From 07c40561791fc72fd2fc3e97aa490cd54a9b2d93 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Wed, 23 Dec 2020 01:42:11 +0100 Subject: [PATCH] gnats: format hardened flag isn't supported MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When invoking a simple Ada program with `gcc` from `gnats10`, the following warnings are shown: ``` $ gcc -c conftest.adb gnat1: warning: command-line option ‘-Wformat=1’ is valid for C/C++/ObjC/ObjC++ but not for Ada gnat1: warning: command-line option ‘-Wformat-security’ is valid for C/C++/ObjC/ObjC++ but not for Ada gnat1: warning: ‘-Werror=’ argument ‘-Werror=format-security’ is not valid for Ada $ echo $? 0 ``` This is only spammy when compiling Ada programs inside a Nix derivation, but certain configure scripts (such as the ./configure script from the gcc that's built by coreboot's `make crossgcc` command) fail entirely when getting that warning output. https://nixos.wiki/wiki/Coreboot currently suggests manually running > NIX_HARDENING_ENABLE="${NIX_HARDENING_ENABLE/ format/}" make crossgcc … but actually teaching the nixpkgs-provided cc wrapper that `format` isn't supported as a hardening flag seems to be the more canonical way to do this in nixpgks. After this, Ada programs still compile: ``` $ gcc -c conftest.adb $ echo $? 0 ``` And the compiler output is empty. --- pkgs/build-support/cc-wrapper/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index 09cef8b8678d..85d71996b397 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -437,7 +437,7 @@ stdenv.mkDerivation { '' + optionalString targetPlatform.isNetBSD '' hardening_unsupported_flags+=" stackprotector fortify" '' + optionalString cc.langAda or false '' - hardening_unsupported_flags+=" stackprotector strictoverflow" + hardening_unsupported_flags+=" format stackprotector strictoverflow" '' + optionalString cc.langD or false '' hardening_unsupported_flags+=" format" '' + optionalString targetPlatform.isWasm ''