[oe] [meta-networking][PATCH 2/2] meta-networking: override SECURITY_CFLAGS for c-ares
Martin Jansa
martin.jansa at gmail.com
Thu Jul 21 13:51:23 UTC 2016
On Fri, Jul 15, 2016 at 01:54:21PM +0100, git at andred.net wrote:
> From: André Draszik <adraszik at tycoint.com>
>
> c-ares doesn't build if the distro has enabled usage of the
> security_flags.inc file as it is picky about what is placed
> into CPPFLAGS and CFLAGS. It complains and errors out if any
> preprocessor options appear in CFLAGS.
>
> Fix this by providing an additional include file that is
> require'd from conf/layer.conf.
>
> Signed-off-by: André Draszik <adraszik at tycoint.com>
> ---
> .../conf/distro/include/meta_networking_security_flags.inc | 6 ++++++
> meta-networking/conf/layer.conf | 3 +++
> 2 files changed, 9 insertions(+)
> create mode 100644 meta-networking/conf/distro/include/meta_networking_security_flags.inc
>
> diff --git a/meta-networking/conf/distro/include/meta_networking_security_flags.inc b/meta-networking/conf/distro/include/meta_networking_security_flags.inc
> new file mode 100644
> index 0000000..06802d6
> --- /dev/null
> +++ b/meta-networking/conf/distro/include/meta_networking_security_flags.inc
> @@ -0,0 +1,6 @@
> +# configure righteously complains:
> +# | configure:3479: using CFLAGS: -O2 -pipe -g -feliminate-unused-debug-types -fstack-protector-strong -pie -fpie -D_FORTIFY_SOURCE=2
> +# | configure:3485: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
> +# | configure:3516: error: Can not continue. Fix errors mentioned immediately above this line.
> +TARGET_CFLAGS_remove_pn-c-ares = "${lcl_maybe_fortify}"
> +TARGET_CPPFLAGS_append_pn-c-ares = "${lcl_maybe_fortify}"
This actually breaks builds which don't include
conf/distro/include/security_flags.inc
with:
lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
because then lcl_maybe_fortify isn't defined and gcc in c-ares
do_configure gets it unexpaned and fails:
configure:3926: checking whether the C compiler works
configure:3948: arm-oe-linux-gnueabi-gcc -march=armv7-a -mthumb -mfpu=neon -mfloat-abi=softfp -mcpu=cortex-a9 -mtune=cortex-a9 -funwind-tables -rdynamic -Os --sysroot=/OE/sysroots/MACHINE -O2 -pipe -g -feliminate-unused-debug-types -fdebug-prefix-map=/OE/work/MACHINE-oe-linux-gnueabi/c-ares/1.10.0-r0=/usr/src/debug/c-ares/1.10.0-r0 -fdebug-prefix-map=/OE/sysroots/x86_64-linux= -fdebug-prefix-map=/OE/sysroots/MACHINE= -Os ${lcl_maybe_fortify} -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed conftest.c >&5
arm-oe-linux-gnueabi-gcc: error: ${lcl_maybe_fortify}: No such file or directory
I'll send a patch to add weak assignment before using lcl_maybe_fortify
> diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
> index 5fd636a..c09ba4a 100644
> --- a/meta-networking/conf/layer.conf
> +++ b/meta-networking/conf/layer.conf
> @@ -21,3 +21,6 @@ LICENSE_PATH += "${LAYERDIR}/licenses"
>
> # used by waf-samba.bbclass
> WAF_CROSS_ANSWERS_PATH = "${LAYERDIR}/files/waf-cross-answers"
> +
> +# Override security flags
> +require conf/distro/include/meta_networking_security_flags.inc
> --
> 2.8.1
>
> --
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20160721/fd182c89/attachment-0002.sig>
More information about the Openembedded-devel
mailing list