diff options
| author | Jani Välimaa <wally@mageia.org> | 2024-04-21 09:28:07 +0300 |
|---|---|---|
| committer | Jani Välimaa <wally@mageia.org> | 2024-04-21 09:28:07 +0300 |
| commit | c03396b6f30984fc5d63ed921eedf2d82100e1db (patch) | |
| tree | 225b3003a84207e977c4e6235c8775a59580f744 /macros.in | |
| parent | 2b0d3165be210e6ca67c1c9443331c08e82c7f4d (diff) | |
| download | rpm-setup-c03396b6f30984fc5d63ed921eedf2d82100e1db.tar rpm-setup-c03396b6f30984fc5d63ed921eedf2d82100e1db.tar.gz rpm-setup-c03396b6f30984fc5d63ed921eedf2d82100e1db.tar.bz2 rpm-setup-c03396b6f30984fc5d63ed921eedf2d82100e1db.tar.xz rpm-setup-c03396b6f30984fc5d63ed921eedf2d82100e1db.zip | |
macros: add %_hardened_build (from Fedora) to build pkgs with position-independent code by default
Diffstat (limited to 'macros.in')
| -rw-r--r-- | macros.in | 23 |
1 files changed, 21 insertions, 2 deletions
@@ -218,6 +218,17 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - #============================================================================== # ---- compiler flags. +%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 +%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg +%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} + +%_hardening_ldflags %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ] + +# Use "%undefine _hardened_build" to disable. +%_hardened_build 1 +%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}} +%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}} + # C compiler flags. This is traditionally called CFLAGS in makefiles. # Historically also available as %%{optflags}, and %%build sets the # environment variable RPM_OPT_FLAGS to this value. @@ -242,7 +253,15 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - # the flags, while intended for ld, are still passed through the gcc # compiler driver. At the beginning of %%build, the environment # variable RPM_LD_FLAGS to this value. -%build_ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_relro: -Wl,-z,relro%{?!_disable_ld_now: -Wl,-z,now}}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: %_build_id_flags}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags} +%build_ldflags %{shrink: \ + %{?!_disable_ld_as_needed: -Wl,--as-needed} \ + %{?!_disable_ld_no_undefined: -Wl,--no-undefined} \ + %{?!_disable_ld_relro: -Wl,-z,relro} \ + %{?!_disable_ld_now: -Wl,-z,now} \ + %{?!_disable_ld_O1: -Wl,-O1} \ + %{?!_disable_ld_build_id: %_build_id_flags} \ + %{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags} \ + %{_hardened_ldflags}} # For compatibility %ldflags %build_ldflags @@ -278,7 +297,7 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - %Werror_cflags -Wformat -Werror=format-security %_ssp_cflags -fstack-protector-strong -%__common_cflags -O2 %{debugcflags} -pipe %{Werror_cflags} %{?_fortify_cflags}%{?_legacy_common_support: -fcommon} +%__common_cflags -O2 %{debugcflags} -pipe %{Werror_cflags} %{?_fortify_cflags}%{?_legacy_common_support: -fcommon} %{_hardened_cflags} %__common_cflags_with_ssp %{__common_cflags} %{?_ssp_cflags} # Servers opt flags. |