redhat-hardened-{cc1,ld}: Move some of the rewrite magic to gcc specs so
we don't end up with both -fPIC and -fPIE on the command line
This commit is contained in:
Adam Jackson
parent
796b80f2f4
commit
da8d7a1e6a
|
|
@ -1,18 +1,18 @@
|
|||
diff -up redhat-rpm-config-9.1.0/macros.jx redhat-rpm-config-9.1.0/macros
|
||||
--- redhat-rpm-config-9.1.0/macros.jx 2011-08-01 11:01:08.000000000 -0400
|
||||
+++ redhat-rpm-config-9.1.0/macros 2011-08-01 11:14:53.438448217 -0400
|
||||
--- redhat-rpm-config-9.1.0/macros.jx 2011-08-03 15:42:20.267064981 -0400
|
||||
+++ redhat-rpm-config-9.1.0/macros 2011-08-03 15:44:46.581058603 -0400
|
||||
@@ -184,8 +184,12 @@ unset DISPLAY\
|
||||
%__find_provides /usr/lib/rpm/redhat/find-provides
|
||||
%__find_requires /usr/lib/rpm/redhat/find-requires
|
||||
|
||||
-%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4
|
||||
-%__global_ldflags -Wl,-z,relro
|
||||
+#_hardened_build 0
|
||||
+%_hardened_cflags %{?_hardened_build:-fPIE}
|
||||
+%_hardened_ldflags %{?_hardened_build:-Wl,-z,now -pie}
|
||||
+# define _hardened_build to non-zero to enable
|
||||
+%_hardened_cflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1}
|
||||
+%_hardened_ldflags %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-ld}
|
||||
+
|
||||
+%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{?_hardened_cflags}
|
||||
+%__global_ldflags -Wl,-z,relro %{?_hardened_ldflags}
|
||||
+%__global_cflags -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{_hardened_cflags}
|
||||
+%__global_ldflags -Wl,-z,relro %{_hardened_ldflags}
|
||||
|
||||
# Use these macros to differentiate between RH and other KMP implementation(s).
|
||||
redhat_kernel_module_package 1
|
||||
|
|
|
|||
|
|
@ -1,12 +1,20 @@
|
|||
Summary: Red Hat specific rpm configuration files
|
||||
Name: redhat-rpm-config
|
||||
Version: 9.1.0
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
# No version specified.
|
||||
License: GPL+
|
||||
Group: Development/System
|
||||
URL: http://git.fedoraproject.org/git/redhat-rpm-config
|
||||
Source: redhat-rpm-config-%{version}.tar.bz2
|
||||
|
||||
# these two implement automagic {c,ld}flags mangling for additional ELF
|
||||
# hardening when _hardened_build is defined in a spec file. gcc 4.6.1-7.fc16
|
||||
# or newer is needed for these to work; prior to that *self_specs was not
|
||||
# exposed. If anything goes wrong, blame ajax@
|
||||
Source1: redhat-hardened-cc1
|
||||
Source2: redhat-hardened-ld
|
||||
|
||||
Patch0: redhat-rpm-config-9.1.0-strict-python-bytecompile.patch
|
||||
Patch1: redhat-rpm-config-9.1.0-fix-requires.patch
|
||||
Patch2: redhat-rpm-config-9.1.0-no-strip-note.patch
|
||||
|
|
@ -44,6 +52,7 @@ Red Hat specific rpm configuration files.
|
|||
%install
|
||||
make DESTDIR=${RPM_BUILD_ROOT} install
|
||||
cp -p %{_datadir}/libtool/config/config.{guess,sub} ${RPM_BUILD_ROOT}/usr/lib/rpm/redhat/
|
||||
install -m 0444 %{SOURCE1} %{SOURCE2} ${RPM_BUILD_ROOT}/usr/lib/rpm/redhat
|
||||
find ${RPM_BUILD_ROOT} -name \*.orig -delete
|
||||
# buggy makefile in 9.1.0 leaves changelog in wrong place
|
||||
find ${RPM_BUILD_ROOT} -name ChangeLog -delete
|
||||
|
|
@ -58,6 +67,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|||
%{_sysconfdir}/rpm/*
|
||||
|
||||
%changelog
|
||||
* Wed Aug 03 2011 Adam Jackson <ajax@redhat.com> 9.1.0-15
|
||||
- redhat-hardened-{cc1,ld}: Move some of the rewrite magic to gcc specs so
|
||||
we don't end up with both -fPIC and -fPIE on the command line
|
||||
|
||||
* Mon Aug 01 2011 Adam Jackson <ajax@redhat.com> 9.1.0-14
|
||||
- redhat-rpm-config-9.1.0-hardened.patch: Add macro magic for %%_hardened_build
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue