[Nix-dev] Hardening flags enabled by default
Franz Pletz
fpletz at fnordicwalking.de
Mon Aug 22 13:31:58 CEST 2016
Hi,
yesterday the hardening-stdenv branch was merged to staging and is
slated to hit master soon. Here is the pull requests with lots of
comments: https://github.com/NixOS/nixpkgs/pull/12895
This is a work globin and myself did for the last 6 months. We have
been running that branch on our laptops and on production servers for
months now and fixed many compilation and runtime errors in the
process. We think it is ready now and should be included in he upcoming
16.09 release.
For background information and how to fix your packages if they fail
now (i.e. runtime errors we didn't catch), we have written documentation
that is available in the nixpkgs manual:
https://hydra.nixos.org/build/38504599/download/1/nixpkgs/manual.html#sec-hardening-in-nixpkgs
If you package new software and encounter unexpected compiler errors,
chances are you hit some problem with a hardening flag. In the manual
you will find the compiler errors we have encountered most of the time
for every hardening flag.
Should you encounter problems or have any other issues with the
hardening flags, please open an issue in the nixpkgs repo and ping
@globin and @fpletz. We have to fix those before 16.09. ;)
Cheers,
Franz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160822/588794d0/attachment.sig>
More information about the nix-dev
mailing list