From a1e6f20828d629a6e08286fed5e8cfba0862948e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan-Simon=20M=C3=B6ller?= Date: Sun, 8 May 2016 00:00:23 +0200 Subject: [PATCH] Enable compiler flags to enhance security MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit From the original included file: Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These don't work universally, there are recipes which can't use one, the other or both so a blacklist is maintained here. The idea would be over time to reduce this list to nothing. It is likely that: - some packages in the included layers don't compile with these flags - bad recipes do not obey these flags - binary drivers might expose issues at runtime We need to check and extend the blacklist/whitelist or fix the code or recipe. Change-Id: Ie4b80abd010eab438567923dea85aac23a565d23 Signed-off-by: Jan-Simon Möller --- meta-agl/conf/distro/poky-agl.conf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta-agl/conf/distro/poky-agl.conf b/meta-agl/conf/distro/poky-agl.conf index 3c3903b5d..e9f5a1c2c 100644 --- a/meta-agl/conf/distro/poky-agl.conf +++ b/meta-agl/conf/distro/poky-agl.conf @@ -133,4 +133,7 @@ ERROR_QA_append = " ${WARN_TO_ERROR_QA}" # using multiple BSP layers causes dangling bbappends in meta-agl-bsp # turn it into a warning -BB_DANGLINGAPPENDS_WARNONLY = "1" \ No newline at end of file +BB_DANGLINGAPPENDS_WARNONLY = "1" + +# enforce security-related compiler flags by default +require conf/distro/include/security_flags.inc -- 2.16.6