On 02/04/2015 04:07 PM, Viktor Dukhovni wrote: > The low-level details are easy, the hard part is the interface > glue. How should users be able to specify such flags, updating > the INSTALL documentation, ... > > For a preview of a brute-force hack that makes it work, apply > the patch below: > > diff --git a/makedefs b/makedefs > index f7be08c..c8b7d74 100644 > --- a/makedefs > +++ b/makedefs > @@ -1090,7 +1090,7 @@ SYSTYPE = $SYSTYPE > _AR = $_AR > ARFL = $ARFL > _RANLIB = $_RANLIB > -SYSLIBS = $AUXLIBS $SYSLIBS $PLUGIN_AUXLIBS > +SYSLIBS = -pie $AUXLIBS $SYSLIBS $PLUGIN_AUXLIBS > CC = $CC $CCARGS \$(WARN) > OPT = $OPT > DEBUG = $DEBUG > > and configure Postfix with: > > make -f Makefile.init CCARGS="-fPIC ..." AUXLIBS="..."
Thanks, I'll stick that patch in the build and see how it works. > This is not a user interface, just a proof of concept. To support > this properly we'd need to automatically enable -fPIC for all > objects when PIE is requested for executables. > > Note, good luck debugging those (even getting a stack trace) if > you ever run into trouble. I've yet to see a gdb that understands > PIE executables, perhaps I have not yet been using a sufficiently > bleeding-edge toolchain. This is more along the lines of, I'm building 3rd-party postfix packages for CentOS, the current stable postfix packages (sourced from Fedora) have -pie enabled and so I'd like to keep it enabled if at all possible. Peter
