redhat-hardened-{cc1,ld}: Move some of the rewrite magic to gcc specs so we don't end up with both -fPIC and -fPIE on the command line

macros

@@ -184,12 +184,12 @@ unset DISPLAY\
 %__find_provides        /usr/lib/rpm/redhat/find-provides
 %__find_requires        /usr/lib/rpm/redhat/find-requires
 
-#_hardened_build	0
-%_hardened_cflags	%{?_hardened_build:-fPIE}
-%_hardened_ldflags	%{?_hardened_build:-Wl,-z,now -pie}
+# define _hardened_build to non-zero to enable
+%_hardened_cflags       %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1}
+%_hardened_ldflags      %{?_hardened_build:-specs=/usr/lib/rpm/redhat/redhat-hardened-ld}
 
-%__global_cflags	-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{?_hardened_cflags}
-%__global_ldflags	-Wl,-z,relro %{?_hardened_ldflags}
+%__global_cflags	-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 %{_hardened_cflags}
+%__global_ldflags	-Wl,-z,relro %{_hardened_ldflags}
 
 # Use these macros to differentiate between RH and other KMP implementation(s).
 redhat_kernel_module_package	1

redhat-hardened-cc1

@@ -0,0 +1,4 @@
+%rename cc1_options rh_cc1_options_old
+
+*cc1_options:
+%{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIC}}}}} %(rh_cc1_options_old)

redhat-hardened-ld

@@ -0,0 +1,9 @@
+%rename self_spec rh_self_spec_old
+
+*self_spec:
+%{!shared:-pie} %(rh_self_spec_old)
+
+%rename link rh_link_old
+
+*link:
+-z now %(rh_link_old)