rpms/redhat-rpm-config
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Build flags: Mention -fplugin-arg-annobin-disable

Browse Source
This commit is contained in:
Florian Weimer 2018-01-23 16:25:52 +01:00
parent c873752b33
commit a013956e4f
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
buildflags.md
View File

@ -59,12 +59,20 @@ position-dependent (no full ASLR) and use lazy binding.
By default, the build flags cause a special output section to be By default, the build flags cause a special output section to be
included in ELF files which describes certain aspects of the build. included in ELF files which describes certain aspects of the build.
To change this, include this in the RPM spec file: To change this for all compiler invocations, include this in the RPM
spec file:
%undefine _annotated_build %undefine _annotated_build
This turns off watermarking, making it impossible to do full hardening Be warned that this turns off watermarking, making it impossible to do
coverage analysis for any binaries produced. full hardening coverage analysis for any binaries produced.
It is possible to disable annotations for individual compiler
invocations, using the `-fplugin-arg-annobin-disable` flag. However,
the annobin plugin must still be loaded for this flag to be
recognized, so it has to come after the hardening flags on the command
line (it has to be added at the end of `CFLAGS`, or specified after
the `CFLAGS` variable contents).
### Strict symbol checks in the link editor (ld) ### Strict symbol checks in the link editor (ld)