projects
/
openwrt
/
staging
/
chunkeey.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
target.mk: let profile remove from DEFAULT_PACKAGES
[openwrt/staging/chunkeey.git]
/
include
/
hardening.mk
diff --git
a/include/hardening.mk
b/include/hardening.mk
index c1f0bcb19e404eb35f160052bf1d3375efdb0d2e..06a61789ef6bcc75bcbd6322bb71538a72f7199f 100644
(file)
--- a/
include/hardening.mk
+++ b/
include/hardening.mk
@@
-6,46
+6,50
@@
#
PKG_CHECK_FORMAT_SECURITY ?= 1
#
PKG_CHECK_FORMAT_SECURITY ?= 1
-PKG_CC_STACKPROTECTOR_REGULAR ?= 1
-PKG_CC_STACKPROTECTOR_STRONG ?= 1
-PKG_FORTIFY_SOURCE_1 ?= 1
-PKG_FORTIFY_SOURCE_2 ?= 1
-PKG_RELRO_PARTIAL ?= 1
-PKG_RELRO_FULL ?= 1
+PKG_ASLR_PIE ?= 1
+PKG_SSP ?= 1
+PKG_FORTIFY_SOURCE ?= 1
+PKG_RELRO ?= 1
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
TARGET_CFLAGS += -Wformat -Werror=format-security
endif
endif
+ifdef CONFIG_PKG_ASLR_PIE
+ ifeq ($(strip $(PKG_ASLR_PIE)),1)
+ TARGET_CFLAGS += -fPIC
+ TARGET_LDFLAGS += -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
+ endif
+endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
- ifeq ($(strip $(PKG_
CC_STACKPROTECTOR_REGULAR
)),1)
+ ifeq ($(strip $(PKG_
SSP
)),1)
TARGET_CFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
TARGET_CFLAGS += -fstack-protector
endif
endif
ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
- ifeq ($(strip $(PKG_
CC_STACKPROTECTOR_STRONG
)),1)
+ ifeq ($(strip $(PKG_
SSP
)),1)
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
TARGET_CFLAGS += -fstack-protector-strong
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_1
- ifeq ($(strip $(PKG_FORTIFY_SOURCE
_1
)),1)
+ ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_2
TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
endif
endif
ifdef CONFIG_PKG_FORTIFY_SOURCE_2
- ifeq ($(strip $(PKG_FORTIFY_SOURCE
_2
)),1)
+ ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
endif
endif
ifdef CONFIG_PKG_RELRO_PARTIAL
TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
endif
endif
ifdef CONFIG_PKG_RELRO_PARTIAL
- ifeq ($(strip $(PKG_RELRO
_PARTIAL
)),1)
+ ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,relro
TARGET_LDFLAGS += -zrelro
endif
endif
ifdef CONFIG_PKG_RELRO_FULL
TARGET_CFLAGS += -Wl,-z,relro
TARGET_LDFLAGS += -zrelro
endif
endif
ifdef CONFIG_PKG_RELRO_FULL
- ifeq ($(strip $(PKG_RELRO
_FULL
)),1)
+ ifeq ($(strip $(PKG_RELRO)),1)
TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
TARGET_LDFLAGS += -znow -zrelro
endif
TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
TARGET_LDFLAGS += -znow -zrelro
endif