Harden_all_packages_with_position-independent_code + guile modules
Moez Roy
moez.roy at gmail.com
Fri Mar 13 09:14:25 UTC 2015
On Fri, Mar 13, 2015 at 12:34 AM, Nikos Mavrogiannopoulos
<nmav at redhat.com> wrote:
> I think it is important to document what a hardened build means, in the
> change request as well as provide a pointer from the packaging
> guidelines. It's no much point mentioning hardened builds but no-one can
> find out what are these flags and the rationale of being added to this
> set. Currently it was implied they were flags to enable position
> independent code, but as it seems there are other flags in this set too.
>
> regards,
> Nikos
------------------------------------------------
https://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/plain/redhat-hardened-cc1
*cc1_options:
+ %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}
--------------------------------------------------
https://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/plain/redhat-hardened-ld
*self_spec:
+ %{!shared:-pie}
*link:
+ -z now
----------------------------------------------------
I added the above information to the wiki as requested:
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code#Detailed_Harden_Flags_Description
Regards,
Moez
More information about the devel
mailing list