[OE-core] [PATCH 1/2] security_flags.inc: use `?=' to set a default var-lcl_maybe_fortify
Hongxu Jia
hongxu.jia at windriver.com
Wed Aug 29 09:04:57 UTC 2018
- Since poky enable security flags+pie by default, tweak comments
to sync with it.
[poky commit]
491082c poky.conf: Enable security flags+pie by default
29d76b3 poky-lsb: Remove including security_flags.inc
[poky commit]
- Use `?=' to set a default lcl_maybe_fortify, it is helpful for
variable OVERRIDES.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
meta/conf/distro/include/security_flags.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 4e20a4d..e113f99 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -3,14 +3,14 @@
# or both so a blacklist is maintained here. The idea would be over
# time to reduce this list to nothing.
# From a Yocto Project perspective, this file is included and tested
-# in the DISTRO="poky-lsb" configuration.
+# in the DISTRO="poky" configuration.
GCCPIE ?= "--enable-default-pie"
# If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set
# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
# -O0 which then results in a compiler warning.
-lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
+lcl_maybe_fortify ?= "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
# Error on use of format strings that represent possible security problems
SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
--
2.7.4
More information about the Openembedded-core
mailing list