[Buildroot] [PATCH 1/4] package/Makefile.in: Do not use CPPFLAGS for hardening options
Sørensen, Stefan
Stefan.Sorensen at spectralink.com
Wed Apr 25 13:08:18 UTC 2018
On Wed, 2018-04-25 at 07:50 -0500, Matthew Weber wrote:
> Thanks for sending this series. When we added the initial support we
> debated on doing a few things differently at some point with how this
> is implemented. First, Buildroot uses a toolchain wrapper where it
> could inject these flags vs appending like the current design does.
Personally I prefer that flags are appended - when injecting them
through the wrapper, they are invisible in the build logs.
> Lastly there was discussion at the late developer days on integrating
> the checksec scripting so there was a way to do some validation of
> settings taking affect as part of new Buildroot test cases.
I am working on integrating support for the annobin gcc plugin and
adding a check step for hardening. I hope to have a RFC patch ready
next week.
Stefan
More information about the buildroot
mailing list