mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-22 10:10:06 +00:00
fix: nil: ignore hardening flags on plain builds
The 'plain' optimization level doesn't add any flags and gives the control to the packager. Similarly, avoid any hardening flags in this level. Necessary flags such as `-fno-delete-null-pointer-checks` and `-fno-strict-aliasing` are still included. Merge branch 'aydin/plain-build' into 'main' See merge request isc-projects/bind9!10673
This commit is contained in:
commit
e5a4b46fa3
@ -156,3 +156,12 @@ installed. These can be downloaded from
|
||||
https://developer.apple.com/xcode/resources/ or, if Xcode is already
|
||||
installed, simply run ``xcode-select --install``. (Note that an Apple ID
|
||||
may be required to access the download page.)
|
||||
|
||||
Packager Builds
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
Packagers are recommended to use the ``plain`` optimization level or the
|
||||
``plain`` build type when setting up the build directory. This will also
|
||||
disable the default hardening flags and any such flag must be set with
|
||||
``CFLAGS``. The top ``meson.build`` file in the source tree can be
|
||||
inspected for recommended flags.
|
||||
|
57
meson.build
57
meson.build
@ -43,6 +43,7 @@ endif
|
||||
developer_mode = get_option('developer').enabled()
|
||||
|
||||
c_std = get_option('c_std')
|
||||
optimization = get_option('optimization')
|
||||
sanitizer = get_option('b_sanitize')
|
||||
|
||||
trace_logging = get_option('trace-logging')
|
||||
@ -148,27 +149,14 @@ add_project_arguments(
|
||||
'-Werror=strict-prototypes',
|
||||
'-Werror=vla',
|
||||
|
||||
'-fcf-protection=full',
|
||||
'-fdiagnostics-show-option',
|
||||
'-fno-delete-null-pointer-checks',
|
||||
'-fno-strict-aliasing',
|
||||
'-fstack-clash-protection',
|
||||
'-fstack-protector-strong',
|
||||
'-fstrict-flex-arrays=3',
|
||||
),
|
||||
language: 'c',
|
||||
)
|
||||
|
||||
add_project_link_arguments(
|
||||
cc.get_supported_link_arguments(
|
||||
'-Wl,-z,noexecstack',
|
||||
'-Wl,-z,now',
|
||||
'-Wl,-z,relro',
|
||||
'-Wl,-z,separate-code',
|
||||
),
|
||||
language: 'c',
|
||||
)
|
||||
|
||||
if developer_mode
|
||||
add_project_arguments('-Werror', language: 'c')
|
||||
endif
|
||||
@ -183,19 +171,42 @@ int main(void) {
|
||||
}
|
||||
'''
|
||||
|
||||
if not (get_option('optimization') == '0' or get_option('buildtype') == 'plain')
|
||||
if cc.compiles(
|
||||
fortify_test,
|
||||
args: ['-Werror=cpp', '-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=3'],
|
||||
name: 'usage of _FORTIFY_SOURCE=3',
|
||||
)
|
||||
add_project_arguments('-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=3', language: 'c')
|
||||
else
|
||||
add_project_arguments('-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2', language: 'c')
|
||||
if optimization != 'plain'
|
||||
if optimization != '0'
|
||||
if cc.compiles(
|
||||
fortify_test,
|
||||
args: ['-Werror=cpp', '-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=3'],
|
||||
name: 'usage of _FORTIFY_SOURCE=3',
|
||||
)
|
||||
add_project_arguments('-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=3', language: 'c')
|
||||
else
|
||||
add_project_arguments('-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=2', language: 'c')
|
||||
endif
|
||||
endif
|
||||
|
||||
add_project_arguments(
|
||||
cc.get_supported_arguments(
|
||||
'-fcf-protection=full',
|
||||
'-fstack-clash-protection',
|
||||
'-fstack-protector-strong',
|
||||
|
||||
'-mbranch-protection=standard',
|
||||
),
|
||||
language: 'c',
|
||||
)
|
||||
|
||||
add_project_link_arguments(
|
||||
cc.get_supported_link_arguments(
|
||||
'-Wl,-z,noexecstack',
|
||||
'-Wl,-z,now',
|
||||
'-Wl,-z,relro',
|
||||
'-Wl,-z,separate-code',
|
||||
),
|
||||
language: 'c',
|
||||
)
|
||||
endif
|
||||
|
||||
if host_machine.system() == 'x86'
|
||||
if host_machine.cpu_family() == 'x86'
|
||||
add_project_arguments(
|
||||
cc.get_supported_arguments(
|
||||
'-Wno-psabi',
|
||||
|
Loading…
x
Reference in New Issue
Block a user