Re: [oe] [meta-initramfs][PATCH v2] klibc: fix build on i386 with GCC and security flags enabled

Sat, 15 Sep 2018 01:15:16 -0700 

On 2018年09月15日 02:02, Andrea Adami wrote:

ld fails if distro's security-flags are enabled:
Inject the SECURITY_XFLAGS if security_flags.inc was included.

Fix on i386: ld: discarded output section: `.got.plt'

Signed-off-by: Andrea Adami <[email protected]>
---
  meta-initramfs/recipes-devtools/klibc/klibc.inc | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/meta-initramfs/recipes-devtools/klibc/klibc.inc 
b/meta-initramfs/recipes-devtools/klibc/klibc.inc
index 3d25e96..837b026 100644
--- a/meta-initramfs/recipes-devtools/klibc/klibc.inc
+++ b/meta-initramfs/recipes-devtools/klibc/klibc.inc
@@ -47,7 +47,8 @@ EXTRA_OEMAKE = "'KLIBCARCH=${KLIBC_ARCH}' \
                  'KLIBCOPTFLAGS=${TUNE_CCARGS}' \
                   V=1 \
                  "
-EXTRA_OEMAKE += 'EXTRA_KLIBCAFLAGS="-Wa,--noexecstack" EXTRA_KLIBCLDFLAGS="-z 
noexecstack"'
+EXTRA_OEMAKE += "'EXTRA_KLIBCAFLAGS=${SECURITY_CFLAGS} -Wa,--noexecstack' \
+                 'EXTRA_KLIBCLDFLAGS=${SECURITY_LDFLAGS} -z noexecstack'"
Is it necessary to pass SECURITY_XFLAGS directly? While including security_flags.inc, 
CC will contain SECURITY_CFLAGS and LDFLAGS will contain SECURITY_LDFLAGS.
Maybe you should make sure  to pass LDFLAGS to EXTRA_KLIBCLDFLAGS to avoid
ldflags qa warning.

[security_flags.inc]
 58 TARGET_CC_ARCH_append_class-target = " ${SECURITY_CFLAGS}"
 59 TARGET_LDFLAGS_append_class-target = " ${SECURITY_LDFLAGS}"
[security_flags.inc]


  export FIX_ARMV4_EABI_BX = "${FIX_V4BX}"
  KLIBCTHUMB = "${@['CONFIG_KLIBC_THUMB=n', 
'CONFIG_KLIBC_THUMB=y'][(d.getVar('ARM_INSTRUCTION_SET') == 'thumb')]}"
@@ -74,5 +75,4 @@ KLIBC_ARCH_powerpc = "ppc"
  KLIBC_ARCH_powerpc64 = "ppc64"
  THIS_LIBKLIBC = "libklibc (= ${PV}-${PR})"
-SECURITY_CFLAGS = "-fno-PIE -no-pie" 
-SECURITY_LDFLAGS = "-no-pie"
+SECURITY_LDFLAGS = "${@'-z relro -z now -pie' if '${GCCPIE}' else ''}"


The same reason, it is not necessary to test GCCPIE,

and it missed "-Wl,"?, how about directly set SECURITY_STACK_PROTECTOR = ""


//Hongxu

--
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Reply via email to