From cfffac2a904fb717b4843d6f9378ef3f3010a47e Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Sat, 27 Feb 2016 11:50:34 +0000 Subject: [PATCH] postfix: use hardening flags from stdenv --- pkgs/servers/mail/postfix/2.11.nix | 5 ++--- pkgs/servers/mail/postfix/3.0.nix | 5 +++-- pkgs/servers/mail/postfix/default.nix | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/mail/postfix/2.11.nix b/pkgs/servers/mail/postfix/2.11.nix index 7c936bf12446..f2f155cbf3f3 100644 --- a/pkgs/servers/mail/postfix/2.11.nix +++ b/pkgs/servers/mail/postfix/2.11.nix @@ -36,9 +36,8 @@ stdenv.mkDerivation rec { export sendmail_path=$out/bin/sendmail make makefiles \ - CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl \ - -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' \ - AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl -pie -Wl,-z,relro,-z,now' + CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' \ + AUXLIBS='-ldb -lnsl -lresolv -lsasl2 -lcrypto -lssl' ''; installTargets = [ "non-interactive-package" ]; diff --git a/pkgs/servers/mail/postfix/3.0.nix b/pkgs/servers/mail/postfix/3.0.nix index 9ea151e597bb..8f102c330ddb 100644 --- a/pkgs/servers/mail/postfix/3.0.nix +++ b/pkgs/servers/mail/postfix/3.0.nix @@ -9,12 +9,11 @@ let ccargs = lib.concatStringsSep " " ([ "-DUSE_TLS" "-DUSE_SASL_AUTH" "-DUSE_CYRUS_SASL" "-I${cyrus_sasl}/include/sasl" "-DHAS_DB_BYPASS_MAKEDEFS_CHECK" - "-fPIE" "-fstack-protector-all" "--param" "ssp-buffer-size=4" "-O2" "-D_FORTIFY_SOURCE=2" ] ++ lib.optional withPgSQL "-DHAS_PGSQL" ++ lib.optionals withMySQL [ "-DHAS_MYSQL" "-I${libmysql}/include/mysql" ] ++ lib.optional withSQLite "-DHAS_SQLITE"); auxlibs = lib.concatStringsSep " " ([ - "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" "-pie" "-Wl,-z,relro,-z,now" + "-ldb" "-lnsl" "-lresolv" "-lsasl2" "-lcrypto" "-lssl" ] ++ lib.optional withPgSQL "-lpq" ++ lib.optional withMySQL "-lmysqlclient" ++ lib.optional withSQLite "-lsqlite3"); @@ -37,6 +36,8 @@ in stdenv.mkDerivation rec { patches = [ ./postfix-script-shell.patch ./postfix-3.0-no-warnings.patch ./post-install-script.patch ]; + hardening_pie = true; + preBuild = '' sed -e '/^PATH=/d' -i postfix-install sed -e "s|@PACKAGE@|$out|" -i conf/post-install diff --git a/pkgs/servers/mail/postfix/default.nix b/pkgs/servers/mail/postfix/default.nix index 578453c8c56f..42355b46021d 100644 --- a/pkgs/servers/mail/postfix/default.nix +++ b/pkgs/servers/mail/postfix/default.nix @@ -15,6 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [db openssl cyrus_sasl bison perl]; hardening_format = false; + hardening_pie = true; patches = [ ./postfix-2.2.9-db.patch @@ -41,7 +42,7 @@ stdenv.mkDerivation rec { export sample_directory=$out/share/postfix/doc/samples export readme_directory=$out/share/postfix/doc - make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl -fPIE -fstack-protector-all --param ssp-buffer-size=4 -O2 -D_FORTIFY_SOURCE=2' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl -pie -Wl,-z,relro,-z,now' + make makefiles CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I${cyrus_sasl}/include/sasl' AUXLIBS='-lssl -lcrypto -lsasl2 -ldb -lnsl' ''; installPhase = ''