This is an automated email from the git hooks/post-receive script.
simo pushed a commit to branch master
in repository gssproxy.
commit 4ac6451491e8d4dfc4e371eee4c162b297283c0a
Author: Robbie Harwood <rharwood(a)redhat.com>
Date: Tue Sep 6 22:38:57 2016 +0000
Add configure option for build hardening
Ticket:
https://fedorahosted.org/gss-proxy/ticket/147
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
Reviewed-by: Simo Sorce <simo(a)redhat.com>
Merges #30
---
proxy/Makefile.am | 14 ++++++++++++--
proxy/conf_macros.m4 | 11 +++++++++++
proxy/configure.ac | 1 +
3 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index f03f3ea..4359938 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -31,7 +31,9 @@ pkgconfigdir = $(libdir)/pkgconfig
gpstatedir = @gpstatedir@
gpclidir = @gpstatedir@/clients
+AM_CPPFLAGS =
AM_CFLAGS =
+AM_LDFLAGS =
if WANT_AUX_INFO
AM_CFLAGS += -aux-info $@.X
endif
@@ -41,7 +43,15 @@ if HAVE_GCC
AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
-Wcast-qual -Wcast-align -Wwrite-strings \
-fstrict-aliasing -Wstrict-aliasing -Werror=strict-aliasing \
- -Werror-implicit-function-declaration
+ -Werror-implicit-function-declaration \
+ -Werror=format-security
+
+ AM_CPPFLAGS += -Wdate-time
+endif
+if BUILD_HARDENING
+ AM_CPPFLAGS += -D_FORTIFY_SOURCE=2
+ AM_CFLAGS += -fPIE -fstack-protector-strong
+ AM_LDFLAGS += -fPIE -pie -fPIC -Wl,-z,relro -Wl,-z,now
endif
dist_pkgconfig_DATA =
@@ -65,7 +75,7 @@ dist_noinst_DATA =
# Global compilation settings #
###############################
-AM_CPPFLAGS = \
+AM_CPPFLAGS += \
-Wall \
-Iinclude \
-I.. \
diff --git a/proxy/conf_macros.m4 b/proxy/conf_macros.m4
index a0ecb13..b35eae1 100644
--- a/proxy/conf_macros.m4
+++ b/proxy/conf_macros.m4
@@ -281,3 +281,14 @@ AC_DEFUN([WITH_GPP_DEFAULT_BEHAVIOR],
AC_DEFINE_UNQUOTED(GPP_DEFAULT_BEHAVIOR, $default_behavior, [Default gssproxy
interposer plugin behavior])
])
+AC_DEFUN([WITH_HARDENING],
+ [ AC_ARG_WITH([hardening],
+ [AC_HELP_STRING([--with-hardening],
+ [Whether to add extra hardening flags [no]]
+ )
+ ],
+ [],
+ with_hardening=no
+ )
+ AM_CONDITIONAL([BUILD_HARDENING], [test x"$with_hardening" = xyes])
+ ])
diff --git a/proxy/configure.ac b/proxy/configure.ac
index 409584d..c75515e 100644
--- a/proxy/configure.ac
+++ b/proxy/configure.ac
@@ -68,6 +68,7 @@ WITH_SELINUX
WITH_GSSIDEBUG
WITH_GPSTATE_PATH
WITH_GPP_DEFAULT_BEHAVIOR
+WITH_HARDENING
m4_include([external/pkg.m4])
m4_include([external/libpopt.m4])
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.