-1

I'm trying to build a package with buildrpm. My problem is that I have an intentionally vulnerable C program compiled when make is run normally as an example for the primary code (a fuzzer) to be tested on with make check. When I try to build the rpm however, even though these vulnerable programs are not installed (as they're just tests), rpmbuild -v -bb --clean SPECS/ansvif.spec will still force it to compile it with -Werror=format-security which makes the build fail. Is there a simple way around this -- beyond trying to rewrite the Makefile.am so that it's omitted with a certain flag passed by buildrpm if that's possible? I'm looking for a proper solution to this problem, instead of something hacky, if possible.

Source code is at https://github.com/oxagast/ansvif

oxagast
  • 397
  • 1
  • 12

2 Answers2

0

You can try "%global _hardened_build 0" towards the top of your specfile.

Aaron D. Marasco
  • 6,506
  • 3
  • 26
  • 39
-1

There are other two options that come to mind:

  1. Before running rpmbuild, export your own C_FLAGS. It might help you but it depends on the settings of your rpmbuild.

  2. Use --define with the rpmbuild to declare your own optflags used with the builf. For instance rpmbuild -v -bb --clean --define 'optflags -foo -bar -foobar' ansvif.spec

Formaiko
  • 1
  • 1
  • Please format your answer properly and explain why your solution is the right one, rather than just stating what to do. – sjaustirni Nov 22 '17 at 13:36