fjcav65093gixzyac3948l8cxx1mk884yhc71"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [ ./glib.patch ./cups_1.6.patch ]; | ||||
| 
 | ||||
|   buildInputs = [ pkgconfig gtk gettext intltool libart_lgpl ]; | ||||
|  | ||||
| @ -2,12 +2,14 @@ | ||||
| 
 | ||||
| stdenv.mkDerivation { | ||||
|   name = "libgtkhtml-2.11.1"; | ||||
|    | ||||
| 
 | ||||
|   src = fetchurl { | ||||
|     url = mirror://gnome/sources/libgtkhtml/2.11/libgtkhtml-2.11.1.tar.bz2; | ||||
|     sha256 = "0msajafd42545dxzyr5zqka990cjrxw2yz09ajv4zs8m1w6pm9rw"; | ||||
|   }; | ||||
|    | ||||
| 
 | ||||
|   buildInputs = [ pkgconfig gtk gettext ]; | ||||
|   propagatedBuildInputs = [ libxml2 ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| } | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation { | ||||
|     sha256 = "33398b87ca85e2b69e4062cf59f2f7354af46da5edcba036c6f97bae17b8d00e"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   makeFlags = "PREFIX=$(out)"; | ||||
| 
 | ||||
|   # Awful hackery to get dev86 to compile with recent gcc/binutils. | ||||
|  | ||||
| @ -134,6 +134,8 @@ stdenv.mkDerivation ({ | ||||
|     inherit langC langCC langFortran langJava langAda; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   patches = | ||||
|     [ ] | ||||
|     ++ optional (cross != null) ../libstdc++-target.patch | ||||
|  | ||||
| @ -218,6 +218,8 @@ stdenv.mkDerivation ({ | ||||
| 
 | ||||
|   inherit patches; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   postPatch = | ||||
|     if (stdenv.isGNU | ||||
|         || (libcCross != null                  # e.g., building `gcc.crossDrv' | ||||
|  | ||||
| @ -20,6 +20,8 @@ stdenv.mkDerivation rec { | ||||
|   buildInputs = [ pcre ]; | ||||
|   propagatedBuildInputs = lib.optional stdenv.isDarwin Security; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   # I'm not sure what go wants from its 'src', but the go installation manual | ||||
|   # describes an installation keeping the src. | ||||
|   preUnpack = '' | ||||
|  | ||||
| @ -29,6 +29,8 @@ stdenv.mkDerivation rec { | ||||
|     Security Foundation | ||||
|   ]; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   # I'm not sure what go wants from its 'src', but the go installation manual | ||||
|   # describes an installation keeping the src. | ||||
|   preUnpack = '' | ||||
|  | ||||
| @ -44,7 +44,11 @@ self: super: { | ||||
|   options_1_2 = dontCheck super.options_1_2; | ||||
|   options = dontCheck super.options; | ||||
|   statistics = dontCheck super.statistics; | ||||
|   c2hs = if pkgs.stdenv.isDarwin then dontCheck super.c2hs else super.c2hs; | ||||
|   c2hs = let c2hs_ = pkgs.stdenv.lib.overrideDerivation super.c2hs (drv: { | ||||
|         noHardening_format = true; | ||||
|         doCheck = false; | ||||
|       }); | ||||
|     in if pkgs.stdenv.isDarwin then dontCheck c2hs_ else c2hs_; | ||||
| 
 | ||||
|   # The package doesn't compile with ruby 1.9, which is our default at the moment. | ||||
|   hruby = super.hruby.override { ruby = pkgs.ruby_2_1; }; | ||||
|  | ||||
| @ -9,6 +9,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = with stdenv.lib; { | ||||
|     homepage = https://projects.coin-or.org/CoinMP/; | ||||
|     description = "COIN-OR lightweight API for COIN-OR libraries CLP, CBC, and CGL"; | ||||
|  | ||||
| @ -11,6 +11,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [ pkgconfig libsndfile ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     homepage = "http://bs2b.sourceforge.net/"; | ||||
|     description = "Bauer stereophonic-to-binaural DSP library"; | ||||
|  | ||||
| @ -3,12 +3,14 @@ | ||||
| stdenv.mkDerivation rec { | ||||
|   name = "fribidi-${version}"; | ||||
|   version = "0.19.6"; | ||||
|    | ||||
| 
 | ||||
|   src = fetchurl { | ||||
|     url = "http://fribidi.org/download/${name}.tar.bz2"; | ||||
|     sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = with stdenv.lib; { | ||||
|     homepage = http://fribidi.org/; | ||||
|     description = "GNU implementation of the Unicode Bidirectional Algorithm (bidi)"; | ||||
|  | ||||
| @ -2,16 +2,18 @@ | ||||
| 
 | ||||
| stdenv.mkDerivation { | ||||
|   name = "gd-2.0.35"; | ||||
|    | ||||
| 
 | ||||
|   src = fetchurl { | ||||
|     url = http://www.libgd.org/releases/gd-2.0.35.tar.bz2; | ||||
|     sha256 = "1y80lcmb8qbzf0a28841zxhq9ndfapmh2fsrqfd9lalxfj8288mz"; | ||||
|   }; | ||||
|    | ||||
| 
 | ||||
|   buildInputs = [zlib libpng freetype]; | ||||
| 
 | ||||
|   propagatedBuildInputs = [libjpeg fontconfig]; # urgh | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   configureFlags = "--without-x"; | ||||
| 
 | ||||
|   meta = { | ||||
|  | ||||
| @ -10,6 +10,8 @@ stdenv.mkDerivation (rec { | ||||
| 
 | ||||
|   outputs = [ "out" "doc" ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; | ||||
| 
 | ||||
|   configureFlags = [ "--disable-csharp" "--with-xz" ] | ||||
|  | ||||
| @ -6,5 +6,7 @@ stdenv.mkDerivation { | ||||
|     url = mirror://sourceforge/giflib/libungif-4.1.4.tar.gz; | ||||
|     md5 = "efdfcf8e32e35740288a8c5625a70ccb"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| } | ||||
| 
 | ||||
|  | ||||
| @ -213,6 +213,10 @@ stdenv.mkDerivation ({ | ||||
|   preBuild = "unset NIX_DONT_SET_RPATH"; | ||||
| } | ||||
| 
 | ||||
| // stdenv.lib.optionalAttrs (name == "glibc-locales") { | ||||
|   noHardening_stackprotector = true; | ||||
| } | ||||
| 
 | ||||
| // stdenv.lib.optionalAttrs (hurdHeaders != null) { | ||||
|   # Work around the fact that the configure snippet that looks for | ||||
|   # <hurd/version.h> does not honor `--with-headers=$sysheaders' and that | ||||
|  | ||||
| @ -25,6 +25,8 @@ in | ||||
| 
 | ||||
|     builder = ./builder.sh; | ||||
| 
 | ||||
|     noHardening_all = true; | ||||
| 
 | ||||
|     # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for | ||||
|     # any program we run, because the gcc will have been placed at a new | ||||
|     # store path than that determined when built (as a source for the | ||||
|  | ||||
| @ -9,6 +9,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "1jxlypkgb8bd1c114x96i699ib0glb5aca9dv56j377x2ldg4c65"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   buildInputs = [ pciutils ]; | ||||
| 
 | ||||
|   makeFlags = [ | ||||
|  | ||||
| @ -14,6 +14,8 @@ stdenv.mkDerivation rec { | ||||
|   # These are mentioned in the Requires line of libgphoto's pkg-config file. | ||||
|   propagatedBuildInputs = [ libexif ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     homepage = http://www.gphoto.org/proj/libgphoto2/; | ||||
|     description = "A library for accessing digital cameras"; | ||||
|  | ||||
| @ -10,6 +10,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [ pkgconfig glib ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     description = "An abstraction library for audio visualisations"; | ||||
|     homepage = "http://sourceforge.net/projects/libvisual/"; | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     description = "libupnp, an open source UPnP development kit for Linux"; | ||||
| 
 | ||||
|  | ||||
| @ -11,6 +11,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [ dotconf glib pkgconfig ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     description = "Common interface to speech synthesis"; | ||||
| 
 | ||||
|  | ||||
| @ -12,6 +12,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   patches = [ ./glibc-2.21.patch ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   # We need bzip2 in NativeInputs because otherwise we can't unpack the src, | ||||
|   # as the host-bzip2 will be in the path. | ||||
|   nativeBuildInputs = [ m4 bison flex gettext bzip2 ]; | ||||
|  | ||||
| @ -8,7 +8,9 @@ stdenv.mkDerivation { | ||||
|     rev = "ac67445bc75ec4fcf46ceb195fb84d74ad350d51"; | ||||
|     sha256 = "0jl19irz9x9pxab2qp4z8c3jijv2m30zhmnzi6ygbrisqqlg4c75"; | ||||
|   }; | ||||
|    | ||||
| 
 | ||||
|   noHardening_pic = true; | ||||
| 
 | ||||
|   preBuild = '' | ||||
|     sed -e 's/break/true/' -i examples/turn_off_gpu.sh | ||||
|     sed -e 's@/bin/bash@.bin/sh@' -i examples/turn_off_gpu.sh | ||||
|  | ||||
| @ -33,6 +33,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "16ii9sqracvh2r1gfzhmlypl269nnbkpvrwa7270k35d3bigk9h5"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [ ./busybox-in-store.patch ]; | ||||
| 
 | ||||
|   configurePhase = '' | ||||
|  | ||||
| @ -16,6 +16,8 @@ stdenv.mkDerivation rec { | ||||
|   makeFlags = ["target=linux"]; | ||||
|   installFlags = ["installdir=$(out)"]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   buildInputs = [openssl]; | ||||
| 
 | ||||
|   preFixup = '' | ||||
|  | ||||
| @ -9,6 +9,8 @@ stdenv.mkDerivation { | ||||
| 
 | ||||
|   src = sourceAttrs.src; | ||||
| 
 | ||||
|   noHardening_pic = true; | ||||
| 
 | ||||
|   prePatch = '' | ||||
|     sed -e 's@/lib/modules/\$(.*)@${kernel.dev}/lib/modules/${kernel.modDirVersion}@' -i mod/*/Makefile | ||||
|   ''; | ||||
|  | ||||
| @ -224,10 +224,16 @@ stdenv.mkDerivation ((drvAttrs config stdenv.platform (kernelPatches ++ nativeKe | ||||
|   nativeBuildInputs = [ perl bc nettools openssl ] ++ optional (stdenv.platform.uboot != null) | ||||
|     (ubootChooser stdenv.platform.uboot); | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
|   noHardening_fortify = true; | ||||
|   noHardening_stackprotector = true; | ||||
| 
 | ||||
|   makeFlags = commonMakeFlags ++ [ | ||||
|     "ARCH=${stdenv.platform.kernelArch}" | ||||
|   ]; | ||||
| 
 | ||||
|   noHardening_pic = true; | ||||
| 
 | ||||
|   karch = stdenv.platform.kernelArch; | ||||
| 
 | ||||
|   crossAttrs = let cp = stdenv.cross.platform; in | ||||
|  | ||||
| @ -12,6 +12,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "1qrfka9xvy77k0rg3k0cf7xai0f9vpgsbs4l3bs8r4nvzy37j2di"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   buildInputs = [ zlib ]; | ||||
| 
 | ||||
|   meta = with stdenv.lib; { | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "08zd1yc3w00yv4mvvz5sq1gf91f6p2s9ljcd72m33xgnkglj60v4"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [ | ||||
|     ./numad-linker-flags.patch | ||||
|   ]; | ||||
|  | ||||
| @ -15,6 +15,8 @@ stdenv.mkDerivation rec { | ||||
|   nativeBuildInputs = [ automake autoconf libtool flex bison texinfo ]; | ||||
|   buildInputs = [ ncurses ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   preConfigure = '' | ||||
|     ./autogen.sh | ||||
|   ''; | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "03y6z8akj72swa6f42h2dhq3p09xasbi6xia70h2vc27fwikmny6"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     homepage = http://gondor.apana.org.au/~herbert/dash/; | ||||
|     description = "A POSIX-compliant implementation of /bin/sh that aims to be as small as possible"; | ||||
|  | ||||
| @ -236,6 +236,22 @@ rec { | ||||
|       }); | ||||
|     }; | ||||
| 
 | ||||
|   useHardenFlags = stdenv: stdenv // | ||||
|     { mkDerivation = args: stdenv.mkDerivation (args // { | ||||
|         NIX_CFLAGS_COMPILE = toString (args.NIX_CFLAGS_COMPILE or "") | ||||
|           + stdenv.lib.optionalString (!(args.noHardening_all or false)) ( | ||||
|             stdenv.lib.optionalString (!(args.noHardening_fortify or false)) " -O2 -D_FORTIFY_SOURCE=2" | ||||
|             + stdenv.lib.optionalString (!(args.noHardening_stackprotector or false)) " -fstack-protector-all" | ||||
|             + stdenv.lib.optionalString ((args.noHardening_pie or false) && true) " -fPIE -pie" | ||||
|             + stdenv.lib.optionalString (!(args.noHardening_pic or false)) " -fPIC" | ||||
|             + stdenv.lib.optionalString (!(args.noHardening_relro or false)) " -z relro" | ||||
|             + stdenv.lib.optionalString ((args.noHardening_bindnow or false) && true) " -z now" | ||||
|             + stdenv.lib.optionalString (!(args.noHardening_strictoverflow or false)) " -fno-strict-overflow" | ||||
|             + stdenv.lib.optionalString (!(args.noHardening_format or false)) " -Wformat -Wformat-security -Werror=format-security" | ||||
|           ); | ||||
|       }); | ||||
|     }; | ||||
| 
 | ||||
|   dropCxx = drv: drv.override { | ||||
|     stdenv = if pkgs.stdenv.isDarwin | ||||
|       then pkgs.allStdenvs.stdenvDarwinNaked | ||||
|  | ||||
| @ -13,6 +13,8 @@ stdenv.mkDerivation { | ||||
|   inherit xauth fontDirectories perl; | ||||
|   gcc = stdenv.cc.cc; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   buildInputs = [ xlibsWrapper zlib libjpeg imake gccmakedep libXmu libXaw | ||||
|                   libXpm libXp xauth openssh ]; | ||||
| 
 | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "1mallg1gprimlggdisfzdmh1xi676jsfdlfyvanlcw72ny8fsj3g"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   preConfigure = '' | ||||
|      # Fix for building on Glibc 2.16.  Won't be needed once the | ||||
|      # gnulib in sharutils is updated. | ||||
|  | ||||
| @ -9,6 +9,8 @@ stdenv.mkDerivation { | ||||
|     sha256 = "0dxx11knh3nk95p2gg2ak777dd11pr7jx5das2g49l262scrcv83"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [ | ||||
|     ./CVE-2014-8139.diff | ||||
|     ./CVE-2014-8140.diff | ||||
|  | ||||
| @ -13,6 +13,8 @@ stdenv.mkDerivation { | ||||
|     sha256 = "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   makefile = "unix/Makefile"; | ||||
|   buildFlags = if stdenv.isCygwin then "cygwin" else "generic"; | ||||
|   installFlags = "prefix=$(out) INSTALL=cp"; | ||||
|  | ||||
| @ -10,6 +10,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [cmake libcap zlib bzip2]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   # efi-boot-patch extracted from http://arm.koji.fedoraproject.org/koji/rpminfo?rpmID=174244 | ||||
|   patches = [ ./include-path.patch ./cdrkit-1.1.9-efi-boot.patch ]; | ||||
| 
 | ||||
|  | ||||
| @ -12,6 +12,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "17l5czpvv5ilmg17frg0w4qwf89jzh2aglm9fgx0l0aakn6j7al1"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   patches = | ||||
|     [ ./0001-vimdot-lookup-vim-in-PATH.patch | ||||
|      | ||||
|  | ||||
| @ -11,6 +11,8 @@ stdenv.mkDerivation rec { | ||||
|   buildInputs = [zlib libjpeg libpng imake]; | ||||
|   inherit libpng; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patches = [prefixPatch1 prefixPatch2 prefixPatch3 varargsPatch gensvgPatch]; | ||||
| 
 | ||||
|   prefixPatch1 = | ||||
|  | ||||
| @ -12,6 +12,8 @@ stdenv.mkDerivation rec { | ||||
|   buildInputs = [ tcl ]; | ||||
|   nativeBuildInputs = [ makeWrapper ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   patchPhase = '' | ||||
|     sed -i "s,/bin/stty,$(type -p stty),g" configure | ||||
|   ''; | ||||
|  | ||||
| @ -52,6 +52,8 @@ stdenv.mkDerivation rec { | ||||
|     ++ optional doCheck qemu | ||||
|     ++ optional zfsSupport zfs; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   preConfigure = | ||||
|     '' for i in "tests/util/"*.in | ||||
|        do | ||||
|  | ||||
| @ -5,6 +5,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [ gnu-efi pkgconfig libxslt utillinux ]; | ||||
| 
 | ||||
|   noHardening_all = true; | ||||
| 
 | ||||
|   # Sigh, gummiboot should be able to find this in buildInputs | ||||
|   configureFlags = [ | ||||
|     "--with-efi-includedir=${gnu-efi}/include" | ||||
|  | ||||
| @ -8,6 +8,8 @@ stdenv.mkDerivation rec { | ||||
|     sha256 = "0nr6c81x55ihs7ly2dwq19v9i1n6wiyad1gacw3aikii0kzlwsv3"; | ||||
|   }; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = with stdenv.lib; { | ||||
|     homepage = "http://sourceforge.net/projects/iperf/";  | ||||
|     description = "Tool to measure IP bandwidth using UDP or TCP"; | ||||
|  | ||||
| @ -10,6 +10,8 @@ stdenv.mkDerivation rec { | ||||
| 
 | ||||
|   buildInputs = [ openssl libpcap python ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   meta = { | ||||
|     homepage = http://vde.sourceforge.net/; | ||||
|     description = "Virtual Distributed Ethernet, an Ethernet compliant virtual network"; | ||||
|  | ||||
| @ -64,6 +64,8 @@ core = stdenv.mkDerivation rec { | ||||
|     perl | ||||
|   ]; | ||||
| 
 | ||||
|   noHardening_format = true; | ||||
| 
 | ||||
|   preConfigure = '' | ||||
|     rm -r libs/{cairo,freetype2,gd,gmp,graphite2,harfbuzz,icu,libpaper,libpng} \ | ||||
|       libs/{mpfr,pixman,poppler,potrace,xpdf,zlib,zziplib} | ||||
|  | ||||
| @ -214,12 +214,12 @@ let | ||||
|     allPackages = args: import ./all-packages.nix ({ inherit config system; } // args); | ||||
|   }; | ||||
| 
 | ||||
|   defaultStdenv = allStdenvs.stdenv // { inherit platform; }; | ||||
|   defaultStdenv = stdenvAdapters.useHardenFlags (allStdenvs.stdenv // { inherit platform; }); | ||||
| 
 | ||||
|   stdenvCross = lowPrio (makeStdenvCross defaultStdenv crossSystem binutilsCross gccCrossStageFinal); | ||||
| 
 | ||||
|   stdenv = | ||||
|     if bootStdenv != null then (bootStdenv // {inherit platform;}) else | ||||
|     if bootStdenv != null then (stdenvAdapters.useHardenFlags bootStdenv // {inherit platform;}) else | ||||
|       if crossSystem != null then | ||||
|         stdenvCross | ||||
|       else | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Franz Pletz
						Franz Pletz