stdenv: Fix hardening default for pkgsMusl to reenable -pie

defaultHardeningFlags is set to enable pie for Musl, but is not actually used because the default is never put into NIX_HARDENING_ENABLE. That still works for cases other than Musl only because NIX_HARDENING_ENABLE is defaulted in the binutils and cc-wrapper setup-hook.sh scripts.
samueldr · Oct 25, 2020 · 4e9dc46 · 4e9dc46
1 parent b6b09ac
commit 4e9dc46
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
@@ -276,7 +276,7 @@ in rec {
           in [ "--cross-file=${crossFile}" ] ++ mesonFlags;
         } // lib.optionalAttrs (attrs.enableParallelBuilding or false) {
           enableParallelChecking = attrs.enableParallelChecking or true;
-        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != []) {
+        } // lib.optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) {
           NIX_HARDENING_ENABLE = enabledHardeningOptions;
         } // lib.optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? platform.gcc.arch) {
           requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.platform.gcc.arch}" ];