diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-02-26 18:38:15 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-05 18:55:26 +0100 |
| commit | aff1f4ab948b921ceaf2b81610f2f82454302b4b (patch) | |
| tree | 6e51e90a41409d56cfa084b9ca64921f2611fafc /pkgs/servers | |
| parent | a2e449e43e82e258b94c723d92a5e9af641967e7 (diff) | |
Use general hardening flag toggle lists
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
Diffstat (limited to 'pkgs/servers')
| -rw-r--r-- | pkgs/servers/beanstalkd/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/firebird/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/gpm/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/http/nginx/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/icecast/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/irc/charybdis/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/mail/postfix/3.0.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/mail/postfix/default.nix | 4 | ||||
| -rw-r--r-- | pkgs/servers/memcached/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/nosql/mongodb/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/nosql/riak/1.3.1.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/nosql/riak/2.1.1.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/openafs-client/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/servers/sip/freeswitch/default.nix | 2 |
14 files changed, 15 insertions, 15 deletions
diff --git a/pkgs/servers/beanstalkd/default.nix b/pkgs/servers/beanstalkd/default.nix index f5693e451684..ef4621fb9a65 100644 --- a/pkgs/servers/beanstalkd/default.nix +++ b/pkgs/servers/beanstalkd/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { sha256 = "0n9dlmiddcfl7i0f1lwfhqiwyvf26493fxfcmn8jm30nbqciwfwj"; }; - hardening_fortify = false; + hardeningDisable = [ "fortify" ]; meta = with stdenv.lib; { homepage = http://kr.github.io/beanstalkd/; diff --git a/pkgs/servers/firebird/default.nix b/pkgs/servers/firebird/default.nix index e557a2a0061c..414582b69ef5 100644 --- a/pkgs/servers/firebird/default.nix +++ b/pkgs/servers/firebird/default.nix @@ -65,7 +65,7 @@ stdenv.mkDerivation rec { sha256 = "0887a813wffp44hnc2gmwbc4ylpqw3fh3hz3bf6q3648344a9fdv"; }; - hardening_format = false; + hardeningDisable = [ "format" ]; # configurePhase = '' # sed -i 's@cp /usr/share/automake-.*@@' autogen.sh diff --git a/pkgs/servers/gpm/default.nix b/pkgs/servers/gpm/default.nix index 99b6ce2a832d..ac5e0b7c1b1c 100644 --- a/pkgs/servers/gpm/default.nix +++ b/pkgs/servers/gpm/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ automake autoconf libtool flex bison texinfo ]; buildInputs = [ ncurses ]; - hardening_format = false; + hardeningDisable = [ "format" ]; preConfigure = '' ./autogen.sh diff --git a/pkgs/servers/http/nginx/default.nix b/pkgs/servers/http/nginx/default.nix index 3dbb34f9b021..aaa858e302c9 100644 --- a/pkgs/servers/http/nginx/default.nix +++ b/pkgs/servers/http/nginx/default.nix @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { preConfigure = concatMapStringsSep "\n" (mod: mod.preConfigure or "") modules; - hardening_pie = true; + hardeningEnable = [ "pie" ]; meta = { description = "A reverse proxy and lightweight webserver"; diff --git a/pkgs/servers/icecast/default.nix b/pkgs/servers/icecast/default.nix index d0e238786e28..dc3fef6125cc 100644 --- a/pkgs/servers/icecast/default.nix +++ b/pkgs/servers/icecast/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { buildInputs = [ libxml2 libxslt curl libvorbis libtheora speex libkate libopus ]; - hardening_pie = true; + hardeningEnable = [ "pie" ]; meta = { description = "Server software for streaming multimedia"; diff --git a/pkgs/servers/irc/charybdis/default.nix b/pkgs/servers/irc/charybdis/default.nix index d42f69d078bc..d00bcb7ef1a2 100644 --- a/pkgs/servers/irc/charybdis/default.nix +++ b/pkgs/servers/irc/charybdis/default.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { "--with-program-prefix=charybdis-" ]; - hardening_format = false; + hardeningDisable = [ "format" ]; buildInputs = [ bison flex openssl ]; diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 3a0f2e0954da..9d208e8af4d5 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -41,7 +41,7 @@ in stdenv.mkDerivation rec { ./relative-symlinks.patch ]; - hardening_pie = true; + hardeningEnable = [ "pie" ]; preBuild = '' sed -e '/^PATH=/d' -i postfix-install diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 42355b46021d..886412b24cd9 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -14,8 +14,8 @@ stdenv.mkDerivation rec { buildInputs = [db openssl cyrus_sasl bison perl]; - hardening_format = false; - hardening_pie = true; + hardeningDisable = [ "format" ]; + hardeningEnable = [ "pie" ]; patches = [ ./postfix-2.2.9-db.patch diff --git a/pkgs/servers/memcached/default.nix b/pkgs/servers/memcached/default.nix index cac568f8fc90..5e4edd0b0322 100644 --- a/pkgs/servers/memcached/default.nix +++ b/pkgs/servers/memcached/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [cyrus_sasl libevent]; - hardening_pie = true; + hardeningEnable = [ "pie" ]; meta = with stdenv.lib; { description = "A distributed memory object caching system"; diff --git a/pkgs/servers/nosql/mongodb/default.nix b/pkgs/servers/nosql/mongodb/default.nix index 141e8e0929d1..913b312a54a3 100644 --- a/pkgs/servers/nosql/mongodb/default.nix +++ b/pkgs/servers/nosql/mongodb/default.nix @@ -80,7 +80,7 @@ in stdenv.mkDerivation rec { enableParallelBuilding = true; - hardening_pie = true; + hardeningEnable = [ "pie" ]; meta = { description = "a scalable, high-performance, open source NoSQL database"; diff --git a/pkgs/servers/nosql/riak/1.3.1.nix b/pkgs/servers/nosql/riak/1.3.1.nix index ffa2056d5a9c..565ed226ab4f 100644 --- a/pkgs/servers/nosql/riak/1.3.1.nix +++ b/pkgs/servers/nosql/riak/1.3.1.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { patches = [ ./riak-1.3.1.patch ./riak-admin-1.3.1.patch ]; - hardening_format = false; + hardeningDisable = [ "format" ]; postUnpack = '' mkdir -p $sourceRoot/deps/eleveldb/c_src/leveldb diff --git a/pkgs/servers/nosql/riak/2.1.1.nix b/pkgs/servers/nosql/riak/2.1.1.nix index 05cf4270f9f8..b66e99f0afbe 100644 --- a/pkgs/servers/nosql/riak/2.1.1.nix +++ b/pkgs/servers/nosql/riak/2.1.1.nix @@ -34,7 +34,7 @@ stdenv.mkDerivation rec { src = srcs.riak; - hardening_format = false; + hardeningDisable = [ "format" ]; postPatch = '' sed -i deps/node_package/priv/base/env.sh \ diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 1ff9b79e3835..aab4ee9059f9 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation { buildInputs = [ autoconf automake flex yacc ncurses perl which ]; - hardening_pic = false; + hardeningDisable = [ "pic" ]; preConfigure = '' ln -s "${kernel.dev}/lib/modules/"*/build $TMP/linux diff --git a/pkgs/servers/sip/freeswitch/default.nix b/pkgs/servers/sip/freeswitch/default.nix index cb77ebd9c895..e4e1d393a52a 100644 --- a/pkgs/servers/sip/freeswitch/default.nix +++ b/pkgs/servers/sip/freeswitch/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { NIX_CFLAGS_COMPILE = "-Wno-error=cpp"; - hardening_format = false; + hardeningDisable = [ "format" ]; meta = { description = "Cross-Platform Scalable FREE Multi-Protocol Soft Switch"; |