Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)
If the target supports a newer kernel version that is not used by default
yet, it can be enabled with this option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
The configuration option was renamed with kernel 4.19 from
CONFIG_CC_STACKPROTECTOR to CONFIG_STACKPROTECTOR adapt the code to set
both options.
CONFIG_STACKPROTECTOR now sets the regular stack protector and
CONFIG_STACKPROTECTOR_STRONG activates the additional protection of more
functions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Select the other CONFIG_ALL_* options in the hierarchy when the master
option is selected. Currently CONFIG_ALL_KMODS is not selected when the
build bot selects CONFIG_ALL_NONSHARED for example.
Now the rtc kmods should get build when CONFIG_ALL_KMODS,
CONFIG_ALL_NONSHARED or CONFIG_ALL and CONFIG_RTC_SUPPORT are selected
like it is done by the build bots for targets with rtc support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
We are starting to add more and more kernel configurable options, to the
point where the Global build options menu is not really usable anymore,
hide all kernel-related configuration options behind a menu.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Introduce a new symbol ALL_NONSHARED which selects all non-sharable packages
by default. This option is mainly intented for buildbot setups to build the
target dependant software subset only.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When stack protector support is disabled in libc (always the case for
!musl), gcc assumes that it needs to use __stack_chk_guard for the stack
canary.
This causes kernel build errors, because the kernel is only set up to
handle TLS stack canaries.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 46543
Make musl provide libssp_nonshared.a and make GCC link it unconditionally
if musl is used. This should be a no-op if SSP is disabled and seems to be
the only reliable way of dealing with SSP over all packages due to the mess
that is linkerflags handling in packages.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46108
Split out kmods from ALL to make it easier to create local builds that
are compatible kmod-wise with releases.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 44830
It's the eglibc packaging with a bit of spit-polishing. And testing. :-)
[blogic: merged glibc and eglibc into 1 and made eglibc a glibc variant]
Signed-off-by: Jeff Waugh <jdub@bethesignal.org>
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 44701
Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
SVN-Revision: 44005
Non-functional changes to config/Config-*.in files, including:
* spelling mistakes
* inconsistent terminology
* grammar
* overly long lines in "help" components
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
SVN-Revision: 42519
The idea is still to enable it by default at some point
I've tested all ar71xx packages (except oldpackages) using CONFIG_ALL=y
Failing packages have been marked with PKG_CHECK_FORMAT_SECURITY:=0 for now
I can test more targets but i have no idea which are the most used
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
SVN-Revision: 42282