optional -fstack-protector

From: Rasmus Villemoes <rasmus.villemoes_at_prevas.dk>
Date: Thu, 5 Oct 2017 10:46:12 +0200

Hi Laurent

Any chance you'd be willing to accept a patch like this to let the user
choose an -fstack-protector variant instead of hardcoding no? The
default behaviour is of course unchanged.

From: Rasmus Villemoes <rasmus.villemoes_at_prevas.dk>
Date: Wed, 4 Oct 2017 21:54:22 +0200
Subject: [PATCH] configure: allow the user to choose -fstack-protector
variant

This allows the user to choose whether to build skalibs with
-fstack-protector (or one of its variants). If one of the positive
variants is chosen, we make it a build requirement that the compiler
actually understands that flag.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes_at_prevas.dk>

---
 configure | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/configure b/configure
index 3481730..0e06718 100755
--- a/configure
+++ b/configure
_at_@ -43,6 +43,11 @@ $package options:
   --enable-clock                use clock_gettime() instead of
gettimeofday() [disabled]
   --enable-monotonic            count time with CLOCK_MONOTONIC instead
of CLOCK_REALTIME
   --with-default-path=PATH      default executable search path
[/usr/bin:/bin]
+  --stack-protector=CHOICE      enable -fstack-protector [no]
+
+Choices for --stack-protector are no, yes, strong, all, corresponding
+to -fno-stack-protector, -fstack-protector, -fstack-protector-strong
+and -fstack-protector-all, respectively.
 EOF
   exit 0
_at_@ -102,6 +107,10 @@ tryflag () {
   fi
 }
+requireflag() {
+    tryflag "$1" "$2" || fail "compiler does not understand $2"
+}
+
 tryldflag () {
   echo "Checking whether linker accepts $2 ..."
   echo "typedef int x;" > "$tmpc"
_at_@ -230,6 +239,7 @@ select=false
 taiclock=false
 clockrt=false
 clockmon=false
+stack_protect=no
 ddefaultpath=/usr/bin:/bin
 defaultpath=$ddefaultpath
 dpathorig=true
_at_@ -276,6 +286,7 @@ for arg ; do
     --disable-monotonic|--enable-monotonic=no) clockmon=false ;;
     --with-default-path=*) defaultpath=${arg#*=} ; dpathorig=false ;;
     --without-default-path) defaultpath=$ddefaultpath ; dpathorig=true ;;
+    --stack-protector=*) stack_protect=${arg#*=} ;;
     --enable-*|--disable-*|--with-*|--without-*|--*dir=*) ;;
     --host=*|--target=*) target=${arg#*=} ;;
     --build=*) build=${arg#*=} ;;
_at_@ -377,7 +388,13 @@ tryflag CPPFLAGS_AUTO -fno-exceptions
 tryflag CPPFLAGS_AUTO -fno-unwind-tables
 tryflag CPPFLAGS_AUTO -fno-asynchronous-unwind-tables
 tryflag CPPFLAGS_AUTO -Wa,--noexecstack
-tryflag CPPFLAGS_AUTO -fno-stack-protector
+case "$stack_protect" in
+    no)     tryflag     CPPFLAGS_AUTO -fno-stack-protector ;;
+    yes)    requireflag CPPFLAGS_AUTO -fstack-protector ;;
+    strong) requireflag CPPFLAGS_AUTO -fstack-protector-strong ;;
+    all)    requireflag CPPFLAGS_AUTO -fstack-protector-all ;;
+    *) fail "$0: invalid --stack-protector choice $stack_protect" ;;
+esac
 tryflag CPPFLAGS_AUTO -Werror=implicit-function-declaration
 tryflag CPPFLAGS_AUTO -Werror=implicit-int
 tryflag CPPFLAGS_AUTO -Werror=pointer-sign
-- 
2.7.4
-- 
Rasmus Villemoes
Software Developer
Prevas A/S
Hedeager 3
DK-8200 Aarhus N
+45 51210274
rasmus.villemoes_at_prevas.dk
www.prevas.dk

Received on Thu Oct 05 2017 - 08:46:12 UTC