autobuild: align to new hardening standard

[MingcongBai]

The issue

autobuild3, from tag v0.1.4.1 has added flags for further hardening, and with a recent commit AOSC-Archive/autobuild3@5de9897 switches for enabling/disabling those flags has been added.

Build failures are expected with PIE (position independent executable) flags passed to compiler and linker. Tests are needed to ensure that they will build under the new condition.

A sample of a fully hardened binary

root [ autobuild@dev/new-packages ] # /checksec.sh --file /usr/bin/lightdm
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
Full RELRO      Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   /usr/bin/lightdm

Recommended practice

First of all, enable all hardening features when possible, to achieve the expected result above.

Use the $AB_FLAGS_* variables to control the hardening-related flags when possible, as listed in /etc/autobuild/defaults/hardening:

# Work in progress: factor hardening-related flags into options
# Parameters that are likely to cause trouble.

AB_FLAGS_PIC=1
AB_FLAGS_PIE=1
AB_FLAGS_SSP=1
AB_FLAGS_RRO=1
AB_FLAGS_NOW=1

Hacks are allowed, because in cases like core-libs/glibc, it is possible to control flags in different stages.

[MingcongBai]

All package updates added, now needs testing.

[MingcongBai]

All tested and clear, as of ef84b8f.