Simplifying the wrapper program derivation

nixos/modules/security/wrappers/default.nix

@@ -10,16 +10,14 @@ let
 
   securityWrapper = pkgs.stdenv.mkDerivation {
     name            = "security-wrapper";
-    unpackPhase  = "true";
+    phases          = [ "installPhase" "fixupPhase" ];
+    buildInputs     = [ pkgs.libcap pkgs.libcap_ng pkgs.linuxHeaders ];
+    hardeningEnable = [ "pie" ];
     installPhase = ''
       mkdir -p $out/bin
       parentWrapperDir=$(dirname ${wrapperDir})
       gcc -Wall -O2 -DWRAPPER_DIR=\"$parentWrapperDir\" \
-          -Wformat -Wformat-security -Werror=format-security \
+          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper
-          -fstack-protector-strong --param ssp-buffer-size=4 \
-          -D_FORTIFY_SOURCE=2 -fPIC \
-          -lcap-ng -lcap ${./wrapper.c} -o $out/bin/security-wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \
-          -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include
     '';
   };