From fc5f02410f27de8b2b97a8edccb859773094591e Mon Sep 17 00:00:00 2001
From: Steven Barth <cyrus@openwrt.org>
Date: Sat, 20 Jun 2015 17:37:18 +0000
Subject: [PATCH] buildroot: move hardening options into separate file
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46070
---
include/hardening.mk | 55 ++++++++++++++++++++++++++++++++++++++++++++
include/package.mk | 47 +------------------------------------
2 files changed, 56 insertions(+), 46 deletions(-)
create mode 100644 include/hardening.mk
diff --git a/include/hardening.mk b/include/hardening.mk
new file mode 100644
index 0000000000..8a24b3ca15
--- /dev/null
+++ b/include/hardening.mk
@@ -0,0 +1,55 @@
+#
+# Copyright (C) 2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+PKG_CHECK_FORMAT_SECURITY ?= 1
+PKG_CC_STACKPROTECTOR_REGULAR ?= 1
+PKG_CC_STACKPROTECTOR_STRONG ?= 1
+PKG_FORTIFY_SOURCE_1 ?= 1
+PKG_FORTIFY_SOURCE_2 ?= 1
+PKG_RELRO_PARTIAL ?= 1
+PKG_RELRO_FULL ?= 1
+
+ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
+ ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
+ TARGET_CFLAGS += -Wformat -Werror=format-security
+ endif
+endif
+ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
+ ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
+ TARGET_CFLAGS += -fstack-protector
+ TARGET_LDFLAGS += -fstack-protector
+ endif
+endif
+ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
+ ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
+ TARGET_CFLAGS += -fstack-protector-strong
+ TARGET_LDFLAGS += -fstack-protector-strong
+ endif
+endif
+ifdef CONFIG_PKG_FORTIFY_SOURCE_1
+ ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
+ TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
+ endif
+endif
+ifdef CONFIG_PKG_FORTIFY_SOURCE_2
+ ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
+ TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
+ endif
+endif
+ifdef CONFIG_PKG_RELRO_PARTIAL
+ ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
+ TARGET_CFLAGS += -Wl,-z,relro
+ TARGET_LDFLAGS += -zrelro
+ endif
+endif
+ifdef CONFIG_PKG_RELRO_FULL
+ ifeq ($(strip $(PKG_RELRO_FULL)),1)
+ TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
+ TARGET_LDFLAGS += -znow -zrelro
+ endif
+endif
+
diff --git a/include/package.mk b/include/package.mk
index 7ba7401d44..6538afe3e2 100644
--- a/include/package.mk
+++ b/include/package.mk
@@ -14,13 +14,6 @@ PKG_INSTALL_DIR ?= $(PKG_BUILD_DIR)/ipkg-install
PKG_MD5SUM ?= unknown
PKG_BUILD_PARALLEL ?=
PKG_USE_MIPS16 ?= 1
-PKG_CHECK_FORMAT_SECURITY ?= 1
-PKG_CC_STACKPROTECTOR_REGULAR ?= 1
-PKG_CC_STACKPROTECTOR_STRONG ?= 1
-PKG_FORTIFY_SOURCE_1 ?= 1
-PKG_FORTIFY_SOURCE_2 ?= 1
-PKG_RELRO_PARTIAL ?= 1
-PKG_RELRO_FULL ?= 1
ifneq ($(CONFIG_PKG_BUILD_USE_JOBSERVER),)
MAKE_J:=$(if $(MAKE_JOBSERVER),$(MAKE_JOBSERVER) -j)
@@ -40,46 +33,8 @@ ifdef CONFIG_USE_MIPS16
TARGET_CFLAGS += -mips16 -minterlink-mips16
endif
endif
-ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
- ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
- TARGET_CFLAGS += -Wformat -Werror=format-security
- endif
-endif
-ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
- ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
- TARGET_CFLAGS += -fstack-protector
- TARGET_LDFLAGS += -fstack-protector
- endif
-endif
-ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
- ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
- TARGET_CFLAGS += -fstack-protector-strong
- TARGET_LDFLAGS += -fstack-protector-strong
- endif
-endif
-ifdef CONFIG_PKG_FORTIFY_SOURCE_1
- ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
- TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
- endif
-endif
-ifdef CONFIG_PKG_FORTIFY_SOURCE_2
- ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
- TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
- endif
-endif
-ifdef CONFIG_PKG_RELRO_PARTIAL
- ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
- TARGET_CFLAGS += -Wl,-z,relro
- TARGET_LDFLAGS += -Wl,-z,relro
- endif
-endif
-ifdef CONFIG_PKG_RELRO_FULL
- ifeq ($(strip $(PKG_RELRO_FULL)),1)
- TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
- TARGET_LDFLAGS += -Wl,-z,now -Wl,-z,relro
- endif
-endif
+include $(INCLUDE_DIR)/hardening.mk
include $(INCLUDE_DIR)/prereq.mk
include $(INCLUDE_DIR)/host.mk
include $(INCLUDE_DIR)/unpack.mk
--
GitLab