aboutsummaryrefslogtreecommitdiffstats
path: root/meta-ivi/conf/distro/poky-ivi-systemd.conf
diff options
context:
space:
mode:
authorGunnar Andersson <gandersson@genivi.org>2017-12-06 13:16:32 +0100
committerOscar Andreasson <oan@frozentux.net>2018-03-29 14:25:10 +0200
commit73a1e55e640e53e99494bb241c6d08b6071c3061 (patch)
tree180d104e0459fd184fbbd5f9455eb286ed08428f /meta-ivi/conf/distro/poky-ivi-systemd.conf
parent58dd0d51f5efd23fbc560bad56275c8a01431f51 (diff)
downloadmeta-ivi-73a1e55e640e53e99494bb241c6d08b6071c3061.tar.gz
meta-ivi-73a1e55e640e53e99494bb241c6d08b6071c3061.tar.bz2
meta-ivi-73a1e55e640e53e99494bb241c6d08b6071c3061.zip
Add "hardening" compiler flags
These gcc flags are quite standard practice but not always applied by each and every component default settings - hence each Linux distro does it in their own packaging. It was requested by Phong Tran in PR #98 for GDP. These flags are applied to the whole distro however, which is why they are placed in meta-ivi distro definition instead. [GDP-754] Compiler Hardening Flags Signed-off-by: Gunnar Andersson <gandersson@genivi.org> Signed-off-by: Oscar Andreasson <oscar.andreasson@pelagicore.com>
Diffstat (limited to 'meta-ivi/conf/distro/poky-ivi-systemd.conf')
-rw-r--r--meta-ivi/conf/distro/poky-ivi-systemd.conf16
1 files changed, 16 insertions, 0 deletions
diff --git a/meta-ivi/conf/distro/poky-ivi-systemd.conf b/meta-ivi/conf/distro/poky-ivi-systemd.conf
index 097f44f..83378e1 100644
--- a/meta-ivi/conf/distro/poky-ivi-systemd.conf
+++ b/meta-ivi/conf/distro/poky-ivi-systemd.conf
@@ -21,6 +21,22 @@ DISTRO_FEATURES_BACKFILL_CONSIDERED = "sysvinit"
PREFERRED_VERSION_wayland-ivi-extension = "2.1"
+require conf/distro/include/security_flags.inc
+
+# FIXME: these pkgs are apparently broken when enabling (some of) the
+# security_flags, so they are therefore blacklisted here, (or the flags
+# are _partially) applied)
+SECURITY_CFLAGS_pn-lttng-ust = "${SECURITY_NO_PIE_CFLAGS}"
+SECURITY_CFLAGS_pn-persistence-administrator = ""
+SECURITY_LDFLAGS_pn-persistence-administrator = ""
+
+SECURITY_CFLAGS_pn-keyutils = ""
+SECURITY_LDFLAGS_pn-keyutils = ""
+SECURITY_CFLAGS_pn-v86d = ""
+SECURITY_LDFLAGS_pn-v86d = ""
+SECURITY_CFLAGS_pn-gettext = ""
+SECURITY_LDFLAGS_pn-gettext = ""
+
# do not use gstreamer 1.2.3 by default
PREFERRED_VERSION_gstreamer1.0 ?= "1.12.2"
PREFERRED_VERSION_gstreamer1.0-plugins-bad ?= "1.12.2"