Description of problem: The global LDFLAG is not getting passed into everything like it should. For example, mysql: http://kojipkgs.fedoraproject.org/packages/mysql/5.5.21/1.fc16/data/logs/x86_64/build.log -Wl,-z,relro is not anywhere in the build log. However, it is defined in %__global_ldflags. A random check of f16 packages pushed out over the weekend show almost none picked up partial relro support. Version-Release number of selected component (if applicable): 9.1.0-24.fc16
Can you provide more examples behind mysql? By setting LDFLAGS in the spec, it's only going to transparently work if the project's buildsystem honors LDFLAGS from the environment. I suspect a lot of the software we ship is inconsistent in those regards.
Here's some from recent updates that do not have partial relro: gnutls, xulrunner, ksh, firefox, chkconfig, libgcc, libquadmath, cups-libs, kdevplatform, libgomp, cpp, gcc, wireshark, foomatic, gcc-java, ntsysv, exempi, iproute, pigz, libtool-ldl there are more. I do see some files with partial relro, though. Not sure if the correlation is using %configure vs ./configure.
To clarify, I see how %__global_ldflags gets picked up if %configure is used. I don't see how it gets picked up in any other case. You can trace the %__global_cflags and how it gets picked up in either case, but the same thing is not done for the ldflags macro.
That's the most likely correlation, yes. And in many cases, even if it's in the environment as LDFLAGS or RPM_LD_FLAGS, not everything picks that up. (I just fixed chkconfig in this regard.) Bug 807831 filed to use a bigger hammer.
Can this bug be closed now?
Yes this can be closed. This was fixed under Bug 807831.