| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
OE-Core has now reworked the PIE flags, where they
are implicitly passed by compiler when security flags are enabled
None of these pinnings are needed anymore, since these packages
compile fine with security flags enabled
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Since libdevmapper was split out from lvm2, it now needs its own entry
to disable building with -fpie.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The short version - it ain't working.
The long version:
For shared libraries made from C++ sources, configure
runs some code to determine how to link shared libraries
(from libtool.m4) using g++. In particular, it calls
g++ ${CFLAGS} -c conftest.c
g++ ${CFLAGS} -nostdinc -shared -v conftest.o
to then parse the gcc -v output.
If CFLAGS contains -pie -fpie, g++ adds Scrt1.o to the
objects being linked together to form the final output.
Once Scrt1.o is pulled into a shared library, it becomes
impossible to link this DSO against a final binary. I
didn't investigate why, by I suspect because of
-Wl,relro -Wl,now
libtool takes note of Scrt1.o (and all other libraries
added by gcc, but those don't matter here) and adds it
everywhere a shared library is being created, see
predep_objects= and postdep_objects= in the
'LIBTOOL TAG CONFIG: CXX' section.
In other words, the the shared library created during
the build can't be linked against. This includes
some applications that are part of the libdbus-c++
source tree, but also any other external user.
While I am not sure if the root of the issue is in
- gcc (should it really add Scrt1.o despite -shared),
or in
- libtool (should it filter out -pie -fpie during the
configure step), or even in
- OE (should it really be adding -pie -fpie to
everything, even shared libraries by default and
unconditionally),
we can make things work by using SECURITY_NO_PIE_CFLAGS
instead.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling llvm3.3 and including meta_oe_security_flags.inc:
- on x86 (qemux86 e.g.), text relocation warnings appear ;
- on x86-64 (qemux86-64 e.g.), linking fails with the following
error message:
"relocation R_X86_64_PC32 against undefined symbol [...]
recompile with -fPIC"
Add llvm3.3 to the overrides list, so that it builds correctly.
Signed-off-by: Manuel Bachmann <manuel.bachmann@iot.bzh>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
|
Some of recipes produce errors if the distro has enabled usage of
security_flags.inc file. Fix those errors (and QA warnings) by providing
an additional include file that is require'd from conf/layer.conf.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
