@@ -6,6 +6,7 @@
# in the DISTRO="poky-lsb" configuration.
GCCPIE ?= "--enable-default-pie"
+GLIBCPIE ?= "--enable-static-pie"
# _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as they use
# -O0 which then results in a compiler warning.
@@ -30,6 +31,7 @@ SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro"
SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}"
SECURITY_CFLAGS_pn-libgcc_powerpc = ""
GCCPIE_powerpc = ""
+GLIBCPIE_powerpc = ""
# arm specific security flag issues
SECURITY_CFLAGS_pn-glibc = ""
@@ -68,6 +68,8 @@ GLIBC_BROKEN_LOCALES = ""
#
COMPATIBLE_HOST_libc-musl_class-target = "null"
+GLIBCPIE ??= ""
+
EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--without-cvs --disable-profile \
--disable-debug --without-gd \
@@ -81,6 +83,7 @@ EXTRA_OECONF = "--enable-kernel=${OLDEST_KERNEL} \
--enable-bind-now \
--enable-stack-protector=strong \
--enable-stackguard-randomization \
+ ${GLIBCPIE} \
${GLIBC_EXTRA_OECONF}"
EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}"
Signed-off-by: Khem Raj <raj.khem@gmail.com> --- meta/conf/distro/include/security_flags.inc | 2 ++ meta/recipes-core/glibc/glibc_2.27.bb | 3 +++ 2 files changed, 5 insertions(+) -- 2.16.2 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core