summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2012-08-08 12:03:34 +0200
committerLennart Poettering <lennart@poettering.net>2012-08-08 12:03:34 +0200
commit5a45a93627609451784a04366cfa1150d32611d1 (patch)
treeb901ba044e5a8e274060f5ae7d85243a12a1eaa5
parentb2c9cbafb8b1a2742978e1faf37fbb3cf4fb5d44 (diff)
downloadsystemd-5a45a93627609451784a04366cfa1150d32611d1.tar.gz
systemd-5a45a93627609451784a04366cfa1150d32611d1.tar.bz2
systemd-5a45a93627609451784a04366cfa1150d32611d1.zip
build-sys: enable a couple of security features
Most distributions enable these downstream anyway, but it probably makes sense to enable them unconditionally upstream too.
-rw-r--r--Makefile.am7
-rwxr-xr-xautogen.sh4
-rw-r--r--configure.ac22
3 files changed, 20 insertions, 13 deletions
diff --git a/Makefile.am b/Makefile.am
index b1a8cc1990..6963722460 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -148,10 +148,11 @@ AM_CPPFLAGS = \
-I $(top_builddir)/src/core \
-I $(top_srcdir)/src/core \
-I $(top_srcdir)/src/libudev \
- -I $(top_srcdir)/src/udev
+ -I $(top_srcdir)/src/udev \
+ $(OUR_CPPFLAGS)
-AM_CFLAGS = $(WARNINGFLAGS)
-AM_LDFLAGS = $(GCLDFLAGS)
+AM_CFLAGS = $(OUR_GFLAGS)
+AM_LDFLAGS = $(OUR_LDFLAGS)
# ------------------------------------------------------------------------------
if TARGET_GENTOO
diff --git a/autogen.sh b/autogen.sh
index 33d8fcda23..86fe9b3785 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -54,7 +54,7 @@ args="$args \
fi
if [ "x$1" = "xc" ]; then
- ./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args
+ ./configure CFLAGS='-g -O0' $args
make clean
else
echo
@@ -62,6 +62,6 @@ else
echo "Initialized build system. For a common configuration please run:"
echo "----------------------------------------------------------------"
echo
- echo "./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args"
+ echo "./configure CFLAGS='-g -O0' $args"
echo
fi
diff --git a/configure.ac b/configure.ac
index 5145298204..d6a158396f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -117,20 +117,26 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
-Wno-missing-field-initializers \
-Wno-unused-result \
-Werror=overflow \
- -Wp,-D_FORTIFY_SOURCE=2 \
-ffast-math \
-fno-common \
-fdiagnostics-show-option \
-fno-strict-aliasing \
-fvisibility=hidden \
-ffunction-sections \
- -fdata-sections])
-AC_SUBST([WARNINGFLAGS], $with_cflags)
+ -fdata-sections \
+ -fstack-protector])
+AC_SUBST([OUR_CFLAGS], $with_cflags)
+
+CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\
+ -Wp,-D_FORTIFY_SOURCE=2])
+AC_SUBST([OUR_CPPFLAGS], $with_cppflags)
CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
-Wl,--as-needed \
- -Wl,--gc-sections])
-AC_SUBST([GCLDFLAGS], $with_ldflags)
+ -Wl,--gc-sections \
+ -Wl,-z,relro \
+ -Wl,-z,now])
+AC_SUBST([OUR_LDFLAGS], $with_ldflags)
AC_SEARCH_LIBS([clock_gettime], [rt], [], [AC_MSG_ERROR([*** POSIX RT library not found])])
AC_SEARCH_LIBS([dlsym], [dl], [], [AC_MSG_ERROR([*** Dynamic linking loader library not found])])
@@ -753,7 +759,7 @@ AC_MSG_RESULT([
Split /usr: ${enable_split_usr}
man pages: ${have_manpages}
- CFLAGS: ${CFLAGS}
- CPPLAGS: ${CPPFLAGS}
- LDFLAGS: ${LDFLAGS}
+ CFLAGS: ${OUR_CFLAGS} ${CFLAGS}
+ CPPLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
+ LDFLAGS: ${OUR_LDFLAGS} ${LDFLAGS}
])