From 9ebd6edb92605d57da8e736eb066db71b9e9289e Mon Sep 17 00:00:00 2001
From: Michael Petlan <mpetlan@redhat.com>
Date: Wed, 15 Dec 2021 08:17:42 +0100
Subject: [PATCH] Harden linking

Fixing the following failures reported by annocheck:

Hardened: /usr/bin/trc_pkt_lister: FAIL: pie test because not built with '-Wl,-pie' (gcc/clang) or '-buildmode pie' (go)
Hardened: /usr/bin/trc_pkt_lister: FAIL: bind-now test because not linked with -Wl,-z,now
Hardened: trc_pkt_lister: Overall: FAIL.

Hardened: /usr/lib64/libopencsd.so.1.0.0: FAIL: bind-now test because not linked with -Wl,-z,now
Hardened: libopencsd.so.1.0.0: Overall: FAIL.
H
ardened: /usr/lib64/libopencsd_c_api.so.1.0.0: FAIL: bind-now test because not linked with -Wl,-z,now Hardened: libopencsd_c_api.so.1.0.0: Overall: FAIL.

Resolves: rhbz#2031802

Signed-off-by: Michael Petlan <mpetlan@redhat.com>
---
 opencsd.spec | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/opencsd.spec b/opencsd.spec
index 14ea1d9..733878a 100644
--- a/opencsd.spec
+++ b/opencsd.spec
@@ -33,6 +33,7 @@ to develop CoreSight(tm) trace decoders.
 cd decoder/build/linux
 export CFLAGS="$RPM_OPT_FLAGS"
 export CXXFLAGS="$RPM_OPT_FLAGS"
+export LDFLAGS="-pie -z now"
 LIB_PATH=%{_lib} make %{?_smp_mflags}
 
 
@@ -59,6 +60,10 @@ PREFIX=%{buildroot}%{_prefix} LIB_PATH=%{_lib} make install DISABLE_STATIC=1 DEF
 #------------------------------------------------------------------------------
 %changelog
 * Tue Dec 14 2021 Michael Petlan <mpetlan@redhat.com> - 1.0.0-5
+- Added some linker hardening flags to pass annocheck
+  Related: rhbz#2031802
+
+  * Tue Dec 14 2021 Michael Petlan <mpetlan@redhat.com> - 1.0.0-5
 - Added gating
   Related: rhbz#2031794