1 # SPDX-License-Identifier: GPL-2.0-only
3 # Copyright (C) 2015-2020 OpenWrt.org
5 PKG_CHECK_FORMAT_SECURITY ?
= 1
7 PKG_ASLR_PIE_REGULAR ?
= 0
9 PKG_FORTIFY_SOURCE ?
= 1
12 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
13 ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY
)),1)
14 TARGET_CFLAGS
+= -Wformat
-Werror
=format-security
17 ifdef CONFIG_PKG_ASLR_PIE_ALL
18 ifeq ($(strip $(PKG_ASLR_PIE
)),1)
19 TARGET_CFLAGS
+= $(FPIC
)
20 TARGET_LDFLAGS
+= $(FPIC
) -specs
=$(INCLUDE_DIR
)/hardened-ld-pie.specs
23 ifdef CONFIG_PKG_ASLR_PIE_REGULAR
24 ifeq ($(strip $(PKG_ASLR_PIE_REGULAR
)),1)
25 TARGET_CFLAGS
+= $(FPIC
)
26 TARGET_LDFLAGS
+= $(FPIC
) -specs
=$(INCLUDE_DIR
)/hardened-ld-pie.specs
29 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
30 ifeq ($(strip $(PKG_SSP
)),1)
31 TARGET_CFLAGS
+= -fstack-protector
34 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
35 ifeq ($(strip $(PKG_SSP
)),1)
36 TARGET_CFLAGS
+= -fstack-protector-strong
39 ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
40 ifeq ($(strip $(PKG_SSP
)),1)
41 TARGET_CFLAGS
+= -fstack-protector-all
44 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
45 ifeq ($(strip $(PKG_FORTIFY_SOURCE
)),1)
46 TARGET_CFLAGS
+= -D_FORTIFY_SOURCE
=1
49 ifdef CONFIG_PKG_FORTIFY_SOURCE_2
50 ifeq ($(strip $(PKG_FORTIFY_SOURCE
)),1)
51 TARGET_CFLAGS
+= -D_FORTIFY_SOURCE
=2
54 ifdef CONFIG_PKG_RELRO_PARTIAL
55 ifeq ($(strip $(PKG_RELRO
)),1)
56 TARGET_CFLAGS
+= -Wl
,-z
,relro
57 TARGET_LDFLAGS
+= -zrelro
60 ifdef CONFIG_PKG_RELRO_FULL
61 ifeq ($(strip $(PKG_RELRO
)),1)
62 TARGET_CFLAGS
+= -Wl
,-z
,now
-Wl
,-z
,relro
63 TARGET_LDFLAGS
+= -znow
-zrelro