File: SecurityFlags.cmake

package info (click to toggle)
yubihsm-shell 2.7.0-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,020 kB
  • sloc: ansic: 41,745; sh: 2,030; cpp: 528; makefile: 18; xml: 16
file content (53 lines) | stat: -rw-r--r-- 2,281 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
include(CheckCCompilerFlag)

if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
    CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR
    CMAKE_C_COMPILER_ID STREQUAL "GNU")

    add_compile_options (-Wformat -Wformat-nonliteral -Wformat-security)
    add_compile_options (-Wshadow)
    #add_compile_options (-Wcast-qual)
    add_compile_options (-Wmissing-prototypes)
    add_compile_options (-Wbad-function-cast)
    add_compile_options (-pedantic -pedantic-errors)
    add_compile_options (-fpie -fpic)
    if (NOT FUZZING)
        add_compile_options (-Wall -Wextra -Werror)
    endif ()

    check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL)
    if (HAVE_STACK_PROTECTOR_ALL)
        message(STATUS "-fstack-protector-all support detected")
        add_compile_options(-fstack-protector-all)
        set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fstack-protector-all")
        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fstack-protector-all")
    else ()
        check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR)
        if(HAVE_STACK_PROTECTOR)
            message(STATUS "-fstack-protector support detected")
            add_compile_options(-fstack-protector)
            set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -fstack-protector")
            set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fstack-protector")
        else ()
            message(WARNING "No stack protection supported.")
        endif ()
    endif ()

    check_c_compiler_flag("-Wno-implicit-fallthrough" HAVE_NO_IMPLICIT_FALLTHROUGH)
    if (HAVE_NO_IMPLICIT_FALLTHROUGH)
        add_compile_options (-Wno-implicit-fallthrough)
    endif ()

    if (NOT APPLE)
        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -pie")
        set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,noexecstack -Wl,-z,relro,-z,now")
    endif()
elseif (CMAKE_C_COMPILER_ID STREQUAL "MSVC")
    add_compile_options (/GS)
    add_compile_options (/Gs)
    add_link_options (/NXCOMPAT)
    add_link_options (/guard:cf)
else ()
    message(WARNING "Security related flags cannot be set for unknown C compiler.")
endif ()