summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHongxu Jia <hongxu.jia@windriver.com>2018-08-29 17:04:57 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-04 11:03:55 +0100
commit30f54f14dd3641f57398671680f2cafba19a5c61 (patch)
tree2e73794624bcf93711848cd8da97e571862b877f
parent7f10f6a57a1396ae8fc020c82c0077a6577cce59 (diff)
downloadpoky-30f54f14dd3641f57398671680f2cafba19a5c61.tar.gz
security_flags.inc: use `?=' to set a default var-lcl_maybe_fortify
- Since poky enable security flags+pie by default, tweak comments to sync with it. [poky commit] 491082c poky.conf: Enable security flags+pie by default 29d76b3 poky-lsb: Remove including security_flags.inc [poky commit] - Use `?=' to set a default lcl_maybe_fortify, it is helpful for variable OVERRIDES. (From OE-Core rev: 38c410bb7d1688cd952da9f19269c2a65a92ab45) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/security_flags.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 4e20a4d0f8..e113f999a1 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -3,14 +3,14 @@
3# or both so a blacklist is maintained here. The idea would be over 3# or both so a blacklist is maintained here. The idea would be over
4# time to reduce this list to nothing. 4# time to reduce this list to nothing.
5# From a Yocto Project perspective, this file is included and tested 5# From a Yocto Project perspective, this file is included and tested
6# in the DISTRO="poky-lsb" configuration. 6# in the DISTRO="poky" configuration.
7 7
8GCCPIE ?= "--enable-default-pie" 8GCCPIE ?= "--enable-default-pie"
9# If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set 9# If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set
10 10
11# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use 11# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
12# -O0 which then results in a compiler warning. 12# -O0 which then results in a compiler warning.
13lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" 13lcl_maybe_fortify ?= "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}"
14 14
15# Error on use of format strings that represent possible security problems 15# Error on use of format strings that represent possible security problems
16SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" 16SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"