Fix HOST_LDFLAGS to include the hardening flags.
rpmdiff noticed the following:
Detecting usr/sbin/grub2-ofpathname with not-hardened warnings '
Hardened: grub2-ofpathname: FAIL: Gaps were detected in the annobin coverage. Run with -v to list.
Hardened: grub2-ofpathname: FAIL: Not linked with -Wl,-z,now.
Hardened: grub2-ofpathname: MAYB: The PIC/PIE setting was not recorded.
Hardened: grub2-ofpathname: FAIL: Not linked as a position independent executable (ie need to add '-pie' to link command line).
' on ppc64le
This is because while we made the CFLAGS get some new options, LDFLAGS never
got the same treatement, and we disabled %{_hardened_build} to avoid getting
its options in the TARGET_{C,LD}FLAGS variables.
This patch duplicates the infrastructure for {HOST,TARGET}_CFLAGS into
{HOST,TARGET}_LDFLAGS, and adds the %{_hardening_ldflags} and
%{_hardening_cflags} to both HOST_{C,LD}FLAGS.
Additionally, it fixes the CPPFLAGS definitions, since rpm doesn't define any
CPPFLAGS at all, and makes the -I$(pwd) be there exclusively, not on CFLAGS as
well, since they're always used in concert.
Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones
parent
22467ee641
commit
7388f24e3e
60
grub.macros
60
grub.macros
|
|
@ -29,25 +29,43 @@
|
|||
-e 's/^/ -fno-strict-aliasing /' \\\
|
||||
%{nil}
|
||||
|
||||
%global host_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
|
||||
%global target_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
|
||||
%global host_cflags %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})}
|
||||
%global legacy_host_cflags \\\
|
||||
%{expand:%%(echo %{host_cflags} | \\\
|
||||
%{cflags_sed} \\\
|
||||
-e 's/-m64//g' \\\
|
||||
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
||||
)}
|
||||
%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
|
||||
|
||||
%global target_cflags %{expand:%%(echo %{build_cflags} | %{cflags_sed})}
|
||||
%global legacy_target_cflags \\\
|
||||
%{expand:%%(echo %{target_cflags} | \\\
|
||||
%{cflags_sed} \\\
|
||||
-e 's/-m64//g' \\\
|
||||
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
||||
)}
|
||||
%global legacy_host_cflags \\\
|
||||
%{expand:%%(echo %{host_cflags} | \\\
|
||||
%{cflags_sed} \\\
|
||||
-e 's/-m64//g' \\\
|
||||
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
||||
)}
|
||||
|
||||
%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
|
||||
%global efi_target_cflags %{expand:%%(echo %{target_cflags})}
|
||||
|
||||
%global ldflags_sed \\\
|
||||
sed \\\
|
||||
-e 's/^$//' \\\
|
||||
%{nil}
|
||||
|
||||
%global host_ldflags %{expand:%%(echo %{build_ldflags} %{?_hardening_ldflags} | %{ldflags_sed})}
|
||||
%global legacy_host_ldflags \\\
|
||||
%{expand:%%(echo %{host_ldflags} | \\\
|
||||
%{ldflags_sed} \\\
|
||||
)}
|
||||
%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})}
|
||||
|
||||
%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})}
|
||||
%global legacy_target_ldflags \\\
|
||||
%{expand:%%(echo %{target_ldflags} | \\\
|
||||
%{ldflags_sed} \\\
|
||||
)}
|
||||
%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})}
|
||||
|
||||
%global with_efi_arch 0
|
||||
%global with_alt_efi_arch 0
|
||||
%global with_legacy_arch 0
|
||||
|
|
@ -319,11 +337,12 @@ PYTHON=python3 ./autogen.sh \
|
|||
%define do_efi_configure() \
|
||||
%configure \\\
|
||||
%{cc_equals} \\\
|
||||
HOST_CFLAGS="%{3} -I$(pwd)" \\\
|
||||
HOST_CPPFLAGS="${CPPFLAGS} -I$(pwd)" \\\
|
||||
TARGET_CFLAGS="%{2} -I$(pwd)" \\\
|
||||
TARGET_CPPFLAGS="${CPPFLAGS} -I$(pwd)" \\\
|
||||
TARGET_LDFLAGS=-static \\\
|
||||
HOST_CFLAGS="%{3}" \\\
|
||||
HOST_CPPFLAGS="-I$(pwd)" \\\
|
||||
HOST_LDFLAGS="%{efi_host_ldflags}" \\\
|
||||
TARGET_CFLAGS="%{2}" \\\
|
||||
TARGET_CPPFLAGS="-I$(pwd)" \\\
|
||||
TARGET_LDFLAGS="%{efi_target_ldflags}" \\\
|
||||
--with-platform=efi \\\
|
||||
--with-utils=host \\\
|
||||
--target=%{1} \\\
|
||||
|
|
@ -405,9 +424,12 @@ cd .. \
|
|||
cd grub-%{1}-%{tarversion} \
|
||||
%configure \\\
|
||||
%{cc_equals} \\\
|
||||
HOST_CFLAGS="%{legacy_host_cflags} -I$(pwd)" \\\
|
||||
TARGET_CFLAGS="%{legacy_target_cflags} -I$(pwd)" \\\
|
||||
TARGET_LDFLAGS=-static \\\
|
||||
HOST_CFLAGS="%{legacy_host_cflags}" \\\
|
||||
HOST_CPPFLAGS="-I$(pwd)" \\\
|
||||
HOST_LDFLAGS="%{legacy_host_ldflags}" \\\
|
||||
TARGET_CFLAGS="%{legacy_target_cflags}" \\\
|
||||
TARGET_CPPFLAGS="-I$(pwd)" \\\
|
||||
TARGET_LDFLAGS="%{legacy_target_ldflags}" \\\
|
||||
--with-platform=%{platform} \\\
|
||||
--with-utils=host \\\
|
||||
--target=%{_target_platform} \\\
|
||||
|
|
@ -415,7 +437,7 @@ cd grub-%{1}-%{tarversion} \
|
|||
--program-transform-name=s,grub,%{name}, \\\
|
||||
--disable-werror || ( cat config.log ; exit 1 ) \
|
||||
git add . \
|
||||
git commit -m "After legacy configure" \
|
||||
git commit -m "After legacy configure" \
|
||||
make %{?_smp_mflags} \
|
||||
cd .. \
|
||||
%{nil}
|
||||
|
|
|
|||
Loading…
Reference in New Issue