From 55779569eb817361222d653accd929a752b8327d Mon Sep 17 00:00:00 2001
From: Julien Dusser <julien.dusser@free.fr>
Date: Sun, 7 Jan 2018 17:41:35 +0100
Subject: toolchain: add gcc configure default PIE and SSP

GCC supports starting version 5 --enable-default-ssp and starting version 6
--enable-default-pie.

It produces hardened binaries by default without dealing with package
compilation flags.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
---
 toolchain/gcc/common.mk | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'toolchain/gcc/common.mk')

diff --git a/toolchain/gcc/common.mk b/toolchain/gcc/common.mk
index 7c4e773a0f..ece71ef028 100644
--- a/toolchain/gcc/common.mk
+++ b/toolchain/gcc/common.mk
@@ -133,6 +133,16 @@ ifndef GCC_VERSION_4_8
   GCC_CONFIGURE += --with-diagnostics-color=auto-if-env
 endif
 
+ifneq ($(CONFIG_GCC_DEFAULT_PIE),)
+  GCC_CONFIGURE+= \
+		--enable-default-pie
+endif
+
+ifneq ($(CONFIG_GCC_DEFAULT_SSP),)
+  GCC_CONFIGURE+= \
+		--enable-default-ssp
+endif
+
 ifneq ($(CONFIG_SSP_SUPPORT),)
   GCC_CONFIGURE+= \
 		--enable-libssp
-- 
cgit v1.2.3