From 30f54f14dd3641f57398671680f2cafba19a5c61 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Wed, 29 Aug 2018 17:04:57 +0800 Subject: security_flags.inc: use `?=' to set a default var-lcl_maybe_fortify - Since poky enable security flags+pie by default, tweak comments to sync with it. [poky commit] 491082c poky.conf: Enable security flags+pie by default 29d76b3 poky-lsb: Remove including security_flags.inc [poky commit] - Use `?=' to set a default lcl_maybe_fortify, it is helpful for variable OVERRIDES. (From OE-Core rev: 38c410bb7d1688cd952da9f19269c2a65a92ab45) Signed-off-by: Hongxu Jia Signed-off-by: Richard Purdie --- meta/conf/distro/include/security_flags.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'meta/conf') diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 4e20a4d0f8..e113f999a1 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -3,14 +3,14 @@ # or both so a blacklist is maintained here. The idea would be over # time to reduce this list to nothing. # From a Yocto Project perspective, this file is included and tested -# in the DISTRO="poky-lsb" configuration. +# in the DISTRO="poky" configuration. GCCPIE ?= "--enable-default-pie" # If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can be set # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use # -O0 which then results in a compiler warning. -lcl_maybe_fortify = "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" +lcl_maybe_fortify ?= "${@oe.utils.conditional('DEBUG_BUILD','1','','-D_FORTIFY_SOURCE=2',d)}" # Error on use of format strings that represent possible security problems SECURITY_STRINGFORMAT ?= "-Wformat -Wformat-security -Werror=format-security" -- cgit v1.2.3-54-g00ecf