cc-wrapper, binutils-wrapper: add tests hardening-flags-handling

most tests use debian-devscripts' hardening-check, so only work on ELF systems and can only detect a limited subset of flags. some extra tests actually execute fortify-protected programs and should be slightly more universally applicable.
author: Robert Scott <code@humanleg.org.uk> 2023-02-12 21:53:08 +0000
committer: Robert Scott <code@humanleg.org.uk> 2023-09-02 15:01:54 +0100
commit: e0f6367446d8f3f2f37acb27f9e2fc0f51768721 (patch)
tree: 14ccd691311827e4cfd09b7dc36f52e35be7c69d /pkgs/test/default.nix
parent: 2428000c6691d5126b82e1738f3d7b4d0c14fe5d (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkgs/test/default.nix b/pkgs/test/default.nix
index d6fd75359fc4..c479070c6078 100644
--- a/pkgs/test/default.nix
+++ b/pkgs/test/default.nix
@@ -23,6 +23,14 @@ with pkgs;
   stdenv-inputs = callPackage ./stdenv-inputs { };
   stdenv = callPackage ./stdenv { };
 
+  hardeningFlags = recurseIntoAttrs (callPackage ./cc-wrapper/hardening.nix {});
+  hardeningFlags-gcc = recurseIntoAttrs (callPackage ./cc-wrapper/hardening.nix {
+    stdenv = gccStdenv;
+  });
+  hardeningFlags-clang = recurseIntoAttrs (callPackage ./cc-wrapper/hardening.nix {
+    stdenv = llvmPackages.stdenv;
+  });
+
   config = callPackage ./config.nix { };
 
   haskell = callPackage ./haskell { };
author	Robert Scott <code@humanleg.org.uk>	2023-02-12 21:53:08 +0000
committer	Robert Scott <code@humanleg.org.uk>	2023-09-02 15:01:54 +0100
commit	e0f6367446d8f3f2f37acb27f9e2fc0f51768721 (patch)
tree	14ccd691311827e4cfd09b7dc36f52e35be7c69d /pkgs/test/default.nix
parent	2428000c6691d5126b82e1738f3d7b4d0c14fe5d (diff)