Harden_all_packages_with_position-independent_code + guile modules
nmav at redhat.com
Thu Mar 19 07:16:19 UTC 2015
On Wed, 2015-03-18 at 11:37 -0700, Moez Roy wrote:
> >>> > FULL RELRO
> >>> > http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html
> >>> If that's all we got I suggest to remove this flag or (better) provide a
> >>> way for applications that use modules to compile themselves, without
> >>> removing the whole set of hardening flags.
> >> Any advise from the change owners? How should applications that use
> >> modules with undefined systems should handle that? Should they add %
> >> undefine _hardened_build by default?
> > I was doing some research last night but not tested it yet:
> > "nonow"
> > 1) add -nonow to the CFLAGS
> > 2) or add -z nonow to the LDFLAGS
> > doing the koji builds now to test and see if it works.
> > Also need to test if there is a -lazy option.
> Why are you using -Wl,--no-add-needed in the LD flags?
I don't see the reason for it. Added Tomas (the previous maintainer) in
case he remembers.
> I am able to get much further ahead in the build process when I remove this.
Do you mean the package was fully built by removing the no-add-needed
flag? Previously the "make check" process was failing.
More information about the devel