[yocto] Using prelink in Thud and subsequent
Matt Hoosier
matt.hoosier at gmail.com
Fri Jan 4 07:55:38 PST 2019
Okay, fair enough. There's a lot of mechanical configuration in poky,conf
that would be nice to not to maintain a copy of, but that's fine.
On Fri, Jan 4, 2019 at 9:52 AM Burton, Ross <ross.burton at intel.com> wrote:
> Don't use Poky? Your own distro configuration doesn't have to include
> security_flags.inc.
>
> Ross
>
> On Fri, 4 Jan 2019 at 15:50, Matt Hoosier <matt.hoosier at gmail.com> wrote:
> >
> > Hi all,
> >
> > With the following change, position-independent executables became the
> default in Poky:
> >
> > commit 491082c56ce34f3fd644f8d4457ccd52af951087
> > Author: Khem Raj <raj.khem at gmail.com>
> > Date: Fri Jul 27 19:46:14 2018 -0700
> >
> > poky.conf: Enable security flags+pie by defaultEnable security
> flags+pie by
> >
> > This has been an opt-in for so long, some distributions e.g.
> > poky-lsb uses it by default however, since most of linux
> > distros have started to default to these settings for security
> > enhancements, time has come for OE to make it default too
> >
> > This carries the consequence that prelinking no longer really works.
> What's the recommendation for users that want to keep applying whole-system
> prelink optimizations (that is, image-prelink.bbclass)? Manually resetting
> SECURITY_CFLAGS to the empty string after including poky.conf will come
> close to undoing the effect of security_flags.inc, but there are a few
> places its effects will still leak out.
> >
> > -Matt
> > --
> > _______________________________________________
> > yocto mailing list
> > yocto at yoctoproject.org
> > https://lists.yoctoproject.org/listinfo/yocto
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20190104/fb9f72a7/attachment.html>
More information about the yocto
mailing list