-
-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mkDerivation: fix hardening flags check #28806
Conversation
@orivej, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @Ericson2314 and @wkennington to be potential reviewers. |
The error message now looks like:
|
- allow "all" in hardeningDisable - fix busybox flags - print detailed error message Discussed at NixOS#28555 (comment)
let | ||
supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@orivej It would be nice to add a comment about why you special-case "all". It took me a while to understand that "all" is only allowed in disable flags.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks !
#28806 (comment) (cherry picked from commit 447240b)
Motivation for this change
Discussed at #28555 (comment)