On Wed, Mar 18, 2015 at 6:54 AM, Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> wrote: > On Mon, 2015-03-16 at 10:57 +0100, Nikos Mavrogiannopoulos wrote: > >> > Am 16.03.2015 um 09:47 schrieb Nikos Mavrogiannopoulos: >> > > What was the rationale of adding -z now to the hardening flags? Looking >> > > its description doesn't reveal any "hardening" features, and the gnutls >> > > guile module failure to build seems to be directly related to that flag: >> > > https://bugzilla.redhat.com/show_bug.cgi?id=1196556 >> > >> > FULL RELRO >> > http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html >> If that's all we got I suggest to remove this flag or (better) provide a >> way for applications that use modules to compile themselves, without >> removing the whole set of hardening flags. > > Any advise from the change owners? How should applications that use > modules with undefined systems should handle that? Should they add % > undefine _hardened_build by default? > I was doing some research last night but not tested it yet: "nonow" 1) add -nonow to the CFLAGS 2) or add -z nonow to the LDFLAGS doing the koji builds now to test and see if it works. Also need to test if there is a -lazy option. -Moez -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
