RepoMirrors/openwrt
1
0
Fork 0
mirror of git://git.openwrt.org/openwrt/openwrt.git synced 2024-12-15 03:14:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
491f3fc048
openwrt/include
History
John Crispin 491f3fc048 Support for building an hardened OpenWRT 
Introduce configuration options to build an "hardened" OpenWRT.

Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.

uClibc makefile now automatically detects if SSP support is necessary.

hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.

Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.

Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.

Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>

SVN-Revision: 44005
2015-01-17 14:31:30 +00:00
..
site aarch64: add initial support 2014-11-24 06:33:13 +00:00
autotools.mk
cmake.mk build: use gcc-provided ar, nm and ranlib where appropriate 2014-12-27 12:59:59 +00:00
debug.mk
depends.mk
device_table.txt
download.mk include/download.mk: Add download mirrors for tools from GNU Savannah (bug #15184) 2014-10-08 08:01:39 +00:00
feeds.mk build: improve feed handling for opkg.conf 2014-10-16 10:30:16 +00:00
host-build.mk build: prevent spurious host-build re-builds by touching .built after the install command before touching .installed 2014-12-15 20:14:27 +00:00
host.mk
image.mk ramips: convert mt7621 images to new image building code 2015-01-10 15:26:53 +00:00
kernel-build.mk kernel-build.mk: add .NOTPARALLEL 2014-10-12 15:00:19 +00:00
kernel-defaults.mk kernel: allow specifying kernel images to be copied separately from kernel make command line 2014-12-11 15:29:33 +00:00
kernel-version.mk kernel: update 3.14 to 3.14.28 2015-01-11 01:28:32 +00:00
kernel.mk kernel.mk: Handle the x86_64 LINUX_KARCH case 2014-12-12 18:28:13 +00:00
netfilter.mk netfilter: handle NFT_MASQ_IPV6 2015-01-14 08:53:11 +00:00
nls.mk
package-bin.mk
package-defaults.mk build: add support for declaring package CONFLICTS which only affect selecting built-in packages 2014-10-05 16:41:33 +00:00
package-dumpinfo.mk generate list of license information for packages 2014-10-26 16:57:33 +00:00
package-ipkg.mk include: unbreak conffiles, postinst & prerm exports 2014-10-24 09:24:51 +00:00
package.mk Support for building an hardened OpenWRT 2015-01-17 14:31:30 +00:00
prereq-build.mk prereq-build: rename the openssl check to libssl, add back the old check - it is required after all 2014-10-20 09:23:55 +00:00
prereq.mk prereq.mk: only define .NOTPARALLEL when processing prereq checks 2014-10-12 15:00:41 +00:00
quilt.mk
scan.mk Revert "build: use ONESHELL to speed up scanning and the toplevel makefile" 2014-10-22 10:47:26 +00:00
scons.mk
shell.sh Revert "include/shell.sh: remove getvar()" 2014-10-26 16:18:24 +00:00
subdir.mk build: do not process built-in rules for make subdirs 2014-10-22 08:57:11 +00:00
target.mk target.mk: add default packages for NAS device-type 2014-11-26 08:59:49 +00:00
toolchain-build.mk
toplevel.mk sdk: track files with git and use it to implement proper clean targets 2015-01-10 11:17:02 +00:00
uclibc++.mk
unpack.mk
verbose.mk
version.mk version.mk: explicitely filter "generic" subtarget for "%s" placeholder (#18710) 2015-01-10 11:17:11 +00:00