[OpenWrt-Devel] automated builds with hardening features enabled

Daniel Golle daniel at makrotopia.org
Thu Jun 11 21:28:30 EDT 2015


Thinking about how we could improve automated QA, I was wondering if
we could have buildbot also run builds with hardening features enabled?

For the beginning, it'd be enough if every 10th build would have SSP,
seccomp/jails, RELRO, ... as well as LXC-related features enabled.
Then we could have broken_packages_hardened/* and package maintainers
could get aware that stuff breaks if hardening is enabled.
In a way, the same could be applied for debugging (CONFIG_DEBUG) as
well as localization (BUILD_NLS), but I reckon it makes sense to
start-off with all sorts of hardening features enabled.

What do you think?
Could tasks to build hardened snapshots for all targets be dispatched
by buildbot.openwrt.org?
Who'd want to donate a buildslave for that?


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list