selinux: Use fstack-protector=all

2015-07-31 13:02:41 -07:00 · 2015-07-31 13:02:41 -07:00 · f6e554f288
commit f6e554f288
parent c06b1d84f1
4 changed files with 8 additions and 4 deletions
--- a/pkgs/os-specific/linux/checkpolicy/default.nix
+++ b/pkgs/os-specific/linux/checkpolicy/default.nix
@ -13,6 +13,8 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ bison flex ];
  buildInputs = [ libsepol ];

+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+
  # Don't build tests
  postPatch = ''
    sed -i '/-C test/d' Makefile
--- a/pkgs/os-specific/linux/libselinux/default.nix
+++ b/pkgs/os-specific/linux/libselinux/default.nix
@ -19,12 +19,12 @@ stdenv.mkDerivation rec {
  buildInputs = [ pkgconfig libsepol pcre ]
             ++ optionals enablePython [ swig python ];

+  NIX_CFLAGS_COMPILE = "-fstack-protector-all -std=gnu89";
+
  postPatch = optionalString enablePython ''
    sed -i -e 's|\$(LIBDIR)/libsepol.a|${libsepol}/lib/libsepol.a|' src/Makefile
  '';

-  NIX_CFLAGS_COMPILE = "-std=gnu89";
-
  preBuild = ''
    # Build fails without this precreated
    mkdir -p $out/include
--- a/pkgs/os-specific/linux/libsemanage/default.nix
+++ b/pkgs/os-specific/linux/libsemanage/default.nix
@ -13,13 +13,13 @@ stdenv.mkDerivation rec {
  nativeBuildInputs = [ bison flex ];
  buildInputs = [ libsepol libselinux ustr bzip2 libaudit ];

+  NIX_CFLAGS_COMPILE = "-fstack-protector-all -std=gnu89";
+
  preBuild = ''
    makeFlagsArray+=("PREFIX=$out")
    makeFlagsArray+=("DESTDIR=$out")
  '';

-  NIX_CFLAGS_COMPILE = "-fstack-protector-all -std=gnu89";
-
  meta = libsepol.meta // {
    description = "Policy management tools for SELinux";
    license = stdenv.lib.licenses.lgpl21;
--- a/pkgs/os-specific/linux/libsepol/default.nix
+++ b/pkgs/os-specific/linux/libsepol/default.nix
@ -13,6 +13,8 @@ stdenv.mkDerivation rec {

  nativeBuildInputs = [ flex ];

+  NIX_CFLAGS_COMPILE = "-fstack-protector-all";
+
  preBuild = ''
    makeFlagsArray+=("PREFIX=$out")
    makeFlagsArray+=("DESTDIR=$out")