From 631c09bbe5946ca0e1b5a58f0ad37b7616481616 Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Fri, 26 Feb 2016 17:26:03 +0000
Subject: [PATCH] checksec: clean up

---
 pkgs/os-specific/linux/checksec/default.nix | 9 ++++-----
 pkgs/tools/networking/ntp/default.nix       | 2 ++
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkgs/os-specific/linux/checksec/default.nix b/pkgs/os-specific/linux/checksec/default.nix
index b423dc3a0862..5752bbb72bc4 100644
--- a/pkgs/os-specific/linux/checksec/default.nix
+++ b/pkgs/os-specific/linux/checksec/default.nix
@@ -3,6 +3,7 @@
 stdenv.mkDerivation rec {
   name = "checksec-${version}";
   version = "1.5";
+
   src = fetchurl {
     url    = "http://www.trapkit.de/tools/checksec.sh";
     sha256 = "0iq9v568mk7g7ksa1939g5f5sx7ffq8s8n2ncvphvlckjgysgf3p";
@@ -11,9 +12,9 @@ stdenv.mkDerivation rec {
   patches = [ ./0001-attempt-to-modprobe-config-before-checking-kernel.patch ];
 
   unpackPhase = ''
-    mkdir ${name}-${version}
-    cp $src ${name}-${version}/checksec.sh
-    cd ${name}-${version}
+    mkdir ${name}
+    cp $src ${name}/checksec.sh
+    cd ${name}
   '';
 
   installPhase = ''
@@ -32,8 +33,6 @@ stdenv.mkDerivation rec {
     substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -"
   '';
 
-  phases = "unpackPhase patchPhase installPhase";
-
   meta = {
     description = "A tool for checking security bits on executables";
     homepage    = "http://www.trapkit.de/tools/checksec.html";
diff --git a/pkgs/tools/networking/ntp/default.nix b/pkgs/tools/networking/ntp/default.nix
index 8a23eeb60f4f..4e1e8931f0ad 100644
--- a/pkgs/tools/networking/ntp/default.nix
+++ b/pkgs/tools/networking/ntp/default.nix
@@ -19,6 +19,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ autoreconfHook ];
   buildInputs = [ libcap openssl ];
 
+  hardening_pie = true;
+
   postInstall = ''
     rm -rf $out/share/doc
   '';