| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 |
- # SPDX-License-Identifier: GPL-2.0-only
- #
- # Copyright (C) 2015-2020 OpenWrt.org
- PKG_CHECK_FORMAT_SECURITY ?= 1
- PKG_ASLR_PIE ?= 1
- PKG_ASLR_PIE_REGULAR ?= 0
- PKG_SSP ?= 1
- PKG_FORTIFY_SOURCE ?= 1
- PKG_RELRO ?= 1
- ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
- ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
- TARGET_CFLAGS += -Wformat -Werror=format-security
- endif
- endif
- ifdef CONFIG_PKG_ASLR_PIE_ALL
- ifeq ($(strip $(PKG_ASLR_PIE)),1)
- TARGET_CFLAGS += $(FPIC)
- TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
- endif
- endif
- ifdef CONFIG_PKG_ASLR_PIE_REGULAR
- ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1)
- TARGET_CFLAGS += $(FPIC)
- TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
- endif
- endif
- ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
- ifeq ($(strip $(PKG_SSP)),1)
- TARGET_CFLAGS += -fstack-protector
- endif
- endif
- ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
- ifeq ($(strip $(PKG_SSP)),1)
- TARGET_CFLAGS += -fstack-protector-strong
- endif
- endif
- ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
- ifeq ($(strip $(PKG_SSP)),1)
- TARGET_CFLAGS += -fstack-protector-all
- endif
- endif
- ifdef CONFIG_PKG_FORTIFY_SOURCE_1
- ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
- TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
- endif
- endif
- ifdef CONFIG_PKG_FORTIFY_SOURCE_2
- ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
- TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
- endif
- endif
- ifdef CONFIG_PKG_RELRO_PARTIAL
- ifeq ($(strip $(PKG_RELRO)),1)
- TARGET_CFLAGS += -Wl,-z,relro
- TARGET_LDFLAGS += -zrelro
- endif
- endif
- ifdef CONFIG_PKG_RELRO_FULL
- ifeq ($(strip $(PKG_RELRO)),1)
- TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
- TARGET_LDFLAGS += -znow -zrelro
- endif
- endif
|
