https://bugzilla.redhat.com/show_bug.cgi?id=1371158 --- Comment #7 from Ingvar Hagelund <ingvar@xxxxxxxxx> --- (In reply to Petr Pisar from comment #6) Thanks again, Petr. Updated srpm and spec here: https://ingvar.fedorapeople.org/ebtree/ebtree.spec https://ingvar.fedorapeople.org/ebtree/ebtree-6.0.8-4.fc25.src.rpm > %build > +# Some hardening on epel5,6 > +%if 0%{?rhel} == 5 || 0%{?rhel} == 6 > +export CFLAGS="%{optflags} -fPIE" > +export LDFLAGS="-Wl,-z,relro -z,now" > +%endif > > TODO: Here you still ignores %{__global_ldflags} for EPEL 5 and 6. The same > applies to %check section. The macro is maybe empty there but still for the > sake of consistency and those who redefines it locally it should be > respected. I don't know how often anybody uses %{__global_ldflags} on epel5,6, but OK: # Some hardening on epel5,6 %if 0%{?rhel} == 5 || 0%{?rhel} == 6 export CFLAGS="%{optflags} -fPIE" export LDFLAGS="%{__global_ldflags} -fPIC -DPIC -Wl,-z,relro -z,now" %endif > TODO: I recommend to add -fPIC -DPIC compiler options when building the > shared library object files. They are required for building a shared > library. The build passes only because > /usr/lib/rpm/redhat/redhat-hardened-cc1 hardening configuration supplies > -fPIE. Is it enough to just add them to LDFLAGS, like above? > TODO: I recommend to build the tests in %build section. Why? Isn't this exactly what %check is for? > FIX: Build-require util-linux because of uuidgen in tests.sh. OK. > > TODO: The library SONAME should be two-digit because this not an upstream > > versioning. It also does not make sense to start with "6". You could start > > with "0.1". > (...) > TODO: This is not a 2-digit SONAME. SONAME is what you pass to -soname > linker option. Like this? +SOREL = 0 +SOMIN = 1 (...) +libebtree.so: $(OBJS) + $(CC) $(LDFLAGS) -shared -Wl,-soname,libebtree.so.$(SOREL).$(SOMIN) -o libebtree.so.$(SOREL).$(SOMIN) $(OBJS) + ln -sf libebtree.so.$(SOREL).$(SOMIN) libebtree.so.$(SOREL) + ln -sf libebtree.so.$(SOREL) libebtree.so + > TODO: You are missing dependency on /sbin/ldconfig for the scripts. Please > use the "%post -p /sbin/ldconfig" notation the fixes it. > (...) > TODO: Use the %post -p /sbin/ldoconfig. Your code requires another shell > execution. Fixed > Please consider fixing the `TODO' items before building this package. > Resolution: Package APPROVED. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx