From 7388f24e3e09d02b644641e6ecb1f28aaa864a44 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 23 May 2019 13:51:07 -0400
Subject: [PATCH] Fix HOST_LDFLAGS to include the hardening flags.

rpmdiff noticed the following:

Detecting usr/sbin/grub2-ofpathname with not-hardened warnings '
Hardened: grub2-ofpathname: FAIL: Gaps were detected in the annobin coverage.  Run with -v to list.
Hardened: grub2-ofpathname: FAIL: Not linked with -Wl,-z,now.
Hardened: grub2-ofpathname: MAYB: The PIC/PIE setting was not recorded.
Hardened: grub2-ofpathname: FAIL: Not linked as a position independent executable (ie need to add '-pie' to link command line).
' on ppc64le

This is because while we made the CFLAGS get some new options, LDFLAGS never
got the same treatement, and we disabled %{_hardened_build} to avoid getting
its options in the TARGET_{C,LD}FLAGS variables.

This patch duplicates the infrastructure for {HOST,TARGET}_CFLAGS into
{HOST,TARGET}_LDFLAGS, and adds the %{_hardening_ldflags} and
%{_hardening_cflags} to both HOST_{C,LD}FLAGS.

Additionally, it fixes the CPPFLAGS definitions, since rpm doesn't define any
CPPFLAGS at all, and makes the -I$(pwd) be there exclusively, not on CFLAGS as
well, since they're always used in concert.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 grub.macros | 60 ++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 41 insertions(+), 19 deletions(-)

diff --git a/grub.macros b/grub.macros
index d398f4e..0d86b6b 100644
--- a/grub.macros
+++ b/grub.macros
@@ -29,25 +29,43 @@
 		-e 's/^/ -fno-strict-aliasing /'		\\\
 		%{nil}
 
-%global host_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
-%global target_cflags %{expand:%%(echo %{optflags} | %{cflags_sed})}
+%global host_cflags %{expand:%%(echo %{build_cflags} %{?_hardening_cflags} | %{cflags_sed})}
+%global legacy_host_cflags					\\\
+	%{expand:%%(echo %{host_cflags} |			\\\
+	%{cflags_sed}						\\\
+		-e 's/-m64//g'					\\\
+		-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g'	\\\
+	)}
+%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
 
+%global target_cflags %{expand:%%(echo %{build_cflags} | %{cflags_sed})}
 %global legacy_target_cflags					\\\
 	%{expand:%%(echo %{target_cflags} | 			\\\
 	%{cflags_sed}						\\\
 		-e 's/-m64//g'					\\\
 		-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g'	\\\
 	)}
-%global legacy_host_cflags					\\\
-	%{expand:%%(echo %{host_cflags} | 			\\\
-	%{cflags_sed}						\\\
-		-e 's/-m64//g'					\\\
-		-e 's/-mcpu=power[[:alnum:]]\\+/-mcpu=power6/g'	\\\
-	)}
-
-%global efi_host_cflags %{expand:%%(echo %{host_cflags})}
 %global efi_target_cflags %{expand:%%(echo %{target_cflags})}
 
+%global ldflags_sed						\\\
+	sed							\\\
+		-e 's/^$//'					\\\
+		%{nil}
+
+%global host_ldflags %{expand:%%(echo %{build_ldflags} %{?_hardening_ldflags} | %{ldflags_sed})}
+%global legacy_host_ldflags					\\\
+	%{expand:%%(echo %{host_ldflags} |			\\\
+	%{ldflags_sed}						\\\
+	)}
+%global efi_host_ldflags %{expand:%%(echo %{host_ldflags})}
+
+%global target_ldflags %{expand:%%(echo %{build_ldflags} -static | %{ldflags_sed})}
+%global legacy_target_ldflags					\\\
+	%{expand:%%(echo %{target_ldflags} | 			\\\
+	%{ldflags_sed}						\\\
+	)}
+%global efi_target_ldflags %{expand:%%(echo %{target_ldflags})}
+
 %global with_efi_arch 0
 %global with_alt_efi_arch 0
 %global with_legacy_arch 0
@@ -319,11 +337,12 @@ PYTHON=python3 ./autogen.sh					\
 %define do_efi_configure()					\
 %configure							\\\
 	%{cc_equals}						\\\
-	HOST_CFLAGS="%{3} -I$(pwd)"				\\\
-	HOST_CPPFLAGS="${CPPFLAGS} -I$(pwd)"			\\\
-	TARGET_CFLAGS="%{2} -I$(pwd)"				\\\
-	TARGET_CPPFLAGS="${CPPFLAGS} -I$(pwd)"			\\\
-	TARGET_LDFLAGS=-static					\\\
+	HOST_CFLAGS="%{3}"					\\\
+	HOST_CPPFLAGS="-I$(pwd)"				\\\
+	HOST_LDFLAGS="%{efi_host_ldflags}"			\\\
+	TARGET_CFLAGS="%{2}"					\\\
+	TARGET_CPPFLAGS="-I$(pwd)"				\\\
+	TARGET_LDFLAGS="%{efi_target_ldflags}"			\\\
 	--with-platform=efi					\\\
 	--with-utils=host					\\\
 	--target=%{1}						\\\
@@ -405,9 +424,12 @@ cd ..								\
 cd grub-%{1}-%{tarversion}					\
 %configure							\\\
 	%{cc_equals}						\\\
-	HOST_CFLAGS="%{legacy_host_cflags} -I$(pwd)"		\\\
-	TARGET_CFLAGS="%{legacy_target_cflags} -I$(pwd)"	\\\
-	TARGET_LDFLAGS=-static					\\\
+	HOST_CFLAGS="%{legacy_host_cflags}"			\\\
+	HOST_CPPFLAGS="-I$(pwd)"				\\\
+	HOST_LDFLAGS="%{legacy_host_ldflags}"			\\\
+	TARGET_CFLAGS="%{legacy_target_cflags}"			\\\
+	TARGET_CPPFLAGS="-I$(pwd)"				\\\
+	TARGET_LDFLAGS="%{legacy_target_ldflags}"		\\\
 	--with-platform=%{platform}				\\\
 	--with-utils=host					\\\
 	--target=%{_target_platform}				\\\
@@ -415,7 +437,7 @@ cd grub-%{1}-%{tarversion}					\
 	--program-transform-name=s,grub,%{name},		\\\
 	--disable-werror || ( cat config.log ; exit 1 )		\
 git add .							\
-git commit -m "After legacy configure"					\
+git commit -m "After legacy configure"				\
 make %{?_smp_mflags}						\
 cd ..								\
 %{nil}