From 939f5cf7afd168dd5d53680e2805ab075e3b9b5c Mon Sep 17 00:00:00 2001
From: wovw <anthonypasala12@gmail.com>
Date: Sun, 18 Jan 2026 00:17:01 -0800
Subject: [PATCH] fix(nix): disable fortify hardening for debug builds (#26199)

### What does this PR do?

NixOS enables security hardening flags by default in `mkShell` /
`devShells` e.g. `_FORTIFY_SOURCE=2`. This flag adds runtime buffer
overflow checks but requires compiler optimization (`-O1` or higher) to
work, since it needs to inline functions to insert checks.
Debug builds use `-O0` (no optimization), which causes this compilation
error:
`error: _FORTIFY_SOURCE requires compiling with optimization (-O)
[-Werror,-W#warnings]`

This patch is a standard Nix way to disable this specific flag while
keeping other hardening features intact. It doesn't affect release
builds since it's scoped to `devShells`.

### How did you verify your code works?

`bun bd test` successfully runs test cases.
---
 flake.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/flake.nix b/flake.nix
index 3fb9401268..f507a61c6d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -131,6 +131,7 @@
           stdenv = pkgs.clangStdenv;
         }) {
           inherit packages;
+          hardeningDisable = [ "fortify" ];
 
           shellHook = ''
             # Set up build environment