On Fri, Mar 13, 2015 at 12:34 AM, Nikos Mavrogiannopoulos <n...@redhat.com> wrote: > I think it is important to document what a hardened build means, in the > change request as well as provide a pointer from the packaging > guidelines. It's no much point mentioning hardened builds but no-one can > find out what are these flags and the rationale of being added to this > set. Currently it was implied they were flags to enable position > independent code, but as it seems there are other flags in this set too. > > regards, > Nikos
------------------------------------------------ https://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/plain/redhat-hardened-cc1 *cc1_options: + %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}} -------------------------------------------------- https://pkgs.fedoraproject.org/cgit/redhat-rpm-config.git/plain/redhat-hardened-ld *self_spec: + %{!shared:-pie} *link: + -z now ---------------------------------------------------- I added the above information to the wiki as requested: https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code#Detailed_Harden_Flags_Description Regards, Moez -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
