From 1c5e37acb9c091f533534d6e31d2b17599ef2d78 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 29 May 2015 14:16:50 +0100 Subject: security_flags: Add comment about what it does and who uses it It was pointed out that people couldn't easily see who used this or why so add some comments about that. (From OE-Core rev: 67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf) Signed-off-by: Richard Purdie --- meta/conf/distro/include/security_flags.inc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'meta/conf/distro') diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 0ee38140ef..9608c7f069 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -1,3 +1,10 @@ +# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These +# don't work universally, there are recipes which can't use one, the other +# or both so a blacklist is maintained here. The idea would be over +# time to reduce this list to nothing. +# From a Yocto Project perspective, this file is included and tested +# in the DISTRO="poky-lsb" configuration. + SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2" SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2" SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now" -- cgit 1.2.3-korg