Page MenuHomePhabricator

[CMAKE] Harden the executables
ClosedPublic

Authored by Fabien on Mar 13 2019, 13:51.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Project
Commits
rABCa423ecd14cd9: [CMAKE] Harden the executables
Summary

This adds the hardening options to cmake.
This diffs is a squashed version of D2658, D2659, D2660 plus the
hardening options for windows executables.

Depends on D2666

Test Plan
# Linux
mkdir buildcmake && cd buildcmake
cmake -GNinja ..
ninja -v
../contrib/devtools/security-check.py src/bitcoind

The security-check script should output no error.

# Win32
rm -rf *
cmake -GNinja .. -DBUILD_BITCOIN_SEEDER=OFF \
  -DCMAKE_TOOLCHAIN_FILE=../cmake/platforms/Win32.cmake
ninja -v
../contrib/devtools/security-check.py src/bitcoind.exe

The security-check script should output no error.

# Win64
rm -rf *
cmake -GNinja .. -DBUILD_BITCOIN_SEEDER=OFF \
  -DCMAKE_TOOLCHAIN_FILE=../cmake/platforms/Win64.cmake
ninja -v
../contrib/devtools/security-check.py src/bitcoind.exe

The security-check script should output no error.

OSX build is not working yet with CMake.

Diff Detail

Repository
rABC Bitcoin ABC
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Fabien created this revision.Mar 13 2019, 13:51
Herald added a reviewer: Restricted Project. · View Herald TranscriptMar 13 2019, 13:51
Herald added a subscriber: schancel. · View Herald Transcript
Fabien edited the test plan for this revision. (Show Details)Mar 13 2019, 13:53
Fabien edited the test plan for this revision. (Show Details)Mar 13 2019, 13:55
deadalnix requested changes to this revision.Mar 14 2019, 02:53

Things have been reordered for no apparent good reason. That just makes the review difficult.

src/CMakeLists.txt
66 ↗(On Diff #7698)

Why only C++ ?

77 ↗(On Diff #7698)

You are testing for this twice.

79 ↗(On Diff #7698)

No. You add a dependency to the library the proper way.

This revision now requires changes to proceed.Mar 14 2019, 02:53
Fabien added inline comments.Mar 14 2019, 12:09
src/CMakeLists.txt
66 ↗(On Diff #7698)

This is what autotools do, but I agree this is weird. I can include C if you are comfortable with it.

Fabien updated this revision to Diff 7701.Mar 14 2019, 12:10

Address feedback

Fabien added inline comments.Mar 14 2019, 12:14
src/CMakeLists.txt
76 ↗(On Diff #7701)

I see 3 ways of linking against libssp for all the executables:

  • Just adding -lssp, which works but is not very elegant
  • Using link_libraries but this will eventually add multiple times the -lssp due to dependencies
  • Using target_link_libraries on a dependency shared by all executables, which is what is done here.
deadalnix accepted this revision.Mar 18 2019, 17:04
deadalnix added inline comments.
src/CMakeLists.txt
76 ↗(On Diff #7701)

Using link libraries is the right thing to do.

This revision is now accepted and ready to land.Mar 18 2019, 17:04
Fabien updated this revision to Diff 7740.Mar 19 2019, 10:15

Use link_libraries as suggested in feedback

This revision was automatically updated to reflect the committed changes.