I was trying a hardened build of polkit, but the build fails when it gets to the introspection part. What probably happens is that the introspection mangles the CFLAGS, and ends up duplicating the -specs=... line. This in turn causes gcc to complain about %rename defining something that already exists. Using something like: *cc1_options: + %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}} (and similar for ld) instead allows the build to succeed, and yields a fully relro polkit package.
*** Bug 958290 has been marked as a duplicate of this bug. ***
Multiple packages are being affected by this bug. Both F18 and F19 are affected. Why is fixing this almost trivial bug taking so long?
I'm having to fix this up in RHEL7 manually, it would be awesome to have the macro working. Thanks!
Hitting this with NetworkManager as well, would be good to have this solved correctly instead of carrying a bunch of patches for a bunch of packages.
LibreOffice is affected too. Wasted many hours due to this bug.
At least for polkit, the compilation failure is caused by gdk-doc duplicating the -specs flags (#962005). There's nothing obviously wrong with the -specs command in redhat-rpm-config AFAICS. True, it is not idempotent - was it ever promised to be?
Reassigning to ajax who added the hardening-stuff in the first place and thus likely has a better clue about the thing than me.
I'm... honestly not sure why we used %rename there, besides that I think that's the template Jakub(?) gave me to work with. The + syntax is clearly more sane. I've fixed this in git (bodhi update to follow in a moment). However, when I tested it (both before and after) against libXext, a fairly trivial automake/libtool project, libtool seems to delight in just throwing away huge chunks of the link command line, including the -specs= part, because libtool is a net loss for humanity. Sorry about that, but I don't see a reasonable workaround for it at the rpm macro level, it's really libtool's bug.
redhat-rpm-config-9.1.0-44.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/redhat-rpm-config-9.1.0-44.fc19
Package redhat-rpm-config-9.1.0-44.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing redhat-rpm-config-9.1.0-44.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-8112/redhat-rpm-config-9.1.0-44.fc19 then log in and leave karma (feedback).
The fix works great. Thanks Adam!
So I just attempted to do this today, my build failed. Is it because the fix above isn't in the buildroot?
(In reply to comment #13) > So I just attempted to do this today, my build failed. Is it because the fix > above isn't in the buildroot? It won't be in the buildroot until the update gets approved, correct. That's what karma is for...
FWIW, I ended up addin the PIE and full RELRO stuff upstream in my projects, rather than using the specfile macro.
Fixed.
Rawhide seems fixed. BUt f19 still comes across this: http://koji.fedoraproject.org/koji/taskinfo?taskID=5394351
Hi, It seems OK now. But will you have a update for fedora 18?
redhat-rpm-config-9.1.0-44.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
redhat-rpm-config-9.1.0-37.1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/redhat-rpm-config-9.1.0-37.1.fc18
redhat-rpm-config-9.1.0-37.1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.