From 8c1d345c5347bc379b672dbd61534e792732a43f Mon Sep 17 00:00:00 2001 From: Funda Wang Date: Fri, 17 Jan 2025 17:39:16 +0800 Subject: [PATCH] split out fortify level definition for supporting build with FORTIFY_SOURCE=3 in the future --- macros | 11 ++++++++++- openEuler-rpm-config.spec | 5 ++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/macros b/macros index 47926b5..7e393a4 100644 --- a/macros +++ b/macros @@ -362,9 +362,18 @@ for k,_ in pairs(stripped_flags) do print(k .. " ") end %_clang_lto_cflags -flto=thin %_lto_cflags %{expand:%%{_%{toolchain}_lto_cflags}} +# Default fortification level. +# "%define _fortify_level 1" to downgrade and +# "%define _fortify_level 0" or "%undefine _fortify_level" to disable +# +# We use a single -Wp here to enforce order so that ccache does not ever +# reorder them. +%_fortify_level 2 +%_fortify_level_flags %[ 0%{?_fortify_level} > 0 ? "-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=%{_fortify_level}" : "" ] + %_general_options -O2 %{?_lto_cflags} -g -grecord-gcc-switches -pipe -fstack-protector-strong %[ "%{toolchain}" == "clang" ? "-fgcc-compatible" : "" ] %_warning_options -Wall -Werror=format-security -%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS +%_preprocessor_defines %{_fortify_level_flags} -Wp,-D_GLIBCXX_ASSERTIONS %__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} diff --git a/openEuler-rpm-config.spec b/openEuler-rpm-config.spec index a36338f..3d22bc9 100644 --- a/openEuler-rpm-config.spec +++ b/openEuler-rpm-config.spec @@ -3,7 +3,7 @@ Name: %{vendor}-rpm-config Version: 31 -Release: 12 +Release: 13 License: GPL+ Summary: specific rpm configuration files URL: https://gitee.com/src-openeuler/openEuler-rpm-config @@ -186,6 +186,9 @@ sed -i "s/@VENDOR@/%{vendor}/g" `grep "@VENDOR@" -rl %{buildroot}%{_rpmconfigdir %{rpmvdir}/find-requires.ksyms %changelog +* Fri Jan 17 2025 Funda Wang - 31-13 +- split out fortify level definition for supporting build with FORTIFY_SOURCE=3 in the future + * Wed Jan 15 2025 luhuaxin - 31-12 - ima: keep the process of OBS signing same as previous version -- Gitee