| 10 Oct 2025 |
 Lun | attr pkgsCross.wasi32.stdenv.cc to test, cc ris_ | 20:00:29 |
| 11 Oct 2025 |
 Yureka (she/her) | adding libcxxhardeningfast to unsupported_hardening_flags on isWasm might work | 09:26:31 |
| Yureka (she/her) | or should it be isWasi | 09:26:52 |
| Yureka (she/her) | * | 09:26:53 |
 ris_ | holup, why is it enabled at all? | 10:41:20 |
| ris_ | the intention was to only enable it for pkgsExtraHardening | 10:41:44 |
| Yureka (she/her) | the PR does not mention pkgsExtraHardening? | 10:43:36 |
| ris_ | right, but it's not added to the set of default hardening flags | 10:44:25 |
| ris_ | ahhhhhhhhh | 10:45:10 |
| ris_ | i see | 10:45:14 |
| ris_ | if stdenv.cc's defaultHardeningFlags is undefined | 10:45:53 |
| ris_ | it falls back to "all known hardening flags" | 10:46:07 |
| Yureka (she/her) | And defaultHardeningFlags is set for some platforms but not for wasi? | 10:46:48 |
| ris_ | apparently | 10:47:03 |
 K900 | There is no way in hell that actually works, right | 10:47:15 |
| ris_ | the intention was to have it present for all compilers | 10:47:18 |
| K900 | Can we just make that a throw instead | 10:47:24 |
| K900 | I really doubt there's actually a world where "enable every single hardening flag we know about" is a sane default | 10:47:51 |
| K900 | As much as I maybe would like it to be | 10:47:55 |
| ris_ | mmmmmmmmmmmmmaybe? | 10:47:55 |
| Yureka (she/her) | I see the actual list of defaultHardeningFlags is a function arg default in pkgs/build-support/bintools-wrapper/default.nix | 10:48:54 |
| ris_ | i'm open to making it throw, just don't know what else it might break | 10:48:58 |
| Yureka (she/her) | whatever breaks was subtly broken all along | 10:49:16 |
| ris_ | mmmmmmmmmmmmmmmaybe | 10:49:31 |
| K900 | I'd expect the actual nixpkgs side breakage to be fairly contained | 10:49:54 |
| K900 | Maybe just PR it and see what the eval compare says? | 10:50:02 |
| Yureka (she/her) | we just have to figure out why the hell pkgsCross.wasi did not have defaultHardeningFlags | 10:50:14 |
| ris_ | this kinda brings me back to "i'm amazed wrapped compilers work for wasm at all" | 10:51:40 |
| ris_ | falling back to "all hardening flags", i think, was due to me trying to be minimally intrusive when making an already-major PR and not wanting to default to "no hardening" and be the reason someone didn't realize all their hardening flags have been off for years | 10:58:34 |
| ris_ | now that it's separate from the big PR that introduced it, the change to making it hard-fail, on its own, may not be too disruptive | 10:59:30 |
