[Git][NTPsec/ntpsec][master] waf: ntpd binary is now PIE if possible.

Gary E. Miller gitlab at mg.gitlab.com
Mon Feb 27 22:51:51 UTC 2017


Gary E. Miller pushed to branch master at NTPsec / ntpsec


Commits:
00169bc5 by Gary E. Miller at 2017-02-27T14:49:11-08:00
waf: ntpd binary is now PIE if possible.

Position Independent Executable (PIE) is an option to make binaries
harder to hack.  In other words: more secure.

After all, NTPsec is all about the secure.

- - - - -


2 changed files:

- ntpd/wscript
- wafhelpers/configure.py


Changes:

=====================================
ntpd/wscript
=====================================
--- a/ntpd/wscript
+++ b/ntpd/wscript
@@ -136,7 +136,7 @@ def build(ctx):
         install_path=ntpd_install_path,
         source=ntpd_source,
         target="ntpd",
-        use="libntpd_obj isc ntp M parse RT CAP SECCOMP PTHREAD "
+        use="libntpd_obj isc ntp M parse RT CAP SECCOMP PTHREAD NTPD "
             "CRYPTO DNS_SD DNS_SD_INCLUDES %s SOCKET NSL SCF" % use_refclock,
     )
 


=====================================
wafhelpers/configure.py
=====================================
--- a/wafhelpers/configure.py
+++ b/wafhelpers/configure.py
@@ -223,6 +223,7 @@ def cmd_configure(ctx, config):
         ctx.define("WORDS_BIGENDIAN", 1)
 
     cc_test_flags = [
+        ('PIC', '-fPIC'),
         ('PIE', '-pie -fPIE'),
         ('gnu99', '-std=gnu99'),
         # this quiets most of macOS warnings on -fpie
@@ -285,7 +286,15 @@ int main(int argc, char **argv) {
             "-std=c99",
             ]
 
+    if ctx.env.HAS_PIC:
+        ctx.env.CFLAGS += [
+            "-fPIC",
+            ]
+
     if ctx.env.HAS_PIE:
+        ctx.env.LINKFLAGS_NTPD += [
+            "-pie",
+            ]
         ctx.env.CFLAGS_bin += [
             "-fPIE",
             "-pie",
@@ -713,7 +722,7 @@ int main(int argc, char **argv) {
     msg_setting("CC", " ".join(ctx.env.CC))
     msg_setting("CFLAGS", " ".join(ctx.env.CFLAGS))
     msg_setting("LDFLAGS", " ".join(ctx.env.LDFLAGS))
-    msg_setting("LINKFLAGS", " ".join(ctx.env.LINKFLAGS))
+    msg_setting("LINKFLAGS_NTPD", " ".join(ctx.env.LINKFLAGS_NTPD))
     msg_setting("PREFIX", ctx.env.PREFIX)
     msg_setting("Debug Support", yesno(not ctx.options.disable_debug))
     msg_setting("Refclocks", ", ".join(ctx.env.REFCLOCK_LIST))



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/00169bc5251a2f54170482668ac95572e8c722e0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170227/974684ea/attachment.html>


More information about the vc mailing list