Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,001 Commits 3 Branches 0 Tags
810ba387bec3c5b6904e8893fb4cb6f9d3717466
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Fabrice Fontaine 810ba387be Config.in: enable FORTIFY_SOURCE, PIC/PIE, RELRO, SSP by default 
Enhance security by enabling FORTIFY_SOURCE, PIC/PIE, RELRO and SSP by
default.

For SSP, SSP-all can have a significant impact on performance, so we do
not want to enable that unconditionally; instead we use SSP-strong if
available (since gcc-4.9), and resort to SSP-regular otherwise. People
who really, like really-really want to use SSP-all will still have to
enable it explicitly.

For FORTIFY, level 2 may change the behaviour of some glibc functions,
so may crash conforming programs, so may have adverse effects. As such,
we choose level 1 as the default, as it does not change the behaviour
of any function.

This could help making IoT more secure and fight against the assumption
that buildroot does not support binary hardening (see
https://cyber-itl.org/2019/08/26/iot-data-writeup.html)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - relax SSP to strong when available, regular otherwise
  - extend commit log to explain why SSP-all is not used
  - extend commit log to explain why FORTIFY level 2 is not used
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-03 22:23:11 +02:00
arch
board
board/boundarydevices: update readme.txt for nitrogen8mp
2021-04-28 23:37:00 +02:00
boot
boot/opensbi: allow using U-Boot as a payload
2021-04-30 09:49:15 +02:00
configs
configs/nitrogen8mp: new defconfig
2021-04-26 21:50:11 +02:00
docs
fs
linux
{linux, linux-headers}: bump 4.{4, 9, 14, 19}.x / 5.{4, 10, 11}.x series
2021-04-30 09:44:53 +02:00
package
package/iostat: drop package
2021-05-02 21:36:13 +02:00
support
support/download/hg: fix broken method
2021-04-28 21:51:10 +02:00
system
toolchain
toolchain: introduce BR2_TOOLCHAIN_HAS_BINUTILS_BUG_27597
2021-04-26 21:52:34 +02:00
utils
.defconfig
.flake8
.gitignore
.gitlab-ci.yml
CHANGES
Config.in
Config.in: enable FORTIFY_SOURCE, PIC/PIE, RELRO, SSP by default
2021-05-03 22:23:11 +02:00
Config.in.legacy
package/iostat: drop package
2021-05-02 21:36:13 +02:00
COPYING
DEVELOPERS
package/uftrace: new package
2021-04-23 23:11:15 +02:00
Makefile
Makefile.legacy
README

README 

Buildroot is a simple, efficient and easy-to-use tool to generate embedded
Linux systems through cross-compilation.

The documentation can be found in docs/manual. You can generate a text
document with 'make manual-text' and read output/docs/manual/manual.text.
Online documentation can be found at http://buildroot.org/docs.html

To build and use the buildroot stuff, do the following:

1) run 'make menuconfig'
2) select the target architecture and the packages you wish to compile
3) run 'make'
4) wait while it compiles
5) find the kernel, bootloader, root filesystem, etc. in output/images

You do not need to be root to build or run buildroot.  Have fun!

Buildroot comes with a basic configuration for a number of boards. Run
'make list-defconfigs' to view the list of provided configurations.

Please feed suggestions, bug reports, insults, and bribes back to the
buildroot mailing list: buildroot@buildroot.org
You can also find us on #buildroot on Freenode IRC.

If you would like to contribute patches, please read
https://buildroot.org/manual.html#submitting-patches
Description
Buildroot repository for the Raspberry Pi
Readme 127 MiB
Languages
Makefile 63.4%
Python 17.8%
C 8.7%
Shell 6%
PHP 1.4%
Other 2.3%