[yocto] [PATCH] SDK environment script doesn't set security options in CC and LDFLAGS variables

[yocto] [PATCH] SDK environment script doesn't set security options in CC and LDFLAGS variables

[Antoine Manache]

[-- Attachment #1: Type: text/plain, Size: 1225 bytes --]

When building a SDK from a DISTRO with security flags enabled, options
added to
CC and LDFLAGS are not replicated in the SDK environment script.
This could lead to some situations where an application compiled with
the SDK and having some security weaknesses correctly runs on target but
crashes once integrated to the core image built with the full Yocto
stack.

Signed-off-by: Antoine Manache <a.manache@gmail.com>
---
 meta/conf/distro/include/security_flags.inc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/conf/distro/include/security_flags.inc
b/meta/conf/distro/include/security_flags.inc
index 620978a8ed..329482bfa3 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -56,7 +56,9 @@ SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-gcc = ""

 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
+TARGET_CC_ARCH_append_class-cross-canadian = " ${SECURITY_CFLAGS}"
 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
+TARGET_LDFLAGS_append_class-cross-canadian = " ${SECURITY_LDFLAGS}"

 SECURITY_STACK_PROTECTOR_pn-gcc-runtime = ""
 SECURITY_STACK_PROTECTOR_pn-glibc = ""

--
2.11.0

[-- Attachment #2: Type: text/html, Size: 5514 bytes --]

✗ patchtest: failure for SDK environment script doesn't set security options in CC and LDFLAGS variables

[Patchwork]

== Series Details ==

Series: SDK environment script doesn't set security options in CC and LDFLAGS variables
Revision: 1
URL   : https://patchwork.openembedded.org/series/21252/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Patch            [yocto] SDK environment script doesn't set security options in CC and LDFLAGS variables
 Issue             Shortlog does not follow expected format [test_shortlog_format] 
  Suggested fix    Commit shortlog (first line of commit message) should follow the format "<target>: <summary>"



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe