rpms
/
redhat-rpm-config
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Expose %_hardening_{c,ld}flags independently to make it easier for 

packages to apply them to selected components
This commit is contained in:
Adam Jackson 2011-09-16 16:49:56 -04:00
parent 677db6759b
commit 688e86b5a8
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
redhat-rpm-config-9.1.0-hardened.patch
View File

@ -1,15 +1,18 @@
diff -up redhat-rpm-config-9.1.0/macros.jx redhat-rpm-config-9.1.0/macros
--- redhat-rpm-config-9.1.0/macros.jx 2011-08-03 15:42:20.267064981 -0400
+++ redhat-rpm-config-9.1.0/macros 2011-08-03 15:44:46.581058603 -0400
@@ -184,8 +184,12 @@ unset DISPLAY\
@@ -184,8 +184,15 @@ unset DISPLAY\
%__find_provides /usr/lib/rpm/redhat/find-provides
%__find_requires /usr/lib/rpm/redhat/find-requires
-%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4
-%__global_ldflags -Wl,-z,relro
+# define _hardened_build to non-zero to enable
+%_hardened_cflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1}
+%_hardened_ldflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-ld}
+%_hardening_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1
+%_hardening_ldflags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
+
+#_hardened_build 0
+%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}}
+%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}}
+
+%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{_hardened_cflags}
+%__global_ldflags -Wl,-z,relro %{_hardened_ldflags}

6
redhat-rpm-config.spec
View File

@ -1,7 +1,7 @@
Summary: Red Hat specific rpm configuration files
Name: redhat-rpm-config
Version: 9.1.0
Release: 16%{?dist}
Release: 17%{?dist}
# No version specified.
License: GPL+
Group: Development/System
@ -69,6 +69,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_sysconfdir}/rpm/*
%changelog
* Fri Sep 16 2011 Adam Jackson <ajax@redhat.com> 9.1.0-17
- Expose %%_hardening_{c,ld}flags independently to make it easier for
packages to apply them to selected components
* Wed Aug 10 2011 Colin Walters <walters@verbum.org> - 9.1.0-16
- Globally disable silent rules