[OE-core] blocking pie in recipes that build shared object files
Peter A. Bigot
pab at pabigot.com
Mon Aug 4 14:56:37 UTC 2014
I've now hit two recipes in meta-openembedded that fail on armv7-a
because SECURITY_CFLAGS has -pie as an option that leaks into a link
command building a shared object file. This produces:
|
/prj/oe/omap/build-beaglebone-master/tmp/sysroots/beaglebone/usr/lib/Scrt1.o:
In function `_start':
|
/prj/oe/omap/build-beaglebone-master/tmp/work/cortexa8hf-vfp-neon-poky-linux-gnueabi/eglibc/2.19-r0/eglibc-2.19/libc/csu/../ports/sysdeps/arm/start.S:128:
undefined reference to `main'
| collect2: error: ld returned 1 exit status
| error: command 'arm-poky-linux-gnueabi-gcc' failed with exit status 1
In openembedded-core meta/conf/distro/include/security_flags.inc
provides a bunch of package-specific overrides to use
SECURITY_NO_PIE_CFLAGS for this sort of package.
It's not clear to me how that should be accomplished for recipes that
are not part of openembedded-core. For
http://patches.openembedded.org/patch/77165/ for python-smbus in
meta-python I chose to override it in the bb file.
What is the best-practices solution to this problem?
Peter
More information about the Openembedded-core
mailing list