aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKhem Raj <raj.khem@gmail.com>2018-03-01 18:26:34 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-03-01 22:18:00 +0000
commit8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361 (patch)
tree78936fd5393dc7a07364c33b105b8c805e9e71e5
parentc6f1010a47df33b40320aa5784181b659a3254d7 (diff)
downloadopenembedded-core-contrib-8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361.tar.gz
openembedded-core-contrib-8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361.tar.bz2
openembedded-core-contrib-8e4ece7bf0b09275a34ce8e7cc3e1e54a366c361.zip
glibc: Enable static PIE support when security_flags are enabled
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/security_flags.inc2
-rw-r--r--meta/recipes-core/glibc/glibc_2.27.bb3
2 files changed, 5 insertions, 0 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 49d2417a882..d66dd576493 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -6,6 +6,7 @@
# in the DISTRO="poky-lsb" configuration.
GCCPIE ?= "--enable-default-pie"
+GLIBCPIE ?= "--enable-static-pie"
# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
# -O0 which then results in a compiler warning.
@@ -30,6 +31,7 @@ SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc_powerpc = ""
GCCPIE_powerpc = ""
+GLIBCPIE_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-glibc = ""
diff --git a/meta/recipes-core/glibc/glibc_2.27.bb b/meta/recipes-core/glibc/glibc_2.27.bb
index 2434c061056..bcc1acfbc28 100644
--- a/meta/recipes-core/glibc/glibc_2.27.bb
+++ b/meta/recipes-core/glibc/glibc_2.27.bb
@@ -69,6 +69,8 @@ GLIBC_BROKEN_LOCALES = ""
#
COMPATIBLE_HOST_libc-musl_class-target = "null"
+GLIBCPIE ??= ""
+
EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--without-cvs --disable-profile \
--disable-debug --without-gd \
@@ -82,6 +84,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--enable-bind-now \
--enable-stack-protector=strong \
--enable-stackguard-randomization \
+ ${GLIBCPIE} \
${GLIBC_EXTRA_OECONF}"
EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"