summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan-Simon Möller <jsmoeller@linuxfoundation.org>2016-05-08 00:00:23 +0200
committerJan-Simon Möller <jsmoeller@linuxfoundation.org>2016-05-08 00:00:23 +0200
commita1e6f20828d629a6e08286fed5e8cfba0862948e (patch)
tree8c9ff5012980dfc36b094c630730ef7260d73acb
parent084ab213bd37fb22b4f2bd2e23859b719778c4cc (diff)
Enable compiler flags to enhance security
From the original included file: Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These don't work universally, there are recipes which can't use one, the other or both so a blacklist is maintained here. The idea would be over time to reduce this list to nothing. It is likely that: - some packages in the included layers don't compile with these flags - bad recipes do not obey these flags - binary drivers might expose issues at runtime We need to check and extend the blacklist/whitelist or fix the code or recipe. Change-Id: Ie4b80abd010eab438567923dea85aac23a565d23 Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
-rw-r--r--meta-agl/conf/distro/poky-agl.conf5
1 files changed, 4 insertions, 1 deletions
diff --git a/meta-agl/conf/distro/poky-agl.conf b/meta-agl/conf/distro/poky-agl.conf
index 3c3903b5d..e9f5a1c2c 100644
--- a/meta-agl/conf/distro/poky-agl.conf
+++ b/meta-agl/conf/distro/poky-agl.conf
@@ -133,4 +133,7 @@ ERROR_QA_append = " ${WARN_TO_ERROR_QA}"
# using multiple BSP layers causes dangling bbappends in meta-agl-bsp
# turn it into a warning
-BB_DANGLINGAPPENDS_WARNONLY = "1" \ No newline at end of file
+BB_DANGLINGAPPENDS_WARNONLY = "1"
+
+# enforce security-related compiler flags by default
+require conf/distro/include/security_flags.inc