From f8b8c353ffcfb2a29178c1f7b145baebfab55f81 Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@digitalmentat.com>
Date: Tue, 14 Feb 2017 08:27:40 -0600
Subject: [PATCH] Simplifying the wrapper program derivation

---
 nixos/modules/security/wrappers/default.nix | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 8c4353fdd96..96f4544c2fa 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -9,17 +9,15 @@ let
       wrappers);
 
   securityWrapper = pkgs.stdenv.mkDerivation {
-    name         = "security-wrapper";
-    unpackPhase  = "true";
+    name            = "security-wrapper";
+    phases          = [ "installPhase" "fixupPhase" ];
+    buildInputs     = [ pkgs.libcap pkgs.libcap_ng pkgs.linuxHeaders ];
+    hardeningEnable = [ "pie" ];
     installPhase = ''
       mkdir -p $out/bin
       parentWrapperDir=$(dirname ${wrapperDir})
       gcc -Wall -O2 -DWRAPPER_DIR=\"$parentWrapperDir\" \
-          -Wformat -Wformat-security -Werror=format-security \
-          -fstack-protector-strong --param ssp-buffer-size=4 \
-          -D_FORTIFY_SOURCE=2 -fPIC \
-          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \
-          -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include
+          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper
     '';
   };