>From 82ff2391f87cbaf6d68ad33c9c76164022cc8202 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 5 Jun 2013 14:03:41 +0200
Subject: [PATCH 2/3] rpm: Use hardened flags for RPM build

https://fedorahosted.org/sssd/ticket/1797

This patch adds relro and bind_now linker flags to produce hardened
binaries. The change amounts to adding "-Wl,-z,now".
---
 contrib/sssd.spec.in | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 65832166bc141ad37e5d24bf3ed969aef260fc66..d59f684400b6eab4f65a93552ae73a85445ac3e2 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -285,6 +285,10 @@ done
 
 autoreconf -ivf
 
+# Hardened build to make sure that all dynamic symbols are resolved at
+# start-up so that the GOT is read-only.
+export CFLAGS="%{optflags} -Wl,-z,now"
+
 %configure \
     --with-test-dir=/dev/shm \
     --with-db-path=%{dbpath} \
-- 
1.8.2.1