diff options
| author | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
| commit | cb3c7dd40c614b99bb430a35399b3b2085a314ed (patch) | |
| tree | 58febf64bd97ce1f0f13c1176fa4c13e50d149eb | |
| parent | d22aa884058c46fde2d03f3cc717807fddadba4d (diff) | |
| download | unit-cb3c7dd40c614b99bb430a35399b3b2085a314ed.tar.gz unit-cb3c7dd40c614b99bb430a35399b3b2085a314ed.tar.bz2 | |
Packages: hardening flags for rpm.
| -rw-r--r-- | pkg/rpm/unit.module.spec.in | 6 | ||||
| -rw-r--r-- | pkg/rpm/unit.spec.in | 9 |
2 files changed, 13 insertions, 2 deletions
diff --git a/pkg/rpm/unit.module.spec.in b/pkg/rpm/unit.module.spec.in index cb4e2e6c..d49d079f 100644 --- a/pkg/rpm/unit.module.spec.in +++ b/pkg/rpm/unit.module.spec.in @@ -10,6 +10,8 @@ %define unit_version %%UNIT_VERSION%% %define unit_release %%UNIT_RELEASE%%%{?dist}.ngx +%define CC_OPT %{optflags} + %define CONFIGURE_ARGS $(echo "%%CONFIGURE_ARGS%%") Name: %%NAME%% @@ -50,13 +52,15 @@ tar --strip-components=1 -zxf %{SOURCE0} ./configure \ %{CONFIGURE_ARGS} \ --modules=%{_libdir}/unit/debug-modules \ + --cc-opt="%{CC_OPT}" \ --debug ./configure %%MODULE_CONFARGS%% make %%MODULE_MAKEARGS%% %{__mv} build build-debug ./configure \ %{CONFIGURE_ARGS} \ - --modules=%{_libdir}/unit/modules + --modules=%{_libdir}/unit/modules \ + --cc-opt="%{CC_OPT}" ./configure %%MODULE_CONFARGS%% make %%MODULE_MAKEARGS%% diff --git a/pkg/rpm/unit.spec.in b/pkg/rpm/unit.spec.in index 94439be0..45e93dfd 100644 --- a/pkg/rpm/unit.spec.in +++ b/pkg/rpm/unit.spec.in @@ -18,6 +18,9 @@ BuildRequires: systemd Requires: systemd %endif +%define CC_OPT %{optflags} -fPIC +%define LD_OPT -Wl,-z,relro -Wl,-z,now -pie + %define CONFIGURE_ARGS $(echo "%%CONFIGURE_ARGS%%") Provides: nginx-unit @@ -61,12 +64,16 @@ dynamically via an API. ./configure \ %{CONFIGURE_ARGS} \ --modules=%{_libdir}/unit/debug-modules \ + --cc-opt="%{CC_OPT}" \ + --ld-opt="%{LD_OPT}" \ --debug %{__make} %{?_smp_mflags} %{__mv} build build-debug ./configure \ %{CONFIGURE_ARGS} \ - --modules=%{_libdir}/unit/modules + --modules=%{_libdir}/unit/modules \ + --cc-opt="%{CC_OPT}" \ + --ld-opt="%{LD_OPT}" %{__make} %{?_smp_mflags} %install |