C: Difference between revisions
imported from old wiki |
Widlarizer (talk | contribs) m Link to Debug Symbols page |
||
| (One intermediate revision by one other user not shown) | |||
| Line 103: | Line 103: | ||
== Hardening flags == | == Hardening flags == | ||
To improve the security of applications the wrapper also injects additional hardening compile flags into the application. | To improve the security of applications the wrapper also injects additional hardening compile flags into the application. These nix flags enable different compiler flags, as seen in the [https://nixos.org/nixpkgs/manual/#sec-hardening-in-nixpkgs manual]. | ||
Under some circumstances this can make programs fail to build or function. | Under some circumstances this can make programs fail to build or function. For example, the `fortify` flag enables the `-O2` optimization level -- if you want to change this, you need to disable the `fortify` flag and re-add the compiler flags manually (`env.NIX_CFLAGS_COMPILE = [ "-O" "....."]`). | ||
To disable all hardening options one can export the environment variable <code>hardeningDisable="all"</code>. | To disable all hardening options one can export the environment variable <code>hardeningDisable="all"</code>. | ||
This also works for derivations like that: | This also works for derivations like that: | ||
| Line 238: | Line 238: | ||
== Debug symbols == | == Debug symbols == | ||
See also: [[Debug Symbols]] | |||
By default debug symbols are stripped of in the fixup phase of a package build. | By default debug symbols are stripped of in the fixup phase of a package build. | ||