From 2fc7312546250a74276f599dabb309713e52f7f7 Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Mon, 11 Feb 2019 11:20:28 +0800
Subject: [PATCH] Enable building with hardening flags

Backport the patches required to make the hardening build flags work with
kexec-tools and makedumpfile, and enabld hardening flags in spec file.
This will make the pacakge pass all warnings for kexec and makedumpfile
reported by annocheck.

Didn't find any issue with basic tests with kexec and makedumpfile.

Signed-off-by: Kairui Song <kasong@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
---
 ...es-honor-the-CFLAGS-from-environment.patch | 41 +++++++++++++++++++
 ...0.18-purgatory-Use-standalond-CFLAGS.patch | 34 +++++++++++++++
 kexec-tools.spec                              |  7 +++-
 3 files changed, 80 insertions(+), 2 deletions(-)
 create mode 100644 kexec-tools-2.0.18-makedumpfiles-honor-the-CFLAGS-from-environment.patch
 create mode 100644 kexec-tools-2.0.18-purgatory-Use-standalond-CFLAGS.patch

diff --git a/kexec-tools-2.0.18-makedumpfiles-honor-the-CFLAGS-from-environment.patch b/kexec-tools-2.0.18-makedumpfiles-honor-the-CFLAGS-from-environment.patch
new file mode 100644
index 0000000..e4052fa
--- /dev/null
+++ b/kexec-tools-2.0.18-makedumpfiles-honor-the-CFLAGS-from-environment.patch
@@ -0,0 +1,41 @@
+From 2f007b48c581a81d7e95678b6bcb77cfbe177135 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Tue, 29 Jan 2019 11:14:15 +0800
+Subject: [PATCH] [PATCH v2] honor the CFLAGS from environment variables
+
+This makes it possible to pass in extra cflags, for example, hardening
+flags could be passed in with environment variable when building a
+hardened package.
+
+Also introduce a CFLAGS_BASE to hold common CFLAGS, which simplify the
+CFLAGS definition.
+
+Suggested-by: Kazuhito Hagio <k-hagio@ab.jp.nec.com>
+Signed-off-by: Kairui Song <kasong@redhat.com>
+---
+ Makefile | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index ea3c47d..bd681d2 100644
+--- a/makedumpfile-1.6.5/Makefile
++++ b/makedumpfile-1.6.5/Makefile
+@@ -8,11 +8,10 @@ ifeq ($(strip $CC),)
+ CC	= gcc
+ endif
+ 
+-CFLAGS = -g -O2 -Wall -D_FILE_OFFSET_BITS=64 \
+-	  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE \
+-	  -DVERSION='"$(VERSION)"' -DRELEASE_DATE='"$(DATE)"'
+-CFLAGS_ARCH	= -g -O2 -Wall -D_FILE_OFFSET_BITS=64 \
+-		    -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
++CFLAGS_BASE := $(CFLAGS) -g -O2 -Wall -D_FILE_OFFSET_BITS=64 \
++		-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
++CFLAGS      := $(CFLAGS_BASE) -DVERSION='"$(VERSION)"' -DRELEASE_DATE='"$(DATE)"'
++CFLAGS_ARCH := $(CFLAGS_BASE)
+ # LDFLAGS = -L/usr/local/lib -I/usr/local/include
+ 
+ HOST_ARCH := $(shell uname -m)
+-- 
+2.20.1
+
diff --git a/kexec-tools-2.0.18-purgatory-Use-standalond-CFLAGS.patch b/kexec-tools-2.0.18-purgatory-Use-standalond-CFLAGS.patch
new file mode 100644
index 0000000..9639877
--- /dev/null
+++ b/kexec-tools-2.0.18-purgatory-Use-standalond-CFLAGS.patch
@@ -0,0 +1,34 @@
+From c493af72ac796e8ab3f3f4299205bd402dcee861 Mon Sep 17 00:00:00 2001
+From: Kairui Song <kasong@redhat.com>
+Date: Mon, 28 Jan 2019 18:50:40 +0800
+Subject: [PATCH] purgatory: Use standalond CFLAGS
+
+There has been a lot of workarounds for purgatory disabling many
+specified CFLAGS that will break purgatory. It will be better to not
+let the CFLAGS used to compile purgatory honor the CFLAGS from
+environment variables. So we will have stable CFLAGS for purgatory.
+
+If anyone still wants to change purgatory CFLAGS, PURGATORY_EXTRA_CFLAGS
+is still honored.
+
+Signed-off-by: Simon Horman <horms@verge.net.au>
+---
+ purgatory/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/purgatory/Makefile b/purgatory/Makefile
+index 49ce80a..2dd6c47 100644
+--- a/purgatory/Makefile
++++ b/purgatory/Makefile
+@@ -45,7 +45,7 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c
+ 	$(COMPILE.c) -o $@ $^
+ 
+ $(PURGATORY): CC=$(TARGET_CC)
+-$(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \
++$(PURGATORY): CFLAGS=$(PURGATORY_EXTRA_CFLAGS) \
+ 		      $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \
+ 		      -Os -fno-builtin -ffreestanding \
+ 		      -fno-zero-initialized-in-bss \
+-- 
+2.20.1
+
diff --git a/kexec-tools.spec b/kexec-tools.spec
index cd90e3d..46639c5 100644
--- a/kexec-tools.spec
+++ b/kexec-tools.spec
@@ -61,8 +61,6 @@ BuildRequires: automake autoconf libtool
 Obsoletes: diskdumputils netdump kexec-tools-eppic
 %endif
 
-%undefine _hardened_build
-
 #START INSERT
 
 #
@@ -87,6 +85,8 @@ Obsoletes: diskdumputils netdump kexec-tools-eppic
 #
 # Patches 601 onward are generic patches
 #
+Patch601: kexec-tools-2.0.18-purgatory-Use-standalond-CFLAGS.patch
+Patch602: kexec-tools-2.0.18-makedumpfiles-honor-the-CFLAGS-from-environment.patch
 
 %description
 kexec-tools provides /sbin/kexec binary that facilitates a new
@@ -102,6 +102,9 @@ mkdir -p -m755 kcp
 tar -z -x -v -f %{SOURCE9}
 tar -z -x -v -f %{SOURCE19}
 
+%patch601 -p1
+%patch602 -p1
+
 %ifarch ppc
 %define archdef ARCH=ppc
 %endif