diff options
| author | Khem Raj <raj.khem@gmail.com> | 2017-07-08 06:17:41 -0700 |
|---|---|---|
| committer | Joe MacDonald <joe_macdonald@mentor.com> | 2017-09-08 16:38:12 -0400 |
| commit | 39731d843df6b45d3512f5c832c23b7ac231c945 (patch) | |
| tree | f4e79a56a2b2ce167c4b8de1adbfb722c3acfee2 | |
| parent | ee8e9b85c0a315bfc42d538b955bc326992a1374 (diff) | |
| download | meta-openembedded-39731d843df6b45d3512f5c832c23b7ac231c945.tar.gz | |
security_flags.inc: Delete
OE-Core has now reworked the PIE flags, where they
are implicitly passed by compiler when security flags are enabled
None of these pinnings are needed anymore, since these packages
compile fine with security flags enabled
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
| -rw-r--r-- | meta-networking/conf/distro/include/meta_networking_security_flags.inc | 10 | ||||
| -rw-r--r-- | meta-networking/conf/layer.conf | 3 | ||||
| -rw-r--r-- | meta-oe/conf/distro/include/meta_oe_security_flags.inc | 28 | ||||
| -rw-r--r-- | meta-oe/conf/layer.conf | 3 |
4 files changed, 0 insertions, 44 deletions
diff --git a/meta-networking/conf/distro/include/meta_networking_security_flags.inc b/meta-networking/conf/distro/include/meta_networking_security_flags.inc deleted file mode 100644 index 19e13ea872..0000000000 --- a/meta-networking/conf/distro/include/meta_networking_security_flags.inc +++ /dev/null | |||
| @@ -1,10 +0,0 @@ | |||
| 1 | # configure righteously complains: | ||
| 2 | # | configure:3479: using CFLAGS: -O2 -pipe -g -feliminate-unused-debug-types -fstack-protector-strong -pie -fpie -D_FORTIFY_SOURCE=2 | ||
| 3 | # | configure:3485: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2 | ||
| 4 | # | configure:3516: error: Can not continue. Fix errors mentioned immediately above this line. | ||
| 5 | |||
| 6 | # Make sure it's at least empty in builds which don't include | ||
| 7 | # conf/distro/include/security_flags.inc | ||
| 8 | lcl_maybe_fortify ?= "" | ||
| 9 | TARGET_CFLAGS_remove_pn-c-ares = "${lcl_maybe_fortify}" | ||
| 10 | TARGET_CPPFLAGS_append_pn-c-ares = "${lcl_maybe_fortify}" | ||
diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf index b5aa1599b6..2dfde4bdf4 100644 --- a/meta-networking/conf/layer.conf +++ b/meta-networking/conf/layer.conf | |||
| @@ -19,9 +19,6 @@ LAYERDEPENDS_networking-layer += "meta-python" | |||
| 19 | 19 | ||
| 20 | LICENSE_PATH += "${LAYERDIR}/licenses" | 20 | LICENSE_PATH += "${LAYERDIR}/licenses" |
| 21 | 21 | ||
| 22 | # Override security flags | ||
| 23 | require conf/distro/include/meta_networking_security_flags.inc | ||
| 24 | |||
| 25 | SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ | 22 | SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ |
| 26 | wireguard-tools->wireguard-module \ | 23 | wireguard-tools->wireguard-module \ |
| 27 | " | 24 | " |
diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc deleted file mode 100644 index 03868bfaf5..0000000000 --- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc +++ /dev/null | |||
| @@ -1,28 +0,0 @@ | |||
| 1 | # Build errors with the pie options enabled | ||
| 2 | SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 3 | SECURITY_CFLAGS_pn-libdevmapper = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 4 | SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 5 | SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 6 | |||
| 7 | # This has text reloc errors with the pie options enabled | ||
| 8 | SECURITY_CFLAGS_pn-llvm3.3 = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 9 | SECURITY_CFLAGS_pn-mozjs = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 10 | SECURITY_CFLAGS_pn-openldap = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 11 | SECURITY_CFLAGS_pn-s3c64xx-gpio = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 12 | SECURITY_CFLAGS_pn-s3c24xx-gpio = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 13 | SECURITY_CFLAGS_pn-cpufrequtils = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 14 | SECURITY_CFLAGS_pn-libcec = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 15 | SECURITY_CFLAGS_pn-libmodplug = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 16 | SECURITY_CFLAGS_pn-libcdio = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 17 | |||
| 18 | #| /mnt/b/build/tmp-glibc/sysroots/intel-corei7-64/usr/lib/libc_nonshared.a(elf-init.oS): In function `__libc_csu_init': | ||
| 19 | #| /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:86: undefined reference to `__init_array_start' | ||
| 20 | |||
| 21 | SECURITY_CFLAGS_pn-libvdpau = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 22 | |||
| 23 | #| /mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/6.2.0/ld: lj_err_dyn.o: relocation R_X86_64_TPOFF32 against `static_uex' can not be used when making a shared object; recompile with -fPIC | ||
| 24 | #| /mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/6.2.0/ld: final link failed: Nonrepresentable section on output | ||
| 25 | #| collect2: error: ld returned 1 exit status | ||
| 26 | #| make[1]: *** [Makefile:675: libluajit.so] Error 1 | ||
| 27 | SECURITY_CFLAGS_pn-luajit = "${SECURITY_NO_PIE_CFLAGS}" | ||
| 28 | |||
diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf index 868ed4e4f6..3896ff7f06 100644 --- a/meta-oe/conf/layer.conf +++ b/meta-oe/conf/layer.conf | |||
| @@ -76,7 +76,4 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ | |||
| 76 | source-han-sans-tw-fonts->fontconfig \ | 76 | source-han-sans-tw-fonts->fontconfig \ |
| 77 | " | 77 | " |
| 78 | 78 | ||
| 79 | # Override security flags | ||
| 80 | require conf/distro/include/meta_oe_security_flags.inc | ||
| 81 | |||
| 82 | HOSTTOOLS += "id" | 79 | HOSTTOOLS += "id" |