On Tue, Jul 24, 2018 at 12:30 AM ChenQi <qi.c...@windriver.com> wrote: > > Hi Khem, > > The comments in security-flags.inc also needs to be modified to remove > 'poky-lsb' info. > > I'd suggest we still put it into distro conf file (poky.conf) instead of > defaultsetup.conf, because defaultsetup.conf is included by > bitbake.conf. I think things in defaultsetup.conf should be necessary > default values to build things out. I don't think security flags is > necessary to build things out.
this is the default setup, even non-poky users will get consistent experience. > > Also, I got a question when I just looked at this file. > Do you think we should adjust CFLAGS and LDFALGS in security_flags.inc > instead of the current TARGET_CC_ARCH and TARGET_LDFLAGS? in many cases packages do not honor CFLAGS/LDFLAGS say during configure We are naming > variables to SECURITY_CFLAGS and SECURITY_LDFLAGS, it seems that they > belong to CFLAGS and LDFLAGS naturally. But I'm not sure about it. > yes they do, but this makes it easy to override the setting for packages where these options are needed to be overridden or modified. > Best Regards, > Chen Qi > > > On 07/24/2018 03:09 AM, Khem Raj wrote: > > This has been an opt-in for so long, some distributions e.g. > > poky-lsb uses it by default however, since most of linux > > distros have started to default to these settings for security > > enhancements, time has come for OE to make it default too > > > > Signed-off-by: Khem Raj <raj.k...@gmail.com> > > --- > > meta/conf/distro/defaultsetup.conf | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/meta/conf/distro/defaultsetup.conf > > b/meta/conf/distro/defaultsetup.conf > > index ca2f9178d2..352e279596 100644 > > --- a/meta/conf/distro/defaultsetup.conf > > +++ b/meta/conf/distro/defaultsetup.conf > > @@ -1,6 +1,7 @@ > > include conf/distro/include/default-providers.inc > > include conf/distro/include/default-versions.inc > > include conf/distro/include/default-distrovars.inc > > +require conf/distro/include/security_flags.inc > > include conf/distro/include/world-broken.inc > > > > TCMODE ?= "default" > > -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
