movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

cc-wrapper, clang: use new mechanism to selectively unsupport zerocallusedregs

Browse source 
this allows a compiler derivation to provide a
hardeningUnsupportedFlagsByTargetPlatform passthru attr
that will be called with the targetPlatform to determine
the unsupported hardening flags for that platform.

we can do this because even though a clang compiler is
multi-target by nature, cc-wrapper effectively fixes the
target platform at wrapping time. otherwise we'd have to
sniff the intended target at runtime, which wouldn't
be fun at all.

the advantage of using a new attribute instead of
allowing hardeningUnsupportedFlags to optionally be a
function is that hardeningUnsupportedFlags retains its
simple overriding pattern for simple cases (i.e.
  `(prev.hardeningUnsupportedFlags or []) ++ [ "foo" ]`
) which will continue to work as long as the bottom-most
function of hardeningUnsupportedFlagsByTargetPlatform
falls back to hardeningUnsupportedFlags.
This commit is contained in:
Robert Scott 2023-12-17 14:04:44 +00:00
parent e79c133858
commit 506ec38e7f
5 changed files with 26 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

11
pkgs/build-support/cc-wrapper/default.nix
View file

@ -223,6 +223,15 @@ let
defaultHardeningFlags = bintools.defaultHardeningFlags or []; defaultHardeningFlags = bintools.defaultHardeningFlags or [];
# if cc.hardeningUnsupportedFlagsByTargetPlatform exists, this is
# called with the targetPlatform as an argument and
# cc.hardeningUnsupportedFlags is completely ignored - the function
# is responsible for including the constant hardeningUnsupportedFlags
# list however it sees fit.
ccHardeningUnsupportedFlags = if cc ? hardeningUnsupportedFlagsByTargetPlatform
then cc.hardeningUnsupportedFlagsByTargetPlatform targetPlatform
else (cc.hardeningUnsupportedFlags or []);
darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin ( darwinPlatformForCC = optionalString stdenv.targetPlatform.isDarwin (
if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx" if (targetPlatform.darwinPlatform == "macos" && isGNU) then "macosx"
else targetPlatform.darwinPlatform else targetPlatform.darwinPlatform
@ -584,7 +593,7 @@ stdenv.mkDerivation {
## Hardening support ## Hardening support
## ##
+ '' + ''
export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}" export hardening_unsupported_flags="${builtins.concatStringsSep " " ccHardeningUnsupportedFlags}"
'' ''
# Machine flags. These are necessary to support # Machine flags. These are necessary to support

7
pkgs/development/compilers/llvm/15/clang/default.nix
View file

@ -7,7 +7,7 @@
}: }:
let let
self = stdenv.mkDerivation (rec { self = stdenv.mkDerivation (finalAttrs: rec {
pname = "clang"; pname = "clang";
inherit version; inherit version;
@ -99,9 +99,10 @@ let
isClang = true; isClang = true;
hardeningUnsupportedFlags = [ hardeningUnsupportedFlags = [
"fortify3" "fortify3"
# supported on x86_64/aarch64 only
"zerocallusedregs"
]; ];
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
}; };
meta = llvm_meta // { meta = llvm_meta // {

7
pkgs/development/compilers/llvm/16/clang/default.nix
View file

@ -7,7 +7,7 @@
}: }:
let let
self = stdenv.mkDerivation (rec { self = stdenv.mkDerivation (finalAttrs: rec {
pname = "clang"; pname = "clang";
inherit version; inherit version;
@ -93,9 +93,10 @@ let
isClang = true; isClang = true;
hardeningUnsupportedFlags = [ hardeningUnsupportedFlags = [
"fortify3" "fortify3"
# supported on x86_64/aarch64 only
"zerocallusedregs"
]; ];
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
}; };
meta = llvm_meta // { meta = llvm_meta // {

7
pkgs/development/compilers/llvm/17/clang/default.nix
View file

@ -7,7 +7,7 @@
}: }:
let let
self = stdenv.mkDerivation (rec { self = stdenv.mkDerivation (finalAttrs: rec {
pname = "clang"; pname = "clang";
inherit version; inherit version;
@ -97,9 +97,10 @@ let
isClang = true; isClang = true;
hardeningUnsupportedFlags = [ hardeningUnsupportedFlags = [
"fortify3" "fortify3"
# supported on x86_64/aarch64 only
"zerocallusedregs"
]; ];
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
}; };
meta = llvm_meta // { meta = llvm_meta // {

7
pkgs/development/compilers/llvm/git/clang/default.nix
View file

@ -7,7 +7,7 @@
}: }:
let let
self = stdenv.mkDerivation (rec { self = stdenv.mkDerivation (finalAttrs: rec {
pname = "clang"; pname = "clang";
inherit version; inherit version;
@ -97,9 +97,10 @@ let
isClang = true; isClang = true;
hardeningUnsupportedFlags = [ hardeningUnsupportedFlags = [
"fortify3" "fortify3"
# supported on x86_64/aarch64 only
"zerocallusedregs"
]; ];
hardeningUnsupportedFlagsByTargetPlatform = targetPlatform:
lib.optional (!(targetPlatform.isx86_64 || targetPlatform.isAarch64)) "zerocallusedregs"
++ (finalAttrs.passthru.hardeningUnsupportedFlags or []);
}; };
meta = llvm_meta // { meta = llvm_meta // {