Merge pull request #7189 from arno01/hardenpostfix
postfix28 and postfix211: hardening with Canary, PIE, Full RELRO and FORTIFY_SOURCE
This commit is contained in:
commit
bed68ea21e
@ -33,8 +33,9 @@ stdenv.mkDerivation rec {
|
||||
export sendmail_path=$out/bin/sendmail
|
||||
|
||||
make makefiles \
|
||||
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \
|
||||
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl'
|
||||
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \
|
||||
-fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \
|
||||
AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now'
|
||||
'';
|
||||
|
||||
installTargets = [ "non-interactive-package" ];
|
||||
|
@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
|
||||
export sample_directory=$out/share/postfix/doc/samples
|
||||
export readme_directory=$out/share/postfix/doc
|
||||
|
||||
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl'
|
||||
make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now'
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
|
Loading…
Reference in New Issue
Block a user