rpms
/
redhat-rpm-config
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Build flags: Enable CET on i686, x86_64 (#1538725)

This commit is contained in:
Florian Weimer 2018-01-29 15:08:43 +01:00
parent 6e5a75d61e
commit 1b296f01fc
3 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
buildflags.md
View File

@ -204,6 +204,8 @@ not), but their selection depends on the architecture:
fully ABI-compatible and has adds very little run-time overhead, but
is only available on certain architectures (currently aarch64, i386,
ppc64, ppc64le, s390x, x86_64).
* ` -mcet -fcf-protection`: Instrument binaries to guard against
ROP/JOP attacks. Used on i686 and x86_64.
* `-m64` and `-m32`: Some GCC builds support both 32-bit and 64-bit in
the same compilation. For such architectures, the RPM build process
explicitly selects the architecture variant by passing this compiler

8
redhat-rpm-config.spec
View File

@ -6,7 +6,7 @@
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 85
Version: 86
Release: 1%{?dist}
# No version specified.
License: GPL+
@ -88,6 +88,9 @@ Requires: dwz >= 0.4
Requires: zip
Requires: (annobin if gcc)
# -fstack-clash-protection and CET requires GCC 8.
Conflicts: gcc < 8.0
Provides: system-rpm-config = %{version}-%{release}
%global rrcdir /usr/lib/rpm/redhat
@ -157,6 +160,9 @@ install -p -m 755 -t %{buildroot}%{_rpmconfigdir} kmod.prov
%{_rpmconfigdir}/macros.d/macros.kmp
%changelog
* Mon Jan 29 2018 Florian Weimer <fweimer@redhat.com> - 86-1
- Build flags: Enable CET on i686, x86_64 (#1538725)
* Thu Jan 25 2018 Florian Weimer <fweimer@redhat.com> - 85-1
- Build flags: Switch to generic tuning on i686 (#1538693)

4
rpmrc
View File

@ -3,10 +3,10 @@ include: /usr/lib/rpm/rpmrc
optflags: i386 %{__global_compiler_flags} -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i486 %{__global_compiler_flags} -m32 -march=i486 -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i586 %{__global_compiler_flags} -m32 -march=i586 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: i686 %{__global_compiler_flags} -m32 -march=i686 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection
optflags: athlon %{__global_compiler_flags} -m32 -march=athlon -fasynchronous-unwind-tables -fstack-clash-protection
optflags: ia64 %{__global_compiler_flags}
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection
optflags: x86_64 %{__global_compiler_flags} -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -mcet -fcf-protection
optflags: alpha %{__global_compiler_flags} -mieee
optflags: alphaev5 %{__global_compiler_flags} -mieee -mcpu=ev5