mkDerivation: explain "all" in hardeningDisable

#28806 (comment) (cherry picked from commit 447240b)
NixOS · Sep 3, 2017 · ffb2b66 · ffb2b66
1 parent fb1a440
commit ffb2b66
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix
@@ -49,6 +49,7 @@ rec {
     # TODO(@Ericson2314): Make this more modular, and not O(n^2).
     let
       supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
+      # hardeningDisable additionally supports "all".
       erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable);
     in if builtins.length erroneousHardeningFlags != 0
     then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} {