[Fedora-packaging] RFC mass bug reporting: checksec failures
Alexander Todorov
atodorov at redhat.com
Thu Sep 17 07:57:28 UTC 2015
На 17.09.2015 в 08:33, Ben Boeckel написа:
> On Wed, 16 Sep, 2015 at 16:24:02 GMT, Alexander Todorov wrote:
>> Please let me know which packages need to genuinely be excluded and what should
>> we do with these packages ? Some will probably be fixed once they are rebuilt
>> but that may take a while.
>>
>> Any package maintainers out there - please fix your packages in Rawhide so we
>> don't have to file bugs for all of them.
>
> I see lots (probably all) of ghc-* packages, so filing one against
> ghc-rpm-macros or ghc itself would probably be the most expedient there.
> If it is just a missed flag or something, it can be rolled up with the
> 7.10.0 rebuild which I believe is planned for Rawhide.
>
FYI:
https://bugzilla.redhat.com/show_bug.cgi?id=1263957
> Of course, if ghc doesn't support everything checksec looks for,
> ignoring everything under %{_libdir}/ghc-*/ would be best. Jens?
>
> For any CMake-using projects (I see at least CMake itself and ParaView
> in the list), setting the `POSITION_INDEPENDENT_CODE` property[1] on
> targets would fix any missing -fPIE. It is initialized with
> `CMAKE_POSITION_INDEPENDENT_CODE`, so adding:
>
> -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON
>
> to %cmake when hardening is enabled should fix -fPIE missing. Anything
> with internal static libraries *might* need a scalpel to turn off the
> property on those targets.
>
> --Ben
>
> [1]http://www.cmake.org/cmake/help/v3.3/prop_tgt/POSITION_INDEPENDENT_CODE.html
>
Ben,
is there any way this CMake property be turned on globally ?
--
Alex
More information about the devel
mailing list