From 89f8e8e7f5828b1d06925e036c16eda050b05c81 Mon Sep 17 00:00:00 2001
From: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
Date: Wed, 21 Aug 2024 14:56:01 +0100
Subject: [PATCH] guix: Check for IBT and SHSTK properties in
 .note.gnu.property section

---
 contrib/guix/libexec/build.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/contrib/guix/libexec/build.sh b/contrib/guix/libexec/build.sh
index fa6933b3328f2..ce83b00fb2bf5 100755
--- a/contrib/guix/libexec/build.sh
+++ b/contrib/guix/libexec/build.sh
@@ -230,6 +230,10 @@ case "$HOST" in
     *mingw*)  HOST_LDFLAGS="-Wl,--no-insert-timestamp" ;;
 esac
 
+case "$HOST" in
+    x86_64-linux-gnu)  HARDENED_LDFLAGS="-Wl,-z,cet-report=error" ;;
+esac
+
 # Make $HOST-specific native binaries from depends available in $PATH
 export PATH="${BASEPREFIX}/${HOST}/native/bin:${PATH}"
 mkdir -p "$DISTSRC"
@@ -251,7 +255,8 @@ mkdir -p "$DISTSRC"
                     ${CONFIGFLAGS} \
                     ${HOST_CFLAGS:+CFLAGS="${HOST_CFLAGS}"} \
                     ${HOST_CXXFLAGS:+CXXFLAGS="${HOST_CXXFLAGS}"} \
-                    ${HOST_LDFLAGS:+LDFLAGS="${HOST_LDFLAGS}"}
+                    ${HOST_LDFLAGS:+LDFLAGS="${HOST_LDFLAGS}"} \
+                    ${HARDENED_LDFLAGS:+HARDENED_LDFLAGS="${HARDENED_LDFLAGS}"}
 
     sed -i.old 's/-lstdc++ //g' config.status libtool