Commit Graph

335 Commits

Author SHA1 Message Date
Julien Olivain
2f54c2a841 security hardening: add support for glibc _FORTIFY_SOURCE=3
A new _FORTIFY_SOURCE=3 level was introduced in glibc, in commit:
https://sourceware.org/git/?p=glibc.git;a=commit;h=c43c5796121bc5bcc0867f02e5536874aa8196c1

This commit was first included glibc 2.33. At that time, it was only
supported by llvm/clang 9, and not by any released gcc version.

To support _FORTIFY_SOURCE=3, the needed gcc features were introduced
in version 12. The gcc 12 support was added in glibc commit:
https://sourceware.org/git/?p=glibc.git;a=commit;h=86bf0feb0e3ec8e37872f72499d6ae33406561d7
This commit was first included in glibc 2.35.

Buildroot updated to glibc 2.35 in commit:
https://git.buildroot.org/buildroot/commit/?id=68d0aede597d32816c5b2ff32de0ce33cc14eb93

Buildroot introduced gcc 12 support in commit:
https://git.buildroot.org/buildroot/commit/?id=0f1ad4fc93286adaba852c99d6e1c2565b5c4258

Support for _FORTIFY_SOURCE=3 can now be added.

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-12-31 18:41:58 +01:00
Peter Seiderer
add21fd600 Config.in: update default CPAN mirror to https, update mirrors URL
The http site automatically redirects to the https variant, so let's
just use that as the default.

The mirror list URL http://search.cpan.org/mirror seems outdated
(re-directed to https://metacpan.org/mirrors aka 'Not Found - The
resource you requested could not be found.').

The closest matching URLs we found were:

  https://www.cpan.org/SITES.html
  http://mirrors.cpan.org/map.html
  http://mirrors.cpan.org/

That last one has all the list, so we use that; the second is a world
map, so we also include it.

Sadly, neither of the mirrors list (table or map) are served as https;
they are only available as http...

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[yann.morin.1998@free.fr:
  - add a little blurb to explain http->https redirect
  - update the mirror list URL, and...
  - extend commit message with original explanations from Peter, and..
  - notice that they are not served via https...
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-12-21 14:03:25 +01:00
Arnout Vandecappelle (Essensium/Mind)
5e050a8849 Config.in: move toolchain menu before build options
Many of the build options depend on the toolchain configuration. In
addition, it's pretty logical that you select first target architecture,
then the toolchain, and only then things like debug and pic/pie.
Therefore, move the "Toolchain" menu before the "Build options" menu
instead of after.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-27 11:11:19 +02:00
Arnout Vandecappelle (Essensium/Mind)
90932b407c toolchain: invert glibc <-> !static dependency
Currently, glibc depends on !BR2_STATIC_LIBS in all the toolchain
variants.

However, for some architectures, glibc is the only supported libc. In
commit 3b3105328e ("Config.in: only
allow BR2_STATIC_LIBS on supported libc/arch"), we implemented a fix
to avoid configurations were BR2_STATIC_LIBS=y with an architecture
already supported by glibc, because these configurations are
impossible. This commit 3b3105328e
prevents from selecting BR2_STATIC_LIBS=y when the C library used for
the internal toolchain backend is glibc.

However, it introduces a discrepency between how this topic is handled
for internal and external toolchains:

 - For internal toolchains, we prevent BR2_STATIC_LIBS=y if glibc is
   chosen.

 - For external toolchains, we allow BR2_STATIC_LIBS=y in all cases,
   and it's each glibc toolchain that has !BR2_STATIC_LIBS

This commit addresses this discrepency by preventing BR2_STATIC_LIBS=y
if glibc is chosen in all cases.

Thanks to this, we can remove the !BR2_STATIC_LIBS dependency on both
the glibc package, and all glibc external toolchains.

Fixes: https://bugs.busybox.net/show_bug.cgi?id=14256

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
[Thomas: update to master, fix the gen-bootlin-toolchains script, add
a comment in the static/shared choice to indicate that static is
supported only with uclibc or musl]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-27 11:11:19 +02:00
Arnout Vandecappelle (Essensium/Mind)
fb51422780 Config.in: add new option BR2_ENABLE_LTO to globally enable LTO
Some packages have a configure option to enable LTO. Add a global option
to enable/disable this in packages.

Note that we could instead (or in addition) pass -flto directly to the
compiler in the toolchain wrapper, but that has a *much* bigger impact,
so for the time being let's not do that.

No toolchain dependency is added for this, because all toolchains now
support LTO.
- LTO support was merged in GCC years before 4.6 (our minimal version)
  was released.
- Our oldest external toolchain, Sourcery ARM 2014.05, has LTO support.
- For our internal toolchains, it is supposedly regulated by
  BR2_GCC_ENABLE_LTO. However, that option only *enables* it - it
  doesn't disable LTO support when it's not provided. Since LTO support
  defaults to enabled for a long time already in GCC, in practice all
  Buildroot-generated toolchains do support LTO.

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-26 21:53:52 +02:00
Damien Le Moal
9db5eb258c package/elf2flt: Remove Config.in.host
There is no need to have configuration files direbtly set the
BR2_PACKAGE_HOST_ELF2FLT option. The need for the elf2flt utility is
automatically determined by gcc build in package/gcc/gcc.mk according to
the BR2_BINFMT_FLAT option.

Accordingly, we can remove the file package/elf2flt/Config.in.host to
get rid of the BR2_PACKAGE_HOST_ELF2FLT option. BR2_STRIP_strip
dependency on this option is replaced with a dependency on
BR2_BINFMT_ELF.

To stay consistent with the fact that elf2flt supports only the arm, sh,
sparc, xtensa and riscv-64 architectures, a dependency on these
architectures is added to the BR2_BINFMT_FLAT option in arch/Config.in.

Board configuration files setting the BR2_PACKAGE_HOST_ELF2FLT option
are also updated.

Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-07-23 16:38:54 +02:00
James Hilliard
3b3105328e Config.in: only allow BR2_STATIC_LIBS on supported libc/arch
It is currently possible to select BR2_STATIC_LIBS while
BR2_TOOLCHAIN_BUILDROOT is selected even when there are no buildroot
toolchains that support BR2_STATIC_LIBS for the selected architecture.

Add BR2_TOOLCHAIN_BUILDROOT_STATIC_LIBS_SUPPORTS so that we can
disable the selection of BR2_STATIC_LIBS when using an unsupported
architecture.

Fixes:
 - http://autobuild.buildroot.net/results/4da59af8193376ec893321c4c2aaf1d25598502d
 - http://autobuild.buildroot.net/results/1950348218a4f097f078d158977c13f8b0a97d6e
 - http://autobuild.buildroot.net/results/2f03f2be32ad9898a990f6f0264d8c8d51991eb1

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
[yann.morin.1998@free.fr: add back James' SoB from:
    https://lore.kernel.org/buildroot/20220516210756.3093190-1-james.hilliard1@gmail.com/
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-06-06 15:14:05 +02:00
Thomas Preston
16f660f8ce support/download: Add SFTP support
Add Secure File Transfer Program (SFTP) support using a simple wrapper.
SFTP is a common protocol used to transfer files securely between
enterprises, but it is not currently supported in Buildroot because all
of the packages are usually available via HTTP, git or some other
download method.

SFTP is similar to FTP but it preforms all operations over an encrypted
SSH transport using a specific protocol. This is unlike ftps, which is
traditional FTP over an SSL/TLS connection.

Signed-off-by: Thomas Preston <thomas.preston@codethink.co.uk>
Signed-off-by: Michael Drake <michael.drake@codethink.co.uk>
[Arnout:
 - update documentation with sftp everywhere scp is mentioned;
 - rename "verbose" variable to "quiet";
 - print the sftp command, similar to wget and scp helpers.
]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2022-01-06 09:34:05 +01:00
Romain Naour
2e94aeed1a Config.in: disable Fortify Source for microblaze
As reported by Toolchain-builder project [1], the microblaze glibc
toolchain creates a system that doesn't boot when FORTIFY_SOURCE is
enabled: the init process hangs.

Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].

Note: for completeness, BR2_RELRO_PARTIAL was manually tested and it
does boot.

[1] https://gitlab.com/bootlin/toolchains-builder/-/jobs/1467624500
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Giulio Benetti <giulio.benetti@benettiengineering.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-08-23 23:08:05 +02:00
Romain Naour
d120f84460 Config.in: disable PIC/PIE for microblaze
As reported by Toolchain-builder project [1], the system doesn't
boot when PIC/PIE is enabled for glibc based toolchain (the init
process hang).

Also, hardening features may not be wanted or possible for such
slow soft-core cpus [2].

Like for NiosII, disable BR2_PIC_PIE.

[1] https://gitlab.com/bootlin/toolchains-builder/-/pipelines/318038406
[2] http://lists.busybox.net/pipermail/buildroot/2021-June/312416.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-25 15:48:13 +02:00
Thomas Petazzoni
70dd4bd156 Config.in: add BR2_PIC_PIE_ARCH_SUPPORTS hidden option
The nios2 architecture is already excluded from PIC/PIE due to issues,
and we're going to also exclude Microblaze, so let's introduce a
BR2_PIC_PIE_ARCH_SUPPORTS hidden boolean to facilitate adding this new
architecture exclusion.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-25 15:48:13 +02:00
Peter Korsgaard
8d07baab43 Merge branch 'next'
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-06-07 17:14:37 +02:00
Thomas De Schampheleire
b7939fe2a0 core: introduce BR2_ENABLE_RUNTIME_DEBUG
Some packages have optional runtime assertions, extra traces, or other
elements that can help in debugging problems. However, such runtime elements
can negatively influence performance.

In a test program performing 100K gRPC calls from a client to a local server
and receiving the returned response, we see following execution time:

    - runtime debug enabled: 1065 seconds
    - runtime debug disabled:  48 seconds

This is more than a factor 20 (!) difference. Analysis shows that the
problem mostly stems from libabseil-cpp (a dependency of gRPC) which enables
mutex deadlock analysis when the preprocessor flag 'NDEBUG' is not set,
which adds a 'backtrace()' call on every lock/unlock.  Potentially worse,
when libunwind is enabled and linked with the test program, 'backtrace()' is
not provided by glibc but by libunwind itself.

For production systems, users expect good performance out-of-the-box. In the
example above, the difference is huge and unless explicitly tested and
analyzed, users may not realize that the performance could be much better.

Address this problem by introducing a new option BR2_ENABLE_RUNTIME_DEBUG,
which can be used by packages or package infrastructures to set the
necessary flags.

Note that BR2_ENABLE_RUNTIME_DEBUG is orthogonal to BR2_ENABLE_DEBUG: the
former changes runtime behavior, while the latter is only expected to add
debug symbols to the build. Today, the cmake build system does introduce a
runtime impact when BR2_ENABLE_DEBUG is set, but that will be rectified in a
subsequent commit.

Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-06-01 22:39:23 +02:00
Romain Naour
6b4b63a571 Config.in: disable PIC/PIE for Nios2
Recently in Buildroot the option BR2_PIC_PIE has been enabled by default along
with other hardening features [1]. Since then the nios2 defconfig
qemu_nios2_10m50_defconfig is failing to boot due to a segfault in init program:

Run /init as init process
  with arguments:
    /init
  with environment:
    HOME=/
    TERM=linux
Failed to execute /init (error -12)

See Buildroot build log and Qemu runtime test log in build artifacts [2].

Analyzing one of the binary with strace show that the problem occur
very early when starting the new process:

 # strace ./busybox
 execve("./busybox", ["./busybox"], 0x7f91ce90 /* 10 vars */) = -1 ENOMEM
(Cannot allocate memory)
 +++ killed by SIGSEGV +++

Several binutils/glibc/gcc version has been tested without any success.

The issue has been reported to the glibc mailing list but it can be a linker
or kernel bug [3].

For the Buildroot 2021.05 release, disable BR2_PIC_PIE until the problem is
found and fixed.

Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889

[1] https://git.buildroot.net/buildroot/commit/?id=810ba387bec3c5b6904e8893fb4cb6f9d3717466
[2] https://gitlab.com/buildroot.org/buildroot/-/jobs/1285145889
[3] https://sourceware.org/pipermail/libc-alpha/2021-May/126912.html

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-06-01 21:47:51 +02:00
Fabrice Fontaine
50739073d6 Config.in: put back legacy comment for BR2_ENABLE_SSP
Put back legacy comment for BR2_ENABLE_SSP which was dropped with commit
810ba387be

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-04 22:35:14 +02:00
Fabrice Fontaine
810ba387be Config.in: enable FORTIFY_SOURCE, PIC/PIE, RELRO, SSP by default
Enhance security by enabling FORTIFY_SOURCE, PIC/PIE, RELRO and SSP by
default.

For SSP, SSP-all can have a significant impact on performance, so we do
not want to enable that unconditionally; instead we use SSP-strong if
available (since gcc-4.9), and resort to SSP-regular otherwise. People
who really, like really-really want to use SSP-all will still have to
enable it explicitly.

For FORTIFY, level 2 may change the behaviour of some glibc functions,
so may crash conforming programs, so may have adverse effects. As such,
we choose level 1 as the default, as it does not change the behaviour
of any function.

This could help making IoT more secure and fight against the assumption
that buildroot does not support binary hardening (see
https://cyber-itl.org/2019/08/26/iot-data-writeup.html)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - relax SSP to strong when available, regular otherwise
  - extend commit log to explain why SSP-all is not used
  - extend commit log to explain why FORTIFY level 2 is not used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-03 22:23:11 +02:00
Fabrice Fontaine
3e186cee00 Config.in: update BR2_OPTIMIZE_FAST prompt and help text
Update label as suggested by Stéphane Veyret, as -Ofast is potentially
dangerous, and may break packages.

Fixes:

 - https://bugs.buildroot.org/show_bug.cgi?id=13046

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-18 16:05:01 +02:00
Kamel Bouhara
e068f33700 support/dependencies: add BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
Some packages requires support on the build machine to create gcc
plugins. This commit adds a blind option,
BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT, which such packages can
select. When this option is enabled, the logic in support/dependencies
verifies that everything needed on the build machine to build gcc
plugins is available.

Signed-off-by: Kamel Bouhara <kamel.bouhara@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-07-12 11:20:27 +02:00
Peter Korsgaard
22e833af5e Config.in: drop BR2_NEEDS_HOST_{JAVAC,JAR}
With classpath removed, no packages select these symbols any more - So drop
them and their corresponding logic in dependencies.sh / genrandconfig.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-03-03 23:55:48 +01:00
Romain Naour
1776190fb1 Config.in: add BR2_HOST_GCC_AT_LEAST_9
Fedora 30 switched to GCC 9.x. [1]

[1] https://fedoraproject.org/wiki/Changes/GCC9

Signed-off-by: Romain Naour <romain.naour@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-02-25 23:21:50 +01:00
Thomas Petazzoni
058dc9aa0b Config.in: ensure BR2_SSP_STRONG can only be selected if supported
This commit ensures that BR2_SSP_STRONG cannot be chosen if the
toolchain doesn't support strong SSP.

Fixes:

  http://autobuild.buildroot.net/results/cba93a681d10692c4e4c5584e4c962bd18a608d4/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-20 22:58:03 +01:00
Thomas Petazzoni
c4e6d5c8be core: implement per-package SDK and target
This commit implements the core of the move to per-package SDK and
target directories. The main idea is that instead of having a global
output/host and output/target in which all packages install files, we
switch to per-package host and target directories, that only contain
their explicit dependencies.

There are two main benefits:

 - Packages will now see only the dependencies they explicitly list in
   their <pkg>_DEPENDENCIES variable, and the recursive dependencies
   thereof.

 - We can support top-level parallel build properly, because a package
   only "sees" its own host directory and target directory, isolated
   from the build of other packages that can happen in parallel.

It works as follows:

 - A new output/per-package/ directory is created, which will contain
   one sub-directory per package, and inside it, a "host" directory
   and a "target" directory:

   output/per-package/busybox/target
   output/per-package/busybox/host
   output/per-package/host-fakeroot/target
   output/per-package/host-fakeroot/host

   This output/per-package/ directory is PER_PACKAGE_DIR.

 - The global TARGET_DIR and HOST_DIR variable now automatically point
   to the per-package directory when PKG is defined. So whenever a
   package references $(HOST_DIR) or $(TARGET_DIR) in its build
   process, it effectively references the per-package host/target
   directories. Note that STAGING_DIR is a sub-dir of HOST_DIR, so it
   is handled as well.

 - Of course, packages have dependencies, so those dependencies must
   be installed in the per-package host and target directories. To do
   so, we simply rsync (using hard links to save space and time) the
   host and target directories of the direct dependencies of the
   package to the current package host and target directories.

   We only need to take care of direct dependencies (and not
   recursively all dependencies), because we accumulate into those
   per-package host and target directories the files installed by the
   dependencies. Note that this only works because we make the
   assumption that one package does *not* overwrite files installed by
   another package.

   This is done for "extract dependencies" at the beginning of the
   extract step, and for "normal dependencies" at the beginning of the
   configure step.

This is basically enough to make per-package SDK and target work. The
only gotcha is that at the end of the build, output/target and
output/host are empty, which means that:

 - The filesystem image creation code cannot work.

 - We don't have a SDK to build code outside of Buildroot.

In order to fix this, this commit extends the target-finalize step so
that it starts by populating output/target and output/host by
rsync-ing into them the target and host directories of all packages
listed in the $(PACKAGES) variable. It is necessary to do this
sequentially in the target-finalize step and not in each
package. Doing it in package installation means that it can be done in
parallel. In that case, there is a chance that two rsyncs are creating
the same hardlink or directory at the same time, which makes one of
them fail.

This change to per-package directories has an impact on the RPATH
built into the host binaries, as those RPATH now point to various
per-package host directories, and no longer to the global host
directory. We do not try to rewrite such RPATHs during the build as
having such RPATHs is perfectly fine, but we still need to handle two
fallouts from this change:

 - The check-host-rpath script, which verifies at the end of each
   package installation that it has the appropriate RPATH, is modified
   to understand that a RPATH to $(PER_PACKAGE_DIR)/<pkg>/host/lib is
   a correct RPAT.

 - The fix-rpath script, which mungles the RPATH mainly for the SDK
   preparation, is modified to rewrite the RPATH to not point to
   per-package directories. Indeed the patchelf --make-rpath-relative
   call only works if the RPATH points to the ROOTDIR passed as
   argument, and this ROOTDIR is the global host directory. Rewriting
   the RPATH to not point to per-package host directories prior to
   this is an easy solution to this issue.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-11-29 14:24:05 +01:00
Fabrice Fontaine
de3fa43891 Config.in: disable PIC/PIE if the toolchain does not support PIE
m68k does not seem to really support PIE as it raises the following
build failure with aer-inject:
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: /usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/m68k-buildroot-linux-uclibc/sysroot/usr/lib/Scrt1.o: in function `lib_main':
(.text+0x4): undefined reference to `__shared_flat_add_library'
/usr/lfs/hdd_v1/rc-buildroot-test/scripts/instance-1/output/host/opt/ext-toolchain/bin/../lib/gcc/m68k-buildroot-linux-uclibc/7.4.0/../../../../m68k-buildroot-linux-uclibc/bin/ld: final link failed: bad value

We also have another build failure with uclibc on microblazeel:
/home/buildroot/autobuild/instance-1/output-1/host/lib/gcc/microblazeel-buildroot-linux-uclibc/8.3.0/../../../../microblazeel-buildroot-linux-uclibc/bin/ld: final link failed: bad value
collect2: error: ld returned 1 exit status
Makefile.in:114: recipe for target '../utils/getconf' failed

So add a BR2_TOOLCHAIN_SUPPORTS_PIE dependency on BR2_PIC_PIE

Fixes:
 - http://autobuild.buildroot.net/results/4cdd6f0368cc9d3c6e88f01b1a8929eb0839b638
 - http://autobuild.buildroot.net/results/a82a484409149d7f9aff6140ddcb89f627f508c7

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-28 08:43:22 +01:00
Yann E. MORIN
55fc80260b packages: host gcc >= 4.8 is now guaranteed
... so we can drop all config options about it and previous versions.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-10-27 10:00:29 +01:00
Yann E. MORIN
edf32b021c core: split generated kconfig file
Currently, the kconfig part contains two things: the kconfig option
with the paths to br2-external trees, and the kconfig menus for the
br2-external trees.

When we want to include more kconfig files from the br2-external tree
(e.g. to get definitions for pre-built toolchains), we will need to
have the paths defined earlier, so they can be used from the br2-external
tree to include files earlier than the existing menus.

Split the generated kconfig file in two: one to define the paths, which
gets included early in our main Config.in, and one to actually define
the existing menus, which still gets included at the same place they
currently are.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-04 00:13:37 +02:00
Yann E. MORIN
814f6e19e7 toolchain: allow PIC/PIE without RELRO
In commit 7484c1c3b8 (toolchain/toolchain-wrapper: add BR2_RELRO_),
we added the PIC/PIE flags, but based on the RELRO_FULL condition.

It is however totally possible to do a PIC/PIE executable without
RELRO_FULL, as it is also valid to do a PIC/PIE build with RELRO_PARTIAL.

Add a new option that now governs the PIC/PIE flags.

Note: it is unknown if RELRO_FULL really needs PIC/PIE or not, so we
keep the current situation, where RELRO-FULL forces PIC/PIE compilation.
Decoupling can come later from an interested party.

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-03 23:19:36 +02:00
Yann E. MORIN
51db8974f7 toolchain: -fstack-protector-strong can be back-ported
Currently, use of -fstack-protector-strong is only available for gcc
starting with 4.9, on the assumption that it appeared with that version.

Although this is true, it happens that quite a few vendors will have
back-ported -fstack-protector-strong to older gcc versions (at least 4.8
seen in the wild).

Remove the guard against gcc>=4.9, and expand the help text.

Note: we could have changed the guard to something like:
    depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || BR2_TOOLCHAIN_EXTERNAL_CUSTOM

However, the latest gcc we support in the internal toolchain now *is*
gcc-4.9, and similarly all external toolchains except Sourcery ARM are
4.9 or higher. So except for the Sourcery toolchain, the condition would
have always been true. For that one toolchain, we can allow it to hit
the SSP check, and just drop the condition entirely.

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-08-03 23:19:36 +02:00
Yann E. MORIN
54af0551b8 core: move generated .br2-external kconfig file to $(BASE_DIR)
Currently, that file is generated rather late in the configuration
process, so BUILD_DIR is known (and exists) by then.

We're soon to generate that file much earlier, at a point where
BUILD_DIR is not yet known, so we have two options:
 1- declare BUILD_DIR earlier;
 2- generate the file in an already-known location.

We go with the second solution, as we're already generating a
br2-external related file in BASE_DIR, so we can as well generate all
br2-external files in the same place.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Vadim Kochan <vadim4j@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-08-03 21:51:40 +02:00
Yann E. MORIN
b8ec113eb1 toolchain: set the ssp gcc option in kconfig
Currently, we repeat all the SSP level selection deep down to the
toolchain wrapper itself, where we eventually translate it to the
actual SSP option to use. This is a bit redundant.

Additionally, we will want to check that the toolchain actually
supports that option (for those toolchain where it was backported).

So, move the translation into kconfig, and add the qstrip'ed value
to the additional flags passed to the wrapper. Add it before
user-supplied opitons, to keep the previous behaviour (and allow
anyone crazy-enough to override it with BR2_TARGET_OPTIMIZATION).

Signed-off-by: "Yann E. MORIN" <yann.morin@orange.com>
Cc: Matt Weber <matthew.weber@rockwellcollins.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Reviewed-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-03-13 00:01:55 +01:00
Bryce Ferguson
3f1b965bc3 infra: add force build flag for host dependencies
This commit adds a config option which will force buildroot to
build all host dependencies even if they are already present on the
host system. This may be a desirable option if different hosts are
used to build the same source. In this case, some packages will be
built on one host that are not built on another. This is problematic
if build source archives are cached afterwards for offline builds.

Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Bryce Ferguson <bryce.ferguson@rockwellcollins.com>
Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com>
[Peter: reword, drop exit 1, reshuffle]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-04 15:52:44 +01:00
Yann E. MORIN
db9473bf6c core/download: drop the SSH command
The ssh command was added back in 2011 with commit c61788f09 (GENTARGETS:
add support for scp://) and was used to check that the remote file
existed, back when we supported 'make source-check'.

However, in 2017, with commit bf28a165d (pkg-{download, generic}: remove
source-check), we actually removed support for source-check.

The SSH command however was not removed then, and stuck, even though
nothing ever uses it It is not even exported in the environment, and scp
does not use it either (it has -S to specify an ssh-compatible program).

Get rid of it.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-11-19 22:11:31 +01:00
Romain Naour
a75ee0e812 Config.in: security hardening: disable FORTIFY_SOURCE for gcc < 6
As reported in the bug report [1], gcc < 6 doesn't build when
FORTIFY_SOURCE is set to 1 or 2. The issue is related to the
upstream bug report [2] but the patch fixing the issue for gcc 6
has not been backported to earlier gcc versions.

Add a dependency on gcc at least version 6 to BR2_FORTIFY_SOURCE_1
and BR2_FORTIFY_SOURCE_2.

[1] https://bugs.busybox.net/show_bug.cgi?id=11476
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
[3] 55f12fce4c

Signed-off-by: Romain Naour <romain.naour@gmail.com>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Peter: only limit for internal toolchain as suggested by Matthew]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-11-06 08:54:25 +01:00
Yann E. MORIN
3950e69dad core: support host gcc of the future
When we do a release, we know only of a set of gcc versions that the
host may have. But in the future, distributions with newer gcc versions
may show up.

Currently, we do not recognise those versions, and thus we do as if they
were older than the oldest we know of. This means that a set of packages
become unselectable, when they should be.

We fix that by capping the detected version to the highest we know of.

Reported-by: gargar_ on IRC
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-10-23 11:43:35 +02:00
Stefan Becker
e13ab2e04a Config.in: add BR2_HOST_GCC_AT_LEAST_8
Fedora 28 switched to GCC 8.x.

Signed-off-by: Stefan Becker <chemobejk@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-05-02 14:50:14 +02:00
Thomas Petazzoni
7e58fdc5e9 Config.in: fix check-package warning
Fixes:

Config.in:203: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)
Config.in:204: help text: <tab><2 spaces><62 chars> (http://nightly.buildroot.org/#writing-rules-config-in)

https://gitlab.com/buildroot.org/buildroot/-/jobs/63334884

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-17 14:54:45 +02:00
Maxime Hadjinlian
072374918d help/manual: update help about the new $(LIBFOO_DL_DIR)
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-04-02 17:48:56 +02:00
Ricardo Martincoski
d6109172df Config.in*: re-wrap help text
... to follow the convention <tab><2 spaces><62 chars>.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-01 09:11:46 +02:00
Ricardo Martincoski
a1264445f8 Config.in*: fix attributes order
... to follow the convention: type, default, depends on, select, help.

Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-01 09:11:29 +02:00
Ricardo Martincoski
9b6b4e36b4 */Config.in*: remove consecutive empty lines
Signed-off-by: Ricardo Martincoski <ricardo.martincoski@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-01 08:48:24 +02:00
Trent Piepho
ad980ccc36 Config.in: Document BR2_CCACHE_DIR override
This variable, like BR2_DL_DIR, is designed to be overridable from the
environment.  Unlike BR2_DL_DIR, it is not documented as such in the
Config.in help text.  Do so now.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-26 22:26:02 +02:00
Joshua Henderson
ed6a7e18af Config.in: add -Ofast option
-Ofast (introduced in GCC 4.6) It combines the existing optimization level -O3
with options that can affect standards compliance but result in better optimized
code. For example, -Ofast enables -ffast-math.

Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-26 22:19:11 +02:00
Yann E. MORIN
b1aa2148b0 core: drop no-longer used C.UTF-8 locale option
Its use has been globbed into the more generic
BR2_NEEDS_HOST_UTF8_LOCALE option now.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Julius Kriukas <julius@kriukas.lt>
Cc: Christian Stewart <kidovate@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-04 11:59:16 +01:00
Julius Kriukas
41569717c3 systemd: switch to C.UTF-8 locale when building
When BR2_REPRODUCIBLE is enabled or host uses non UTF-8 capable locale
building systemd fails with an error:

[1/1080] Generating systemd.bg.catalog with a meson_exe.py custom command.
FAILED: catalog/systemd.bg.catalog
/buildroot/output/host/bin/python3 /buildroot/output/host/bin/meson --internal exe /buildroot/output/build/systemd-236/build/meson-private/meson_exe_sed_232a0623cc7ce2cd67ec72ed784b76307102ed76.dat
Warning: You are using 'ANSI_X3.4-1968' which is not a Unicode-compatible locale.
You might see errors if you use UTF-8 strings as filenames, as strings, or as file contents.
Please switch to a UTF-8 locale for your platform.
...
UnicodeDecodeError: 'ascii' codec can't decode byte 0xd0 in position 1079: ordinal not in range(128)
package/pkg-generic.mk:247: recipe for target '/buildroot/output/build/systemd-236/.stamp_built' failed
make: *** [/buildroot/output/build/systemd-236/.stamp_built] Error 1

This patch changes default host system locale from C to C.UTF-8 when
building systemd package to fix this issue. It also introduces
BR2_NEEDS_HOST_C_UTF8_LOCALE flag that checks if this locale is available on
the host system. If locale is not available error message is show and build
process is stopped.

Signed-off-by: Julius Kriukas <julius@kriukas.lt>
[Thomas: use C.UTF-8 instead of en_US.UTF-8.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-03-02 22:44:34 +01:00
Matt Weber
20a4583ebf security hardening: add RELFO, FORTIFY options
This enables a user to build a complete system using these
options.  It is important to note that not all packages will
build correctly to start with.

Modeled after OpenWRT approach
https://github.com/openwrt/openwrt/blob/master/config/Config-build.in#L176

A good testing tool to check a target's elf files for compliance
to an array of hardening techniques can be found here:
https://github.com/slimm609/checksec.sh

[Peter: reword fortify help texts, glibc comment]
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-28 15:21:14 +01:00
Matt Weber
d3732cf4a2 stack protector: moved option out of adv menu
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-01-28 11:54:54 +01:00
Thomas Petazzoni
fadc438393 google-breakpad: take into account host architecture dependencies
Building the target google-breakpad requires building the host variant
of google-breakpad. Just like the target google-breakpad only supports
a limited number of architectures, it is the same for the host
google-breakpad.

We therefore introduce a
BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS option that is used
where necessary to prevent the user from choosing Google Breakpad when
building on unsupported host platforms.

Fixes:

  http://autobuild.buildroot.net/results/c7c04483508f9e4d629efa54571afeb1feaa5f73/
  (build on a powerpc64le machine)

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-27 21:33:37 +01:00
Sam Voss
ad477b0859 support/download: svn non-interactive in BR2_SVN
Instead of overriding the _svn command and injecting --non-interactive,
change the default value of BR2_SVN to include this flag so the end user
can choose not to use the flag.

This change helps users behind corporate system rules which may not
allow them to locally cache credentials and require interactive mode.

Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>

[Originally implemented by]
CC: "Yann E. MORIN" <yann.morin.1998@free.fr>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-11-26 14:18:57 +01:00
Yann E. MORIN
6393b6904b toolchain/wrapper: fake __DATE_ and __TIME__ for older gcc
Starting with version 7, gcc automatically recognises and enforces the
environment variable SOURCE_DATE_EPOCH, and fakes __DATE__ and __TIME__
accordingly, to produce reproducible builds (at least in regards to date
and time).

However, older gcc versions do not offer this feature.

So, we use our toolchain wrapper to force-feed __DATE__ and __TIME__ as
macros, which will take precedence over those that gcc may compute
itself. We compute them according to the specs:
    https://reproducible-builds.org/specs/source-date-epoch/
    https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html

Since we define macros otherwise internal to gcc, we have to tell it not
to warn about that. The -Wno-builtin-macro-redefined flag was introduced
in gcc-4.4.0. Therefore, we make BR2_REPRODUCIBLE depend on GCC >= 4.4.

gcc-7 will ignore SOURCE_DATE_EPOCH when __DATE__ and __TIME__ are
user-defined. Anyway, this is of no consequence: whether __DATE__ and
__TIME__ or SOURCE_DATE_EPOCH takes precedence, it would yield the
exact same end result since we use the same logic to compute it. Note
that we didn't copy the code for it from gcc so using the same logic
doesn't imply that we're inheriting GPL-3.0.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Jérôme Pouiller <jezz@sysmic.org>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Peter Korsgaard <peter@korsgaard.com>
[Arnout: rewrite commit message]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-22 16:10:37 +02:00
Lothar Felten
4e09fd8bde Config.in: fix help comment for gcc optimization
The default for is set to BR2_OPTIMIZE_S, the help comment designated
BR2_OPTIMIZE_0 as default.
Changed the help comment to show that BR2_OPTIMIZE_S is the default.

Signed-off-by: Lothar Felten <lothar.felten@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-10-21 10:12:06 +02:00
Bernd Kuhls
4f3fdf1544 Config.in: rename xbmc -> kodi
This is a left-over of the xbmc->kodi rename patch
https://git.buildroot.net/buildroot/commit/package/kodi?id=3578459748d80cd469729319543b199380a4370f

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-10-01 23:23:43 +02:00