Am 04.02.2015 um 02:31 schrieb Peter:
On 02/04/2015 01:42 PM, li...@rhsoft.net wrote:
BUT one belongs to CCARGS and the other to AUXLIBS
re-read the previous mails in this thread!
...and from one of *my* previous emails:
make makefiles shared=yes 'CCARGS=-fPIC -fPIE' 'AUXLIBS=-pie'
...also fails
Can you suggest the combination with -pie that is supposed to work and
actually *does* work?
not for dynamic build but that below is from my rpmbuilder and it's a
hardened build supporting ASLR
hardening-check /usr/libexec/postfix/master
/usr/libexec/postfix/master:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes (some protected functions found)
Read-only relocations: yes
Immediate binding: yes
.rpmrc:
optflags: x86_64 -m64 -O2 -march=corei7 -mtune=corei7 -fopenmp -mmmx
-msse2 -msse3 -msse4.1 -msse4.2 -maes -mfpmath=sse -pipe
-fomit-frame-pointer -finline-functions -finline-limit=60 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=6 -D_FORTIFY_SOURCE=2
-Wstack-protector -Wformat -Werror=format-security
postfix.spec:
%build
CCARGS="-fPIC -DNO_NIS -DNO_NISPLUS -DNO_EAI -DNO_LMDB -DNO_CDB
-DNO_LDAP -DNO_PGSQL -DNO_SQLITE -DHAS_PCRE -I%{_includedir}/pcre
-DHAS_MYSQL -I%{_includedir}/mysql -DUSE_TLS -DUSE_SASL_AUTH
-DUSE_CYRUS_SASL -I%{_includedir}/sasl
-DDEF_CONFIG_DIR=\\\"%{postfix_config_dir}\\\""
AUXLIBS="-lpcre -L%{_libdir}/mysql -lmysqlclient -lm -L%{_libdir}/sasl2
-lsasl2 -lssl -lcrypto -pie -Wl,-z,now -Wl,-z,relro,-z,noexecstack"
%{__make} %{?_smp_mflags} -f Makefile.init makefiles shared=no
CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}" DEBUG="" OPT="%{optflags}
-Wno-comment -fno-strict-aliasing"
%{__make} %{?_smp_mflags} CCARGS="${CCARGS}" AUXLIBS="${AUXLIBS}"
DEBUG="" OPT="%{optflags} -Wno-comment -fno-strict-aliasing"
