This reverts commit 41af38f3728bd64b80721c44ed1fb019978cbc1b, reversing
changes made to f0fec244ca380b9d3e617ee7b419c59758c8b0f1.
Let's delay this. We have some serious regressions.
Some packages don’t work correctly with pie. Here I disable it for:
- busybox
- linux kernel
- kexectools
I also get rid of the Musl conditional for disabling pie in GCC and
Binutils. Some day we might want to enable PIE without Musl and it
will be useful to have the *just* work with our compiler and linkers.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/kexec-tools/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/fs7vc5d6vw26v0502smh2dhg6390d1za-kexec-tools-2.0.17/bin/kexec -h’ got 0 exit code
- ran ‘/nix/store/fs7vc5d6vw26v0502smh2dhg6390d1za-kexec-tools-2.0.17/bin/kexec --help’ got 0 exit code
- ran ‘/nix/store/fs7vc5d6vw26v0502smh2dhg6390d1za-kexec-tools-2.0.17/bin/kexec -v’ and found version 2.0.17
- ran ‘/nix/store/fs7vc5d6vw26v0502smh2dhg6390d1za-kexec-tools-2.0.17/bin/kexec --version’ and found version 2.0.17
- found 2.0.17 with grep in /nix/store/fs7vc5d6vw26v0502smh2dhg6390d1za-kexec-tools-2.0.17
- directory tree listing: https://gist.github.com/892a831f872f6ec59c936b89b0bd6aa6
The isKexecable flag treated Linux without kexec as just a normal
variant, when it really should be treated as a special case incurring
complexity debt to support.
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
This will probably be mandatory soon, and is a step in the right
direction. Removes the deprecated meta.version, and move some meta
sections to the end of the file where I should have put them in
the first place.