Original approach to add -no-<pie> flags cause link time behavior changes where packages start to lose the -fPIC -DPIC in compiler cmdline and this list keeps growing as we build more and more packages,
Instead lets just remove the options we dont need from SECURITY_CFLAGS this makes it more robust and less intrusive This also means we do not need to re-add pic options as we started to do for affected packages Signed-off-by: Khem Raj <raj.k...@gmail.com> --- meta/conf/distro/include/security_flags.inc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/meta/conf/distro/include/security_flags.inc b/meta/conf/distro/include/security_flags.inc index 52e1e4ebc5..4e20a4d0f8 100644 --- a/meta/conf/distro/include/security_flags.inc +++ b/meta/conf/distro/include/security_flags.inc @@ -28,13 +28,10 @@ SECURITY_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro,-z,now" SECURITY_X_LDFLAGS ?= "-fstack-protector-strong -Wl,-z,relro" # powerpc does not get on with pie for reasons not looked into as yet -SECURITY_CFLAGS_powerpc = "-fstack-protector-strong ${lcl_maybe_fortify} ${SECURITY_NOPIE_CFLAGS}" -SECURITY_CFLAGS_pn-libgcc_powerpc = "" -SECURITY_CFLAGS_append_powerpc_pn-libdrm = " -fPIC -DPIC" -SECURITY_CFLAGS_append_powerpc_pn-libinput = " -fPIC -DPIC" -SECURITY_CFLAGS_append_powerpc_pn-at-spi2-core = " -fPIC -DPIC" GCCPIE_powerpc = "" GLIBCPIE_powerpc = "" +SECURITY_CFLAGS_remove_powerpc = "${SECURITY_PIE_CFLAGS}" +SECURITY_CFLAGS_pn-libgcc_powerpc = "" SECURITY_CFLAGS_pn-glibc = "" SECURITY_CFLAGS_pn-glibc-initial = "" -- 2.18.0 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core