[gnome-software] Build the binaries with PIE and full RELRO

[Richard Hughes <rhughes src gnome org>]

commit a54f5fb06dacd3c1206c73d2416be463fd7828f1
Author: Richard Hughes <richard hughsie com>
Date:   Tue Nov 22 21:25:16 2016 +0000

    Build the binaries with PIE and full RELRO

 configure.ac            |   14 ++++++++++++++
 src/Makefile.am         |    9 +++++++++
 src/plugins/Makefile.am |    1 +
 3 files changed, 24 insertions(+), 0 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index 65ee986..797c2b1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,6 +97,20 @@ AC_PATH_PROG(APPSTREAM_UTIL, [appstream-util], [unfound])
 LT_LIB_M
 AC_SUBST(LIBM)
 
+# check for PIE (position independent executable) support
+if test x$with_pic != xno; then
+       AX_CHECK_COMPILE_FLAG([-fPIE],
+                             [AX_CHECK_LINK_FLAG([-fPIE -pie],
+                                                 [PIE_CFLAGS="-fPIE" PIE_LDFLAGS="-pie"])])
+       AC_SUBST(PIE_CFLAGS)
+       AC_SUBST(PIE_LDFLAGS)
+fi
+
+# check for full RELRO (relocation read-only) support
+AX_CHECK_LINK_FLAG([-Wl,-z,relro,-z,now],
+                  [RELRO_LDFLAGS="-Wl,-z,relro,-z,now"])
+AC_SUBST([RELRO_LDFLAGS])
+
 AC_ARG_ENABLE(man,
               [AS_HELP_STRING([--enable-man],
                               [generate man pages [default=auto]])],,
diff --git a/src/Makefile.am b/src/Makefile.am
index 121b5a7..4d82076 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -12,6 +12,7 @@ AM_CPPFLAGS =                                         \
        $(POLKIT_CFLAGS)                                \
        $(JSON_GLIB_CFLAGS)                             \
        $(LIBSECRET_CFLAGS)                             \
+       $(PIE_CFLAGS)                                   \
        -DG_LOG_DOMAIN=\"Gs\"                           \
        -DI_KNOW_THE_PACKAGEKIT_GLIB2_API_IS_SUBJECT_TO_CHANGE  \
        -DLIBDIR=\"$(libdir)\"                          \
@@ -137,6 +138,10 @@ gnome_software_cmd_LDADD =                         \
 gnome_software_cmd_CFLAGS =                            \
        $(WARN_CFLAGS)
 
+gnome_software_cmd_LDFLAGS =                           \
+       $(PIE_LDFLAGS)                                  \
+       $(RELRO_LDFLAGS)
+
 bin_PROGRAMS =                                         \
        gnome-software
 
@@ -299,6 +304,10 @@ gnome_software_CFLAGS =                                    \
        -DLIBEXECDIR=\"$(libexecdir)\"                  \
        $(WARN_CFLAGS)
 
+gnome_software_LDFLAGS =                               \
+       $(PIE_LDFLAGS)                                  \
+       $(RELRO_LDFLAGS)
+
 packagekit_built_sources = gs-packagekit-generated.c gs-packagekit-generated.h
 $(packagekit_built_sources): Makefile.am org.freedesktop.PackageKit.xml
        $(AM_V_GEN) gdbus-codegen                               \
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index de0782e..b2c3390 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -18,6 +18,7 @@ AM_CPPFLAGS =                                         \
        $(RPM_CFLAGS)                                   \
        $(OAUTH_CFLAGS)                                 \
        $(SNAP_CFLAGS)                                  \
+       $(PIE_CFLAGS)                                   \
        -DI_KNOW_THE_GNOME_SOFTWARE_API_IS_SUBJECT_TO_CHANGE    \
        -DBINDIR=\"$(bindir)\"                          \
        -DDATADIR=\"$(datadir)\"                        \