I think we pretty much abandoned prelink at this point, are you using it and do you see the benefits?
Alex On Thu, 20 Jan 2022 at 04:30, <[email protected]> wrote: > Since a prelinked rootfs is in conflict with PIE, don't attempt the latter > if the image enables prelink. > --- > meta/conf/distro/include/security_flags.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/conf/distro/include/security_flags.inc > b/meta/conf/distro/include/security_flags.inc > index e469eadca1..be6feb9e5f 100644 > --- a/meta/conf/distro/include/security_flags.inc > +++ b/meta/conf/distro/include/security_flags.inc > @@ -5,7 +5,7 @@ > # From a Yocto Project perspective, this file is included and tested > # in the DISTRO="poky" configuration. > > -GCCPIE ?= "--enable-default-pie" > +GCCPIE ?= "${@bb.utils.contains('USER_CLASSES', 'image-prelink', > '--disable-default-pie', '--enable-default-pie', d)}" > # If static PIE is known to work well, GLIBCPIE="--enable-static-pie" can > be set > > # _FORTIFY_SOURCE requires -O1 or higher, so disable in debug builds as > they use > -- > 2.25.1 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#160753): https://lists.openembedded.org/g/openembedded-core/message/160753 Mute This Topic: https://lists.openembedded.org/mt/88551948/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
