[oe-commits] [openembedded-core] 23/43: distutils-base.bbclass: Do not use -pie with hardening

[git at git.openembedded.org]

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch pyro-next
in repository openembedded-core.

commit 739c69e8eb464d184ef652e7e7a4d4b234a5b5f9
Author: Khem Raj <raj.khem at gmail.com>
AuthorDate: Tue Feb 6 11:17:24 2018 -0800

    distutils-base.bbclass: Do not use -pie with hardening
    
    Fix build when PIE is turned on. It tries to build
    .so file using -pie and -shared flags together because
    its doing compile and link in same step CFLAGS and LDFLAGS
    are combined and does not work, ending in errors e.g.
    
    | /mnt/a/oe/build/tmp/work/cortexa7t2hf-neon-vfpv4-bec-linux-musleabi/python-pygpgme/0.3-r0/recipe-sysroot/usr/l
    ib/Scrt1.o: In function `_start_c':
    | /usr/src/debug/musl/1.1.16+gitAUTOINC+179766aa2e-r0/git/crt/crt1.c:17: undefined reference to `main'
    | collect2: error: ld returned 1 exit status
    
    This error while cryptic is due to the fact that we are
    building a shared library but also pass -pie flag to the link
    step after specify LDHSARED ( which is -shared linker flags )
    
    we can not use -pie when doing shared libs. This is true for all the python
    modules inheriting setup tools
    
    Disable the pie flags thusly for all modules using setuptools since
    this setting is done in setuptools makefiles which are then used
    during module compiles
    
    Backport notes:
    In master, this commit is reverted in master in favor of using GCCPIE =
    "--enable-default-pie" in security_flags.inc. However, backporting that change
    introduces many merge conflicts and will be a serious maintenance issue, so I
    think it's safest to just backport this small change, which fixes build failures
    in python-cffi and likely other recipes.
    
    For completeness, this is the list of commits in OE-core master that will
    supersede this change:
    
    - 1c7e195c94764d680a12a49b870f04cd58860f81
      "gcc: Introduce a knob to configure gcc to default to PIE"
    - e93765ffb5718b0fce84f0b8123963176dea95e4
      "security_flags.inc: Delete pinnings for SECURITY_NO_PIE_CFLAGS"
    - fcfe6d4ab4460f8358e13023022a5e909941ca93
      distutils,setuptools: Delete use of SECURITY_NO_PIE_CFLAGS
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Martin Kelly <mkelly at xevo.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/classes/distutils-common-base.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/distutils-common-base.bbclass b/meta/classes/distutils-common-base.bbclass
index 824a1b6..fa733c6 100644
--- a/meta/classes/distutils-common-base.bbclass
+++ b/meta/classes/distutils-common-base.bbclass
@@ -11,3 +11,5 @@ FILES_${PN}-dev += "\
   ${libdir}/pkgconfig \
   ${PYTHON_SITEPACKAGES_DIR}/*.la \
 "
+
+SECURITY_CFLAGS = "${SECURITY_NO_PIE_CFLAGS}"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.