From 1dcb0bc60810ba89e169a6e35809c4c38f65d0b4 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Wed, 17 Jul 2024 23:25:29 +0100
Subject: [PATCH] lix: disable "shadowstack" hardening flag

---
 pkgs/tools/package-management/lix/common.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/package-management/lix/common.nix b/pkgs/tools/package-management/lix/common.nix
index b01b381d14911fb..203ff91ba449f36 100644
--- a/pkgs/tools/package-management/lix/common.nix
+++ b/pkgs/tools/package-management/lix/common.nix
@@ -245,8 +245,11 @@ stdenv.mkDerivation {
     meson test --no-rebuild "''${flagsArray[@]}"
     runHook postInstallCheck
   '';
-  # strictoverflow is disabled because we trap on signed overflow instead
-  hardeningDisable = [ "strictoverflow" ] ++ lib.optional stdenv.hostPlatform.isStatic "pie";
+  hardeningDisable = [
+    "shadowstack"
+    # strictoverflow is disabled because we trap on signed overflow instead
+    "strictoverflow"
+  ] ++ lib.optional stdenv.hostPlatform.isStatic "pie";
   # hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
   # hardeningDisable = lib.optional stdenv.hostPlatform.isMusl "fortify";
   separateDebugInfo = stdenv.isLinux && !enableStatic;