diff --git a/pkgs/stdenv/generic/make-derivation.nix b/pkgs/stdenv/generic/make-derivation.nix index b2b6576c4acd7..d4d5ee46638a5 100644 --- a/pkgs/stdenv/generic/make-derivation.nix +++ b/pkgs/stdenv/generic/make-derivation.nix @@ -413,7 +413,7 @@ else let enableParallelChecking = attrs.enableParallelChecking or true; enableParallelInstalling = attrs.enableParallelInstalling or true; } // optionalAttrs (hardeningDisable != [] || hardeningEnable != [] || stdenv.hostPlatform.isMusl) { - NIX_HARDENING_ENABLE = enabledHardeningOptions; + NIX_HARDENING_ENABLE = builtins.concatStringsSep " " enabledHardeningOptions; } // optionalAttrs (stdenv.hostPlatform.isx86_64 && stdenv.hostPlatform ? gcc.arch) { requiredSystemFeatures = attrs.requiredSystemFeatures or [] ++ [ "gccarch-${stdenv.hostPlatform.gcc.arch}" ]; } // optionalAttrs (stdenv.buildPlatform.isDarwin) ( diff --git a/pkgs/test/cc-wrapper/hardening.nix b/pkgs/test/cc-wrapper/hardening.nix index 270e9a2e87616..fb30d17841e3d 100644 --- a/pkgs/test/cc-wrapper/hardening.nix +++ b/pkgs/test/cc-wrapper/hardening.nix @@ -178,6 +178,13 @@ in nameDrvAfterAttrName ({ ignorePie = false; }); + pieExplicitEnabledStructuredAttrs = brokenIf stdenv.hostPlatform.isStatic (checkTestBin (f2exampleWithStdEnv stdenv { + hardeningEnable = [ "pie" ]; + __structuredAttrs = true; + }) { + ignorePie = false; + }); + relROExplicitEnabled = checkTestBin (f2exampleWithStdEnv stdenv { hardeningEnable = [ "relro" ]; }) {