Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44005 3c298f89-4303-0410-b956-a3cf2f4a3e73
It's useful for debugging and safe at the same time as we enable it per
device.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43980 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch completes missing help text for some options under CONFIG_DEVEL.
Provides help for BINARY_FOLDER and DOWNLOAD_FOLDER, and reduces ambiguity in
the help for BUILD_SUFFIX with an example.
Signed-off-by: Andrew McDonnell <bugs@andrewmcdonnell.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42520 3c298f89-4303-0410-b956-a3cf2f4a3e73
Non-functional changes to config/Config-*.in files, including:
* spelling mistakes
* inconsistent terminology
* grammar
* overly long lines in "help" components
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42519 3c298f89-4303-0410-b956-a3cf2f4a3e73
This option will be enabled by default only when cgroups support is enabled.
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42464 3c298f89-4303-0410-b956-a3cf2f4a3e73
The idea is still to enable it by default at some point
I've tested all ar71xx packages (except oldpackages) using CONFIG_ALL=y
Failing packages have been marked with PKG_CHECK_FORMAT_SECURITY:=0 for now
I can test more targets but i have no idea which are the most used
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42282 3c298f89-4303-0410-b956-a3cf2f4a3e73
This allows the selection of a specific branch in the menuconfig
when using a kernel downloaded from GIT.
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40946 3c298f89-4303-0410-b956-a3cf2f4a3e73
The GIT_LOCAL_REPOSITORY option adds the --reference argument to the
git clone kernel command line, if KERNEL_GIT_CLONE_URI is set.
This option is intended to speed-up the repo creation by using local
objets rather than downloading it. However, a local repo can be cloned
much faster by setting GIT_LOCAL_REPOSITORY directly to the local tree.
In that case, git clone will bypass the normal "git aware" transport
mechanism and clone the repository by copying and hardlinking objects
rather than downloading it, resulting in a significant speed increase.
That makes the GIT_LOCAL_REPOSITORY option pretty useless so we'll just
remove it and recommand the usage of KERNEL_GIT_CLONE_URI directly.
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40944 3c298f89-4303-0410-b956-a3cf2f4a3e73
This change does multiple things, all related to enable sparse usage as
a static analysis tool selectable from the OpenWrt configuration:
*add a KERNEL_SPARSE option in the config to add sparse to the kernel
build (through the C=1 option usage)
*add sparse as a new host tools. It will get selected automatically when
the above option will be enabled
Signed-off-by: Mathieu Olivari <mathieu@qca.qualcomm.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40490 3c298f89-4303-0410-b956-a3cf2f4a3e73
Recent lxc versions are not useful if this option is not enabled. That said,
enable KERNEL_POSIX_MQUEUE by default when KERNEL_LXC_MISC is selected.
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39385 3c298f89-4303-0410-b956-a3cf2f4a3e73
Useful when debugging kernel which uses this infrastructure, for
example ubi/ubifs.
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39007 3c298f89-4303-0410-b956-a3cf2f4a3e73