diff options
Diffstat (limited to 'macros.in')
-rw-r--r-- | macros.in | 23 |
1 files changed, 21 insertions, 2 deletions
@@ -218,6 +218,17 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - #============================================================================== # ---- compiler flags. +%_hardening_gcc_cflags -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 +%_hardening_clang_cflags --config /usr/lib/rpm/redhat/redhat-hardened-clang.cfg +%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} + +%_hardening_ldflags %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/redhat/redhat-hardened-ld" : "" ] + +# Use "%undefine _hardened_build" to disable. +%_hardened_build 1 +%_hardened_cflags %{?_hardened_build:%{_hardening_cflags}} +%_hardened_ldflags %{?_hardened_build:%{_hardening_ldflags}} + # C compiler flags. This is traditionally called CFLAGS in makefiles. # Historically also available as %%{optflags}, and %%build sets the # environment variable RPM_OPT_FLAGS to this value. @@ -242,7 +253,15 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - # the flags, while intended for ld, are still passed through the gcc # compiler driver. At the beginning of %%build, the environment # variable RPM_LD_FLAGS to this value. -%build_ldflags %{?!_disable_ld_as_needed: -Wl,--as-needed}%{?!_disable_ld_no_undefined: -Wl,--no-undefined}%{?!_disable_ld_relro: -Wl,-z,relro%{?!_disable_ld_now: -Wl,-z,now}}%{?!_disable_ld_O1: -Wl,-O1}%{?!_disable_ld_build_id: %_build_id_flags}%{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags} +%build_ldflags %{shrink: \ + %{?!_disable_ld_as_needed: -Wl,--as-needed} \ + %{?!_disable_ld_no_undefined: -Wl,--no-undefined} \ + %{?!_disable_ld_relro: -Wl,-z,relro} \ + %{?!_disable_ld_now: -Wl,-z,now} \ + %{?!_disable_ld_O1: -Wl,-O1} \ + %{?!_disable_ld_build_id: %_build_id_flags} \ + %{?!_disable_ld_enable_new_dtags: -Wl,--enable-new-dtags} \ + %{_hardened_ldflags}} # For compatibility %ldflags %build_ldflags @@ -278,7 +297,7 @@ GCONF_CONFIG_SOURCE=`%{_gconftool_bin} --get-default-source` %{_gconftool_bin} - %Werror_cflags -Wformat -Werror=format-security %_ssp_cflags -fstack-protector-strong -%__common_cflags -O2 %{debugcflags} -pipe %{Werror_cflags} %{?_fortify_cflags}%{?_legacy_common_support: -fcommon} +%__common_cflags -O2 %{debugcflags} -pipe %{Werror_cflags} %{?_fortify_cflags}%{?_legacy_common_support: -fcommon} %{_hardened_cflags} %__common_cflags_with_ssp %{__common_cflags} %{?_ssp_cflags} # Servers opt flags. |