From dc2dbd62cf34fd2f3bc0c905fc04535b1526d474 Mon Sep 17 00:00:00 2001
From: zhouyihang <zhouyihang3@h-partners.com>
Date: Thu, 20 Oct 2022 02:40:51 +0000
Subject: [PATCH] add some secure compilation options

---
 add-secure-compile-option-in-Makefile.patch | 12 ++++++------
 grpc.spec                                   | 11 +++++++++--
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/add-secure-compile-option-in-Makefile.patch b/add-secure-compile-option-in-Makefile.patch
index 4705fda..4926838 100644
--- a/add-secure-compile-option-in-Makefile.patch
+++ b/add-secure-compile-option-in-Makefile.patch
@@ -8,9 +8,9 @@ diff -urN grpc/CMakeLists.txt grpc_new/CMakeLists.txt
  endif()
  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_gRPC_C_CXX_FLAGS}")
  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${_gRPC_C_CXX_FLAGS}")
-+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-z,now -fPIE -fPIC")
-+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-protector-strong")
-+set(_gRPC_ALLTARGETS_LIBRARYIES "${_gRPC_ALLTARGETS_LIBRARYIES} -Wl,-z,now -pie") 
++set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wl,-z,relro -Wl,-z,now -fPIE -fPIC -fstack-protector-strong -Wp,-D_FORTIFY_SOURCE=2 -O2")
++set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,relro -Wl,-z,now -fPIE -fPIC -fstack-protector-strong -Wp,-D_FORTIFY_SOURCE=2 -O2")
++set(_gRPC_ALLTARGETS_LIBRARYIES "${_gRPC_ALLTARGETS_LIBRARYIES} -Wl,-z,relro -Wl,-z,now -pie") 
  
  if(gRPC_USE_PROTO_LITE)
    set(_gRPC_PROTOBUF_LIBRARY_NAME "libprotobuf-lite")
@@ -23,9 +23,9 @@ index 6ede6e34d2..d6190ecde4 100644
  DEFINES += $(EXTRA_DEFINES)
  LDLIBS += $(EXTRA_LDLIBS)
 
-+CFLAGS += -Wl,-z,now -fPIE -fPIC
-+CPPFLAGS += -Wl,-z,now -fstack-protector-strong
-+LDFLAGS += -Wl,-z,now -pie
++CFLAGS += -Wl,-z,relro -Wl,-z,now -fPIE -fPIC -fstack-protector-strong -Wp,-D_FORTIFY_SOURCE=2 -O2
++CPPFLAGS += -Wl,-z,relro -Wl,-z,now -fPIE -fPIC -fstack-protector-strong -Wp,-D_FORTIFY_SOURCE=2 -O2
++LDFLAGS += -Wl,-z,relro -Wl,-z,now -pie
 +
  HOST_CPPFLAGS += $(CPPFLAGS)
  HOST_CFLAGS += $(CFLAGS)
diff --git a/grpc.spec b/grpc.spec
index 23c8400..cf2bee1 100644
--- a/grpc.spec
+++ b/grpc.spec
@@ -3,7 +3,7 @@
 
 Name:          grpc
 Version:       1.41.1
-Release:       3
+Release:       4
 Summary:       A modern, open source high performance RPC framework that can run in any environment
 License:       ASL 2.0
 URL:           https://www.grpc.io
@@ -76,7 +76,8 @@ cmake ../../ -DgRPC_INSTALL=ON\
              -DgRPC_INSTALL_SHAREDIR=%{buildroot}%{_datadir}/%{name} \
              -DgRPC_INSTALL_PKGCONFIGDIR=%{buildroot}%{_libdir}/pkgconfig \
              -DCMAKE_INSTALL_PREFIX=%{_prefix} \
-             -DBUILD_SHARED_LIBS=ON
+             -DBUILD_SHARED_LIBS=ON \
+             -DCMAKE_VERBOSE_MAKEFILE=ON
 make -j24 V=1
 
 # build python module
@@ -137,6 +138,12 @@ cd ../..
 %{python3_sitearch}/grpcio-%{version}-py?.?.egg-info
 
 %changelog
+* Thu Oct 20 2022 zhouyihang<zhouyihang3@h-partners.com> - 1.41.1-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: add some secure compilation options
+
 * Sat Apr 16 2022 xingwei<xingwei14@h-partners.com> - 1.41.1-3
 - Type:enhancement
 - ID:NA
-- 
Gitee