[oe] [meta-java] Openjdk-8 and D_FORTIFY_SOURCE

[Kaaria, Erkka]

Hi,

Currently openjdk-8 fails to build if D_FORTIFY_SOURCE is set through SECURITY_CFLAGS. This happens, because gcc requires at least -O for this feature to work. Otherwise a warning is generated ("_FORTIFY_SOURCE requires compiling with optimization"), which then gets turned into an error by -Werror.

This is easy enough to fix by providing appropriate compiler flags through EXTRA_OECONF and -with-extra-cflags. The recipe however contains a warning that adding -with-extra-cflags will break building demos for jdk. Everything seems to work correctly on my machine even if I add the parameter (package is generated for demos, no build failures), but I assume that this warning is there for a reason.

There are few ways of solving this as far as I can see:


1.       Just add the -with-extra-cflags and disable demos.

2.       Remove D_FORTIFY_SOURCE from SECURITY_CFLAGS

3.       Patch the openjdk build files, either removing -Werror or adding -O2

I personally prefer the first solution, as I don't really see any value in providing demos. The second solution would weaken security, which I'd like to avoid if at all possible. The third solution on the other hand feels like it's too hacky-ish for this problem (not to mention that removing -Werror is basically the same than removing D_FORTIFY_SOURCE).

Best Regards,
Erkka Kääriä


---------------------------------------------------------------------
Intel Finland Oy
Registered Address: PL 281, 00181 Helsinki 
Business Identity Code: 0357606 - 4 
Domiciled in Helsinki 

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.