[OE-core] [PATCH 1/5] security_flags: remove invalid linker option
Joshua G Lock
joshua.g.lock at linux.intel.com
Fri Aug 19 18:29:41 UTC 2016
On Fri, 2016-08-19 at 10:05 -0700, Khem Raj wrote:
> >
> > On Aug 19, 2016, at 8:34 AM, Joshua Lock <joshua.g.lock at intel.com>
> > wrote:
> >
> > -fstack-protector-* is a compiler option, not a linker option.
>
> IIRC There are packages
> who do not use CFLAGS in linker cmdline which case this fails
>
> what issues do you see with this option appearing in ldflags ?
>
> This should be tested with world builds on both musl and glibc
I wasn't sure why it appeared in ldflags, none of the (admittedly only
glibc) builds I did seemed to have any related failures.
I'll drop this patch and add a comment as to the intent of including
that in ldflags.
Thanks,
Joshua
> >
> >
> > [YOCTO #9948]
> >
> > Signed-off-by: Joshua Lock <joshua.g.lock at intel.com>
> > ---
> > meta/conf/distro/include/security_flags.inc | 9 ++-------
> > 1 file changed, 2 insertions(+), 7 deletions(-)
> >
> > diff --git a/meta/conf/distro/include/security_flags.inc
> > b/meta/conf/distro/include/security_flags.inc
> > index 20f48de..77fade6 100644
> > --- a/meta/conf/distro/include/security_flags.inc
> > +++ b/meta/conf/distro/include/security_flags.inc
> > @@ -15,8 +15,8 @@ SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-
> > security -Werror=format-security"
> > SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> > SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong
> > ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}"
> >
> > -SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now"
> > -SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
> > +SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> > +SECURITY_X_LDFLAGS ?= "-Wl,-z,relro"
> >
> > # powerpc does not get on with pie for reasons not looked into as
> > yet
> > SECURITY_CFLAGS_powerpc = "-fstack-protector-strong
> > ${lcl_maybe_fortify}"
> > @@ -100,11 +100,6 @@ SECURITY_STRINGFORMAT_pn-oh-puzzles = ""
> > TARGET_CFLAGS_append_class-target = " ${SECURITY_CFLAGS}"
> > TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
> >
> > -SECURITY_LDFLAGS_remove_pn-gcc-runtime = "-fstack-protector-
> > strong"
> > -SECURITY_LDFLAGS_remove_pn-glibc = "-fstack-protector-strong"
> > -SECURITY_LDFLAGS_remove_pn-glibc-initial = "-fstack-protector-
> > strong"
> > -SECURITY_LDFLAGS_remove_pn-uclibc = "-fstack-protector-strong"
> > -SECURITY_LDFLAGS_remove_pn-uclibc-initial = "-fstack-protector-
> > strong"
> > SECURITY_LDFLAGS_pn-xf86-video-fbdev = "${SECURITY_X_LDFLAGS}"
> > SECURITY_LDFLAGS_pn-xf86-video-intel = "${SECURITY_X_LDFLAGS}"
> > SECURITY_LDFLAGS_pn-xf86-video-omapfb = "${SECURITY_X_LDFLAGS}"
> > --
> > 2.7.4
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
More information about the Openembedded-core
mailing list