aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndré Draszik <adraszik@tycoint.com>2016-11-25 15:18:03 +0000
committerArmin Kuster <akuster808@gmail.com>2017-01-29 19:06:27 -0500
commit9aba5089bea7df72fff472641070a18c07cb7e5a (patch)
treea21fc4a1bbcb8915bc333f02b93c6e7c314f23d9
parent99fe0daf83c1f16b3c1f5ec596ac8d48fe90c5d2 (diff)
downloadmeta-openembedded-contrib-9aba5089bea7df72fff472641070a18c07cb7e5a.tar.gz
meta-openembedded-contrib-9aba5089bea7df72fff472641070a18c07cb7e5a.tar.bz2
meta-openembedded-contrib-9aba5089bea7df72fff472641070a18c07cb7e5a.zip
meta_oe_security_flags: disable PIE for libdbus-c++
The short version - it ain't working. The long version: For shared libraries made from C++ sources, configure runs some code to determine how to link shared libraries (from libtool.m4) using g++. In particular, it calls g++ ${CFLAGS} -c conftest.c g++ ${CFLAGS} -nostdinc -shared -v conftest.o to then parse the gcc -v output. If CFLAGS contains -pie -fpie, g++ adds Scrt1.o to the objects being linked together to form the final output. Once Scrt1.o is pulled into a shared library, it becomes impossible to link this DSO against a final binary. I didn't investigate why, by I suspect because of -Wl,relro -Wl,now libtool takes note of Scrt1.o (and all other libraries added by gcc, but those don't matter here) and adds it everywhere a shared library is being created, see predep_objects= and postdep_objects= in the 'LIBTOOL TAG CONFIG: CXX' section. In other words, the the shared library created during the build can't be linked against. This includes some applications that are part of the libdbus-c++ source tree, but also any other external user. While I am not sure if the root of the issue is in - gcc (should it really add Scrt1.o despite -shared), or in - libtool (should it filter out -pie -fpie during the configure step), or even in - OE (should it really be adding -pie -fpie to everything, even shared libraries by default and unconditionally), we can make things work by using SECURITY_NO_PIE_CFLAGS instead. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/conf/distro/include/meta_oe_security_flags.inc1
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/conf/distro/include/meta_oe_security_flags.inc b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
index e57cc5bc4b..42fedc2790 100644
--- a/meta-oe/conf/distro/include/meta_oe_security_flags.inc
+++ b/meta-oe/conf/distro/include/meta_oe_security_flags.inc
@@ -1,4 +1,5 @@
# Build errors with the pie options enabled
+SECURITY_CFLAGS_pn-libdbus-c++ = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-lvm2 = "${SECURITY_NO_PIE_CFLAGS}"
SECURITY_CFLAGS_pn-rrdtool = "${SECURITY_NO_PIE_CFLAGS}"