mkDerivation: explain "all" in hardeningDisable

https://github.com/NixOS/nixpkgs/pull/28806#discussion_r136516276
This commit is contained in:
Orivej Desh 2017-09-01 09:58:19 +00:00
parent 3980abe191
commit 447240b19f

View File

@ -49,6 +49,7 @@ rec {
# TODO(@Ericson2314): Make this more modular, and not O(n^2). # TODO(@Ericson2314): Make this more modular, and not O(n^2).
let let
supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ]; supportedHardeningFlags = [ "fortify" "stackprotector" "pie" "pic" "strictoverflow" "format" "relro" "bindnow" ];
# hardeningDisable additionally supports "all".
erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable); erroneousHardeningFlags = lib.subtractLists supportedHardeningFlags (hardeningEnable ++ lib.remove "all" hardeningDisable);
in if builtins.length erroneousHardeningFlags != 0 in if builtins.length erroneousHardeningFlags != 0
then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} { then abort ("mkDerivation was called with unsupported hardening flags: " + lib.generators.toPretty {} {