|
 |
67c1bd |
commit e13b7c74634c511d44603a203a328f4d67920321
|
|
|
67c1bd |
Author: Christine Caulfield <ccaulfie@redhat.com>
|
|
|
67c1bd |
Date: Mon May 10 13:00:58 2021 +0100
|
|
|
67c1bd |
|
|
|
67c1bd |
[build] Add -fstack-clash-protection to release builds
|
|
|
67c1bd |
|
|
|
67c1bd |
CentOS Stream CI insists on this but it's generally a 'good thing'
|
|
|
67c1bd |
|
|
|
67c1bd |
diff --git a/configure.ac b/configure.ac
|
|
|
67c1bd |
index e429dcc..020cbe1 100644
|
|
|
67c1bd |
--- a/configure.ac
|
|
|
67c1bd |
+++ b/configure.ac
|
|
|
67c1bd |
@@ -173,6 +173,23 @@ AC_ARG_ENABLE([libnozzle],
|
|
|
67c1bd |
|
|
|
67c1bd |
AM_CONDITIONAL([BUILD_LIBNOZZLE], [test x$enable_libnozzle = xyes])
|
|
|
67c1bd |
|
|
|
67c1bd |
+## local helper functions
|
|
|
67c1bd |
+# this function checks if CC support options passed as
|
|
|
67c1bd |
+# args. Global CPPFLAGS are ignored during this test.
|
|
|
67c1bd |
+cc_supports_flag() {
|
|
|
67c1bd |
+ saveCPPFLAGS="$CPPFLAGS"
|
|
|
67c1bd |
+ CPPFLAGS="$@"
|
|
|
67c1bd |
+ if echo $CC | grep -q clang; then
|
|
|
67c1bd |
+ CPPFLAGS="-Werror $CPPFLAGS"
|
|
|
67c1bd |
+ fi
|
|
|
67c1bd |
+ AC_MSG_CHECKING([whether $CC supports "$@"])
|
|
|
67c1bd |
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
|
|
|
67c1bd |
+ [RC=0; AC_MSG_RESULT([yes])],
|
|
|
67c1bd |
+ [RC=1; AC_MSG_RESULT([no])])
|
|
|
67c1bd |
+ CPPFLAGS="$saveCPPFLAGS"
|
|
|
67c1bd |
+ return $RC
|
|
|
67c1bd |
+}
|
|
|
67c1bd |
+
|
|
|
67c1bd |
# Checks for libraries.
|
|
|
67c1bd |
AX_PTHREAD(,[AC_MSG_ERROR([POSIX threads support is required])])
|
|
|
67c1bd |
saved_LIBS="$LIBS"
|
|
|
67c1bd |
@@ -297,12 +314,20 @@ AC_ARG_WITH([testdir],
|
|
|
67c1bd |
|
|
|
67c1bd |
AC_SUBST([TESTDIR])
|
|
|
67c1bd |
|
|
|
67c1bd |
+# Check for availablility of hardening options
|
|
|
67c1bd |
+HARDENING_FLAGS="-fstack-clash-protection"
|
|
|
67c1bd |
+for j in $HARDENING_FLAGS; do
|
|
|
67c1bd |
+ if cc_supports_flag $j; then
|
|
|
67c1bd |
+ EXTRA_HARDENING_FLAGS="$EXTRA_HARDENING_FLAGS $j";
|
|
|
67c1bd |
+ fi
|
|
|
67c1bd |
+done
|
|
|
67c1bd |
+
|
|
|
67c1bd |
# debug build stuff
|
|
|
67c1bd |
if test "x${enable_debug}" = xyes; then
|
|
|
67c1bd |
AC_DEFINE_UNQUOTED([DEBUG], [1], [Compiling Debugging code])
|
|
|
67c1bd |
OPT_CFLAGS="-O0"
|
|
|
67c1bd |
else
|
|
|
67c1bd |
- OPT_CFLAGS="-O3"
|
|
|
67c1bd |
+ OPT_CFLAGS="-O3 $EXTRA_HARDENING_FLAGS"
|
|
|
67c1bd |
fi
|
|
|
67c1bd |
|
|
|
67c1bd |
# gdb flags
|