[OE-core] [oe-core][PATCH] poky-lsb: security_flags.inc
Peter Kjellerstedt
peter.kjellerstedt at axis.com
Tue Jul 31 21:37:35 UTC 2018
> -----Original Message-----
> From: openembedded-core-bounces at lists.openembedded.org <openembedded-
> core-bounces at lists.openembedded.org> On Behalf Of Hongzhi.Song
> Sent: den 31 juli 2018 13:07
> To: openembedded-core at lists.openembedded.org; raj.khem at gmail.com
> Subject: [OE-core] [oe-core][PATCH] poky-lsb: security_flags.inc
This is not only limited to poky-lsb. security_flags.inc is used
by many directly.
> To fix the following error, we append '-O' to the defination of
> _FORTIFY_SOURCE
>
> recipe-sysroot/usr/include/features.h:381:4: error: #warning
> _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
> # warning _FORTIFY_SOURCE requires compiling with optimization (-O)
> ^~~~~~~
>
> Signed-off-by: Hongzhi.Song <hongzhi.song at windriver.com>
> ---
> meta/conf/distro/include/security_flags.inc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index 6245e89ada..1c32fd3165 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -10,7 +10,7 @@ GCCPIE ?= "--enable-default-pie"
>
> # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
> # -O0 which then results in a compiler warning.
> -lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
> +lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2 -O',d)}"
This is not the correct way to solve this problem. It should be fixed on
a per recipe basis. There is probably a reason why the code is being built
with -O0, so then changing it here without an investigation of which is
correct, to build with fortification and enabling optimization or to build
without fortification and without enabling optimization.
Changing it as per above could also have an impact on some packages by
actually lowering the optimization level.
> # Error on use of format strings that represent possible security problems
> SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"
> --
> 2.11.0
//Peter
More information about the Openembedded-core
mailing list