distro/defaultsetup: Enable security flags by default

This defaults to including our security flags which use stack-protector-strong
and D_FORTIFY_SOURCE=2 by default, as aids to improve detection of security issues.

This change has been tested in poky for a long time and allows us to align
our default compilation flags and environment.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/conf/distro/defaultsetup.conf b/meta/conf/distro/defaultsetup.conf
index e8f5439a8d92d478943b1e30556629220e9b4251..871fe7b4e883adf9440744e8b81174c05f642c93 100644 (file)
--- a/meta/conf/distro/defaultsetup.conf
+++ b/meta/conf/distro/defaultsetup.conf
@@ -6,6 +6,7 @@ require conf/distro/include/tcmode-${TCMODE}.inc
 require conf/distro/include/tclibc-${TCLIBC}.inc
 
 require conf/distro/include/no-static-libs.inc
+require conf/distro/include/security_flags.inc
 
 require conf/distro/include/uninative-flags.inc
 require conf/distro/include/yocto-uninative.inc