hardening: initial cross support
This commit is contained in:
Charles Strahan
parent
fc46895e86
commit
634c748050
@ -24,10 +24,10 @@ if [ "${NIX_BINTOOLS_WRAPPER_@infixSalt@_TARGET_TARGET:-}" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
for var in "${var_templates_list[@]}"; do
|
for var in "${var_templates_list[@]}"; do
|
||||||
mangleVarList "$var" "${role_infixes[@]}"
|
mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"}
|
||||||
done
|
done
|
||||||
for var in "${var_templates_bool[@]}"; do
|
for var in "${var_templates_bool[@]}"; do
|
||||||
mangleVarBool "$var" "${role_infixes[@]}"
|
mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"}
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -e @out@/nix-support/libc-ldflags ]; then
|
if [ -e @out@/nix-support/libc-ldflags ]; then
|
||||||
|
|||||||
@ -10,6 +10,7 @@ var_templates_list=(
|
|||||||
NIX+CXXSTDLIB_COMPILE
|
NIX+CXXSTDLIB_COMPILE
|
||||||
NIX+CXXSTDLIB_LINK
|
NIX+CXXSTDLIB_LINK
|
||||||
NIX+GNATFLAGS_COMPILE
|
NIX+GNATFLAGS_COMPILE
|
||||||
|
NIX+HARDENING_ENABLE
|
||||||
)
|
)
|
||||||
var_templates_bool=(
|
var_templates_bool=(
|
||||||
NIX+ENFORCE_NO_NATIVE
|
NIX+ENFORCE_NO_NATIVE
|
||||||
@ -31,10 +32,10 @@ fi
|
|||||||
# We need to mangle names for hygiene, but also take parameters/overrides
|
# We need to mangle names for hygiene, but also take parameters/overrides
|
||||||
# from the environment.
|
# from the environment.
|
||||||
for var in "${var_templates_list[@]}"; do
|
for var in "${var_templates_list[@]}"; do
|
||||||
mangleVarList "$var" "${role_infixes[@]}"
|
mangleVarList "$var" ${role_infixes[@]+"${role_infixes[@]}"}
|
||||||
done
|
done
|
||||||
for var in "${var_templates_bool[@]}"; do
|
for var in "${var_templates_bool[@]}"; do
|
||||||
mangleVarBool "$var" "${role_infixes[@]}"
|
mangleVarBool "$var" ${role_infixes[@]+"${role_infixes[@]}"}
|
||||||
done
|
done
|
||||||
|
|
||||||
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
|
# `-B@out@/bin' forces cc to use ld-wrapper.sh when calling ld.
|
||||||
|
|||||||
@ -6,7 +6,7 @@ declare -A hardeningEnableMap=()
|
|||||||
# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The
|
# Intentionally word-split in case 'NIX_HARDENING_ENABLE' is defined in Nix. The
|
||||||
# array expansion also prevents undefined variables from causing trouble with
|
# array expansion also prevents undefined variables from causing trouble with
|
||||||
# `set -u`.
|
# `set -u`.
|
||||||
for flag in ${NIX_HARDENING_ENABLE-}; do
|
for flag in ${NIX_@infixSalt@_HARDENING_ENABLE-}; do
|
||||||
hardeningEnableMap[$flag]=1
|
hardeningEnableMap[$flag]=1
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|||||||
@ -135,7 +135,8 @@ source @out@/nix-support/add-hardening.sh
|
|||||||
|
|
||||||
# Add the flags for the C compiler proper.
|
# Add the flags for the C compiler proper.
|
||||||
extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE)
|
extraAfter=($NIX_@infixSalt@_CFLAGS_COMPILE)
|
||||||
extraBefore=("${hardeningCFlags[@]}")
|
|
||||||
|
extraBefore=(${hardeningCFlags[@]+"${hardeningCFlags[@]}"})
|
||||||
|
|
||||||
if [ "$dontLink" != 1 ]; then
|
if [ "$dontLink" != 1 ]; then
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user