[oe,meta-oe,meta-networking,2/5] security_flags.inc: Delete

Message ID 20170708131744.33927-2-raj.khem@gmail.com
State New
Headers show
Series
  • [oe,meta-oe,1/5] libdbus-c++: Fix build with gcc7 and unblacklist
Related show

Commit Message

Khem Raj July 8, 2017, 1:17 p.m.
OE-Core has now reworked the PIE flags, where they
are implicitly passed by compiler when security flags are enabled

None of these pinnings are needed anymore, since these packages
compile fine with security flags enabled

Signed-off-by: Khem Raj <raj.khem@gmail.com>

---
 .../include/meta_networking_security_flags.inc     | 10 --------
 meta-networking/conf/layer.conf                    |  3 ---
 .../conf/distro/include/meta_oe_security_flags.inc | 28 ----------------------
 meta-oe/conf/layer.conf                            |  3 ---
 4 files changed, 44 deletions(-)
 delete mode 100644 meta-networking/conf/distro/include/meta_networking_security_flags.inc
 delete mode 100644 meta-oe/conf/distro/include/meta_oe_security_flags.inc

-- 
2.13.2

-- 
_______________________________________________
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Patch

diff --git a/meta-networking/conf/distro/include/meta_networking_security_flags.inc b/meta-networking/conf/distro/include/meta_networking_security_flags.inc
deleted file mode 100644
index 19e13ea87..000000000
--- a/meta-networking/conf/distro/include/meta_networking_security_flags.inc
+++ /dev/null
@@ -1,10 +0,0 @@ 
-# configure righteously complains:
-# | configure:3479: using CFLAGS:  -O2 -pipe -g -feliminate-unused-debug-types -fstack-protector-strong -pie -fpie -D_FORTIFY_SOURCE=2
-# | configure:3485: CFLAGS error: CFLAGS may only be used to specify C compiler flags, not macro definitions. Use CPPFLAGS for: -D_FORTIFY_SOURCE=2
-# | configure:3516: error: Can not continue. Fix errors mentioned immediately above this line.
-
-# Make sure it's at least empty in builds which don't include
-# conf/distro/include/security_flags.inc
-lcl_maybe_fortify ?= ""
-TARGET_CFLAGS_remove_pn-c-ares = "${lcl_maybe_fortify}"
-TARGET_CPPFLAGS_append_pn-c-ares = "${lcl_maybe_fortify}"
diff --git a/meta-networking/conf/layer.conf b/meta-networking/conf/layer.conf
index b5aa1599b..2dfde4bdf 100644
--- a/meta-networking/conf/layer.conf
+++ b/meta-networking/conf/layer.conf
@@ -19,9 +19,6 @@  LAYERDEPENDS_networking-layer += "meta-python"
 
 LICENSE_PATH += "${LAYERDIR}/licenses"
 
-# Override security flags
-require conf/distro/include/meta_networking_security_flags.inc
-
 SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   wireguard-tools->wireguard-module \
 "
diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
deleted file mode 100644
index 03868bfaf..000000000
--- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc
+++ /dev/null
@@ -1,28 +0,0 @@ 
-# Build errors with the pie options enabled
-SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-libdevmapper = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"
-
-# This has text reloc errors with the pie options enabled
-SECURITY_CFLAGS_pn-llvm3.3 = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-mozjs = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-openldap = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-s3c64xx-gpio = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-s3c24xx-gpio = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-cpufrequtils = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-libcec = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-libmodplug = "${SECURITY_NO_PIE_CFLAGS}"
-SECURITY_CFLAGS_pn-libcdio = "${SECURITY_NO_PIE_CFLAGS}"
-
-#| /mnt/b/build/tmp-glibc/sysroots/intel-corei7-64/usr/lib/libc_nonshared.a(elf-init.oS): In function `__libc_csu_init':
-#| /usr/src/debug/glibc/2.24-r0/git/csu/elf-init.c:86: undefined reference to `__init_array_start'
-
-SECURITY_CFLAGS_pn-libvdpau = "${SECURITY_NO_PIE_CFLAGS}"
-
-#| /mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/6.2.0/ld: lj_err_dyn.o: relocation R_X86_64_TPOFF32 against `static_uex' can not be used when making a shared object; recompile with -fPIC
-#| /mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/6.2.0/ld: final link failed: Nonrepresentable section on output
-#| collect2: error: ld returned 1 exit status
-#| make[1]: *** [Makefile:675: libluajit.so] Error 1
-SECURITY_CFLAGS_pn-luajit = "${SECURITY_NO_PIE_CFLAGS}"
-
diff --git a/meta-oe/conf/layer.conf b/meta-oe/conf/layer.conf
index 54425c68e..f0d21ed50 100644
--- a/meta-oe/conf/layer.conf
+++ b/meta-oe/conf/layer.conf
@@ -77,7 +77,4 @@  SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
 
 FREESMARTPHONE_GIT = "git://git.freesmartphone.org"
 
-# Override security flags
-require conf/distro/include/meta_oe_security_flags.inc
-
 HOSTTOOLS += "id"