git.openwrt.org Git - openwrt/svn-archive/archive.git/commit

author	John Crispin <john@openwrt.org>
	Sat, 17 Jan 2015 14:31:30 +0000 (14:31 +0000)
committer	John Crispin <john@openwrt.org>
	Sat, 17 Jan 2015 14:31:30 +0000 (14:31 +0000)
commit	90a80053e45ae19563e4ac496d361def7e0dc5c4
tree	0c452dab7c8c558619ded2285a7e804a6ce4b1d7	tree \| snapshot
parent	b204ef8023c453bb2720522cfca617b9a8aeab30	commit \| diff

Support for building an hardened OpenWRT

Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005

config/Config-build.in		diff \| blob \| history
include/package.mk		diff \| blob \| history
package/network/services/hostapd/Makefile		diff \| blob \| history
toolchain/uClibc/common.mk		diff \| blob \| history