coreos-kernel: explicitly add -nopie for hardened compilers

The Gentoo hardened compiler enables PIE by default unless it detects an
incompatible option. To detect kernel builds it uses -D__KERNEL__ which
is unfortunately a preprocessor option that ccache >= 3.2 will not pass
to compile-only calls, since in theory it is unnessicary and omitting
preprocessor options works around and issues in another (*cough* LLVM)
compilers. There really isn't any other alternative magic hack so go
with the plain no-magic solution. :)

Bug: https://bugs.gentoo.org/show_bug.cgi?id=535984

sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass

@@ -92,8 +92,12 @@ update_bootengine_cpio() {
 }
 
 kmake() {
-	local kernel_arch=$(tc-arch-kernel)
+	local kernel_arch=$(tc-arch-kernel) kernel_cflags=
-	emake LDFLAGS="" ARCH="${kernel_arch}" CROSS_COMPILE="${CHOST}-" "$@"
+	if gcc-specs-pie; then
+		kernel_cflags="-nopie"
+	fi
+	emake ARCH="${kernel_arch}" CROSS_COMPILE="${CHOST}-" \
+		KCFLAGS="${kernel_cflags}" LDFLAGS="" "$@"
 }
 
 # Discard the module signing key, we use new keys for each build.