Patchwork security-flags: Deal with powerpc build issues

login
register
mail settings
Submitter Richard Purdie
Date Feb. 26, 2014, 11:35 a.m.
Message ID <1393414543.31769.110.camel@ted>
Download mbox | patch
Permalink /patch/67463/
State New
Headers show

Comments

Richard Purdie - Feb. 26, 2014, 11:35 a.m.
Building powerpc machines with the standard security flags generated numerous
build failures. Use a reduced set of flags for now to avoid linker issues
and other compile failures.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
Gary Thomas - Feb. 26, 2014, 11:40 a.m.
On 2014-02-26 04:35, Richard Purdie wrote:
> 
> 
> Building powerpc machines with the standard security flags generated numerous
> build failures. Use a reduced set of flags for now to avoid linker issues
> and other compile failures.
> 
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> index e7d4933a..b5489d8 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -2,6 +2,14 @@ SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
>  SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
>  SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
>  
> +# powerpc does not get on with pie for reasons not looked into as yet
> +SECURITY_CFLAGS_powerpc = "-fstack-protector-all -D_FORTIFY_SOURCE=2"
> +# Deal with ppc specific linker failures when using the cflags
> +SECURITY_CFLAGS_pn-dbus_powerpc = ""
> +SECURITY_CFLAGS_pn-dbus-ptest_powerpc = ""
> +SECURITY_CFLAGS_pn-libmatchbox_powerpc = ""
> +SECURITY_CFLAGS_pn-webkit-gtk = ""

The change for webkit doesn't seem to be PowerPC specific?  If it needs
to be here, shouldn't it be in a separate change, or at least documented
in the change log?

> +
>  SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
>  SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
>  # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned
Richard Purdie - Feb. 26, 2014, noon
On Wed, 2014-02-26 at 04:40 -0700, Gary Thomas wrote:
> On 2014-02-26 04:35, Richard Purdie wrote:
> > 
> > 
> > Building powerpc machines with the standard security flags generated numerous
> > build failures. Use a reduced set of flags for now to avoid linker issues
> > and other compile failures.
> > 
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > ---
> > diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
> > index e7d4933a..b5489d8 100644
> > --- a/meta/conf/distro/include/security_flags.inc
> > +++ b/meta/conf/distro/include/security_flags.inc
> > @@ -2,6 +2,14 @@ SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
> >  SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
> >  SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
> >  
> > +# powerpc does not get on with pie for reasons not looked into as yet
> > +SECURITY_CFLAGS_powerpc = "-fstack-protector-all -D_FORTIFY_SOURCE=2"
> > +# Deal with ppc specific linker failures when using the cflags
> > +SECURITY_CFLAGS_pn-dbus_powerpc = ""
> > +SECURITY_CFLAGS_pn-dbus-ptest_powerpc = ""
> > +SECURITY_CFLAGS_pn-libmatchbox_powerpc = ""
> > +SECURITY_CFLAGS_pn-webkit-gtk = ""
> 
> The change for webkit doesn't seem to be PowerPC specific?  If it needs
> to be here, shouldn't it be in a separate change, or at least documented
> in the change log?

Sorry, I'll make that powerpc specific, it was meant to be...

Cheers,

Richard

Patch

diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc
index e7d4933a..b5489d8 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -2,6 +2,14 @@  SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2"
 SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2"
 SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now"
 
+# powerpc does not get on with pie for reasons not looked into as yet
+SECURITY_CFLAGS_powerpc = "-fstack-protector-all -D_FORTIFY_SOURCE=2"
+# Deal with ppc specific linker failures when using the cflags
+SECURITY_CFLAGS_pn-dbus_powerpc = ""
+SECURITY_CFLAGS_pn-dbus-ptest_powerpc = ""
+SECURITY_CFLAGS_pn-libmatchbox_powerpc = ""
+SECURITY_CFLAGS_pn-webkit-gtk = ""
+
 SECURITY_CFLAGS_pn-aspell = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-beecrypt = "${SECURITY_NO_PIE_CFLAGS}"
 # Curl seems to check for FORTIFY_SOURCE in CFLAGS, but even assigned