Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mkDerivation: fix hardening flags check #28806

Merged
merged 1 commit into from Sep 1, 2017
Merged

mkDerivation: fix hardening flags check #28806

merged 1 commit into from Sep 1, 2017

Conversation

orivej
Copy link
Contributor

@orivej orivej commented Sep 1, 2017

Motivation for this change
  • allow "all" in hardeningDisable
  • fix busybox flags
  • print detailed error message

Discussed at #28555 (comment)

@mention-bot
Copy link

@orivej, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @Ericson2314 and @wkennington to be potential reviewers.

@orivej
Copy link
Contributor Author

orivej commented Sep 1, 2017
edited

The error message now looks like:

error: evaluation aborted with the following error message: ‘mkDerivation was called with unsupported hardening flags: { "erroneousHardeningFlags" = [ [ "fortify" ] ]; "hardeningDisable" = [ "format" [ "fortify" ] ]; "hardeningEnable" = [ ]; "supportedHardeningFlags" = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; }’
(use ‘--show-trace’ to show detailed location information)

@orivej
mkDerivation: fix hardening flags check
d70006c 
- allow "all" in hardeningDisable
- fix busybox flags
- print detailed error message

Discussed at NixOS#28555 (comment)
@Ericson2314 Ericson2314 merged commit 0cdbd2d into NixOS:staging Sep 1, 2017
layus
layus reviewed Sep 1, 2017
View reviewed changes
pkgs/stdenv/generic/make-derivation.nix
let
supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orivej It would be nice to add a comment about why you special-case "all". It took me a while to understand that "all" is only allowed in disable flags.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, bundled it with #28799: 818be0b

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks !

@Ericson2314 Ericson2314 added this to the 17.09 milestone Sep 1, 2017
@Ericson2314 Ericson2314 added the 9.needs: port to stable A PR needs a backport to the stable release. label Sep 1, 2017
orivej added a commit to orivej/nixpkgs that referenced this pull request Sep 3, 2017
@orivej
mkDerivation: explain "all" in hardeningDisable
447240b 
NixOS#28806 (comment)
@orivej orivej deleted the mkDerivation branch September 3, 2017 14:46
@Ericson2314 Ericson2314 added the 8.has: port to stable A PR already has a backport to the stable release. label Sep 3, 2017
Ericson2314 pushed a commit that referenced this pull request Sep 3, 2017
@orivej @Ericson2314
mkDerivation: explain "all" in hardeningDisable
ffb2b66 
#28806 (comment)
(cherry picked from commit 447240b)
@samueldr samueldr removed the 9.needs: port to stable A PR needs a backport to the stable release. label Apr 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@layus layus layus left review comments

@Ericson2314 Ericson2314 Ericson2314 approved these changes

Assignees
No one assigned
Labels
8.has: port to stable A PR already has a backport to the stable release.
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@orivej @mention-bot @layus @Ericson2314 @samueldr