id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc
1416	[PATCH] Link with -Wl,-z,relro	vincent		"Please consider building 0 A.D. using the read-only relocation link flag (-Wl,-z,relro) by default. This is part of a recent effort to get as many packages as possible in Debian built with a selection of build-hardening flags ([http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 more info here]). This is also [http://wiki.debian.org/Hardening#DEB_BUILD_HARDENING_RELRO_.28ld_-z_relro.29 enabled by default in Ubuntu].


{{{
--- a/build/premake/premake4.lua
+++ b/build/premake/premake4.lua
@@ -246,7 +246,7 @@
 			end
 
 			if os.is(""linux"") or os.is(""bsd"") then
-				linkoptions { ""-Wl,--no-undefined"", ""-Wl,--as-needed"" }
+				linkoptions { ""-Wl,--no-undefined"", ""-Wl,--as-needed"", ""-Wl,-z,relro"" }
 			end
 
 			if _OPTIONS[""coverage""] then
}}}

(Ideally, there should be a way to build 0 A.D. with a distro's default compiler/linker flags without having to modify the source, but I don't know enough about premake to make it work. Is there a way to let premake know of compiler/linker flags that have been exported in the build environment, for example?)"	enhancement	closed	If Time Permits		Build & Packages	wontfix	patch	Vincentc1208@…