From 20957f9e9442f5e116517f22ebfce5a6ae4fd398 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Mon, 12 Jun 2023 15:19:22 +0800
Subject: [PATCH 01/10] Set PIC for C as well.

---
 compiler/ghc/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/compiler/ghc/default.nix b/compiler/ghc/default.nix
index 07d84dca57..4cfd2e7218 100644
--- a/compiler/ghc/default.nix
+++ b/compiler/ghc/default.nix
@@ -462,7 +462,7 @@ stdenv.mkDerivation (rec {
   checkTarget = "test";
 
   hardeningDisable = [ "format" ]
-                   ++ lib.optional stdenv.targetPlatform.isAarch32 "pic"
+                   ++ lib.optional (stdenv.targetPlatform.isAarch32 || enableRelocatedStaticLibs) "pic"
                    ++ lib.optional stdenv.targetPlatform.isMusl "pie";
 
   postInstall = lib.optionalString (enableNUMA && targetPlatform.isLinux) ''

From 336092ab0ebf1e09c3cfe8124726e9503887d5e8 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 13 Jun 2023 12:53:53 +1200
Subject: [PATCH 02/10] ifdLevel 0

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index e010963861..81fee7ff9f 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 3
+{ ifdLevel ? 0
 # Whether or not we are evaluating in restricted mode. This is true in Hydra, but not in Hercules.
 , restrictEval ? false
 , checkMaterialization ? false

From baff18e9ed1bae2f49bdced23115e54a4a15abe2 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 13 Jun 2023 20:49:40 +1200
Subject: [PATCH 03/10] ifdLevel 1

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 81fee7ff9f..19b34951a4 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 0
+{ ifdLevel ? 1
 # Whether or not we are evaluating in restricted mode. This is true in Hydra, but not in Hercules.
 , restrictEval ? false
 , checkMaterialization ? false

From e45cc16679a481a0e9773cc629fe2f3044cebbf9 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 13 Jun 2023 23:29:18 +1200
Subject: [PATCH 04/10] ifdLevel 2

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 19b34951a4..acbcc0bd43 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 1
+{ ifdLevel ? 2
 # Whether or not we are evaluating in restricted mode. This is true in Hydra, but not in Hercules.
 , restrictEval ? false
 , checkMaterialization ? false

From d30a2e3506ba6e4ccd18a10acd593f9d4bd6b1e5 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 13 Jun 2023 23:54:14 +1200
Subject: [PATCH 05/10] ifdLevel 3

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index acbcc0bd43..e010963861 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 2
+{ ifdLevel ? 3
 # Whether or not we are evaluating in restricted mode. This is true in Hydra, but not in Hercules.
 , restrictEval ? false
 , checkMaterialization ? false

From de2cdbdcd3b90e583b8f1a0142b79964c0684357 Mon Sep 17 00:00:00 2001
From: Moritz Angermann <moritz.angermann@gmail.com>
Date: Thu, 4 Apr 2024 09:56:34 +0800
Subject: [PATCH 06/10] Update default.nix

---
 compiler/ghc/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/compiler/ghc/default.nix b/compiler/ghc/default.nix
index 289c0dade0..7c2667467f 100644
--- a/compiler/ghc/default.nix
+++ b/compiler/ghc/default.nix
@@ -495,6 +495,7 @@ stdenv.mkDerivation (rec {
 
   hardeningDisable = [ "format" ]
                    ++ lib.optional (stdenv.targetPlatform.isAarch32 || enableRelocatedStaticLibs) "pic"
+                   ++ lib.optional stdenv.targetPlatform.isMusl "pie"
                    ++ lib.optional enableDWARF "fortify";
 
   postInstall = lib.optionalString (enableNUMA && targetPlatform.isLinux) ''

From 0b922b1e56860ad47c930323fbb7c89fe16a88e8 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 9 Apr 2024 09:34:27 +1200
Subject: [PATCH 07/10] ifdLevel 0

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 267ed37ca8..75286cd955 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 3
+{ ifdLevel ? 0
 , checkMaterialization ? false
 , system ? builtins.currentSystem
 , evalSystem ? builtins.currentSystem or "x86_64-linux"

From 490332338d7ef819ae14b49ffcc32fe3b4c37f3c Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 9 Apr 2024 09:46:48 +1200
Subject: [PATCH 08/10] ifdLevel 1

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 75286cd955..6718eb01d2 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 0
+{ ifdLevel ? 1
 , checkMaterialization ? false
 , system ? builtins.currentSystem
 , evalSystem ? builtins.currentSystem or "x86_64-linux"

From 599dfddc948cf9d64a185bd2176768633f9a4b44 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 9 Apr 2024 09:48:01 +1200
Subject: [PATCH 09/10] ifdLevel 2

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 6718eb01d2..3894974a01 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 1
+{ ifdLevel ? 2
 , checkMaterialization ? false
 , system ? builtins.currentSystem
 , evalSystem ? builtins.currentSystem or "x86_64-linux"

From def1254ac7d97c923cfa628cf9860f3036846263 Mon Sep 17 00:00:00 2001
From: Hamish Mackenzie <Hamish.K.Mackenzie@gmail.com>
Date: Tue, 9 Apr 2024 14:44:01 +1200
Subject: [PATCH 10/10] ifdLevel 3

---
 ci.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ci.nix b/ci.nix
index 3894974a01..267ed37ca8 100644
--- a/ci.nix
+++ b/ci.nix
@@ -1,6 +1,6 @@
 # 'supportedSystems' restricts the set of systems that we will evaluate for. Useful when you're evaluating
 # on a machine with e.g. no way to build the Darwin IFDs you need!
-{ ifdLevel ? 2
+{ ifdLevel ? 3
 , checkMaterialization ? false
 , system ? builtins.currentSystem
 , evalSystem ? builtins.currentSystem or "x86_64-linux"