It was pointed out that people couldn't easily see who used this or why so add some comments about that.
Signed-off-by: Richard Purdie <[email protected]> diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 0ee3814..9608c7f 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -1,3 +1,10 @@ +# Setup extra CFLAGS and LDFLAGS which have 'security' benefits. These +# don't work universally, there are recipes which can't use one, the other +# or both so a blacklist is maintained here. The idea would be over +# time to reduce this list to nothing. +# From a Yocto Project perspective, this file is included and tested +# in the DISTRO="poky-lsb" configuration. + SECURITY_CFLAGS ?= "-fstack-protector-all -pie -fpie -D_FORTIFY_SOURCE=2" SECURITY_NO_PIE_CFLAGS ?= "-fstack-protector-all -D_FORTIFY_SOURCE=2" SECURITY_LDFLAGS ?= "-Wl,-z,relro,-z,now" -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
