mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-17 02:27:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a51fb39dbde61baae5bf9094bbb1924bcfffd0a
poky/meta/conf/distro/include/security_flags.inc
Saul Wold 85326e2baa security_flags: disable pie support for libaio, blktrace and ltp 
libaio when built with pie and fpie does not link correctly with blktrace or ltp
so we need to disable those flags until a better solution comes along.

(From OE-Core rev: 4fbf13a6c28fc1170a4defbf50032546a14eaa59)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-16 23:08:21 +00:00

87 lines
4.3 KiB
HTML
Raw Blame History

SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
# powerpc does not get on with pie for reasons not looked into as yet
SECURITY_CFLAGS_powerpc = "-fstack-protector-all -D_FORTIFY_SOURCE=2"
# Deal with ppc specific linker failures when using the cflags
SECURITY_CFLAGS_pn-dbus_powerpc = ""
SECURITY_CFLAGS_pn-dbus-ptest_powerpc = ""
SECURITY_CFLAGS_pn-libmatchbox_powerpc = ""
SECURITY_CFLAGS_pn-webkit-gtk_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-lttng-tools_arm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-blktrace = "${SECURITY_NO_PIE_CFLAGS}"
# Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
# to CPPFLAGS it gets picked into CFLAGS in bitbake.
#TARGET_CPPFLAGS_pn-curl += "-D_FORTIFY_SOURCE=2"
SECURITY_CFLAGS_pn-cups = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-curl = "-fstack-protector-all -pie -fpie"
SECURITY_CFLAGS_pn-db = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-directfb = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-glibc = ""
SECURITY_CFLAGS_pn-glibc-initial = ""
SECURITY_CFLAGS_pn-enchant = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-flac = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gcc-runtime = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gdb = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gmp = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gnutls = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-grub = ""
SECURITY_CFLAGS_pn-grub-efi = ""
SECURITY_CFLAGS_pn-grub-efi-native = ""
SECURITY_CFLAGS_pn-grub-efi-x86-native = ""
SECURITY_CFLAGS_pn-grub-efi-x86-64-native = ""
SECURITY_CFLAGS_pn-grub-efi-i586-native = ""
SECURITY_CFLAGS_pn-grub-efi-x86-64-native = ""
SECURITY_CFLAGS_pn-gst-plugins-bad = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gst-plugins-gl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-gstreamer1.0-plugins-good = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-harfbuzz = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-kexec-tools = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libaio = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libcap = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libid3tag = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libnewt = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libglu = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libpcap = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libpcre = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-libproxy = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-lttng-ust = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-mesa = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-mesa-gl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-openssl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-opensp = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-ppp = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-imaging = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-pycurl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-python-smartpm = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tcl = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-tiff = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-valgrind = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-webkit-gtk = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
# These 2 have text relco errors with the pie options enabled
SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
TARGET_CFLAGS_append = " ${SECURITY_CFLAGS}"
TARGET_LDFLAGS_append = " ${SECURITY_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-fbdev = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-intel = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-omapfb = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-omap = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-vesa = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xf86-video-vmware = "${SECURITY_X_LDFLAGS}"
SECURITY_LDFLAGS_pn-xserver-xorg = "${SECURITY_X_LDFLAGS}"
Reference in New Issue View Git Blame Copy Permalink