summaryrefslogtreecommitdiffstats
path: root/meta/conf/distro/include/security_flags.inc
diff options
context:
space:
mode:
authorKhem Raj <raj.khem@gmail.com>2021-02-05 22:31:38 -0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-02-08 14:47:16 +0000
commit525493e3efc9480a671dd0cd848923725961fc12 (patch)
tree4aad073ae5bb9633703cf58da243c5fc44ad9dc5 /meta/conf/distro/include/security_flags.inc
parent88cb39cc3cf55ff39c8913e93f497c3c07e9e862 (diff)
downloadpoky-525493e3efc9480a671dd0cd848923725961fc12.tar.gz
security_flags.inc: Use -O with -D_FORTIFY_SOURCE
compiler can only use fortify options when some level of optimization is on, otherwise it ends up sending some warnings. warning: _FORTIFY_SOURCE requires compiling with optimization (-O) [-W#warnings] this is usually OK, since -O<level> would be added via CFLAGS to compiler cmdline in normal compile stages, however during configure there are problems when CC,CPP,CXX are probed alone in configure tests which results in above warning, which confuses the configure results and autotools 2.70+ detects it as error e.g. configure:17292: error: C preprocessor "riscv32-yoe-linux-clang -target riscv32-yoe-linux -mlittle-endian -mno-relax -Qunused-arguments -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/mnt/b/yoe/master/build/tmp/work/riscv32-yoe-linux/ndpi/3.4-r0/recipe-sysroot -E" fails sanity check See `config.log' for more details therefore adding a -O ( which actually is -O1 ) to lcl_maybe_fortify means we can properly test these configure tests and real -O<level> will still override -O added here, so overrall behavior improves (From OE-Core rev: b6113dd68caa46d56cf3c8293119f2b9d8b137fd) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/conf/distro/include/security_flags.inc')
-rw-r--r--meta/conf/distro/include/security_flags.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 4e64eb99f9..05253b2df9 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -10,7 +10,7 @@ GCCPIE ?= "--enable-default-pie"
10 10
11# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use 11# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
12# -O0 which then results in a compiler warning. 12# -O0 which then results in a compiler warning.
13lcl_maybe_fortify ?= "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" 13lcl_maybe_fortify ?= "${@oe.utils.conditional('DEBUG_BUILD','1','','-O -D_FORTIFY_SOURCE=2',d)}"
14 14
15# Error on use of format strings that represent possible security problems 15# Error on use of format strings that represent possible security problems
16SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" 16SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security"