From da0f1ac2a1c73e11443d1e2f475a83b57f7cdb95 Mon Sep 17 00:00:00 2001
From: Arnaud Mallen <arnaud.mallen@swift-nav.com>
Date: Wed, 10 Sep 2025 11:33:45 +0200
Subject: [PATCH 1/3] No stack protection

---
 cc/toolchains/llvm/cc_toolchain_config.bzl   | 1 -
 cc/toolchains/llvm20/cc_toolchain_config.bzl | 1 -
 2 files changed, 2 deletions(-)

diff --git a/cc/toolchains/llvm/cc_toolchain_config.bzl b/cc/toolchains/llvm/cc_toolchain_config.bzl
index dd9746b6..79ce9c32 100644
--- a/cc/toolchains/llvm/cc_toolchain_config.bzl
+++ b/cc/toolchains/llvm/cc_toolchain_config.bzl
@@ -44,7 +44,6 @@ def cc_toolchain_config(
         "--target=" + target_system_name,
         # Security
         "-U_FORTIFY_SOURCE",  # https://github.com/google/sanitizers/issues/247
-        "-fstack-protector",
         "-fno-omit-frame-pointer",
         # Math
         # This controls whether the compiler allows contracting floating point operations.
diff --git a/cc/toolchains/llvm20/cc_toolchain_config.bzl b/cc/toolchains/llvm20/cc_toolchain_config.bzl
index ad8d9579..ff1a3a83 100644
--- a/cc/toolchains/llvm20/cc_toolchain_config.bzl
+++ b/cc/toolchains/llvm20/cc_toolchain_config.bzl
@@ -44,7 +44,6 @@ def cc_toolchain_config(
         "--target=" + target_system_name,
         # Security
         "-U_FORTIFY_SOURCE",  # https://github.com/google/sanitizers/issues/247
-        "-fstack-protector",
         "-fno-omit-frame-pointer",
         # Math
         # This controls whether the compiler allows contracting floating point operations.

From 5b31f4f7561983e2fcd719a887829b2429bef055 Mon Sep 17 00:00:00 2001
From: Arnaud Mallen <arnaud.mallen@swift-nav.com>
Date: Wed, 10 Sep 2025 11:34:06 +0200
Subject: [PATCH 2/3] Also remove W

---
 cc/copts.bzl | 1 -
 1 file changed, 1 deletion(-)

diff --git a/cc/copts.bzl b/cc/copts.bzl
index d3e1b622..846284e1 100644
--- a/cc/copts.bzl
+++ b/cc/copts.bzl
@@ -29,7 +29,6 @@ DEFAULT_COPTS = [
     "-Wsequence-point",
     "-Wshadow",
     "-Wsign-compare",
-    "-Wstack-protector",
     "-Wswitch",
     "-Wswitch-default",
     "-Wswitch-enum",

From 193c28200ce370ce39b8df9a4e75b09004093c66 Mon Sep 17 00:00:00 2001
From: Arnaud Mallen <arnaud.mallen@swift-nav.com>
Date: Wed, 10 Sep 2025 18:19:31 +0200
Subject: [PATCH 3/3] Don't update hermetic toolchain

---
 cc/toolchains/llvm/cc_toolchain_config.bzl   | 1 +
 cc/toolchains/llvm20/cc_toolchain_config.bzl | 1 +
 2 files changed, 2 insertions(+)

diff --git a/cc/toolchains/llvm/cc_toolchain_config.bzl b/cc/toolchains/llvm/cc_toolchain_config.bzl
index 79ce9c32..dd9746b6 100644
--- a/cc/toolchains/llvm/cc_toolchain_config.bzl
+++ b/cc/toolchains/llvm/cc_toolchain_config.bzl
@@ -44,6 +44,7 @@ def cc_toolchain_config(
         "--target=" + target_system_name,
         # Security
         "-U_FORTIFY_SOURCE",  # https://github.com/google/sanitizers/issues/247
+        "-fstack-protector",
         "-fno-omit-frame-pointer",
         # Math
         # This controls whether the compiler allows contracting floating point operations.
diff --git a/cc/toolchains/llvm20/cc_toolchain_config.bzl b/cc/toolchains/llvm20/cc_toolchain_config.bzl
index ff1a3a83..ad8d9579 100644
--- a/cc/toolchains/llvm20/cc_toolchain_config.bzl
+++ b/cc/toolchains/llvm20/cc_toolchain_config.bzl
@@ -44,6 +44,7 @@ def cc_toolchain_config(
         "--target=" + target_system_name,
         # Security
         "-U_FORTIFY_SOURCE",  # https://github.com/google/sanitizers/issues/247
+        "-fstack-protector",
         "-fno-omit-frame-pointer",
         # Math
         # This controls whether the compiler allows contracting floating point operations.