On 01/28/2014 08:59 PM, Lukas Slebodnik wrote: > On (28/01/14 20:56), Lukas Slebodnik wrote: >> ehlo, >> >> How to test: >> -remove line "%define _hardened_build 1" from spec file >> -build freeeipa package (it should fail) >> -apply patch >> -build freeeipa package (it should work ) >> >> simple patch attached. >> >> LS > >> >From 0ae1582770706f5a88980c0a16d4c64ce58c98e2 Mon Sep 17 00:00:00 2001 >> From: Lukas Slebodnik <lsleb...@redhat.com> >> Date: Tue, 28 Jan 2014 19:58:40 +0100 >> Subject: [PATCH] Fix linking ipa-otpd with broken hardened build >> >> If there is problem with _hardened_build in rpm extra flag will not be >> included >> into CLFAGS and LDFLAGS ("-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" ) >> and it will cause problem with linking binary ipa-otpd. >> >> /usr/bin/ld: bind.o: relocation R_X86_64_32 against `.rodata.str1.8' can not >> be >> used when making a shared object; recompile with -fPIC >> bind.o: error adding symbols: Bad value >> >> ipa-otpd will be linked successfully with this patch even if there is problem >> with hardened build on fedora. >> >> Resolves: >> https://fedorahosted.org/freeipa/ticket/4142 >> --- >> daemons/ipa-otpd/Makefile.am | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am >> index >> f0b75284dbbd46265a6ff366a7846da63c935986..0716e75b72cb7fb3910350fc0f9439a23c0bcf29 >> 100644 >> --- a/daemons/ipa-otpd/Makefile.am >> +++ b/daemons/ipa-otpd/Makefile.am >> @@ -1,4 +1,4 @@ >> -AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ >> +AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ -fPIE >> AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie >> -Wl,-z,relro -Wl,-z,now >> >> noinst_HEADERS = internal.h >> -- >> 1.8.5.3 >> > > I forgot to mention; patch applies only on ipa-3-3 branch, because file > daemons/ipa-otpd/Makefile.am is different on master. > > LS
Thanks Lukas, good investigation. This made me realize that the rawhide build was indeed crashing due to missing section switching _hardened_build to 1 in downstream repo. The build seems OK now. Do you still consider this patch as something that should be in git, given it was caused by missing _hardened_build? Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel