diff options
Diffstat (limited to 'pkgs')
51 files changed, 68 insertions, 63 deletions
diff --git a/pkgs/applications/audio/cdparanoia/default.nix b/pkgs/applications/audio/cdparanoia/default.nix index c19b261016df..9de3bef62ad3 100644 --- a/pkgs/applications/audio/cdparanoia/default.nix +++ b/pkgs/applications/audio/cdparanoia/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "1pv4zrajm46za0f6lv162iqffih57a8ly4pc69f7y0gfyigb8p80"; }; - noHardening_format = true; + hardening_format = false; preConfigure = "unset CC"; diff --git a/pkgs/applications/audio/mpg321/default.nix b/pkgs/applications/audio/mpg321/default.nix index e833784ee76c..c5bcd5ab4e41 100644 --- a/pkgs/applications/audio/mpg321/default.nix +++ b/pkgs/applications/audio/mpg321/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0ki8mh76bbmdh77qsiw682dvi8y468yhbdabqwg05igmwc1wqvq5"; }; - noHardening_format = true; + hardening_format = false; configureFlags = [ ("--enable-alsa=" + (if stdenv.isLinux then "yes" else "no")) diff --git a/pkgs/applications/networking/browsers/w3m/default.nix b/pkgs/applications/networking/browsers/w3m/default.nix index d849b10daee5..cc3e55f02e91 100644 --- a/pkgs/applications/networking/browsers/w3m/default.nix +++ b/pkgs/applications/networking/browsers/w3m/default.nix @@ -50,7 +50,7 @@ stdenv.mkDerivation rec { ln -s $out/libexec/w3m/w3mimgdisplay $out/bin ''; - noHardening_format = true; + hardening_format = false; configureFlags = "--with-ssl=${openssl} --with-gc=${boehmgc}" + optionalString graphicsSupport " --enable-image=${optionalString x11Support "x11,"}fb"; diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix index a5df0dbe08e2..08905ea48813 100644 --- a/pkgs/applications/version-management/git-and-tools/git/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git/default.nix @@ -21,7 +21,7 @@ stdenv.mkDerivation { sha256 = "03bvb8s5j8i54qbi3yayl42bv0wf2fpgnh1a2lkhbj79zi7b77zs"; }; - noHardening_format = true; + hardening_format = false; patches = [ ./docbook2texi.patch diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index c742ffb50022..ce6753ed165d 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -75,7 +75,7 @@ stdenv.mkDerivation { pythonPath = [ pythonPackages.curses ]; - noHardening_all = true; + #hardening_all = false; patches = stdenv.lib.optionals ((xenserverPatched == false) && (builtins.hasAttr "xenPatches" xenConfig)) xenConfig.xenPatches; diff --git a/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix b/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix index ec7b9ff8a8bd..9dc8d6f8ef1b 100644 --- a/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix +++ b/pkgs/desktops/gnome-2/platform/libgnomecups/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0a8xdaxzz2wc0n1fjcav65093gixzyac3948l8cxx1mk884yhc71"; }; - noHardening_format = true; + hardening_format = false; patches = [ ./glib.patch ./cups_1.6.patch ]; diff --git a/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix b/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix index 5044dbabd2f3..d766957f0d79 100644 --- a/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix +++ b/pkgs/desktops/gnome-2/platform/libgtkhtml/default.nix @@ -11,5 +11,5 @@ stdenv.mkDerivation { buildInputs = [ pkgconfig gtk gettext ]; propagatedBuildInputs = [ libxml2 ]; - noHardening_format = true; + hardening_format = false; } diff --git a/pkgs/development/compilers/dev86/default.nix b/pkgs/development/compilers/dev86/default.nix index b8083c9ed6b8..0ee0a622b1e6 100644 --- a/pkgs/development/compilers/dev86/default.nix +++ b/pkgs/development/compilers/dev86/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation { sha256 = "33398b87ca85e2b69e4062cf59f2f7354af46da5edcba036c6f97bae17b8d00e"; }; - noHardening_format = true; + hardening_format = false; makeFlags = "PREFIX=$(out)"; diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix index 4f1b017302a6..8c4afb31c50d 100644 --- a/pkgs/development/compilers/gcc/4.5/default.nix +++ b/pkgs/development/compilers/gcc/4.5/default.nix @@ -134,7 +134,7 @@ stdenv.mkDerivation ({ inherit langC langCC langFortran langJava langAda; }; - noHardening_all = true; + #hardening_all = false; patches = [ ] diff --git a/pkgs/development/compilers/gcc/4.9/default.nix b/pkgs/development/compilers/gcc/4.9/default.nix index c7d63099be1f..1d97a66008cd 100644 --- a/pkgs/development/compilers/gcc/4.9/default.nix +++ b/pkgs/development/compilers/gcc/4.9/default.nix @@ -218,7 +218,7 @@ stdenv.mkDerivation ({ inherit patches; - noHardening_format = true; + hardening_format = false; postPatch = if (stdenv.isGNU diff --git a/pkgs/development/compilers/go/1.4.nix b/pkgs/development/compilers/go/1.4.nix index fdfc9d456466..0d2d2ae2857b 100644 --- a/pkgs/development/compilers/go/1.4.nix +++ b/pkgs/development/compilers/go/1.4.nix @@ -20,7 +20,7 @@ stdenv.mkDerivation rec { buildInputs = [ pcre ]; propagatedBuildInputs = lib.optional stdenv.isDarwin Security; - noHardening_all = true; + #hardening_all = false; # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. diff --git a/pkgs/development/compilers/go/1.5.nix b/pkgs/development/compilers/go/1.5.nix index 26ffabced6a6..750aec567a8c 100644 --- a/pkgs/development/compilers/go/1.5.nix +++ b/pkgs/development/compilers/go/1.5.nix @@ -29,7 +29,7 @@ stdenv.mkDerivation rec { Security Foundation ]; - noHardening_all = true; + #hardening_all = false; # I'm not sure what go wants from its 'src', but the go installation manual # describes an installation keeping the src. diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 1982ca218024..25f2f1b64408 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -45,7 +45,7 @@ self: super: { options = dontCheck super.options; statistics = dontCheck super.statistics; c2hs = let c2hs_ = pkgs.stdenv.lib.overrideDerivation super.c2hs (drv: { - noHardening_format = true; + hardening_format = false; doCheck = false; }); in if pkgs.stdenv.isDarwin then dontCheck c2hs_ else c2hs_; diff --git a/pkgs/development/libraries/CoinMP/default.nix b/pkgs/development/libraries/CoinMP/default.nix index bdd380fd4b80..be44ef628853 100644 --- a/pkgs/development/libraries/CoinMP/default.nix +++ b/pkgs/development/libraries/CoinMP/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0gqi2vqkg35gazzzv8asnhihchnbjcd6bzjfzqhmj7wy1dw9iiw6"; }; - noHardening_format = true; + hardening_format = false; meta = with stdenv.lib; { homepage = https://projects.coin-or.org/CoinMP/; diff --git a/pkgs/development/libraries/audio/libbs2b/default.nix b/pkgs/development/libraries/audio/libbs2b/default.nix index e9a13b6ff876..4a64bc260bd8 100644 --- a/pkgs/development/libraries/audio/libbs2b/default.nix +++ b/pkgs/development/libraries/audio/libbs2b/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig libsndfile ]; - noHardening_format = true; + hardening_format = false; meta = { homepage = "http://bs2b.sourceforge.net/"; diff --git a/pkgs/development/libraries/fribidi/default.nix b/pkgs/development/libraries/fribidi/default.nix index 5d0e451c54c9..09828665541b 100644 --- a/pkgs/development/libraries/fribidi/default.nix +++ b/pkgs/development/libraries/fribidi/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation rec { sha256 = "0zg1hpaml34ny74fif97j7ngrshlkl3wk3nja3gmlzl17i1bga6b"; }; - noHardening_format = true; + hardening_format = false; meta = with stdenv.lib; { homepage = http://fribidi.org/; diff --git a/pkgs/development/libraries/gd/default.nix b/pkgs/development/libraries/gd/default.nix index 5ca1de273b4e..a24a84168668 100644 --- a/pkgs/development/libraries/gd/default.nix +++ b/pkgs/development/libraries/gd/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation { propagatedBuildInputs = [libjpeg fontconfig]; # urgh - noHardening_format = true; + hardening_format = false; configureFlags = "--without-x"; diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix index cbdb448723a7..566263c15ed0 100644 --- a/pkgs/development/libraries/gettext/default.nix +++ b/pkgs/development/libraries/gettext/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation (rec { outputs = [ "out" "doc" ]; - noHardening_format = true; + hardening_format = false; LDFLAGS = if stdenv.isSunOS then "-lm -lmd -lmp -luutil -lnvpair -lnsl -lidmap -lavl -lsec" else ""; diff --git a/pkgs/development/libraries/giflib/libungif.nix b/pkgs/development/libraries/giflib/libungif.nix index 45384b825c13..1cc4ae0201b9 100644 --- a/pkgs/development/libraries/giflib/libungif.nix +++ b/pkgs/development/libraries/giflib/libungif.nix @@ -7,6 +7,6 @@ stdenv.mkDerivation { md5 = "efdfcf8e32e35740288a8c5625a70ccb"; }; - noHardening_format = true; + hardening_format = false; } diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 6e9aa497f77f..2c13ac59146f 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -214,7 +214,7 @@ stdenv.mkDerivation ({ } // stdenv.lib.optionalAttrs (name == "glibc-locales") { - noHardening_stackprotector = true; + hardening_stackprotector = false; } // stdenv.lib.optionalAttrs (hurdHeaders != null) { diff --git a/pkgs/development/libraries/glibc/default.nix b/pkgs/development/libraries/glibc/default.nix index a2ecedbe7e95..f9096084bd23 100644 --- a/pkgs/development/libraries/glibc/default.nix +++ b/pkgs/development/libraries/glibc/default.nix @@ -25,7 +25,8 @@ in builder = ./builder.sh; - noHardening_all = true; + hardening_stackprotector = false; + hardening_fortify = false; # When building glibc from bootstrap-tools, we need libgcc_s at RPATH for # any program we run, because the gcc will have been placed at a new diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix index e6209ad93f6f..e674aae2b58a 100644 --- a/pkgs/development/libraries/gnu-efi/default.nix +++ b/pkgs/development/libraries/gnu-efi/default.nix @@ -9,8 +9,6 @@ stdenv.mkDerivation rec { sha256 = "1jxlypkgb8bd1c114x96i699ib0glb5aca9dv56j377x2ldg4c65"; }; - noHardening_all = true; - buildInputs = [ pciutils ]; makeFlags = [ diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix index 048902f4fc49..88bce7f86614 100644 --- a/pkgs/development/libraries/libelf/default.nix +++ b/pkgs/development/libraries/libelf/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation (rec { }; doCheck = true; - + # For cross-compiling, native glibc is needed for the "gencat" program. crossAttrs = { nativeBuildInputs = [ glibc ]; diff --git a/pkgs/development/libraries/libgphoto2/default.nix b/pkgs/development/libraries/libgphoto2/default.nix index 3df793df73fd..682a42e2db9d 100644 --- a/pkgs/development/libraries/libgphoto2/default.nix +++ b/pkgs/development/libraries/libgphoto2/default.nix @@ -14,7 +14,7 @@ stdenv.mkDerivation rec { # These are mentioned in the Requires line of libgphoto's pkg-config file. propagatedBuildInputs = [ libexif ]; - noHardening_format = true; + hardening_format = false; meta = { homepage = http://www.gphoto.org/proj/libgphoto2/; diff --git a/pkgs/development/libraries/libvisual/default.nix b/pkgs/development/libraries/libvisual/default.nix index a2c9c52937ec..a9320f1af7b0 100644 --- a/pkgs/development/libraries/libvisual/default.nix +++ b/pkgs/development/libraries/libvisual/default.nix @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { buildInputs = [ pkgconfig glib ]; - noHardening_format = true; + hardening_format = false; meta = { description = "An abstraction library for audio visualisations"; diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index 267b434da525..430a09aeede6 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -8,7 +8,7 @@ stdenv.mkDerivation rec { sha256 = "0amjv4lypvclmi4vim2qdyw5xa6v4x50zjgf682vahqjc0wjn55k"; }; - noHardening_all = true; + #hardening_all = false; meta = { description = "libupnp, an open source UPnP development kit for Linux"; diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix index cbd731aef688..d94b4159e93e 100644 --- a/pkgs/development/libraries/speechd/default.nix +++ b/pkgs/development/libraries/speechd/default.nix @@ -11,7 +11,7 @@ stdenv.mkDerivation rec { buildInputs = [ dotconf glib pkgconfig ]; - noHardening_format = true; + hardening_format = false; meta = { description = "Common interface to speech synthesis"; diff --git a/pkgs/development/tools/misc/elfutils/default.nix b/pkgs/development/tools/misc/elfutils/default.nix index a412d7e537c7..464ad7910952 100644 --- a/pkgs/development/tools/misc/elfutils/default.nix +++ b/pkgs/development/tools/misc/elfutils/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { patches = [ ./glibc-2.21.patch ]; - noHardening_format = true; + hardening_format = false; # We need bzip2 in NativeInputs because otherwise we can't unpack the src, # as the host-bzip2 will be in the path. diff --git a/pkgs/os-specific/linux/acpi-call/default.nix b/pkgs/os-specific/linux/acpi-call/default.nix index 1187bf10d14b..05a5549fae28 100644 --- a/pkgs/os-specific/linux/acpi-call/default.nix +++ b/pkgs/os-specific/linux/acpi-call/default.nix @@ -9,7 +9,7 @@ stdenv.mkDerivation { sha256 = "0jl19irz9x9pxab2qp4z8c3jijv2m30zhmnzi6ygbrisqqlg4c75"; }; - noHardening_pic = true; + hardening_pic = false; preBuild = '' sed -e 's/break/true/' -i examples/turn_off_gpu.sh diff --git a/pkgs/os-specific/linux/busybox/default.nix b/pkgs/os-specific/linux/busybox/default.nix index 86551f4eecb4..cc3cfe2465d5 100644 --- a/pkgs/os-specific/linux/busybox/default.nix +++ b/pkgs/os-specific/linux/busybox/default.nix @@ -33,7 +33,7 @@ stdenv.mkDerivation rec { sha256 = "16ii9sqracvh2r1gfzhmlypl269nnbkpvrwa7270k35d3bigk9h5"; }; - noHardening_format = true; + hardening_format = false; patches = [ ./busybox-in-store.patch ]; diff --git a/pkgs/os-specific/linux/gogoclient/default.nix b/pkgs/os-specific/linux/gogoclient/default.nix index 38762a5f1fe9..93c334b95937 100644 --- a/pkgs/os-specific/linux/gogoclient/default.nix +++ b/pkgs/os-specific/linux/gogoclient/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation rec { makeFlags = ["target=linux"]; installFlags = ["installdir=$(out)"]; |