]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
distro/defaultsetup: Enable security flags by default
authorRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 21 Feb 2026 08:42:29 +0000 (08:42 +0000)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 23 Feb 2026 18:02:43 +0000 (18:02 +0000)
This defaults to including our security flags which use stack-protector-strong
and D_FORTIFY_SOURCE=2 by default, as aids to improve detection of security issues.

This change has been tested in poky for a long time and allows us to align
our default compilation flags and environment.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/conf/distro/defaultsetup.conf

index e8f5439a8d92d478943b1e30556629220e9b4251..871fe7b4e883adf9440744e8b81174c05f642c93 100644 (file)
@@ -6,6 +6,7 @@ require conf/distro/include/tcmode-${TCMODE}.inc
 require conf/distro/include/tclibc-${TCLIBC}.inc
 
 require conf/distro/include/no-static-libs.inc
+require conf/distro/include/security_flags.inc
 
 require conf/distro/include/uninative-flags.inc
 require conf/distro/include/yocto-uninative.inc