mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-26 11:06:44 +03:00
b6876d5c86
PIE causes problems with static binaries on ARM (see 76552e9). It is
enabled by default on other platforms anyway when musl is used, so we
don't need to specify it manually.
20 lines
596 B
Nix
20 lines
596 B
Nix
{ stdenv, unsecvars, linuxHeaders, sourceProg, debug ? false }:
|
|
# For testing:
|
|
# $ nix-build -E 'with import <nixpkgs> {}; pkgs.callPackage ./wrapper.nix { parentWrapperDir = "/run/wrappers"; debug = true; }'
|
|
stdenv.mkDerivation {
|
|
name = "security-wrapper";
|
|
buildInputs = [ linuxHeaders ];
|
|
dontUnpack = true;
|
|
CFLAGS = [
|
|
''-DSOURCE_PROG="${sourceProg}"''
|
|
] ++ (if debug then [
|
|
"-Werror" "-Og" "-g"
|
|
] else [
|
|
"-Wall" "-O2"
|
|
]);
|
|
dontStrip = debug;
|
|
installPhase = ''
|
|
mkdir -p $out/bin
|
|
$CC $CFLAGS ${./wrapper.c} -I${unsecvars} -o $out/bin/security-wrapper
|
|
'';
|
|
}
|