diff options
author | Steven Barth <cyrus@openwrt.org> | 2015-06-20 17:37:18 +0000 |
---|---|---|
committer | Steven Barth <cyrus@openwrt.org> | 2015-06-20 17:37:18 +0000 |
commit | fc5f02410f27de8b2b97a8edccb859773094591e (patch) | |
tree | 1f9f3f993475af1553c25b83a27fe551ce4f567f /include/hardening.mk | |
parent | 7b4d039e00b0e29f416c21a022ce2a6db23a4c30 (diff) | |
download | upstream-fc5f02410f27de8b2b97a8edccb859773094591e.tar.gz upstream-fc5f02410f27de8b2b97a8edccb859773094591e.tar.bz2 upstream-fc5f02410f27de8b2b97a8edccb859773094591e.zip |
buildroot: move hardening options into separate file
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46070
Diffstat (limited to 'include/hardening.mk')
-rw-r--r-- | include/hardening.mk | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/include/hardening.mk b/include/hardening.mk new file mode 100644 index 0000000000..8a24b3ca15 --- /dev/null +++ b/include/hardening.mk @@ -0,0 +1,55 @@ +# +# Copyright (C) 2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +PKG_CHECK_FORMAT_SECURITY ?= 1 +PKG_CC_STACKPROTECTOR_REGULAR ?= 1 +PKG_CC_STACKPROTECTOR_STRONG ?= 1 +PKG_FORTIFY_SOURCE_1 ?= 1 +PKG_FORTIFY_SOURCE_2 ?= 1 +PKG_RELRO_PARTIAL ?= 1 +PKG_RELRO_FULL ?= 1 + +ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY + ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1) + TARGET_CFLAGS += -Wformat -Werror=format-security + endif +endif +ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR + ifeq ($(strip $(PKG_CC_STACKPROTECTOR_REGULAR)),1) + TARGET_CFLAGS += -fstack-protector + TARGET_LDFLAGS += -fstack-protector + endif +endif +ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG + ifeq ($(strip $(PKG_CC_STACKPROTECTOR_STRONG)),1) + TARGET_CFLAGS += -fstack-protector-strong + TARGET_LDFLAGS += -fstack-protector-strong + endif +endif +ifdef CONFIG_PKG_FORTIFY_SOURCE_1 + ifeq ($(strip $(PKG_FORTIFY_SOURCE_1)),1) + TARGET_CFLAGS += -D_FORTIFY_SOURCE=1 + endif +endif +ifdef CONFIG_PKG_FORTIFY_SOURCE_2 + ifeq ($(strip $(PKG_FORTIFY_SOURCE_2)),1) + TARGET_CFLAGS += -D_FORTIFY_SOURCE=2 + endif +endif +ifdef CONFIG_PKG_RELRO_PARTIAL + ifeq ($(strip $(PKG_RELRO_PARTIAL)),1) + TARGET_CFLAGS += -Wl,-z,relro + TARGET_LDFLAGS += -zrelro + endif +endif +ifdef CONFIG_PKG_RELRO_FULL + ifeq ($(strip $(PKG_RELRO_FULL)),1) + TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro + TARGET_LDFLAGS += -znow -zrelro + endif +endif + |