nginx: Rmove custom hardening, now enabled by default

2016-03-08 00:39:07 +01:00 · 2016-03-08 00:39:07 +01:00 · fedf31660d
commit fedf31660d
parent e9fc4e7db6
2 changed files with 4 additions and 16 deletions
--- a/pkgs/servers/http/nginx/default.nix
+++ b/pkgs/servers/http/nginx/default.nix
@ -54,14 +54,7 @@ stdenv.mkDerivation rec {
  NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations -Wno-error=conditional-uninitialized";
-  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
      configureFlagsArray=(
        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
      )
    ''
    ;
  hardeningEnable = [ "pie" ];
--- a/pkgs/servers/http/nginx/unstable.nix
+++ b/pkgs/servers/http/nginx/unstable.nix
@ -52,14 +52,9 @@ stdenv.mkDerivation rec {
  NIX_CFLAGS_COMPILE = [ "-I${libxml2}/include/libxml2" ] ++ optional stdenv.isDarwin "-Wno-error=deprecated-declarations";
-  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules)
+  preConfigure = (concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules);
-    + optionalString (hardening && (stdenv.cc.cc.isGNU or false)) ''
+
-      configureFlagsArray=(
+  hardeningEnable = [ "pie" ];
        --with-cc-opt="-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2"
        --with-ld-opt="-pie -Wl,-z,relro,-z,now"
      )
    ''
    ;
  postInstall = ''
    mv $out/sbin $out/bin