From 9a5b070b4591a554b9cf36490d54c0ae28f5c22e Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Tue, 8 Mar 2016 20:51:35 +0000 Subject: [PATCH] hardening: debug with NIX_DEBUG --- pkgs/build-support/cc-wrapper/add-hardening | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkgs/build-support/cc-wrapper/add-hardening b/pkgs/build-support/cc-wrapper/add-hardening index ab8ce610e27..abfd49766db 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening +++ b/pkgs/build-support/cc-wrapper/add-hardening @@ -14,30 +14,39 @@ if [[ ! $hardeningDisable == "all" ]]; then if [[ ! "${hardeningDisable[@]}" =~ "$flag" ]]; then case $flag in fortify) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling fortify; fi hardeningCFlags+=('-O2' '-D_FORTIFY_SOURCE=2') ;; stackprotector) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling stackprotector; fi hardeningCFlags+=('-fstack-protector-strong' '--param ssp-buffer-size=4') ;; pie) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling CFlags -fPIE; fi hardeningCFlags+=('-fPIE') if [[ ! ("$*" =~ " -shared " || "$*" =~ " -static ") ]]; then + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling LDFlags -pie; fi hardeningLDFlags+=('-pie') fi ;; pic) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling pic; fi hardeningCFlags+=('-fPIC') ;; strictoverflow) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling strictoverflow; fi hardeningCFlags+=('-fno-strict-overflow') ;; format) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling format; fi hardeningCFlags+=('-Wformat' '-Wformat-security' '-Werror=format-security') ;; relro) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling relro; fi hardeningLDFlags+=('-z relro') ;; bindnow) + if [ -n "$NIX_DEBUG" ]; then echo HARDENING: enabling bindnow; fi hardeningLDFlags+=('-z now') ;; *)