Skip to content

gnum4: unconditionally disable format hardening#418934

Merged
alyssais merged 1 commit intoNixOS:stagingfrom
alyssais:gnum4-musl
Jun 28, 2025
Merged

gnum4: unconditionally disable format hardening#418934
alyssais merged 1 commit intoNixOS:stagingfrom
alyssais:gnum4-musl

Conversation

@alyssais
Copy link
Member

@alyssais alyssais commented Jun 22, 2025

The use of hardeningDisable was incomplete, as it also affected musl and probably other configurations. Regardless, it's better to actually fix the issue than ignoring it, especially because it's difficult to notice in future when hardeningDisable entries are no longer necessary.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • Nixpkgs 25.11 Release Notes (or backporting 24.11 and 25.05 Nixpkgs Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
  • NixOS 25.11 Release Notes (or backporting 24.11 and 25.05 NixOS Release notes)
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other contributing documentation in corresponding paths.

Add a 👍 reaction to pull requests you find important.

@alyssais alyssais requested a review from pbsds June 22, 2025 08:36
@alyssais alyssais mentioned this pull request Jun 22, 2025
Merged
13 tasks
@github-actions github-actions bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Jun 22, 2025
@github-actions github-actions bot added the 12.approvals: 1 This PR was reviewed and approved by one person. label Jun 22, 2025
@alyssais
Copy link
Member Author

alyssais commented Jun 23, 2025

Hmm, this doesn't seem to work on Darwin.

@emilazy
Copy link
Member

emilazy commented Jun 27, 2025
edited
Loading 

  CC       libm4_a-clean-temp.o
  CC       libm4_a-clean-temp-simple.o
clean-temp.c:235:14: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
  234 |       error (0, errno,
      |       ~~~~~~~~~~~~~~~~
  235 |              _("cannot find a temporary directory, try setting $TMPDIR"));
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
clean-temp.c:69:18: note: expanded from macro '_'
   69 | #define _(msgid) dgettext ("gnulib", msgid)
      |                  ^
./gettext.h:94:39: note: expanded from macro 'dgettext'
   94 | #  define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
      |                                       ^
./error.h:496:39: note: expanded from macro 'error'
  496 |       __gl_error_call (error, status, __VA_ARGS__)
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
./error.h:432:44: note: expanded from macro '__gl_error_call'
  432 |      ? __gl_error_call1 (function, status, __VA_ARGS__)         \
      |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
./error.h:421:26: note: expanded from macro '__gl_error_call1'
  421 |     ((function) (status, __VA_ARGS__), \
      |                          ^~~~~~~~~~~
clean-temp.c:235:14: note: treat the string as an argument to avoid this
  235 |              _("cannot find a temporary directory, try setting $TMPDIR"));
      |              ^
      |              "%s",
clean-temp.c:69:18: note: expanded from macro '_'
   69 | #define _(msgid) dgettext ("gnulib", msgid)
      |                  ^
./gettext.h:94:39: note: expanded from macro 'dgettext'
   94 | #  define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
      |                                       ^
./error.h:496:39: note: expanded from macro 'error'
  496 |       __gl_error_call (error, status, __VA_ARGS__)
      |                                       ^
./error.h:432:44: note: expanded from macro '__gl_error_call'
  432 |      ? __gl_error_call1 (function, status, __VA_ARGS__)         \
      |                                            ^
./error.h:421:26: note: expanded from macro '__gl_error_call1'
  421 |     ((function) (status, __VA_ARGS__), \
      |                          ^
clean-temp.c:235:14: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
234 |       error (0, errno,
      |       ~~~~~~~~~~~~~~~~
  235 |              _("cannot find a temporary directory, try setting $TMPDIR"));
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
clean-temp.c:69:18: note: expanded from macro '_'
   69 | #define _(msgid) dgettext ("gnulib", msgid)
      |                  ^
./gettext.h:94:39: note: expanded from macro 'dgettext'
   94 | #  define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
      |                                       ^
./error.h:496:39: note: expanded from macro 'error'
  496 |       __gl_error_call (error, status, __VA_ARGS__)
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
./error.h:436:51: note: expanded from macro '__gl_error_call'
  436 |          __gl_error_call1 (function, __errstatus, __VA_ARGS__); \
      |          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
./error.h:421:26: note: expanded from macro '__gl_error_call1'
  421 |     ((function) (status, __VA_ARGS__), \
      |                          ^~~~~~~~~~~
clean-temp.c:235:14: note: treat the string as an argument to avoid this
  235 |              _("cannot find a temporary directory, try setting $TMPDIR"));
      |              ^
      |              "%s",
clean-temp.c:69:18: note: expanded from macro '_'
   69 | #define _(msgid) dgettext ("gnulib", msgid)
      |                  ^
./gettext.h:94:39: note: expanded from macro 'dgettext'
   94 | #  define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
      |                                       ^
./error.h:496:39: note: expanded from macro 'error'
  496 |       __gl_error_call (error, status, __VA_ARGS__)
      |                                       ^
./error.h:436:51: note: expanded from macro '__gl_error_call'
  436 |          __gl_error_call1 (function, __errstatus, __VA_ARGS__); \
      |                                                   ^
./error.h:421:26: note: expanded from macro '__gl_error_call1'
  421 |     ((function) (status, __VA_ARGS__), \
      |                          ^

I don’t know why they’re excluding Clang here or really what on earth they’re doing in general but I can confirm that it does not work on Darwin.

@alyssais
Copy link
Member Author

alyssais commented Jun 27, 2025

So seems like we still need hardeningDisable for Clang (not necessarily Darwin). Updated.

@alyssais
Copy link
Member Author

alyssais commented Jun 27, 2025

Well, given that checking what compiler we're using causes infinite recursion (at least until #365057), I think unconditionally disabling format hardening is actually the best we can do :(

@alyssais alyssais changed the title gnum4: backport upstream fix for format security gnum4: unconditionally disable format hardening Jun 27, 2025
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. and removed 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. labels Jun 27, 2025
@alyssais alyssais merged commit 6e8f000 into NixOS:staging Jun 28, 2025
27 of 29 checks passed
@alyssais alyssais deleted the gnum4-musl branch June 28, 2025 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pbsds pbsds Awaiting requested review from pbsds

1 more reviewer

@trofi trofi trofi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

10.rebuild-darwin: 1-10 This PR causes between 1 and 10 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux-stdenv This PR causes stdenv to rebuild on Linux and must target a staging branch. 12.approvals: 1 This PR was reviewed and approved by one person.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alyssais @emilazy @trofi