From fc46895e86a33232abbcf8dcee9033d5c58d2f2d Mon Sep 17 00:00:00 2001
From: Charles Strahan <charles@cstrahan.com>
Date: Mon, 5 Mar 2018 21:27:00 -0500
Subject: [PATCH] hardening: allow user supplied flags to override

Put hardening flags before user supplied flags.
---
 pkgs/build-support/bintools-wrapper/ld-wrapper.sh | 4 ++--
 pkgs/build-support/cc-wrapper/cc-wrapper.sh       | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
index 991ed0fe263..bbab9a6b71d 100644
--- a/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
+++ b/pkgs/build-support/bintools-wrapper/ld-wrapper.sh
@@ -57,8 +57,8 @@ fi
 
 source @out@/nix-support/add-hardening.sh
 
-extraAfter=("${hardeningLDFlags[@]}")
-extraBefore=()
+extraAfter=()
+extraBefore=("${hardeningLDFlags[@]}")
 
 if [ -z "${NIX_@infixSalt@_LDFLAGS_SET:-}" ]; then
     extraAfter+=($NIX_@infixSalt@_LDFLAGS)
diff --git a/pkgs/build-support/cc-wrapper/cc-wrapper.sh b/pkgs/build-support/cc-wrapper/cc-wrapper.sh
index c2e6c140635..d1018193e5a 100644
--- a/pkgs/build-support/cc-wrapper/cc-wrapper.sh
+++ b/pkgs/build-support/cc-wrapper/cc-wrapper.sh
@@ -134,8 +134,8 @@ fi
 source @out@/nix-support/add-hardening.sh
 
 # Add the flags for the C compiler proper.
-extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE "${hardeningCFlags[@]}")
-extraBefore=()
+extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE)
+extraBefore=("${hardeningCFlags[@]}")
 
 if [ "$dontLink" != 1 ]; then