"rpmbuild --rebuild" does not result in hardened build
Panu Matilainen
pmatilai at laiskiainen.org
Tue Jun 18 17:18:27 UTC 2013
On 06/18/2013 04:21 PM, Reindl Harald wrote:
> can someone lokk at this?
> https://bugzilla.redhat.com/show_bug.cgi?id=975273
>
> why are the hardening-macros not respected with "rpmbuild"?
Because of this (from
https://bugzilla.redhat.com/show_bug.cgi?id=975273#c3):
> [builduser at buildserver64:~]$ cat .rpmrc
optflags: x86_64 -m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx
-msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector
--param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions
You're overriding the distro defaults and not including
%{__global_cflags} which a part of how the hardening flags (among all
sorts of other distro defaults) get set for builds.
- Panu -
More information about the devel
mailing list