Skip to content

Commit

Permalink
rpm: Use hardened LDFLAGS
Browse files Browse the repository at this point in the history 
Currently, we do pass the hardened CFLAGS and CPPFLAGS when building the
code. However, we do not pass the hardened flags to the linker. This
means that the binaries are linked without the options like -Wl,-z,now.
As a result, we do not fully harden the binaries that we build.

This commit fixes this by passing the RPM_LD_FLAGS to the linker so the
builds are linked with the properly hardened flags.

Fixes: http://tracker.ceph.com/issues/36316

Signed-off-by: Boris Ranto <[email protected]>
  • Loading branch information
@b-ranto
b-ranto committed Oct 4, 2018
1 parent 43a72f0 commit ea6d7d2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions ceph.spec.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -930,6 +930,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS --param ggc-min-expand=20 --param ggc-min-heapsize
export CPPFLAGS="$java_inc"
export CFLAGS="$RPM_OPT_FLAGS"
export CXXFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS"

# Parallel build settings ...
CEPH_MFLAGS_JOBS="%{?_smp_mflags}"
Expand Down

0 comments on commit ea6d7d2

Please sign in to comment.