On Thu, Feb 19, 2015 at 09:37:16AM +0000, Richard W.M. Jones wrote:
> The thing is, I'm not adding -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
> explicitly in the real program. It's being added to everything by
> something in RPM. I'm not exactly sure what, maybe %{configure}?
>
> So I don't know how to control this behaviour in a real autotools-using
> program.
I admit I haven't looked at rawhide redhat-rpm-config, perhaps somebody
broke something, but usually there is:
%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
# we don't escape symbols '~', '"', etc. so be careful when changing this
%_hardening_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
#_hardened_build 0
%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
%__global_cflags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches %{_hardened_cflags}
%__global_ldflags -Wl,-z,relro %{_hardened_ldflags}
and thus e.g. %{configure} should add the *-hardened-cc1 to
CFLAGS/CXXFLAGS/FFLAGS etc. and *-hardened-ld to LDFLAGS.
Jakub
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
