[Freeipa-devel] [PATCH] Fix linking ipa-otpd with broken hardened build
Lukas Slebodnik
lslebodn at redhat.com
Tue Jan 28 19:56:57 UTC 2014
ehlo,
How to test:
-remove line "%define _hardened_build 1" from spec file
-build freeeipa package (it should fail)
-apply patch
-build freeeipa package (it should work )
simple patch attached.
LS
-------------- next part --------------
>From 0ae1582770706f5a88980c0a16d4c64ce58c98e2 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn at redhat.com>
Date: Tue, 28 Jan 2014 19:58:40 +0100
Subject: [PATCH] Fix linking ipa-otpd with broken hardened build
If there is problem with _hardened_build in rpm extra flag will not be included
into CLFAGS and LDFLAGS ("-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1" )
and it will cause problem with linking binary ipa-otpd.
/usr/bin/ld: bind.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be
used when making a shared object; recompile with -fPIC
bind.o: error adding symbols: Bad value
ipa-otpd will be linked successfully with this patch even if there is problem
with hardened build on fedora.
Resolves:
https://fedorahosted.org/freeipa/ticket/4142
---
daemons/ipa-otpd/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemons/ipa-otpd/Makefile.am b/daemons/ipa-otpd/Makefile.am
index f0b75284dbbd46265a6ff366a7846da63c935986..0716e75b72cb7fb3910350fc0f9439a23c0bcf29 100644
--- a/daemons/ipa-otpd/Makefile.am
+++ b/daemons/ipa-otpd/Makefile.am
@@ -1,4 +1,4 @@
-AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@
+AM_CFLAGS := $(CFLAGS) @LDAP_CFLAGS@ @LIBVERTO_CFLAGS@ -fPIE
AM_LDFLAGS := $(LDFLAGS) @LDAP_LIBS@ @LIBVERTO_LIBS@ @KRAD_LIBS@ -pie -Wl,-z,relro -Wl,-z,now
noinst_HEADERS = internal.h
--
1.8.5.3
More information about the Freeipa-devel
mailing list