Skip to content

Commit

Permalink
rpm: Use hardened LDFLAGS
Browse files Browse the repository at this point in the history 
Currently, we do pass the hardened CFLAGS and CPPFLAGS when building the
code. However, we do not pass the hardened flags to the linker. This
means that the binaries are linked without the options like -Wl,-z,now.
As a result, we do not fully harden the binaries that we build.

This commit fixes this by passing the RPM_LD_FLAGS to the linker so the
builds are linked with the properly hardened flags.

Fixes: http://tracker.ceph.com/issues/36316

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit ea6d7d2)
  • Loading branch information
@b-ranto
b-ranto authored and Prashant D committed Nov 20, 2018
1 parent c7c47ae commit 1a6530d
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions ceph.spec.in
View file
Expand Up @@ -806,6 +806,7 @@ export RPM_OPT_FLAGS=`echo $RPM_OPT_FLAGS | sed -e 's/i386/i486/'`
export CPPFLAGS="$java_inc"
export CFLAGS="$RPM_OPT_FLAGS"
export CXXFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS"

env | sort

Expand Down

0 comments on commit 1a6530d

Please sign in to comment.