Enable compiler flags to enhance security

From the original included file:

  Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These
  don't work universally, there are recipes which can't use one, the other
  or both so a blacklist is maintained here. The idea would be over
  time to reduce this list to nothing.

It is likely that:
- some packages in the included layers don't compile with these flags
- bad recipes do not obey these flags
- binary drivers might expose issues at runtime

We need to check and extend the blacklist/whitelist or fix the code or recipe.

Change-Id: Ie4b80abd010eab438567923dea85aac23a565d23
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>

diff --git a/meta-agl/conf/distro/poky-agl.conf b/meta-agl/conf/distro/poky-agl.conf
index 3c3903b..e9f5a1c 100644 (file)
--- a/meta-agl/conf/distro/poky-agl.conf
+++ b/meta-agl/conf/distro/poky-agl.conf
@@ -133,4 +133,7 @@ ERROR_QA_append = " ${WARN_TO_ERROR_QA}"
 
 # using multiple BSP layers causes dangling bbappends in meta-agl-bsp
 # turn it into a warning
 
 # using multiple BSP layers causes dangling bbappends in meta-agl-bsp
 # turn it into a warning

-BB_DANGLINGAPPENDS_WARNONLY = "1"
\ No newline at end of file
+BB_DANGLINGAPPENDS_WARNONLY = "1"
+
+# enforce security-related compiler flags by default
+require conf/distro/include/security_flags.inc