Makefile: Pass CFLAGS or RPM %optflags also to the linker

[solardiz]

Perhaps we need the equivalent of openwall/tcb#23 also here. This may be trickier here because our Makefile here is smart to recognize the different systems and pass custom linker flags.

Here's the current checksec output on files coming from the Rocky Linux 9 SIG/Security package:

Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   No Symbols	N/A	0		0	/bin/pwqcheck
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   No Symbols	N/A	0		0	/bin/pwqfilter
Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   No Symbols	N/A	0		0	/bin/pwqgen
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   No Symbols	N/A	0		0	/lib64/libpasswdqc.so.1
Partial RELRO   Canary found      NX enabled    DSO             No RPATH   No RUNPATH   No Symbols	N/A	0		0	/lib64/security/pam_passwdqc.so

For comparison, most other binaries and libraries on this distro get Full RELRO, and most binaries PIE enabled.

Since the above reuses Fedora's packaging almost verbatim, I suspect the same issue is also present on Fedora. We could fix it in the Makefile (this issue) or in Fedora's passwdqc.spec.

[solardiz]

Here's what Fedora's passwdqc.spec does currently:

make %{?_smp_mflags} all locales \
        CPPFLAGS="-DENABLE_NLS=1 -DHAVE_LIBAUDIT=1 -DLINUX_PAM=1" \
        CFLAGS_lib="$RPM_OPT_FLAGS -W -DLINUX_PAM -fPIC" \
        CFLAGS_bin="$RPM_OPT_FLAGS -W" \

We should maybe add:

        LDFLAGS="$RPM_OPT_FLAGS"

as our Makefile appears to correctly add system-specific linker flags on top of what's in simple LDFLAGS.

We also have a passwdqc.spec right in here, coming from Owl, and it does:

%__make \
        CPPFLAGS='-DLINUX_PAM' \
        CFLAGS_bin='-Wall -W %optflags' \
        CFLAGS_lib='-Wall -W -fPIC %optflags_lib'

Should we update it similarly?

Or should we deal with this issue in Makefile, like we just did for the tcb package?