Fix HOST_LDFLAGS to include the hardening flags.
rpmdiff noticed the following: Detecting usr/sbin/grub2-ofpathname with not-hardened warnings ' Hardened: grub2-ofpathname: FAIL: Gaps were detected in the annobin coverage. Run with -v to list. Hardened: grub2-ofpathname: FAIL: Not linked with -Wl,-z,now. Hardened: grub2-ofpathname: MAYB: The PIC/PIE setting was not recorded. Hardened: grub2-ofpathname: FAIL: Not linked as a position independent executable (ie need to add '-pie' to link command line). ' on ppc64le This is because while we made the CFLAGS get some new options, LDFLAGS never got the same treatement, and we disabled %{_hardened_build} to avoid getting its options in the TARGET_{C,LD}FLAGS variables. This patch duplicates the infrastructure for {HOST,TARGET}_CFLAGS into {HOST,TARGET}_LDFLAGS, and adds the %{_hardening_ldflags} and %{_hardening_cflags} to both HOST_{C,LD}FLAGS. Additionally, it fixes the CPPFLAGS definitions, since rpm doesn't define any CPPFLAGS at all, and makes the -I$(pwd) be there exclusively, not on CFLAGS as well, since they're always used in concert. Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
parent
22467ee641
commit
7388f24e3e
58
grub.macros
58
grub.macros
@ -29,25 +29,43 @@
|
|||||||
-e 's/^/ -fno-strict-aliasing /' \\\
|
-e 's/^/ -fno-strict-aliasing /' \\\
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%global host_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
|
%global host_cflags %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})}
|
||||||
%global target_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
|
|
||||||
|
|
||||||
%global legacy_target_cflags \\\
|
|
||||||
%{expand:%%(echo %{target_cflags} | \\\
|
|
||||||
%{cflags_sed} \\\
|
|
||||||
-e 's/-m64//g' \\\
|
|
||||||
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
|
||||||
)}
|
|
||||||
%global legacy_host_cflags \\\
|
%global legacy_host_cflags \\\
|
||||||
%{expand:%%(echo %{host_cflags} | \\\
|
%{expand:%%(echo %{host_cflags} | \\\
|
||||||
%{cflags_sed} \\\
|
%{cflags_sed} \\\
|
||||||
-e 's/-m64//g' \\\
|
-e 's/-m64//g' \\\
|
||||||
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
||||||
)}
|
)}
|
||||||
|
|
||||||
%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
|
%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
|
||||||
|
|
||||||
|
%global target_cflags %{expand:%%(echo %{build_cflags} | %{cflags_sed})}
|
||||||
|
%global legacy_target_cflags \\\
|
||||||
|
%{expand:%%(echo %{target_cflags} | \\\
|
||||||
|
%{cflags_sed} \\\
|
||||||
|
-e 's/-m64//g' \\\
|
||||||
|
-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g' \\\
|
||||||
|
)}
|
||||||
%global efi_target_cflags %{expand:%%(echo %{target_cflags})}
|
%global efi_target_cflags %{expand:%%(echo %{target_cflags})}
|
||||||
|
|
||||||
|
%global ldflags_sed \\\
|
||||||
|
sed \\\
|
||||||
|
-e 's/^$//' \\\
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
%global host_ldflags %{expand:%%(echo %{build_ldflags} %{?_hardening_ldflags} | %{ldflags_sed})}
|
||||||
|
%global legacy_host_ldflags \\\
|
||||||
|
%{expand:%%(echo %{host_ldflags} | \\\
|
||||||
|
%{ldflags_sed} \\\
|
||||||
|
)}
|
||||||
|
%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})}
|
||||||
|
|
||||||
|
%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})}
|
||||||
|
%global legacy_target_ldflags \\\
|
||||||
|
%{expand:%%(echo %{target_ldflags} | \\\
|
||||||
|
%{ldflags_sed} \\\
|
||||||
|
)}
|
||||||
|
%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})}
|
||||||
|
|
||||||
%global with_efi_arch 0
|
%global with_efi_arch 0
|
||||||
%global with_alt_efi_arch 0
|
%global with_alt_efi_arch 0
|
||||||
%global with_legacy_arch 0
|
%global with_legacy_arch 0
|
||||||
@ -319,11 +337,12 @@ PYTHON=python3 ./autogen.sh \
|
|||||||
%define do_efi_configure() \
|
%define do_efi_configure() \
|
||||||
%configure \\\
|
%configure \\\
|
||||||
%{cc_equals} \\\
|
%{cc_equals} \\\
|
||||||
HOST_CFLAGS="%{3} -I$(pwd)" \\\
|
HOST_CFLAGS="%{3}" \\\
|
||||||
HOST_CPPFLAGS="${CPPFLAGS} -I$(pwd)" \\\
|
HOST_CPPFLAGS="-I$(pwd)" \\\
|
||||||
TARGET_CFLAGS="%{2} -I$(pwd)" \\\
|
HOST_LDFLAGS="%{efi_host_ldflags}" \\\
|
||||||
TARGET_CPPFLAGS="${CPPFLAGS} -I$(pwd)" \\\
|
TARGET_CFLAGS="%{2}" \\\
|
||||||
TARGET_LDFLAGS=-static \\\
|
TARGET_CPPFLAGS="-I$(pwd)" \\\
|
||||||
|
TARGET_LDFLAGS="%{efi_target_ldflags}" \\\
|
||||||
--with-platform=efi \\\
|
--with-platform=efi \\\
|
||||||
--with-utils=host \\\
|
--with-utils=host \\\
|
||||||
--target=%{1} \\\
|
--target=%{1} \\\
|
||||||
@ -405,9 +424,12 @@ cd .. \
|
|||||||
cd grub-%{1}-%{tarversion} \
|
cd grub-%{1}-%{tarversion} \
|
||||||
%configure \\\
|
%configure \\\
|
||||||
%{cc_equals} \\\
|
%{cc_equals} \\\
|
||||||
HOST_CFLAGS="%{legacy_host_cflags} -I$(pwd)" \\\
|
HOST_CFLAGS="%{legacy_host_cflags}" \\\
|
||||||
TARGET_CFLAGS="%{legacy_target_cflags} -I$(pwd)" \\\
|
HOST_CPPFLAGS="-I$(pwd)" \\\
|
||||||
TARGET_LDFLAGS=-static \\\
|
HOST_LDFLAGS="%{legacy_host_ldflags}" \\\
|
||||||
|
TARGET_CFLAGS="%{legacy_target_cflags}" \\\
|
||||||
|
TARGET_CPPFLAGS="-I$(pwd)" \\\
|
||||||
|
TARGET_LDFLAGS="%{legacy_target_ldflags}" \\\
|
||||||
--with-platform=%{platform} \\\
|
--with-platform=%{platform} \\\
|
||||||
--with-utils=host \\\
|
--with-utils=host \\\
|
||||||
--target=%{_target_platform} \\\
|
--target=%{_target_platform} \\\
|
||||||
|
Loading…
Reference in New Issue
Block a user