comparison configure.ac @ 1427:f0e262a46d4e

set hardened compiler/linker flags by default
author Matt Johnston <matt@ucc.asn.au>
date Sat, 24 Jun 2017 00:42:20 +0800
parents 89f8c5960527
children 69862e8cc405 a097c9c9608a
comparison
equal deleted inserted replaced
1426:89f8c5960527 1427:f0e262a46d4e
17 if test -z "$LD" ; then 17 if test -z "$LD" ; then
18 LD=$CC 18 LD=$CC
19 fi 19 fi
20 AC_SUBST(LD) 20 AC_SUBST(LD)
21 21
22 # set compile flags prior to other tests
22 if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then 23 if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
23 AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC) 24 AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
24 CFLAGS="-Os -W -Wall -Wno-pointer-sign" 25 CFLAGS="-Os -W -Wall -Wno-pointer-sign"
25 fi 26 fi
26 27
27 AC_MSG_CHECKING([if compiler '$CC' supports -fno-strict-overflow]) 28 AC_MSG_CHECKING([if compiler '$CC' supports -fno-strict-overflow])
28 OLDCFLAGS="$CFLAGS" 29 OLDCFLAGS="$CFLAGS"
29 CFLAGS="$CFLAGS -fno-strict-overflow" 30 CFLAGS="$CFLAGS -fno-strict-overflow"
30 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 31 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
31 [AC_MSG_RESULT(yes)], 32 [AC_MSG_RESULT(yes)],
32 [ 33 [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ]
33 AC_MSG_RESULT(no)
34 CFLAGS=$OLDCFLAGS
35 ]
36 ) 34 )
35
36 hardenbuild=1
37 AC_ARG_ENABLE(harden,
38 [ --disable-harden Don't set hardened build flags],
39 [
40 if test "x$enableval" = "xno"; then
41 hardenbuild=0
42 AC_MSG_NOTICE(Disabling hardened build flags)
43 fi
44 ], [])
45
46 if test "$hardenbuild" -eq 1; then
47 AC_MSG_NOTICE(Checking for available hardened build flags:)
48 # pie
49 OLDCFLAGS="$CFLAGS"
50 TESTFLAGS="-fPIE"
51 CFLAGS="$CFLAGS $TESTFLAGS"
52 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
53 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
54 [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
55 )
56 OLDLDFLAGS="$LDFLAGS"
57 TESTFLAGS="-Wl,-pie"
58 LDFLAGS="$LDFLAGS $TESTFLAGS"
59 AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
60 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
61 [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
62 )
63 # readonly elf relocation sections (relro)
64 OLDLDFLAGS="$LDFLAGS"
65 TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
66 LDFLAGS="$LDFLAGS $TESTFLAGS"
67 AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
68 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
69 [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
70 )
71 # stack protector. -strong is good but only in gcc 4.9 or later
72 OLDCFLAGS="$CFLAGS"
73 TESTFLAGS="-fstack-protector-strong"
74 CFLAGS="$CFLAGS $TESTFLAGS"
75 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
76 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
77 [
78 CFLAGS="$OLDCFLAGS"
79 TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
80 CFLAGS="$CFLAGS $TESTFLAGS"
81 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
82 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
83 [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
84 )
85 ]
86 )
87 # FORTIFY_SOURCE
88 OLDCFLAGS="$CFLAGS"
89 TESTFLAGS="-D_FORTIFY_SOURCE=2"
90 CFLAGS="$CFLAGS $TESTFLAGS"
91 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
92 [AC_MSG_NOTICE([Setting $TESTFLAGS])],
93 [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
94 )
95 fi
37 96
38 # large file support is useful for scp 97 # large file support is useful for scp
39 AC_SYS_LARGEFILE 98 AC_SYS_LARGEFILE
40 99
41 # Host specific options 100 # Host specific options