mirror of
git://git.openwrt.org/openwrt/openwrt.git
synced 2025-01-10 00:29:26 +00:00
df0bd42fde
Introduce a configuration option to build a "hardened" OpenWrt with ASLR PIE support. Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR) by building Position Independent Executables (PIE). This new option protects against "return-to-text" attacks. Busybox need a special care, link is done with ld, not gcc, leading to unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE. If other failing packages were found, PKG_ASLR_PIE:=0 should be added to their Makefiles. Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
119 lines
3.6 KiB
Makefile
119 lines
3.6 KiB
Makefile
#
|
|
# Copyright (C) 2006-2016 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=busybox
|
|
PKG_VERSION:=1.27.2
|
|
PKG_RELEASE:=3
|
|
PKG_FLAGS:=essential
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
|
PKG_SOURCE_URL:=https://www.busybox.net/downloads \
|
|
http://sources.buildroot.net
|
|
PKG_HASH:=9d4be516b61e6480f156b11eb42577a13529f75d3383850bb75c50c285de63df
|
|
|
|
PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc BUSYBOX_CONFIG_PAM:libpam
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_CHECK_FORMAT_SECURITY:=0
|
|
PKG_INSTALL:=1
|
|
|
|
#Busybox use it's own PIE config flag and LDFLAGS are used with ld, not gcc.
|
|
PKG_ASLR_PIE:=0
|
|
|
|
PKG_LICENSE:=GPL-2.0
|
|
PKG_LICENSE_FILES:=LICENSE archival/libarchive/bz/LICENSE
|
|
PKG_CPE_ID:=cpe:/a:busybox:busybox
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
ifeq ($(DUMP),)
|
|
STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell grep '^CONFIG_BUSYBOX_' $(TOPDIR)/.config | mkhash md5)
|
|
endif
|
|
|
|
BUSYBOX_SYM=$(if $(CONFIG_BUSYBOX_CUSTOM),CONFIG,DEFAULT)
|
|
BUSYBOX_IF_ENABLED=$(if $(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_$(1)),$(2))
|
|
|
|
define Package/busybox
|
|
SECTION:=base
|
|
CATEGORY:=Base system
|
|
MAINTAINER:=Felix Fietkau <nbd@nbd.name>
|
|
TITLE:=Core utilities for embedded Linux
|
|
URL:=http://busybox.net/
|
|
DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc +BUSYBOX_CONFIG_PAM:libpam +BUSYBOX_CONFIG_NTPD:jsonfilter
|
|
MENU:=1
|
|
PROVIDES:=ip
|
|
ALTERNATIVES:=\
|
|
$(call BUSYBOX_IF_ENABLED,KILL, 100:/bin/kill:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,PS, 100:/bin/ps:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,WATCH, 100:/bin/watch:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,IP, 100:/sbin/ip:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,FREE, 100:/usr/bin/free:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,PGREP, 100:/usr/bin/pgrep:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,PKILL, 100:/usr/bin/pkill:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,PMAP, 100:/usr/bin/pmap:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,PWDX, 100:/usr/bin/pwdx:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,TOP, 100:/usr/bin/top:/bin/busybox) \
|
|
$(call BUSYBOX_IF_ENABLED,UPTIME, 100:/usr/bin/uptime:/bin/busybox) \
|
|
|
|
endef
|
|
|
|
define Package/busybox/description
|
|
The Swiss Army Knife of embedded Linux.
|
|
It slices, it dices, it makes Julian Fries.
|
|
endef
|
|
|
|
define Package/busybox/config
|
|
source "$(SOURCE)/Config.in"
|
|
endef
|
|
|
|
# don't create a version string containing the actual timestamp
|
|
export KCONFIG_NOTIMESTAMP=1
|
|
|
|
|
|
LDLIBS:=m crypt
|
|
LDLIBS += $(call BUSYBOX_IF_ENABLED,PAM,pam pam_misc pthread)
|
|
ifdef CONFIG_BUSYBOX_USE_LIBRPC
|
|
LDLIBS += rpc
|
|
endif
|
|
ifeq ($(CONFIG_USE_GLIBC),y)
|
|
LDLIBS += $(call BUSYBOX_IF_ENABLED,NSLOOKUP_OPENWRT,resolv)
|
|
endif
|
|
|
|
MAKE_VARS :=
|
|
MAKE_FLAGS += \
|
|
EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \
|
|
EXTRA_LDFLAGS="$(TARGET_LDFLAGS)" \
|
|
LDLIBS="$(LDLIBS)" \
|
|
SKIP_STRIP=y
|
|
ifneq ($(findstring c,$(OPENWRT_VERBOSE)),)
|
|
MAKE_FLAGS += V=1
|
|
endif
|
|
|
|
MAKE_INSTALL_FLAGS += CONFIG_PREFIX="$(PKG_INSTALL_DIR)"
|
|
|
|
|
|
define Build/Configure
|
|
grep 'CONFIG_BUSYBOX_$(BUSYBOX_SYM)' $(TOPDIR)/.config | sed -e "s,\\(# \)\\?CONFIG_BUSYBOX_$(BUSYBOX_SYM)_\\(.*\\),\\1CONFIG_\\2,g" > $(PKG_BUILD_DIR)/.config
|
|
yes 'n' | $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS) oldconfig
|
|
endef
|
|
|
|
define Package/busybox/install
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
|
|
ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_CROND),)
|
|
$(INSTALL_BIN) ./files/cron $(1)/etc/init.d/cron
|
|
endif
|
|
ifneq ($(CONFIG_BUSYBOX_$(BUSYBOX_SYM)_NTPD),)
|
|
$(INSTALL_BIN) ./files/sysntpd $(1)/etc/init.d/sysntpd
|
|
$(INSTALL_BIN) ./files/ntpd-hotplug $(1)/usr/sbin/ntpd-hotplug
|
|
endif
|
|
-rm -rf $(1)/lib64
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,busybox))
|