Topics

Question: how to properly enable PIC/PIE (Position Independent Code/Executable) in Yocto Warrior? #yocto #toolchain #linux


Daniel
 

Hi all,

I'm using Yocto warrior building a system based on NIVIDA tegra TX2i. My tree is using an external toolchain, gcc linaro 7.2.1 (specified through EXTERNAL_TOOLCHAIN variable in local.conf). I'm confused on setting up security flags.

In ,y local.conf, I have `GCCPIE ?= "--enable-default-pie"` enabled, but binaries built are not actually compiled with PIE not sure about PIC. I found out that this is due to the following condition in security_flags.inc:

```

# Inject pie flags into compiler flags if not configured with gcc itself

# especially useful with external toolchains

SECURITY_PIE_CFLAGS ?= "${@'' if '${GCCPIE}' else '-pie -fPIE'}"

```

So I tried to setup GCCPIE as `GCCPIE = ""`.  This actually includes `-pie -fPIE` in gcc, but then the build failed when building attr_2.4.47. The error messages are pretty long if anyone want to see it I will attach in a followup email.

My question is that is there a way to properly add PIE or at least PIC for Yocto Warrior with external toolchain?

Thanks
-Daniel