can someone lokk at this? https://bugzilla.redhat.com/show_bug.cgi?id=975273
why are the hardening-macros not respected with "rpmbuild"?
On 06/18/2013 04:21 PM, Reindl Harald wrote:
can someone lokk at this? https://bugzilla.redhat.com/show_bug.cgi?id=975273
why are the hardening-macros not respected with "rpmbuild"?
Because of this (from https://bugzilla.redhat.com/show_bug.cgi?id=975273#c3):
[builduser@buildserver64:~]$ cat .rpmrc
optflags: x86_64 -m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx -msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector --param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions
You're overriding the distro defaults and not including %{__global_cflags} which a part of how the hardening flags (among all sorts of other distro defaults) get set for builds.
- Panu -
Am 18.06.2013 19:18, schrieb Panu Matilainen:
On 06/18/2013 04:21 PM, Reindl Harald wrote:
can someone lokk at this? https://bugzilla.redhat.com/show_bug.cgi?id=975273
why are the hardening-macros not respected with "rpmbuild"?
Because of this (from https://bugzilla.redhat.com/show_bug.cgi?id=975273#c3):
[builduser@buildserver64:~]$ cat .rpmrc
optflags: x86_64 -m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx -msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector --param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions
You're overriding the distro defaults and not including %{__global_cflags} which a part of how the hardening flags (among all sorts of other distro defaults) get set for builds
because it ends in double options with different values "-O3 -O2" makes little sense and looks not predictable
IMHO the hardening-macro should ADD his params to whatever existing ones
-m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx -msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector --param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4
On Tue, 18 Jun 2013 21:41:37 +0200 Reindl Harald h.reindl@thelounge.net wrote:
Am 18.06.2013 19:18, schrieb Panu Matilainen:
On 06/18/2013 04:21 PM, Reindl Harald wrote:
can someone lokk at this? https://bugzilla.redhat.com/show_bug.cgi?id=975273
why are the hardening-macros not respected with "rpmbuild"?
Because of this (from https://bugzilla.redhat.com/show_bug.cgi?id=975273#c3):
[builduser@buildserver64:~]$ cat .rpmrc
optflags: x86_64 -m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx -msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector --param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions
You're overriding the distro defaults and not including %{__global_cflags} which a part of how the hardening flags (among all sorts of other distro defaults) get set for builds
because it ends in double options with different values "-O3 -O2" makes little sense and looks not predictable
the latter wins, it's specified by gcc docs
Dan
IMHO the hardening-macro should ADD his params to whatever existing ones
-m64 -O3 -march=corei7 -mtune=corei7 -fopenmp -mmmx -msse2 -msse3 -msse4.1 -msse4.2 -maes -pipe -fstack-protector --param=ssp-buffer-size=4 -mfpmath=sse -D_FORTIFY_SOURCE=2 -fexceptions -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4
-
Dan Horák -
Panu Matilainen -
Reindl Harald