Mar 22, 2022, 19:06 by zimon.touto...@gmail.com: > Hi, > > (Although you know :) please keep CC guix-devel.) > Will remember to CC guix-devel next time.
> On Tue, 22 Mar 2022 at 18:23, kias...@tutanota.com wrote: > >>> --8<---------------cut here---------------start------------->8--- >>> (define (make-gcc-hardened gcc) >>> (package >>> (inherit gcc) >>> (arguments >>> (substitute-keyword-arguments (package-arguments gcc) >>> ((#:configure-flags flags >>> `(append (list "--enable-default-ssp" "--enable-default-pie") >>> ,flags))))))) >>> >>> (define-public gcc-hardened >>> (make-gcc-hardened gcc)) >>> --8<---------------cut here---------------end--------------->8--- >>> > > [...] > >> >> I get an error when I build with guix, if you could help find it that >> would be great. >> >> % ./pre-inst-env guix build -f hardened.scm >> /home/kiasoc5/build/guix-notes/hardening/hardened.scm:11:10: error: >> (substitute-keyword-arguments (package-arguments gcc) ((#:configure-flags flags >> (quasiquote (append (list "--enable-default-ssp" "--enable-default-pie") >> (unquote flags)))))): source expression failed to match any pattern >> > > That’s because a typo. :-) > Silly me, thanks for the catch. I'll let you know how the hardened gcc goes. > ((#:configure-flags flags > ^missing closing parenthesis. Well, it looks like: > > --8<---------------cut here---------------start------------->8--- > (use-modules (gnu) > (guix) > (guix packages)) > > (use-package-modules gcc) > > (define (make-gcc-hardened gcc) > (package > (inherit gcc) > (arguments > (substitute-keyword-arguments (package-arguments gcc) > ((#:configure-flags flags) > `(append (list "--enable-default-ssp" > "--enable-default-pie") > ,flags)))))) > > (define-public gcc-hardened > (make-gcc-hardened gcc)) > > gcc-hardened > --8<---------------cut here---------------end--------------->8--- > > Then, this command > > guix build -f hardened.scm -n > > returns: > > --8<---------------cut here---------------start------------->8--- > substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% > substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... > 100.0% > The following derivation would be built: > /gnu/store/3i6i3pqr5r7l1568b3hswbgych974aqw-gcc-10.3.0.drv > 81.4 MB would be downloaded: > /gnu/store/7vrx4p62bkmxzrxwqdc4il9hqyh1yngh-libstdc++-10.3.0 > /gnu/store/i459ksarhxysqb8gxa8hq6phl13d0q4a-libstdc++-headers-10.3.0 > /gnu/store/d3js6699lc1p0sw7p0dkafi0cn33sig6-gcc-10.3.0.tar.xz > --8<---------------cut here---------------end--------------->8--- > > I do not have tried to effectively build this gcc-hardened. :-) > > Hope that helps. > > Cheers, > simon >