Harden linking

Fixing the following failures reported by annocheck: Hardened: /usr/bin/trc_pkt_lister: FAIL: pie test because not built with '-Wl,-pie' (gcc/clang) or '-buildmode pie' (go) Hardened: /usr/bin/trc_pkt_lister: FAIL: bind-now test because not linked with -Wl,-z,now Hardened: trc_pkt_lister: Overall: FAIL. Hardened: /usr/lib64/libopencsd.so.1.0.0: FAIL: bind-now test because not linked with -Wl,-z,now Hardened: libopencsd.so.1.0.0: Overall: FAIL. H ardened: /usr/lib64/libopencsd_c_api.so.1.0.0: FAIL: bind-now test because not linked with -Wl,-z,now Hardened: libopencsd_c_api.so.1.0.0: Overall: FAIL. Resolves: rhbz#2031802 Signed-off-by: Michael Petlan <mpetlan@redhat.com>
2021-12-15 08:17:42 +01:00 · 2021-12-15 08:17:42 +01:00 · 9ebd6edb92
commit 9ebd6edb92
parent 1f6a7f0ae9
1 changed files with 5 additions and 0 deletions
--- a/opencsd.spec
+++ b/opencsd.spec
@ -33,6 +33,7 @@ to develop CoreSight(tm) trace decoders.
 cd decoder/build/linux
 export CFLAGS="$RPM_OPT_FLAGS"
 export CXXFLAGS="$RPM_OPT_FLAGS"
+export LDFLAGS="-pie -z now"
 LIB_PATH=%{_lib} make %{?_smp_mflags}


@ -59,6 +60,10 @@ PREFIX=%{buildroot}%{_prefix} LIB_PATH=%{_lib} make install DISABLE_STATIC=1 DEF
 #------------------------------------------------------------------------------
 %changelog
 * Tue Dec 14 2021 Michael Petlan <mpetlan@redhat.com> - 1.0.0-5
+- Added some linker hardening flags to pass annocheck
+  Related: rhbz#2031802
+
+  * Tue Dec 14 2021 Michael Petlan <mpetlan@redhat.com> - 1.0.0-5
 - Added gating
  Related: rhbz#2031794