Disabling the security hardening options for a `nix-shell` environment

In an attempt to build GCC (6.3) on NixOS (16.09), within a nix-shell, I get this: make: Entering directory '/coreboot/util/crossgcc/build-i386-elf-GCC/build-x86_64-pc-linux-gnu/libcpp' test -f config.h || (rm -f stamp-h1 && make stamp-h1) g++ -I../../../gcc-6.3.0/libcpp -I. -I../../../gcc-6.3.0/libcpp/../include -I../../../gcc-6.3.0/libcpp/include -O2 -fomit-frame-pointer -m64 -W -Wall -Wno-narrowing -Wwrite-strings -Wmissing-format-attribute -pedantic -Wno-long-long -fno-exceptions -fno-rtti -I../../../gcc-6.3.0/libcpp -I. -I../../../gcc-6.3.0/libcpp/../include -I../../../gcc-6.3.0/libcpp/include -c -o expr.o -MT expr.o -MMD -MP -MF .deps/expr.Tpo ../../../gcc-6.3.0/libcpp/expr.c ../../../gcc-6.3.0/libcpp/expr.c: In function 'unsigned int cpp_classify_number(cpp_reader*, const cpp_token*, const char**, source_location)': ../../../gcc-6.3.0/libcpp/expr.c:686:18: error: format not a string literal and no format arguments [-Werror=format-security] 0, message); ^ ../../../gcc-6.3.0/libcpp/expr.c:689:39: error: format not a string literal and no format arguments [-Werror=format-security] virtual_location, 0, message); ^ cc1plus: some warnings being treated as errors make: *** [Makefile:224: expr.o] Error 1 make: Leaving directory '/coreboot/util/crossgcc/build-i386-elf-GCC/build-x86_64-pc-linux-gnu/libcpp' make: *** [Makefile:2730: all-build-libcpp] Error 2 sh ../gcc-6.3.0/mkinstalldirs /coreboot/util/crossgcc/xgcc /coreboot/util/crossgcc/xgcc sh: line 3: cd: i386-elf/libgcc: No such file or directory make: *** [Makefile:10462: install-target-libgcc] Error 1 Where -Werror=format-security seems to be the reason for the failure (although I don't see this exact option in the command). Yet in /pkgs/development/compilers/gcc/6/default.nix I find this: hardeningDisable = [ "format" ]; And guess that the failure may be due to the security hardening measures of NixOS, some of which *have* to be disabled to get GCC compiled (let's assume GCC dev's know what they're doing in those functions). Tested it with GCC 6.2 and 5.4 -- same thing. So the question is how do I disable the hardening options (in particular format) for a nix-shell environment? Or where else those "warnings being treated as errors" come from? Description(s) of the option(s): - https://nixos.org/nixpkgs/manual/#sec-hardening-in-nixpkgs - https://blog.mayflower.de/5800-Hardening-Compiler-Flags-for-NixOS.html ----- According to this answer - https://stackoverflow.com/questions/38679630/nixos-setting-options-for-nix-shell nix-shell has nothing to do with the Nix expressions... but when I call make with the NIX_DEBUG flag, env NIX_DEBUG=' ' make crossgcc-i386 I get the output from /pkgs/build-support/cc-wrapper/add-hardening.sh, e.g. HARDENING: enabling format; from what I infer that those "format security" options are actually applied when I call make in the nix-shell. ----- Perhaps I simply need to bump something via nixos-option, but which exactly option? I can't just grep it... (there's no analogue of dconf dump / or gsettings list-recursively)