[Freeipa-devel] [PATCH] Fix linking ipa-otpd with broken hardened build
Lukas Slebodnik
lslebodn at redhat.com
Tue Jan 28 19:59:22 UTC 2014
On (28/01/14 20:56), Lukas Slebodnik wrote:
>ehlo,
>
>How to test:
> -remove line "%define _hardened_build 1" from spec file
> -build freeeipa package (it should fail)
> -apply patch
> -build freeeipa package (it should work )
>
>simple patch attached.
>
>LS
>>From 0ae1582770706f5a88980c0a16d4c64ce58c98e2 Mon Sep 17 00:00:00 2001
>From: Lukas Slebodnik <lslebodn at redhat.com>
>Date: Tue, 28 Jan 2014 19:58:40 +0100
>Subject: [PATCH] Fix linking ipa-otpd with broken hardened build
>
>If there is problem with _hardened_build in rpm extra flag will not be included
>into CLFAGS and LDFLAGS ("-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" )
>and it will cause problem with linking binary ipa-otpd.
>
>/usr/bin/ld: bind.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be
>used when making a shared object; recompile with -fPIC
>bind.o: error adding symbols: Bad value
>
>ipa-otpd will be linked successfully with this patch even if there is problem
>with hardened build on fedora.
>
>Resolves:
>https://fedorahosted.org/freeipa/ticket/4142
>---
> daemons/ipa-otpd/Makefile.am | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
>index f0b75284dbbd46265a6ff366a7846da63c935986..0716e75b72cb7fb3910350fc0f9439a23c0bcf29 100644
>--- a/daemons/ipa-otpd/Makefile.am
>+++ b/daemons/ipa-otpd/Makefile.am
>@@ -1,4 +1,4 @@
>-AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
>+AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ -fPIE
> AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now
>
> noinst_HEADERS = internal.h
>--
>1.8.5.3
>
I forgot to mention; patch applies only on ipa-3-3 branch, because file
daemons/ipa-otpd/Makefile.am is different on master.
LS
More information about the Freeipa-devel
mailing list