From patchwork Sat Jul 1 14:23:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Khem Raj X-Patchwork-Id: 106816 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp3562017qge; Sat, 1 Jul 2017 07:25:03 -0700 (PDT) X-Received: by 10.84.128.39 with SMTP id 36mr977343pla.226.1498919103600; Sat, 01 Jul 2017 07:25:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1498919103; cv=none; d=google.com; s=arc-20160816; b=Tx+IyZIngWYDP2lQ0E5RLWcoXEYSgn+1bcj+Vm9ot54ot5aenp7h9gnKDHCKbwa2fg bEkk9uxhNJ+a7BL0XAyax2Nwq2mjB3UjqPYpv595VYesse3kLxdv9djmQ1T7BdcQB5VY 4ZDT6JKy3bevRft2CXWQWiW3dvnFQ7bGf1PvNpf4Dx8X0FH4OInptpO3ZelGrRJzQhbS ozm/yoAob+XuTgiP6+EoFNW2B1hYz3ensa4eXax7DdS5YNWW1FAEN3G5XKHd2mDa/XrG jwg6c6JlE1ebPfwM3dW0qmcLA/yWlIO3c4HC4RVO27u71+w39PK64hOCsa0u0D1PtDHP LuDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=f9Y4cvb9DmiGY6uuxwj21pA3ywM37932v1jNHAk5O3o=; b=A/GvlDgpfaDosSOxoua4axquoiRYMWfzX7VFeabcWzNxuEgLy+RLvOCt8AZnCnWT7A i+WDq77rYHjgpxOtyJ+rfE8PVBm4sfqKNHohZvsqllGju4vumCz0MB5dx6/oR2JsjdR+ KDA8oEjHJITZRmZmT2de9axgZBOoRbCV83K6ve7UwiAoyO/H08TBa+KBhoYPKUXDN6ny VH7MCNuHJEDW9KJA6DSjqUHn/GKQypx6rTtyHoWqNy1VOFl5vT7JMd3uDmbUhFmk3Ohx jp19mITn7rXFPADnUiM5Yx+qqcWX2U70Pz0YYwj4I+2whu/SbNqoSoefcwrhHNClu5Np /E6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=CCipb2xV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id o11si6526245pgn.549.2017.07.01.07.25.03; Sat, 01 Jul 2017 07:25:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=CCipb2xV; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from review.yoctoproject.org (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 88F0C782C4; Sat, 1 Jul 2017 14:24:48 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-pf0-f194.google.com (mail-pf0-f194.google.com [209.85.192.194]) by mail.openembedded.org (Postfix) with ESMTP id BF0D378288 for ; Sat, 1 Jul 2017 14:23:43 +0000 (UTC) Received: by mail-pf0-f194.google.com with SMTP id e199so20438363pfh.0 for ; Sat, 01 Jul 2017 07:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1N+2dhs28SnuvFCty7CEt3Go0xzLoY4ZxXyhiIy573k=; b=CCipb2xVZu599ZyAS/6/+hpOfO4qcrbpdlJEwtwpCz7ohRITRO5BY/jF8wWeCmI8X1 d/t/CSmUGKEmJ8Gc2oRfdtB6UXoDagwV02p/O6wrDOBcF9bHWtZy6b2cQjAEkXHN3UGO RbXRER00FlsesRXtxhgwuryJuH3lOrs9qVLJ0DzNHgWPQusrzEYIkm2MOwuUCrkYF4SY cxUfRfvl0eLSyprUAzb+beqcqtj0VC6S+4H/z4vG8uOl4zVcdVjT2TiNLWBVrOLH1vi7 EoPBUMv/8mqR8AjTERadjNSCxqCK4KcbB8TvK3WpdOS1GrjkxIxanh2KbcFksEgK+zX6 avDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1N+2dhs28SnuvFCty7CEt3Go0xzLoY4ZxXyhiIy573k=; b=k3nrnZj36+Jg+Oj3AM2EVDdcJuokrYxxq8g72c4A3T4OX1HDw14+7z67xQXHL3bA2I WJKDqyFVBxVh6TfY9l5C2kk05WBNNOf/MiL9wXOfxT/M5P2vkE+s7oKbjrwZ3mRlmXcr OkAQfd1JXE50uLB+0ECe5vK+/0CmBZWhA4T4bzrZVHqf73S71yfiNxPgTjW9wNsS/EVG Hzi/XlpzJIEiaap+GxOxGb3qRM68VCf0py3wXi0V/YfXmNX+4jNgQSTAvvtIzNrKqUjy +rG28lhpn61OMYf/Oang7+8s4SSkA3vQqYrHibyQ7h9iNhWxQ8nYy4r28xdPnzCbP+t5 oZ8w== X-Gm-Message-State: AIVw111u7DiHzi2fA0Q7T3PliCN6L8z0uaD8j4eaSGX1S29ABZzVmHhP 0+MBQGGQ1NaaSICc X-Received: by 10.84.232.79 with SMTP id f15mr967064pln.189.1498919024604; Sat, 01 Jul 2017 07:23:44 -0700 (PDT) Received: from localhost.localdomain ([2601:646:8882:b8c::3df3]) by smtp.gmail.com with ESMTPSA id 17sm25026909pfn.84.2017.07.01.07.23.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 01 Jul 2017 07:23:43 -0700 (PDT) From: Khem Raj To: openembedded-core@lists.openembedded.org Date: Sat, 1 Jul 2017 07:23:07 -0700 Message-Id: <776e6811105e112f7e924883eed5ed4fadb0d0e8.1498893436.git.raj.khem@gmail.com> X-Mailer: git-send-email 2.13.2 In-Reply-To: References: Subject: [OE-core] [PATCH 04/19] gcc: Introduce a knob to configure gcc to default to PIE X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org GCCPIE flag which is empty by default adds "--enable-default-pie" configure option for harderned distros We do not require to add -fpie -pie flag externally anymore Signed-off-by: Khem Raj --- meta/conf/distro/include/security_flags.inc | 4 +++- meta/recipes-devtools/gcc/gcc-configure-common.inc | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) -- 2.13.2 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 38164d08b8..f2eb224a77 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -5,6 +5,8 @@ # From a Yocto Project perspective, this file is included and tested # in the DISTRO="poky-lsb" configuration. +GCCPIE ?= "--enable-default-pie" + # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use # -O0 which then results in a compiler warning. lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" @@ -12,7 +14,7 @@ lcl_maybe_fortify = "${@base_conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE # Error on use of format strings that represent possible security problems SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" -SECURITY_CFLAGS ?= "-fstack-protector-strong -pie -fpie ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" +SECURITY_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_STRINGFORMAT}" SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now" diff --git a/meta/recipes-devtools/gcc/gcc-configure-common.inc b/meta/recipes-devtools/gcc/gcc-configure-common.inc index 63fa1d9686..e2ce234aa1 100644 --- a/meta/recipes-devtools/gcc/gcc-configure-common.inc +++ b/meta/recipes-devtools/gcc/gcc-configure-common.inc @@ -22,6 +22,8 @@ EXTRA_OECONF_INITIAL ?= "" GCCMULTILIB ?= "--disable-multilib" GCCTHREADS ?= "posix" +GCCPIE ??= "" + EXTRA_OECONF = "\ ${@['--enable-clocale=generic', ''][d.getVar('USE_NLS') != 'no']} \ --with-gnu-ld \ @@ -29,6 +31,7 @@ EXTRA_OECONF = "\ --enable-languages=${LANGUAGES} \ --enable-threads=${GCCTHREADS} \ ${GCCMULTILIB} \ + ${GCCPIE} \ --enable-c99 \ --enable-long-long \ --enable-symvers=gnu \