diff --git a/common/environment/configure/build-pie.sh b/common/environment/configure/build-pie.sh
index 56e85de4b0..7f0b2fbd5f 100644
--- a/common/environment/configure/build-pie.sh
+++ b/common/environment/configure/build-pie.sh
@@ -1,4 +1,6 @@
+_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
+
 if [ -n "$build_pie" ]; then
-	CFLAGS+=" -fPIE"
-	LDFLAGS+=" -pie"
+	CFLAGS+=" -specs=$_GCCSPECSDIR/hardened-cc1"
+	LDFLAGS+=" -specs=$_GCCSPECSDIR/hardened-ld"
 fi
diff --git a/common/environment/configure/gccspecs/hardened-cc1 b/common/environment/configure/gccspecs/hardened-cc1
new file mode 100644
index 0000000000..47b4792555
--- /dev/null
+++ b/common/environment/configure/gccspecs/hardened-cc1
@@ -0,0 +1,2 @@
+*cc1_options:
++ %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}}
diff --git a/common/environment/configure/gccspecs/hardened-ld b/common/environment/configure/gccspecs/hardened-ld
new file mode 100644
index 0000000000..fdfa18574a
--- /dev/null
+++ b/common/environment/configure/gccspecs/hardened-ld
@@ -0,0 +1,5 @@
+*self_spec:
++ %{static|Bstatic|shared|Bshareable|i|r|pie|nopie:;:-pie}
+
+*link:
++ %{!static:-z relro}