На 17.09.2015 в 08:33, Ben Boeckel написа:
On Wed, 16 Sep, 2015 at 16:24:02 GMT, Alexander Todorov wrote:
Please let me know which packages need to genuinely be excluded and what should we do with these packages ? Some will probably be fixed once they are rebuilt but that may take a while.
Any package maintainers out there - please fix your packages in Rawhide so we don't have to file bugs for all of them.
I see lots (probably all) of ghc-* packages, so filing one against ghc-rpm-macros or ghc itself would probably be the most expedient there. If it is just a missed flag or something, it can be rolled up with the 7.10.0 rebuild which I believe is planned for Rawhide.
FYI: https://bugzilla.redhat.com/show_bug.cgi?id=1263957
Of course, if ghc doesn't support everything checksec looks for, ignoring everything under %{_libdir}/ghc-*/ would be best. Jens?
For any CMake-using projects (I see at least CMake itself and ParaView in the list), setting the `POSITION_INDEPENDENT_CODE` property[1] on targets would fix any missing -fPIE. It is initialized with `CMAKE_POSITION_INDEPENDENT_CODE`, so adding:
-DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ONto %cmake when hardening is enabled should fix -fPIE missing. Anything with internal static libraries *might* need a scalpel to turn off the property on those targets.
--Ben
[1]http://www.cmake.org/cmake/help/v3.3/prop_tgt/POSITION_INDEPENDENT_CODE.html
Ben, is there any way this CMake property be turned on globally ?
-- Alex
packaging@lists.fedoraproject.org
-
Alexander Todorov