diff options
author | Enrico Scholz <enrico.scholz@sigma-chemnitz.de> | 2012-01-12 17:30:21 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-03-18 13:18:20 +0000 |
commit | 4fb837687dd68363f25fbfc15207dd05d1369661 (patch) | |
tree | a2cbf6946aab70dd8c39977cb6adfe4bda99dabc | |
parent | 6d9a3ac0515380d0789ee3d316c08212592a6f9a (diff) | |
download | poky-4fb837687dd68363f25fbfc15207dd05d1369661.tar.gz |
openssl: build always with -Wa,--noexecstack
There is no reason to disable exec-stack only for -native builds;
binaries on the target will suffer from the same SELinux ACLs.
OpenSSL does not use executable stack so this option can be disabled
unconditionally.
(From OE-Core rev: 9c32b62d6494139daf4bab3279779c392fead116)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl.inc | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index af1922e1f6..f5b24324ba 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc | |||
@@ -18,12 +18,10 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | |||
18 | S = "${WORKDIR}/openssl-${PV}" | 18 | S = "${WORKDIR}/openssl-${PV}" |
19 | 19 | ||
20 | AR_append = " r" | 20 | AR_append = " r" |
21 | # Avoid binaries being marked as requiring an executable stack since it | ||
22 | # doesn't(which causes and this causes issues with SELinux | ||
21 | CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ | 23 | CFLAG = "${@base_conditional('SITEINFO_ENDIANNESS', 'le', '-DL_ENDIAN', '-DB_ENDIAN', d)} \ |
22 | -DTERMIO ${CFLAGS} -Wall" | 24 | -DTERMIO ${CFLAGS} -Wall -Wa,--noexecstack" |
23 | |||
24 | # Avoid binaries being marked as requiring an executable stack (which causes | ||
25 | # issues with SELinux on the host) | ||
26 | CFLAG_append_class-native = " -Wa,--noexecstack" | ||
27 | 25 | ||
28 | # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom | 26 | # -02 does not work on mipsel: ssh hangs when it tries to read /dev/urandom |
29 | CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" | 27 | CFLAG_mtx-1 := "${@'${CFLAG}'.replace('-O2', '')}" |