[OE-core] [PATCH V2] defaultsetup.conf: Enable security flags+pie by default
andrea.adami at gmail.com
Fri Sep 7 13:28:15 UTC 2018
What is holding back this patch?
On Fri, Jul 27, 2018 at 9:41 AM Khem Raj <raj.khem at gmail.com> wrote:
> This has been an opt-in for so long, some distributions e.g.
> poky-lsb uses it by default however, since most of linux
> distros have started to default to these settings for security
> enhancements, time has come for OE to make it default too
> remove documentation from advanced local.conf sample
> Signed-off-by: Khem Raj <raj.khem at gmail.com>
> - Remove references to explicitly enabling security flags
> meta/conf/distro/defaultsetup.conf | 1 +
> meta/conf/local.conf.sample.extended | 11 -----------
> 2 files changed, 1 insertion(+), 11 deletions(-)
> diff --git a/meta/conf/distro/defaultsetup.conf b/meta/conf/distro/defaultsetup.conf
> index ca2f9178d2..352e279596 100644
> --- a/meta/conf/distro/defaultsetup.conf
> +++ b/meta/conf/distro/defaultsetup.conf
> @@ -1,6 +1,7 @@
> include conf/distro/include/default-providers.inc
> include conf/distro/include/default-versions.inc
> include conf/distro/include/default-distrovars.inc
> +require conf/distro/include/security_flags.inc
> include conf/distro/include/world-broken.inc
> TCMODE ?= "default"
> diff --git a/meta/conf/local.conf.sample.extended b/meta/conf/local.conf.sample.extended
> index e698acb84b..7f107831ee 100644
> --- a/meta/conf/local.conf.sample.extended
> +++ b/meta/conf/local.conf.sample.extended
> @@ -270,17 +270,6 @@
> #COPYLEFT_RECIPE_TYPES = 'target'
> -# GCC/LD FLAGS to enable more secure code generation
> -# By including the security_flags include file you enable flags
> -# to the compiler and linker that cause them to generate more secure
> -# code, this is enabled by default in the poky-lsb distro.
> -# This does affect compile speed slightly.
> -# Use the following line to enable the security compiler and linker flags to your build
> -#require conf/distro/include/security_flags.inc
> # Image level user/group configuration.
> # Inherit extrausers to make the setting of EXTRA_USERS_PARAMS effective.
> #INHERIT += "extrausers"
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
More information about the Openembedded-core