[OpenWrt-Devel] hardened openwrt & luci
Etienne Champetier
champetier.etienne at gmail.com
Sun Feb 1 17:01:39 EST 2015
hi Dirk,
please try 'make clean' or 'make dirclean'
I'm pretty sure you need to rebuild almost everything when enabling
hardening option
2015-02-01 22:37 GMT+01:00 Dirk Neukirchen <dirkneukirchen at web.de>:
> On 30.01.2015 18:02, Etienne Champetier wrote:
> > Hi
> > i've only done basic testing but it seems to work,
> > except luci which send me bad gatway.
> >
> > Thanks in advance
> > Etienne
> >
> >
> I played around, but get a build error (build on Arch Linux)
>
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/arch/x86/Makefile:119:
> stack-protector enabled but compiler support broken
> net/sched/Kconfig:43: warning: menuconfig statement without prompt
> .config:4095:warning: override: SPARSEMEM_MANUAL changes choice state
> #
> # configuration written to .config
> #
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/arch/x86/Makefile:119:
> stack-protector enabled but compiler support broken
>
> .... (some compile warnings)
>
> init/built-in.o: In function `do_one_initcall':
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/main.c:692:
> undefined reference to `__stack_chk_guard'
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/main.c:715:
> undefined reference to `__stack_chk_guard'
> init/built-in.o: In function `name_to_dev_t':
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/do_mounts.c:210:
> undefined reference to `__stack_chk_guard'
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/do_mounts.c:287:
> undefined reference to `__stack_chk_guard'
> init/built-in.o: In function `mount_block_root':
> /home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/do_mounts.c:378:
> undefined reference to `__stack_chk_guard'
> init/built-in.o:/home/tenchi/programming/upstream/openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/linux-x86_64/linux-3.14.30/init/do_mounts.c:434:
> more undefined references to `__stack_chk_guard' follow
> Makefile:829: recipe for target 'vmlinux' failed
>
> diffconfig.sh:
>
> CONFIG_TARGET_x86_64=y
> CONFIG_TARGET_x86_64_Default=y
> CONFIG_TARGET_BOARD="x86_64"
> CONFIG_DEVEL=y
> CONFIG_TOOLCHAINOPTS=y
> CONFIG_BUILD_LOG=y
> CONFIG_BUILD_NLS=y
> # CONFIG_GCC_USE_VERSION_4_8_LINARO is not set
> CONFIG_GCC_USE_VERSION_4_9_LINARO=y
> CONFIG_GCC_VERSION="4.9-linaro"
> CONFIG_GCC_VERSION_4_9=y
> CONFIG_GCC_VERSION_4_9_LINARO=y
> CONFIG_GNUTLS_ALPN=y
> CONFIG_GNUTLS_ANON=y
> CONFIG_GNUTLS_DTLS_SRTP=y
> CONFIG_GNUTLS_HEARTBEAT=y
> CONFIG_GNUTLS_OCSP=y
> CONFIG_GNUTLS_PSK=y
> # CONFIG_KERNEL_CC_STACKPROTECTOR_NONE is not set
> CONFIG_KERNEL_CC_STACKPROTECTOR_REGULAR=y
> CONFIG_OPENCONNECT_GNUTLS=y
> CONFIG_OPENSSL_WITH_EC=y
> CONFIG_PACKAGE_aircrack-ng=y
> CONFIG_PACKAGE_chat=y
> CONFIG_PACKAGE_comgt=y
> CONFIG_PACKAGE_kmod-tun=y
> CONFIG_PACKAGE_libgmp=y
> CONFIG_PACKAGE_libgnutls=y
> CONFIG_PACKAGE_libiwinfo=y
> CONFIG_PACKAGE_libiwinfo-lua=y
> CONFIG_PACKAGE_liblua=y
> CONFIG_PACKAGE_libnettle=y
> CONFIG_PACKAGE_libopenssl=y
> CONFIG_PACKAGE_libpcap=y
> CONFIG_PACKAGE_libpolarssl=y
> CONFIG_PACKAGE_libpthread=y
> CONFIG_PACKAGE_libubus-lua=y
> CONFIG_PACKAGE_libuci-lua=y
> CONFIG_PACKAGE_libustream-polarssl=y
> CONFIG_PACKAGE_libxml2=y
> CONFIG_PACKAGE_lua=y
> CONFIG_PACKAGE_luci=y
> CONFIG_PACKAGE_luci-app-firewall=y
> CONFIG_PACKAGE_luci-base=y
> CONFIG_PACKAGE_luci-lib-ip=y
> CONFIG_PACKAGE_luci-lib-nixio=y
> CONFIG_PACKAGE_luci-mod-admin-full=y
> CONFIG_PACKAGE_luci-proto-3g=y
> CONFIG_PACKAGE_luci-proto-ipv6=y
> CONFIG_PACKAGE_luci-proto-openconnect=y
> CONFIG_PACKAGE_luci-proto-ppp=y
> CONFIG_PACKAGE_luci-proto-relay=y
> CONFIG_PACKAGE_luci-ssl=y
> CONFIG_PACKAGE_luci-theme-bootstrap=y
> CONFIG_PACKAGE_openconnect=y
> CONFIG_PACKAGE_px5g=y
> CONFIG_PACKAGE_relayd=y
> CONFIG_PACKAGE_resolveip=y
> CONFIG_PACKAGE_rpcd=y
> CONFIG_PACKAGE_uhttpd=y
> CONFIG_PACKAGE_uhttpd-mod-ubus=y
> CONFIG_PACKAGE_zlib=y
> CONFIG_PKG_CHECK_FORMAT_SECURITY=y
> CONFIG_PKG_FORTIFY_SOURCE_1=y
> # CONFIG_PKG_FORTIFY_SOURCE_NONE is not set
> # CONFIG_PKG_RELRO_NONE is not set
> CONFIG_PKG_RELRO_PARTIAL=y
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150201/5a0508aa/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list