Commit 401672a1 authored by Frediano Ziglio's avatar Frediano Ziglio

Pass and use hardening flags from RPM configuration

Maintain the executable security but allows to have a working
X11 module. X11 modules cannot be compiled with "-z now" due to
the way X11 modules work.
Signed-off-by: Frediano Ziglio's avatarFrediano Ziglio <>
parent ab1971c7
......@@ -17,6 +17,12 @@ PKG_CHECK_MODULES(PIXMAN, pixman-1)
AM_CONDITIONAL([HAVE_GTEST], [pkg-config --atleast-version=2.38 glib-2.0])
# Fedora likes to harden builds. We cannot use the hardening flags on the
# spice-video-dummy, as -znow causes Xorg conventions to fail.
# We use these flags to pass the hardening options only to x11spice.
AC_ARG_ENABLE([dummy], AS_HELP_STRING([--enable-dummy], [Builds the spice-video-dummy driver]), [dummy=true])
AM_CONDITIONAL([DUMMY], test x$dummy = xtrue)
......@@ -5,8 +5,9 @@
bin_PROGRAMS = x11spice
CUSTOM_CFLAGS=-Wall -Wno-deprecated-declarations -Wno-format-security -Werror
CUSTOM_CFLAGS=-Wall -Wno-deprecated-declarations -Wno-format-security -Werror $(X11SPICE_ONLY_CFLAGS)
x11spice_SOURCES = \
agent.c \
......@@ -23,6 +23,9 @@ Utility to share x11 desktops via Spice.
# The Xorg modules cannot use -Znow, so we harden just x11spice
export X11SPICE_ONLY_CFLAGS="%{_hardened_cflags}"
export X11SPICE_ONLY_LDFLAGS="%{_hardened_ldflags}"
%undefine _hardened_build
%configure --enable-dummy
make %{?_smp_mflags}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment