[Git][NTPsec/ntpsec][master] waf: add some CFLAGS to harden the code.
Gary E. Miller
gitlab at mg.gitlab.com
Sat Feb 11 20:19:44 UTC 2017
Gary E. Miller pushed to branch master at NTPsec / ntpsec
Commits:
287a00b9 by Gary E. Miller at 2017-02-11T12:13:15-08:00
waf: add some CFLAGS to harden the code.
I'm gonna guess that buildbot finds some compilers that hate this.
- - - - -
1 changed file:
- wafhelpers/configure.py
Changes:
=====================================
wafhelpers/configure.py
=====================================
--- a/wafhelpers/configure.py
+++ b/wafhelpers/configure.py
@@ -203,7 +203,18 @@ def cmd_configure(ctx, config):
ctx.define("DEBUG", 1, comment="Enable debug mode")
ctx.env.BISONFLAGS += ["--debug"]
- ctx.env.CFLAGS += ["-Wall", "-Wextra", "-Wstrict-prototypes"]
+ # -O1 will turn on -D_FORTIFY_SOURCE=2 for us
+ ctx.env.CFLAGS += [
+ "-fPIE",
+ "-fstack-protector-all",
+ "-O1",
+ "-pie",
+ "-Wall",
+ "-Wextra",
+ "-Wl,-z,relro,-z,now",
+ "-Wstrict-prototypes",
+ ]
+
# We require some things that C99 doesn't enable, like pthreads.
# Thus -std=gnu99 rather than -std=c99 here, if the compiler supports
# it.
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/287a00b9a62d7cb6901faed4d93bd48afcfcb685
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170211/cf9cfc6a/attachment.html>
More information about the vc
mailing list