KumiSystems/openwrtv4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

hardening: make override variables more intuitive

Browse source 
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46119
This commit is contained in:
Steven Barth 2015-06-24 10:57:14 +00:00
parent f4767891c0
commit 6010a1cdb7
1 changed files with 9 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
include/hardening.mk
View file

@ -6,12 +6,9 @@
#
PKG_CHECK_FORMAT_SECURITY ?= 1
PKG_CC_STACKPROTECTOR_REGULAR ?= 1
PKG_CC_STACKPROTECTOR_STRONG ?= 1
PKG_FORTIFY_SOURCE_1 ?= 1
PKG_FORTIFY_SOURCE_2 ?= 1
PKG_RELRO_PARTIAL ?= 1
PKG_RELRO_FULL ?= 1
PKG_SSP ?= 1
PKG_FORTIFY_SOURCE ?= 1
PKG_RELRO ?= 1
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
@ -19,33 +16,33 @@ ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1)
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1)
ifeq ($(strip $(PKG_SSP)),1)
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1)
ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_2
ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1)
ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
endif
endif
ifdef CONFIG_PKG_RELRO_PARTIAL
ifeq ($(strip $(PKG_RELRO_PARTIAL)),1)
ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,relro
TARGET_LDFLAGS += -zrelro
endif
endif
ifdef CONFIG_PKG_RELRO_FULL
ifeq ($(strip $(PKG_RELRO_FULL)),1)
ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
TARGET_LDFLAGS += -znow -zrelro
endif