Apparently the handling of `buildFlagsArray` in `buildGo*` is blatantly
broken since it doesn't quote flags specified as list elements properly.
Because of that, the `-ldflags` are not interpreted properly and
`prometheus --version` doesn't output anything useful. By specifying
flags in both `buildFlags` and `buildFlagsArray` the issue gets fixed
since both variables are passed to `go install`.
Don't include an NT_GNU_BUILD_ID (that is randomly generated
at build time).
This improves the kernel reproducibility: when also disabling
the MOUDLE_SIG and SECURITY_LOCKDOWN_LSM options the build
is bit-by-bit reproducible.
Limit is already increased for standard xorg plasma distribution to
start, but with wayland, even more libraries being added
Increasing this limit to 1 << 20 (1M) seems to be enough (For me
length is 80K), and not so much for regular desktops
Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
When invoking a simple Ada program with `gcc` from `gnats10`, the
following warnings are shown:
```
$ gcc -c conftest.adb
gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada
gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada
$ echo $?
0
```
This is only spammy when compiling Ada programs inside a Nix derivation,
but certain configure scripts (such as the ./configure script from the
gcc that's built by coreboot's `make crossgcc` command) fail entirely
when getting that warning output.
https://nixos.wiki/wiki/Coreboot currently suggests manually running
> NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc
… but actually teaching the nixpkgs-provided cc wrapper that `format`
isn't supported as a hardening flag seems to be the more canonical way
to do this in nixpgks.
After this, Ada programs still compile:
```
$ gcc -c conftest.adb
$ echo $?
0
```
And the compiler output is empty.
