[OE-core] blocking pie in recipes that build shared object files
Khem Raj
raj.khem at gmail.com
Mon Aug 4 22:39:48 UTC 2014
On 14-08-04 09:56:37, Peter A. Bigot wrote:
> I've now hit two recipes in meta-openembedded that fail on armv7-a because
> SECURITY_CFLAGS has -pie as an option that leaks into a link command
> building a shared object file. This produces:
>
> |
> /prj/oe/omap/build-beaglebone-master/tmp/sysroots/beaglebone/usr/lib/Scrt1.o:
> In function `_start':
> | /prj/oe/omap/build-beaglebone-master/tmp/work/cortexa8hf-vfp-neon-poky-linux-gnueabi/eglibc/2.19-r0/eglibc-2.19/libc/csu/../ports/sysdeps/arm/start.S:128:
> undefined reference to `main'
> | collect2: error: ld returned 1 exit status
> | error: command 'arm-poky-linux-gnueabi-gcc' failed with exit status 1
>
> In openembedded-core meta/conf/distro/include/security_flags.inc provides a
> bunch of package-specific overrides to use SECURITY_NO_PIE_CFLAGS for this
> sort of package.
>
> It's not clear to me how that should be accomplished for recipes that are
> not part of openembedded-core. For
> http://patches.openembedded.org/patch/77165/ for python-smbus in meta-python
> I chose to override it in the bb file.
>
> What is the best-practices solution to this problem?
may be add SECURITY_CFLAGS_pn-blah = "${SECURITY_NO_PIE_CFLAGS}"
to layer.conf of given layer where recipe resides
More information about the Openembedded-core
mailing list