[systemd-commits] Makefile.am autogen.sh configure.ac

Lennart Poettering lennart at kemper.freedesktop.org
Wed Aug 8 03:05:20 PDT 2012 

 Makefile.am  |    7 ++++---
 autogen.sh   |    4 ++--
 configure.ac |   22 ++++++++++++++--------
 3 files changed, 20 insertions(+), 13 deletions(-)

New commits:
commit 5a45a93627609451784a04366cfa1150d32611d1
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Aug 8 12:03:34 2012 +0200

    build-sys: enable a couple of security features
    
    Most distributions enable these downstream anyway, but it probably makes
    sense to enable them unconditionally upstream too.

diff --git a/Makefile.am b/Makefile.am
index b1a8cc1..6963722 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -148,10 +148,11 @@ AM_CPPFLAGS = \
 	-I $(top_builddir)/src/core \
 	-I $(top_srcdir)/src/core \
 	-I $(top_srcdir)/src/libudev \
-	-I $(top_srcdir)/src/udev
+	-I $(top_srcdir)/src/udev \
+	$(OUR_CPPFLAGS)
 
-AM_CFLAGS = $(WARNINGFLAGS)
-AM_LDFLAGS = $(GCLDFLAGS)
+AM_CFLAGS = $(OUR_GFLAGS)
+AM_LDFLAGS = $(OUR_LDFLAGS)
 
 # ------------------------------------------------------------------------------
 if TARGET_GENTOO
diff --git a/autogen.sh b/autogen.sh
index 33d8fcd..86fe9b3 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -54,7 +54,7 @@ args="$args \
 fi
 
 if [ "x$1" = "xc" ]; then
-        ./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args
+        ./configure CFLAGS='-g -O0' $args
         make clean
 else
         echo
@@ -62,6 +62,6 @@ else
         echo "Initialized build system. For a common configuration please run:"
         echo "----------------------------------------------------------------"
         echo
-        echo "./configure CFLAGS='-g -O0 -Wp,-U_FORTIFY_SOURCE' $args"
+        echo "./configure CFLAGS='-g -O0' $args"
         echo
 fi
diff --git a/configure.ac b/configure.ac
index 5145298..d6a1583 100644
--- a/configure.ac
+++ b/configure.ac
@@ -117,20 +117,26 @@ CC_CHECK_FLAGS_APPEND([with_cflags], [CFLAGS], [\
         -Wno-missing-field-initializers \
         -Wno-unused-result \
         -Werror=overflow \
-        -Wp,-D_FORTIFY_SOURCE=2 \
         -ffast-math \
         -fno-common \
         -fdiagnostics-show-option \
         -fno-strict-aliasing \
         -fvisibility=hidden \
         -ffunction-sections \
-        -fdata-sections])
-AC_SUBST([WARNINGFLAGS], $with_cflags)
+        -fdata-sections \
+        -fstack-protector])
+AC_SUBST([OUR_CFLAGS], $with_cflags)
+
+CC_CHECK_FLAGS_APPEND([with_cppflags], [CPPFLAGS], [\
+        -Wp,-D_FORTIFY_SOURCE=2])
+AC_SUBST([OUR_CPPFLAGS], $with_cppflags)
 
 CC_CHECK_FLAGS_APPEND([with_ldflags], [LDFLAGS], [\
         -Wl,--as-needed \
-        -Wl,--gc-sections])
-AC_SUBST([GCLDFLAGS], $with_ldflags)
+        -Wl,--gc-sections \
+        -Wl,-z,relro \
+        -Wl,-z,now])
+AC_SUBST([OUR_LDFLAGS], $with_ldflags)
 
 AC_SEARCH_LIBS([clock_gettime], [rt], [], [AC_MSG_ERROR([*** POSIX RT library not found])])
 AC_SEARCH_LIBS([dlsym], [dl], [], [AC_MSG_ERROR([*** Dynamic linking loader library not found])])
@@ -753,7 +759,7 @@ AC_MSG_RESULT([
         Split /usr:              ${enable_split_usr}
         man pages:               ${have_manpages}
 
-        CFLAGS:                  ${CFLAGS}
-        CPPLAGS:                 ${CPPFLAGS}
-        LDFLAGS:                 ${LDFLAGS}
+        CFLAGS:                  ${OUR_CFLAGS} ${CFLAGS}
+        CPPLAGS:                 ${OUR_CPPFLAGS} ${CPPFLAGS}
+        LDFLAGS:                 ${OUR_LDFLAGS} ${LDFLAGS}
 ])

More information about the systemd-commits mailing list