From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH/next 2/2] keepalived: enable hardening option
Date: Fri, 23 Nov 2018 22:00:37 +0100 [thread overview]
Message-ID: <20181123220037.6c26bd2b@windsurf> (raw)
In-Reply-To: <20181121211611.8521-2-fontaine.fabrice@gmail.com>
Hello,
On Wed, 21 Nov 2018 22:16:11 +0100, Fabrice Fontaine wrote:
> Enable or disable hardening option depending on BR2_TOOLCHAIN_HAS_SSP
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/keepalived/keepalived.mk | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/package/keepalived/keepalived.mk b/package/keepalived/keepalived.mk
> index 584da6bb48..f9049bf391 100644
> --- a/package/keepalived/keepalived.mk
> +++ b/package/keepalived/keepalived.mk
> @@ -9,7 +9,12 @@ KEEPALIVED_SITE = http://www.keepalived.org/software
> KEEPALIVED_DEPENDENCIES = host-pkgconf openssl
> KEEPALIVED_LICENSE = GPL-2.0+
> KEEPALIVED_LICENSE_FILES = COPYING
> -KEEPALIVED_CONF_OPTS = --disable-hardening
> +
> +ifeq ($(BR2_TOOLCHAIN_HAS_SSP),y)
> +KEEPALIVED_CONF_OPTS += --enable-hardening
> +else
> +KEEPALIVED_CONF_OPTS += --disable-hardening
> +endif
I am not sure we want to do that. Indeed, Buildroot already has
top-level options to enable/disable various hardening features. We
don't want packages to randomly enable/disable such hardening features
solely based on SSP availability.
So I think we should keep hardening disabled from the point of view of
keepalived configure script, and let Buildroot pass the appropriate
CFLAGS/LDFLAGS through the wrapper.
Best regards,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2018-11-23 21:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-21 21:16 [Buildroot] [PATCH/next 1/2] keepalived: bump to version 2.0.10 Fabrice Fontaine
2018-11-21 21:16 ` [Buildroot] [PATCH/next 2/2] keepalived: enable hardening option Fabrice Fontaine
2018-11-23 21:00 ` Thomas Petazzoni [this message]
2018-11-23 21:13 ` Fabrice Fontaine
2018-11-23 20:59 ` [Buildroot] [PATCH/next 1/2] keepalived: bump to version 2.0.10 Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181123220037.6c26bd2b@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox