summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2015-05-29 14:16:50 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-05-30 22:25:10 +0100
commit67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf (patch)
tree9d02a845563b5257436ba27c24e11c095248ebb2
parent01c7a7c013c4ee56f06fb7b5ab683066d8cb62f8 (diff)
downloadopenembedded-core-67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf.tar.gz
openembedded-core-67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf.tar.bz2
openembedded-core-67f09e9086b8fb1c0c8a1dd19419afb1a5af8daf.zip
security_flags: Add comment about what it does and who uses it
It was pointed out that people couldn't easily see who used this or why so add some comments about that. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/security_flags.inc7
1 files changed, 7 insertions, 0 deletions
diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index 0ee38140ef..9608c7f069 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -1,3 +1,10 @@
+# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These
+# don't work universally, there are recipes which can't use one, the other
+# or both so a blacklist is maintained here. The idea would be over
+# time to reduce this list to nothing.
+# From a Yocto Project perspective, this file is included and tested
+# in the DISTRO="poky-lsb" configuration.
+
SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"