On 3/15/19 9:49 PM, Richard W.M. Jones wrote: > On Fri, Mar 15, 2019 at 04:15:58PM +0000, Richard W.M. Jones wrote: >> On Mon, Mar 11, 2019 at 01:56:14PM -0400, Ben Cotton wrote: >>> https://fedoraproject.org/wiki/Changes/HardenedCompiler >> >> I'm not opposing this, but is it possible we could do this without >> breaking clang at the same time? >> >> In the past (and currently) the Fedora compiler flags need some hairy >> editing so they work with clang, eg: >> >> https://src.fedoraproject.org/rpms/american-fuzzy-lop/blob/master/f/american-fuzzy-lop.spec#_110 >> >> (Actually this is not the latest iteration - latest clang 7 and gcc 9 >> and Fedora 30+ needs even more editing, but I didn't push it yet since >> there are other issues with this package.) >> >> It would be nice if there was a way we could avoid this. > > So after rereading the proposal more carefully it seems as if the > proposal is to change the defaults in GCC so no flags would need to be > specified. Would we consequently remove those flags from the command > line (which would solve my problem above)?
The flags in my proposal will be removed from the command line during the Fedora build process, since they are now default. Only people who dont want to use these flags due to some reason will need to unset them (I am assuming there are not a lot of packages like that) Currently based on Jakub's suggestion i am also planning to remove to fortify_source flag and keep others. The plan is to start some where and each release work with glibc and other teams so that we make more such security flags as default and also work with packages which break due to inclusion of such flags. -- Huzaifa Sidhpurwala / Red Hat Product Security Team _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
