openwrtv4/include
John Crispin 491f3fc048 Support for building an hardened OpenWRT
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
..
site aarch64: add initial support 2014-11-24 06:33:13 +00:00
autotools.mk autotools.mk: add a gettext-version PKG_FIXUP (#11236) 2012-10-10 17:53:51 +00:00
cmake.mk build: use gcc-provided ar, nm and ranlib where appropriate 2014-12-27 12:59:59 +00:00
debug.mk build: undefine debug helper templates used by subdir.mk if the DEBUG variable is empty, speeds up "make prereq" by 25% when lots of packages are installed 2011-04-03 03:40:01 +00:00
depends.mk change the recursive dependency template to use more make evaluation - the shell command got so long that it triggered "Argument list too long" on some systems (#8231) 2010-11-24 14:07:12 +00:00
device_table.txt image: ensure that /dev/console exist in rootfs images 2013-08-27 12:02:58 +00:00
download.mk include/download.mk: Add download mirrors for tools from GNU Savannah (bug #15184) 2014-10-08 08:01:39 +00:00
feeds.mk build: improve feed handling for opkg.conf 2014-10-16 10:30:16 +00:00
host-build.mk build: prevent spurious host-build re-builds by touching .built after the install command before touching .installed 2014-12-15 20:14:27 +00:00
host.mk build: move the XARGS variable out of the host checks, since a working xargs is built in tools/ 2013-07-10 15:11:29 +00:00
image.mk ramips: convert mt7621 images to new image building code 2015-01-10 15:26:53 +00:00
kernel-build.mk kernel-build.mk: add .NOTPARALLEL 2014-10-12 15:00:19 +00:00
kernel-defaults.mk kernel: allow specifying kernel images to be copied separately from kernel make command line 2014-12-11 15:29:33 +00:00
kernel-version.mk kernel: update 3.14 to 3.14.28 2015-01-11 01:28:32 +00:00
kernel.mk kernel.mk: Handle the x86_64 LINUX_KARCH case 2014-12-12 18:28:13 +00:00
netfilter.mk netfilter: handle NFT_MASQ_IPV6 2015-01-14 08:53:11 +00:00
nls.mk nls.mk: fix build dependency on gettext (#11829) 2012-07-11 10:05:00 +00:00
package-bin.mk include: remove SDK exception from package install targets 2014-07-02 11:39:28 +00:00
package-defaults.mk build: add support for declaring package CONFLICTS which only affect selecting built-in packages 2014-10-05 16:41:33 +00:00
package-dumpinfo.mk generate list of license information for packages 2014-10-26 16:57:33 +00:00
package-ipkg.mk include: unbreak conffiles, postinst & prerm exports 2014-10-24 09:24:51 +00:00
package.mk Support for building an hardened OpenWRT 2015-01-17 14:31:30 +00:00
prereq-build.mk prereq-build: rename the openssl check to libssl, add back the old check - it is required after all 2014-10-20 09:23:55 +00:00
prereq.mk prereq.mk: only define .NOTPARALLEL when processing prereq checks 2014-10-12 15:00:41 +00:00
quilt.mk quilt: add a NO_RECONFIGURE override for compiling a package without re-running Build/Configure 2012-02-13 15:31:28 +00:00
scan.mk Revert "build: use ONESHELL to speed up scanning and the toplevel makefile" 2014-10-22 10:47:26 +00:00
scons.mk fix up scons vs ccache 2012-07-28 21:06:59 +00:00
shell.sh Revert "include/shell.sh: remove getvar()" 2014-10-26 16:18:24 +00:00
subdir.mk build: do not process built-in rules for make subdirs 2014-10-22 08:57:11 +00:00
target.mk target.mk: add default packages for NAS device-type 2014-11-26 08:59:49 +00:00
toolchain-build.mk toolchain: enable parallel build for uClibc, remove the obsolete TOOLCHAIN_PARALLEL config symbol 2012-10-17 13:03:08 +00:00
toplevel.mk sdk: track files with git and use it to implement proper clean targets 2015-01-10 11:17:02 +00:00
uclibc++.mk toolchain: eliminate the INSTALL_LIBSTDCPP config symbol and make c++ support mandatory - fixes recursive config symbol dependency issues 2013-05-09 20:50:49 +00:00
unpack.mk partially revert "build: remove check for nonexistant CONFIG_TAR_VERBOSITY variable and move TAR_OPTIONS to unpack.mk" 2014-03-22 19:52:48 +00:00
verbose.mk build: make the color of the 'configuration out of sync' warning red to make it harder for users to overlook 2013-03-17 21:12:02 +00:00
version.mk version.mk: explicitely filter "generic" subtarget for "%s" placeholder (#18710) 2015-01-10 11:17:11 +00:00