From 118518ec3cbfb75db8e494c5fa053ce448195a55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
 <congdanhqx@gmail.com>
Date: Fri, 2 Sep 2022 08:58:19 +0700
Subject: [PATCH] nix: hardening the build

nix build system drops all of our hardening CFLAGS and CXXFLAGS
---
 srcpkgs/nix/patches/respect-our-flags.patch | 25 +++++++++++++++++++++
 srcpkgs/nix/template                        |  2 +-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 srcpkgs/nix/patches/respect-our-flags.patch

diff --git a/srcpkgs/nix/patches/respect-our-flags.patch b/srcpkgs/nix/patches/respect-our-flags.patch
new file mode 100644
index 00000000000..5d4e0c907d5
--- /dev/null
+++ b/srcpkgs/nix/patches/respect-our-flags.patch
@@ -0,0 +1,25 @@
+--- a/Makefile
++++ b/Makefile
+@@ -28,10 +28,8 @@ makefiles = \
+ OPTIMIZE = 1
+ 
+ ifeq ($(OPTIMIZE), 1)
+-  GLOBAL_CXXFLAGS += -O3 $(CXXLTO)
++  GLOBAL_CXXFLAGS += $(CXXLTO)
+   GLOBAL_LDFLAGS += $(CXXLTO)
+-else
+-  GLOBAL_CXXFLAGS += -O0 -U_FORTIFY_SOURCE
+ endif
+ 
+ include mk/lib.mk
+--- a/configure.ac
++++ b/configure.ac
+@@ -41,8 +41,6 @@ AC_DEFINE_UNQUOTED(SYSTEM, ["$system"],
+ test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var
+ 
+ 
+-CFLAGS=
+-CXXFLAGS=
+ AC_PROG_CC
+ AC_PROG_CXX
+ AC_PROG_CPP
diff --git a/srcpkgs/nix/template b/srcpkgs/nix/template
index e21c94aa275..42f983935ba 100644
--- a/srcpkgs/nix/template
+++ b/srcpkgs/nix/template
@@ -1,7 +1,7 @@
 # Template file for 'nix'
 pkgname=nix
 version=2.10.3
-revision=2
+revision=3
 build_style=gnu-configure
 # Use /nix/var as suggested by the official Manual.
 configure_args="--localstatedir=/nix/var