[oe-commits] [openembedded-core] 23/43: distutils-base.bbclass: Do not use -pie with hardening
git at git.openembedded.org
git at git.openembedded.org
Sat Mar 3 08:36:24 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch pyro-next
in repository openembedded-core.
commit 739c69e8eb464d184ef652e7e7a4d4b234a5b5f9
Author: Khem Raj <raj.khem at gmail.com>
AuthorDate: Tue Feb 6 11:17:24 2018 -0800
distutils-base.bbclass: Do not use -pie with hardening
Fix build when PIE is turned on. It tries to build
.so file using -pie and -shared flags together because
its doing compile and link in same step CFLAGS and LDFLAGS
are combined and does not work, ending in errors e.g.
| /mnt/a/oe/build/tmp/work/cortexa7t2hf-neon-vfpv4-bec-linux-musleabi/python-pygpgme/0.3-r0/recipe-sysroot/usr/l
ib/Scrt1.o: In function `_start_c':
| /usr/src/debug/musl/1.1.16+gitAUTOINC+179766aa2e-r0/git/crt/crt1.c:17: undefined reference to `main'
| collect2: error: ld returned 1 exit status
This error while cryptic is due to the fact that we are
building a shared library but also pass -pie flag to the link
step after specify LDHSARED ( which is -shared linker flags )
we can not use -pie when doing shared libs. This is true for all the python
modules inheriting setup tools
Disable the pie flags thusly for all modules using setuptools since
this setting is done in setuptools makefiles which are then used
during module compiles
Backport notes:
In master, this commit is reverted in master in favor of using GCCPIE =
"--enable-default-pie" in security_flags.inc. However, backporting that change
introduces many merge conflicts and will be a serious maintenance issue, so I
think it's safest to just backport this small change, which fixes build failures
in python-cffi and likely other recipes.
For completeness, this is the list of commits in OE-core master that will
supersede this change:
- 1c7e195c94764d680a12a49b870f04cd58860f81
"gcc: Introduce a knob to configure gcc to default to PIE"
- e93765ffb5718b0fce84f0b8123963176dea95e4
"security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGS"
- fcfe6d4ab4460f8358e13023022a5e909941ca93
distutils,setuptools: Delete use of SECURITY_NO_PIE_CFLAGS
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Martin Kelly <mkelly at xevo.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/classes/distutils-common-base.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/distutils-common-base.bbclass b/meta/classes/distutils-common-base.bbclass
index 824a1b6..fa733c6 100644
--- a/meta/classes/distutils-common-base.bbclass
+++ b/meta/classes/distutils-common-base.bbclass
@@ -11,3 +11,5 @@ FILES_${PN}-dev += "\
${libdir}/pkgconfig \
${PYTHON_SITEPACKAGES_DIR}/*.la \
"
+
+SECURITY_CFLAGS = "${SECURITY_NO_PIE_CFLAGS}"
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list