From 37e5b72ea8cdbbc18928011dbf0c7b7fcbbddb00 Mon Sep 17 00:00:00 2001
From: Andrzej Ressel <github@andrzejressel.pl>
Date: Sat, 31 Aug 2024 00:30:20 +0200
Subject: [PATCH 1/2] Add support for Go delve workaround

---
 src/modules/languages/go.nix |  8 ++++++++
 src/modules/top-level.nix    | 14 ++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/modules/languages/go.nix b/src/modules/languages/go.nix
index d7855952d..6fd2e6ec2 100644
--- a/src/modules/languages/go.nix
+++ b/src/modules/languages/go.nix
@@ -21,6 +21,12 @@ in
       defaultText = lib.literalExpression "pkgs.go";
       description = "The Go package to use.";
     };
+
+    enableHardeningWorkaround = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable hardening workaround required for Delve debugger (https://github.com/go-delve/delve/issues/3085)";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -39,6 +45,8 @@ in
       (buildWithSpecificGo pkgs.gotests)
     ];
 
+    hardeningDisable = (lib.optional (cfg.enableHardeningWorkaround) "fortify");
+
     env.GOROOT = cfg.package + "/share/go/";
     env.GOPATH = config.env.DEVENV_STATE + "/go";
 
diff --git a/src/modules/top-level.nix b/src/modules/top-level.nix
index edf4b361c..5674e8506 100644
--- a/src/modules/top-level.nix
+++ b/src/modules/top-level.nix
@@ -136,6 +136,17 @@ in
       '';
     };
 
+    hardeningDisable = lib.mkOption {
+      type = types.listOf types.str;
+      internal = true;
+      default = [];
+      example = ["fortify"];
+      description = ''
+        This options allows modules to disable selected hardening modules.
+        Currently used only for Go
+      '';
+    };
+
     warnings = lib.mkOption {
       type = types.listOf types.str;
       internal = true;
@@ -250,6 +261,8 @@ in
       pkgs.pkg-config
     ];
 
+    hardeningDisable = [];
+
     enterShell = ''
       export PS1="\[\e[0;34m\](devenv)\[\e[0m\] ''${PS1-}"
 
@@ -284,6 +297,7 @@ in
 
     shell = performAssertions (
       (pkgs.mkShell.override { stdenv = config.stdenv; }) ({
+        hardeningDisable = config.hardeningDisable;
         name = "devenv-shell";
         packages = config.packages;
         shellHook = ''

From bf8472d2d3d52f0b5cd0fa490fc1a7f6a7aa406d Mon Sep 17 00:00:00 2001
From: Andrzej Ressel <github@andrzejressel.pl>
Date: Sun, 1 Sep 2024 19:46:53 +0200
Subject: [PATCH 2/2] Pull request comment fixes

---
 src/modules/top-level.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/modules/top-level.nix b/src/modules/top-level.nix
index 5674e8506..063d1aa8d 100644
--- a/src/modules/top-level.nix
+++ b/src/modules/top-level.nix
@@ -139,8 +139,8 @@ in
     hardeningDisable = lib.mkOption {
       type = types.listOf types.str;
       internal = true;
-      default = [];
-      example = ["fortify"];
+      default = [ ];
+      example = [ "fortify" ];
       description = ''
         This options allows modules to disable selected hardening modules.
         Currently used only for Go
@@ -261,8 +261,6 @@ in
       pkgs.pkg-config
     ];
 
-    hardeningDisable = [];
-
     enterShell = ''
       export PS1="\[\e[0;34m\](devenv)\[\e[0m\] ''${PS1-}"