Hello,
as I do with my other OE distros I've run a build of devel image adding to local.conf: require conf/distro/include/security_flags.inc
There are a few recipes really needing to be patched: I just hacked the compiler flags to make it build.
these are in meta-openpli:
modified: ../meta-openpli/recipes-connectivity/samba/wsdd.bb
modified: ../meta-openpli/recipes-extended/ofgwrite/ofgwrite.bb
modified: ../meta-openpli/recipes-multimedia/mjpegtools/mjpegtools_2.1.0.bb
modified: ../meta-openpli/recipes-openpli/enigma2-plugins/enigma2-plugin-extensions-kodi.bb
modified: ../meta-openpli/recipes-openpli/enigma2/enigma2.bb
modified: ../meta-openpli/recipes-openpli/streamproxy/streamproxy.bb
diff --git a/meta-openpli/recipes-connectivity/samba/wsdd.bb b/meta-openpli/recipes-connectivity/samba/wsdd.bb
index 1be3585d..262405a3 100644
--- a/meta-openpli/recipes-connectivity/samba/wsdd.bb
+++ b/meta-openpli/recipes-connectivity/samba/wsdd.bb
@@ -17,6 +17,7 @@ PV = "1.0"
S = "${WORKDIR}"
TARGET_CC_ARCH += "${LDFLAGS}"
+CC_append = " -Wno-unused-result"
do_compile() {
make -f Makefile
diff --git a/meta-openpli/recipes-extended/ofgwrite/ofgwrite.bb b/meta-openpli/recipes-extended/ofgwrite/ofgwrite.bb
index b7c7fbd4..13ede789 100644
--- a/meta-openpli/recipes-extended/ofgwrite/ofgwrite.bb
+++ b/meta-openpli/recipes-extended/ofgwrite/ofgwrite.bb
@@ -22,3 +22,5 @@ do_install() {
install -m 755 ${S}/ofgwrite_bin ${D}${bindir}
install -m 755 ${S}/ofgwrite_test ${D}${bindir}
}
+
+CFLAGS_append = " -Wno-error=format-security"
diff --git a/meta-openpli/recipes-multimedia/mjpegtools/mjpegtools_2.1.0.bb b/meta-openpli/recipes-multimedia/mjpegtools/mjpegtools_2.1.0.bb
index cc71150a..12e92102 100644
--- a/meta-openpli/recipes-multimedia/mjpegtools/mjpegtools_2.1.0.bb
+++ b/meta-openpli/recipes-multimedia/mjpegtools/mjpegtools_2.1.0.bb
@@ -19,3 +19,5 @@ EXTRA_OECONF = " \
--without-v4l \
--without-x \
"
+CPPFLAGS_append = " -Wno-error=format-security"
+
diff --git a/meta-openpli/recipes-openpli/enigma2-plugins/enigma2-plugin-extensions-kodi.bb b/meta-openpli/recipes-openpli/enigma2-plugins/enigma2-plugin-extensions-ko
di.bb
index c6e94f25..3d419da9 100644
--- a/meta-openpli/recipes-openpli/enigma2-plugins/enigma2-plugin-extensions-kodi.bb
+++ b/meta-openpli/recipes-openpli/enigma2-plugins/enigma2-plugin-extensions-kodi.bb
@@ -36,3 +36,5 @@ do_install_append() {
install -m 0755 ${WORKDIR}/advancedsettings-empty.xml ${D}${datadir}/kodi/system/advancedsettings.xml
fi
}
+
+CFLAGS_append = " -Wno-error=format-security"
diff --git a/meta-openpli/recipes-openpli/enigma2/enigma2.bb b/meta-openpli/recipes-openpli/enigma2/enigma2.bb
index 4974e6e2..8ff73103 100644
--- a/meta-openpli/recipes-openpli/enigma2/enigma2.bb
+++ b/meta-openpli/recipes-openpli/enigma2/enigma2.bb
@@ -113,6 +113,7 @@ GITHUB_URI ?= "git://github.com"
SRC_URI = "${GITHUB_URI}/OpenPLi/${BPN}.git;branch=${ENIGMA2_BRANCH}"
LDFLAGS_prepend = " -lxml2 "
+CPPFLAGS_append = " -Wno-unused-result"
S = "${WORKDIR}/git"
diff --git a/meta-openpli/recipes-openpli/streamproxy/streamproxy.bb b/meta-openpli/recipes-openpli/streamproxy/streamproxy.bb
index 2921f7e6..3b53d426 100644
--- a/meta-openpli/recipes-openpli/streamproxy/streamproxy.bb
+++ b/meta-openpli/recipes-openpli/streamproxy/streamproxy.bb
@@ -28,3 +28,5 @@ INITSCRIPT_NAME = "streamproxy.sh"
INITSCRIPT_PARAMS = "defaults 30 70"
inherit update-rc.d
+
+CPPFLAGS_append = " -Wno-unused-result"
Plus in my case one in meta-vuplus: vuplus-hbbtv-dumpait.bb
here with fortified sources an appropriate patch is needed, i.e. as seen here:
diff -wB scanner.cpp.old scanner.cpp
231c231
< int fd = ::open(filename, O_RDWR | O_CREAT | O_TRUNC);
---
> int fd = ::open(filename, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
This is just for info, here users run with root privileges...neverthless compiling with hardened flags is normally the right thing to do.
Cheers
A.A.