meta_oe_security_flags: disable PIE for libdbus-c++

The short version - it ain't working. The long version: For shared libraries made from C++ sources, configure runs some code to determine how to link shared libraries (from libtool.m4) using g++. In particular, it calls g++ ${CFLAGS} -c conftest.c g++ ${CFLAGS} -nostdinc -shared -v conftest.o to then parse the gcc -v output. If CFLAGS contains -pie -fpie, g++ adds Scrt1.o to the objects being linked together to form the final output. Once Scrt1.o is pulled into a shared library, it becomes impossible to link this DSO against a final binary. I didn't investigate why, by I suspect because of -Wl,relro -Wl,now libtool takes note of Scrt1.o (and all other libraries added by gcc, but those don't matter here) and adds it everywhere a shared library is being created, see predep_objects= and postdep_objects= in the 'LIBTOOL TAG CONFIG: CXX' section. In other words, the the shared library created during the build can't be linked against. This includes some applications that are part of the libdbus-c++ source tree, but also any other external user. While I am not sure if the root of the issue is in - gcc (should it really add Scrt1.o despite -shared), or in - libtool (should it filter out -pie -fpie during the configure step), or even in - OE (should it really be adding -pie -fpie to everything, even shared libraries by default and unconditionally), we can make things work by using SECURITY_NO_PIE_CFLAGS instead. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: André Draszik <adraszik@tycoint.com> 2016-11-25 15:18:03 +0000
committer: Martin Jansa <Martin.Jansa@gmail.com> 2016-12-02 09:23:44 +0100
commit: a4251575f41fa5aafe5072e562497b05c11b6702 (patch)
tree: 75095bcdd5467ec251ce5307f7205d64151ef837 /meta-oe/conf
parent: 119e75e48dbf0539b4e440417901458ffff79b38 (diff)
download: meta-openembedded-a4251575f41fa5aafe5072e562497b05c11b6702.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
index e57cc5bc4..42fedc279 100644
--- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc
+++ b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
@@ -1,4 +1,5 @@
 # Build errors with the pie options enabled
+SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"
author	André Draszik <adraszik@tycoint.com>	2016-11-25 15:18:03 +0000
committer	Martin Jansa <Martin.Jansa@gmail.com>	2016-12-02 09:23:44 +0100
commit	a4251575f41fa5aafe5072e562497b05c11b6702 (patch)
tree	75095bcdd5467ec251ce5307f7205d64151ef837 /meta-oe/conf
parent	119e75e48dbf0539b4e440417901458ffff79b38 (diff)
download	meta-openembedded-a4251575f41fa5aafe5072e562497b05c11b6702.tar.gz

diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc index e57cc5bc4..42fedc279 100644 --- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc +++ b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
@@ -1,4 +1,5 @@
1	# Build errors with the pie options enabled	1	# Build errors with the pie options enabled
		2	SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}"
2	SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"	3	SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"
3	SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"	4	SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"
4		5