add pkgsExtraHardening package set

this package set can be used to trial new hardening flags or enable those which are still known to cause some problems
author: Robert Scott <code@humanleg.org.uk> 2023-12-11 18:01:24 +0000
committer: Robert Scott <code@humanleg.org.uk> 2024-01-21 11:16:07 +0000
commit: e79c13385843382aa2256898f80b44030889f9a5 (patch)
tree: 0b244e98de1bcdc1b1c864240495f04691549a17 /pkgs/top-level/stage.nix
parent: 40868719b0ff142d0df5fba0f2ec7f370e072048 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix
index 1cc05167cee8..cbf0f585fe41 100644
--- a/pkgs/top-level/stage.nix
+++ b/pkgs/top-level/stage.nix
@@ -276,6 +276,19 @@ let
         gcc.abi = "elfv2";
       };
     });
+
+    pkgsExtraHardening = nixpkgsFun {
+      overlays = [
+        (self': super': {
+          pkgsExtraHardening = super';
+          stdenv = super'.withDefaultHardeningFlags (
+            super'.stdenv.cc.defaultHardeningFlags ++ [
+              "zerocallusedregs"
+            ]
+          ) super'.stdenv;
+        })
+      ] ++ overlays;
+    };
   };
 
   # The complete chain of package set builders, applied from top to bottom.
author	Robert Scott <code@humanleg.org.uk>	2023-12-11 18:01:24 +0000
committer	Robert Scott <code@humanleg.org.uk>	2024-01-21 11:16:07 +0000
commit	e79c13385843382aa2256898f80b44030889f9a5 (patch)
tree	0b244e98de1bcdc1b1c864240495f04691549a17 /pkgs/top-level/stage.nix
parent	40868719b0ff142d0df5fba0f2ec7f370e072048 (diff)