* [PATCH] openssl: build always with -Wa,--noexecstack
@ 2012-01-12 16:30 Enrico Scholz
2012-01-12 20:58 ` Saul Wold
0 siblings, 1 reply; 2+ messages in thread
From: Enrico Scholz @ 2012-01-12 16:30 UTC (permalink / raw)
To: openembedded-core; +Cc: Enrico Scholz
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
---
meta/recipes-connectivity/openssl/openssl.inc | 6 +-----
1 files changed, 1 insertions(+), 5 deletions(-)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 771f146..65bb671 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -19,11 +19,7 @@ S = "${WORKDIR}/openssl-${PV}"
AR_append = " r"
CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
- -DTERMIO ${FULL_OPTIMIZATION} -Wall"
-
-# Avoid binaries being marked as requiring an executable stack (which causes
-# issues with SELinux on the host)
-CFLAG_append_virtclass-native = " -Wa,--noexecstack"
+ -DTERMIO ${FULL_OPTIMIZATION} -Wall -Wa,--noexecstack"
# -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
--
1.7.7.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] openssl: build always with -Wa,--noexecstack
2012-01-12 16:30 [PATCH] openssl: build always with -Wa,--noexecstack Enrico Scholz
@ 2012-01-12 20:58 ` Saul Wold
0 siblings, 0 replies; 2+ messages in thread
From: Saul Wold @ 2012-01-12 20:58 UTC (permalink / raw)
To: Patches and discussions about the oe-core layer; +Cc: Enrico Scholz
On 01/12/2012 08:30 AM, Enrico Scholz wrote:
> There is no reason to disable exec-stack only for -native builds;
> binaries on the target will suffer from the same SELinux ACLs.
>
> OpenSSL does not use executable stack so this option can be disabled
> unconditionally.
>
> Signed-off-by: Enrico Scholz<enrico.scholz@sigma-chemnitz.de>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 6 +-----
> 1 files changed, 1 insertions(+), 5 deletions(-)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
> index 771f146..65bb671 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -19,11 +19,7 @@ S = "${WORKDIR}/openssl-${PV}"
>
> AR_append = " r"
> CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \
> - -DTERMIO ${FULL_OPTIMIZATION} -Wall"
> -
> -# Avoid binaries being marked as requiring an executable stack (which causes
> -# issues with SELinux on the host)
> -CFLAG_append_virtclass-native = " -Wa,--noexecstack"
> + -DTERMIO ${FULL_OPTIMIZATION} -Wall -Wa,--noexecstack"
>
> # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom
> CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}"
Enrico,
Thanks so much for these patches, the recipe changes such as this one,
binutils, perl, and x11 need to have PR bumps, can you please resubmit
them with PR increments.
Also, since you have so many could you use an oe-contrib branch to
submit them?
There may be other comments later.
Thanks
Sau!
Thanks
Sau!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-01-12 21:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-12 16:30 [PATCH] openssl: build always with -Wa,--noexecstack Enrico Scholz
2012-01-12 20:58 ` Saul Wold
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox