Changeset View
Changeset View
Standalone View
Standalone View
src/CMakeLists.txt
Show First 20 Lines • Show All 126 Lines • ▼ Show 20 Lines | |||||
endif() | endif() | ||||
set(CMAKE_POSITION_INDEPENDENT_CODE ON) | set(CMAKE_POSITION_INDEPENDENT_CODE ON) | ||||
if(ENABLE_HARDENING) | if(ENABLE_HARDENING) | ||||
# Enable stack protection | # Enable stack protection | ||||
add_cxx_compiler_flags(-fstack-protector-all -Wstack-protector) | add_cxx_compiler_flags(-fstack-protector-all -Wstack-protector) | ||||
# Enable some buffer overflow checking | # Enable some buffer overflow checking (not supported without optimization) | ||||
if(NOT CMAKE_BUILD_TYPE MATCHES Debug) | |||||
add_compiler_flags(-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2) | add_compiler_flags(-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2) | ||||
endif() | |||||
deadalnix: You will need to explain what the problem is an how that make sense, because from where I'm… | |||||
majcostaAuthorUnsubmitted Done Inline Actionsenabling these flags without optimization (as is the case of our Debug configuration that uses -O0 rather than -Og raises a warning, that gets promoted to error under WERROR_ENABLE. so the intent of that change is to disable _FORTIFY_SOURCE only for Debug builds. however, @Fabien has brought to my attention that the method above isn't good since it doesn't work with all generators, so I'm working on something that's correct majcosta: enabling these flags without optimization (as is the case of our Debug configuration that uses… | |||||
# Enable ASLR (these flags are primarily targeting MinGw) | # Enable ASLR (these flags are primarily targeting MinGw) | ||||
add_linker_flags(-Wl,--dynamicbase -Wl,--nxcompat -Wl,--high-entropy-va) | add_linker_flags(-Wl,--dynamicbase -Wl,--nxcompat -Wl,--high-entropy-va) | ||||
# Make the relocated sections read-only | # Make the relocated sections read-only | ||||
add_linker_flags(-Wl,-z,relro -Wl,-z,now) | add_linker_flags(-Wl,-z,relro -Wl,-z,now) | ||||
# CMake provides the POSITION_INDEPENDENT_CODE property to set PIC/PIE. | # CMake provides the POSITION_INDEPENDENT_CODE property to set PIC/PIE. | ||||
# Unfortunately setting the -pie linker flag this way require CMake >= 3.14, | # Unfortunately setting the -pie linker flag this way require CMake >= 3.14, | ||||
▲ Show 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | if(EXTRA_WARNINGS) | ||||
add_cxx_compiler_flags(-Wsuggest-override) | add_cxx_compiler_flags(-Wsuggest-override) | ||||
else() | else() | ||||
add_compiler_flags(-Wno-unused-parameter) | add_compiler_flags(-Wno-unused-parameter) | ||||
add_compiler_flags(-Wno-implicit-fallthrough) | add_compiler_flags(-Wno-implicit-fallthrough) | ||||
endif() | endif() | ||||
if(ENABLE_WERROR) | if(ENABLE_WERROR) | ||||
add_compiler_flags( | add_compiler_flags( | ||||
-Werror=return-type | # turns warnings into errors | ||||
-Werror=switch | -Werror | ||||
-Werror=thread-safety-analysis | # except for the following | ||||
-Werror=vla | -Wno-error=cast-align | ||||
-Wno-error=deprecated-copy | |||||
-Wno-error=deprecated-declarations | |||||
-Wno-error=implicit-int-float-conversion | |||||
-Wno-error=maybe-uninitialized | |||||
-Wno-error=stringop-truncation | |||||
) | ) | ||||
endif() | endif() | ||||
# Create a target for OpenSSL | # Create a target for OpenSSL | ||||
include(BrewHelper) | include(BrewHelper) | ||||
find_brew_prefix(OPENSSL_ROOT_DIR openssl) | find_brew_prefix(OPENSSL_ROOT_DIR openssl) | ||||
find_package(OpenSSL REQUIRED) | find_package(OpenSSL REQUIRED) | ||||
▲ Show 20 Lines • Show All 444 Lines • Show Last 20 Lines |
You will need to explain what the problem is an how that make sense, because from where I'm sitting, it doesn't.