[Buildroot] [PATCH v2, 2/2] lxc: fix build without stack protector

Baruch Siach baruch at tkos.co.il
Tue Dec 4 08:39:37 UTC 2018


Hi Thomas,

On Tue, Dec 04, 2018 at 09:31:42AM +0100, Thomas Petazzoni wrote:
> On Tue, 4 Dec 2018 10:15:11 +0200, Baruch Siach wrote:
> > > The question is whether we want SSP support to be enabled as soon as
> > > the toolchain *has* SSP support, or only when the user explicitly
> > > request SSP support using BR2_SSP_{REGULAR,STRONG,ALL} ?
> > > 
> > > This is a real policy decision:
> > > 
> > >  - Do we let the packages default to what they think is good (of course
> > >    as long as the toolchain provides what's needed) ?
> > > 
> > >  - Or do we enforce the system-level configuration options that
> > >    Buildroot has ?  
> > 
> > I think we should let upstream packages decide when to enable SSP. This patch, 
> > however, disables SSP unconditionally, AFAICS. I don't think we want to do 
> > that. So I suggest to force SSP disable only when BR2_TOOLCHAIN_HAS_SSP is 
> > disabled.
> 
> Well, Fabrice patch doesn't really disable SSP unconditionally: it
> tells the package to never enable SSP on its own.
> 
> However, if one of the global BR2_SSP_{REGULAR,STRONG,ALL} options are
> enabled, the compiler wrapper will properly build everything with SSP
> support, including lxc. So basically, Fabrice's patch is a correct
> implementation for the option (2) I described above.
> 
> I don't (yet?) have a strong opinion on which of the two options we
> want to chose, but Fabrice's solution does implement one of them
> correctly :)

Thanks for the clarification. I guess we need at least a comment to clarify 
that.

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -


More information about the buildroot mailing list