From 6d9769663d3719b1d388644e9edb55771b5c84f0 Mon Sep 17 00:00:00 2001
From: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
Date: Sat, 16 Sep 2017 17:54:17 -0400
Subject: [PATCH] cc-wrapper: allow compilers to specify unsupported hardening
 modes

Fixes: 0fd7ef61b2 ('clang_34: Disable hardening bits (#28543)')
---
 pkgs/build-support/cc-wrapper/default.nix      | 2 +-
 pkgs/development/compilers/gcc/4.5/default.nix | 7 +++++--
 pkgs/development/compilers/gcc/4.8/default.nix | 7 +++++--
 pkgs/development/compilers/llvm/3.4/clang.nix  | 1 +
 pkgs/top-level/all-packages.nix                | 8 +-------
 5 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix
index 218e9f6b957f..73d6fb3e368b 100644
--- a/pkgs/build-support/cc-wrapper/default.nix
+++ b/pkgs/build-support/cc-wrapper/default.nix
@@ -292,7 +292,7 @@ stdenv.mkDerivation {
       ## Hardening support
       ##
 
-      export hardening_unsupported_flags=""
+      export hardening_unsupported_flags="${builtins.concatStringsSep " " (cc.hardeningUnsupportedFlags or [])}"
     ''
 
     + optionalString hostPlatform.isCygwin ''
diff --git a/pkgs/development/compilers/gcc/4.5/default.nix b/pkgs/development/compilers/gcc/4.5/default.nix
index 36fde924e9b9..a29f856a6cc1 100644
--- a/pkgs/development/compilers/gcc/4.5/default.nix
+++ b/pkgs/development/compilers/gcc/4.5/default.nix
@@ -422,8 +422,11 @@ stdenv.mkDerivation ({
       "-Wl,${libpthreadCross.TARGET_LDFLAGS}"
     ]);
 
-  passthru = { inherit langC langCC langAda langFortran langVhdl
-      enableMultilib version; isGNU = true; };
+  passthru = {
+    inherit langC langCC langAda langFortran langVhdl enableMultilib version;
+    isGNU = true;
+    hardeningUnsupportedFlags = [ "stackprotector" ];
+  };
 
   enableParallelBuilding = !langAda;
 
diff --git a/pkgs/development/compilers/gcc/4.8/default.nix b/pkgs/development/compilers/gcc/4.8/default.nix
index e626abc50d14..162da9e0613b 100644
--- a/pkgs/development/compilers/gcc/4.8/default.nix
+++ b/pkgs/development/compilers/gcc/4.8/default.nix
@@ -507,8 +507,11 @@ stdenv.mkDerivation ({
       "-Wl,${libpthreadCross.TARGET_LDFLAGS}"
     ]);
 
-  passthru =
-    { inherit langC langCC langObjC langObjCpp langAda langFortran langVhdl langGo version; isGNU = true; };
+  passthru = {
+    inherit langC langCC langObjC langObjCpp langAda langFortran langVhdl langGo version;
+    isGNU = true;
+    hardeningUnsupportedFlags = [ "stackprotector" ];
+  };
 
   inherit enableParallelBuilding enableMultilib;
 
diff --git a/pkgs/development/compilers/llvm/3.4/clang.nix b/pkgs/development/compilers/llvm/3.4/clang.nix
index 741ecc3856f8..10510c750354 100644
--- a/pkgs/development/compilers/llvm/3.4/clang.nix
+++ b/pkgs/development/compilers/llvm/3.4/clang.nix
@@ -39,6 +39,7 @@ stdenv.mkDerivation {
     # GCC_INSTALL_PREFIX points here, so just use it even though it may not
     # actually be a gcc
     gcc = stdenv.cc.cc;
+    hardeningUnsupportedFlags = [ "stackprotector" ];
   };
 
   enableParallelBuilding = true;
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index ff92151ee450..80a2dfe2780c 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -5543,13 +5543,7 @@ with pkgs;
   clang_38 = llvmPackages_38.clang;
   clang_37 = llvmPackages_37.clang;
   clang_35 = wrapCC llvmPackages_35.clang;
-  clang_34 = (wrapCC llvmPackages_34.clang).override {
-    # Default cc-wrapper's hardening flags don't work with clang-3.4,
-    # so just remove it entirely for this wrapper.
-    extraBuildCommands = ''
-    :> $out/nix-support/add-hardening.sh
-    '';
-  };
+  clang_34 = wrapCC llvmPackages_34.clang;
 
   clang-tools = callPackage ../development/tools/clang-tools { };