https://bugzilla.redhat.com/show_bug.cgi?id=977446 --- Comment #14 from Richard W.M. Jones <rjones@xxxxxxxxxx> --- (In reply to Björn Esser from comment #13) > (In reply to Richard W.M. Jones from comment #11) > > I have no idea -- they're just built using standard automake > > libtool rules, eg: > > > > https://github.com/libguestfs/nbdkit/blob/master/plugins/example1/Makefile. > > am#L37 > > > > We don't remove any options from CFLAGS. > > but autocrap's libtool does when assembling single objects to lib.so > > adding this BEFORE %configure in spec-file should fix one issue: > > # force Immediate binding for hardenend build with autocrap libtool > export LDFLAGS="$LDFLAGS -Wl,-z,now" It's still not quite right. With this change, I get: $ hardening-check /usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so /usr/lib64/nbdkit/plugins/nbdkit-example1-plugin.so: Position Independent Executable: no, regular shared library (ignored) Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes It looks like fortify source CFLAGS are being dropped somewhere. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JqlyUyfb9Y&a=cc_unsubscribe _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review