%global _hardened_build 1

У некоторых пакетов можно встретить такое
%global _hardened_build 1

Описание есть тут
https://fedoraproject.org/wiki/Changes/Harden_All_Packages

Currently, the Packaging Guidelines allow maintainers to decide whether their packages use position-independent code (PIC). There are rules that say that a lot of packages should use PIC, but in reality a lot of packages do not use PIC even if they must. Also since a lot of packages if not all potentially process untrusted input, it makes sense for these packages to use PIC to enhance the security of Fedora. Therefore I propose to build all packages with PIC by changing RPM to use the appropriate flags by default.