На 17.09.2015 в 08:33, Ben Boeckel написа:
On Wed, 16 Sep, 2015 at 16:24:02 GMT, Alexander Todorov wrote:
Please let me know which packages need to genuinely be excluded and what should
we do with these packages ? Some will probably be fixed once they are rebuilt
but that may take a while.
Any package maintainers out there - please fix your packages in Rawhide so we
don't have to file bugs for all of them.
I see lots (probably all) of ghc-* packages, so filing one against
ghc-rpm-macros or ghc itself would probably be the most expedient there.
If it is just a missed flag or something, it can be rolled up with the
7.10.0 rebuild which I believe is planned for Rawhide.
FYI:
https://bugzilla.redhat.com/show_bug.cgi?id=1263957
Of course, if ghc doesn't support everything checksec looks for,
ignoring everything under %{_libdir}/ghc-*/ would be best. Jens?
For any CMake-using projects (I see at least CMake itself and ParaView
in the list), setting the `POSITION_INDEPENDENT_CODE` property[1] on
targets would fix any missing -fPIE. It is initialized with
`CMAKE_POSITION_INDEPENDENT_CODE`, so adding:
-DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON
to %cmake when hardening is enabled should fix -fPIE missing. Anything
with internal static libraries *might* need a scalpel to turn off the
property on those targets.
--Ben
[1]http://www.cmake.org/cmake/help/v3.3/prop_tgt/POSITION_INDEPENDENT_CODE.html
Ben,
is there any way this CMake property be turned on globally ?
--
Alex
--
packaging mailing list
packaging@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/packaging
