From: Saul Wold <sgw@linux.intel.com>
To: Phil Blundell <pb@pbcl.net>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/2 v2] bitbake.conf: Add SECURITY_*FLAGS overridable definition
Date: Fri, 28 Jun 2013 14:52:46 -0700 [thread overview]
Message-ID: <51CE05AE.4050908@linux.intel.com> (raw)
In-Reply-To: <1372453659.28188.22.camel@pb-ThinkPad-R50e>
On 06/28/2013 02:07 PM, Phil Blundell wrote:
> On Fri, 2013-06-28 at 13:19 -0700, Saul Wold wrote:
>> So, if I remember correctly there was issues with this because there are
>> a number of packages that have to modify specifically the security
>> related flags (see the list in security_flags.inc), the ordering/timing
>> of being able to due that correctly did not allow for setting it
>> directly in CFLAGS or TARGET_CFLAGS.
>
> What exactly were the issues? I can't think of any obvious reason why
> it wouldn't work for security.inc to do:
>
> SECURITY_CFLAGS = "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
> SECURITY_CFLAGS_pn-curl = "-fstack-protector-all -pie -fpie"
> CFLAGS += "${SECURITY_CFLAGS}"
>
Seems either will work, this or TARGET_CFLAGS_append, I guess the
problem I had in the past was trying to do it in the recipe or some
other ordering problem. I think part of it is that these are special
since they use "export"
So now the question is which place them TARGET_*FLAGS or *FLAGS??
TARGET_* makes it clear we are modifying those flags.
Sau!
> p.
>
>
>
>
next prev parent reply other threads:[~2013-06-28 21:52 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-28 19:23 [PATCH 1/2 v2] bitbake.conf: Add SECURITY_*FLAGS overridable definition Saul Wold
2013-06-28 19:23 ` [PATCH 2/2 v2] security_flags: Add the compiler and linker flags that enhance security Saul Wold
2013-06-28 22:11 ` Khem Raj
2013-06-28 19:28 ` [PATCH 1/2 v2] bitbake.conf: Add SECURITY_*FLAGS overridable definition Mark Hatle
2013-06-28 22:13 ` Khem Raj
2013-06-28 19:51 ` Phil Blundell
2013-06-28 20:19 ` Saul Wold
2013-06-28 21:04 ` Richard Purdie
2013-06-28 21:07 ` Phil Blundell
2013-06-28 21:52 ` Saul Wold [this message]
2013-06-28 22:17 ` Khem Raj
2013-06-28 22:16 ` Khem Raj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51CE05AE.4050908@linux.intel.com \
--to=sgw@linux.intel.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=pb@pbcl.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.