Bug 1264202 - RFE: Add -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON to %cmake macro
RFE: Add -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON to %cmake macro
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: cmake (Show other bugs)
rawhide
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Orion Poplawski
Fedora Extras Quality Assurance
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-17 16:59 EDT by Alexander Todorov
Modified: 2015-09-18 12:17 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-18 12:17:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexander Todorov 2015-09-17 16:59:48 EDT
Description of problem:

Wrt this new change in Fedora:
https://fedoraproject.org/wiki/Changes/Harden_All_Packages

I've discovered many packages which don't conform to it:
http://atodorov.org/blog/2015/09/16/4000-bugs-in-fedora-checksec-failures/
https://lists.fedoraproject.org/pipermail/devel/2015-September/thread.html


Ben Boeckel suggested on fedora-devel:

For any CMake-using projects, setting the `POSITION_INDEPENDENT_CODE` property on targets would fix any missing -fPIE. It is initialized with
`CMAKE_POSITION_INDEPENDENT_CODE`, so adding:

      -DCMAKE_POSITION_INDEPENDENT_CODE:BOOL=ON

 to %cmake when hardening is enabled should fix -fPIE missing.

The %cmake macro is defined in macros.cmake which is the CMake version
of %configure. It is part of the cmake package, so a bug there would be
best.

--Ben
Comment 1 Orion Poplawski 2015-09-17 17:52:29 EDT
I'd like to do some more research on this before adding this.
Comment 2 Orion Poplawski 2015-09-18 12:17:50 EDT
%cmake macro already sets CFLAGS/CXXFLAGS/LDFLAGS as needed, and shared library code is PIC automatically, so this is not neeed.

I did discover that LDFLAGS was not being set properly for the cmake build itself and have fixed that.

Note You need to log in before you can comment on or make changes to this bug.