| 11 Oct 2025 |
 ris_ | ahhhhhhhhh | 10:45:10 |
| ris_ | i see | 10:45:14 |
| ris_ | if stdenv.cc's defaultHardeningFlags is undefined | 10:45:53 |
| ris_ | it falls back to "all known hardening flags" | 10:46:07 |
 Yureka (she/her) | And defaultHardeningFlags is set for some platforms but not for wasi? | 10:46:48 |
| ris_ | apparently | 10:47:03 |
 K900 | There is no way in hell that actually works, right | 10:47:15 |
| ris_ | the intention was to have it present for all compilers | 10:47:18 |
| K900 | Can we just make that a throw instead | 10:47:24 |
| K900 | I really doubt there's actually a world where "enable every single hardening flag we know about" is a sane default | 10:47:51 |
| K900 | As much as I maybe would like it to be | 10:47:55 |
| ris_ | mmmmmmmmmmmmmaybe? | 10:47:55 |
| Yureka (she/her) | I see the actual list of defaultHardeningFlags is a function arg default in pkgs/build-support/bintools-wrapper/default.nix | 10:48:54 |
| ris_ | i'm open to making it throw, just don't know what else it might break | 10:48:58 |
| Yureka (she/her) | whatever breaks was subtly broken all along | 10:49:16 |
| ris_ | mmmmmmmmmmmmmmmaybe | 10:49:31 |
| K900 | I'd expect the actual nixpkgs side breakage to be fairly contained | 10:49:54 |
| K900 | Maybe just PR it and see what the eval compare says? | 10:50:02 |
| Yureka (she/her) | we just have to figure out why the hell pkgsCross.wasi did not have defaultHardeningFlags | 10:50:14 |
| ris_ | this kinda brings me back to "i'm amazed wrapped compilers work for wasm at all" | 10:51:40 |
| ris_ | falling back to "all hardening flags", i think, was due to me trying to be minimally intrusive when making an already-major PR and not wanting to default to "no hardening" and be the reason someone didn't realize all their hardening flags have been off for years | 10:58:34 |
| ris_ | now that it's separate from the big PR that introduced it, the change to making it hard-fail, on its own, may not be too disruptive | 10:59:30 |
| Yureka (she/her) | fwiw, some more build failures: https://spectrum-os.org/lists/archives/spectrum-devel/82249ddc-ae1a-4e3a-a6ae-bb4717243fca@yuka.dev/ | 10:59:42 |
| ris_ | i think the expectation would be that the compiler would have hardeningUnsupportedFlags properly defined so this would not be an issue | 11:03:56 |
| K900 | Then maybe we should throw if we have neither? | 11:04:30 |
| ris_ | * i think the expectation was that the compiler would have hardeningUnsupportedFlags properly defined so this would not be an issue | 11:04:48 |
| ris_ | these all sound like sensible suggestions | 11:05:12 |
| Yureka (she/her) | I still don't think all supported hardening flags should be enabled by accident | 11:05:26 |
| Yureka (she/her) | given hardening flags also have performance penalties | 11:05:37 |
| Yureka (she/her) | that's what pkgsExtraHardening is for | 11:05:48 |
