changeset 3279:1507598a8b95

Added hardening flags
author unexist
date Fri, 02 Feb 2018 15:29:12 +0100
parents b5bc24d4a5ea
children 11325608b718 eb240d50a4c0
files Rakefile
diffstat 1 files changed, 8 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/Rakefile	Fri Feb 02 09:16:42 2018 +0100
+++ b/Rakefile	Fri Feb 02 15:29:12 2018 +0100
@@ -54,6 +54,7 @@
   "extdir"     => "$(destdir)/$(sitelibdir)/$(PKG_NAME)",
   "mandir"     => "$(destdir)/$(manprefix)/man1",
   "debug"      => "no",
+  "hardening"  => "no",
   "xpm"        => "yes",
   "xft"        => "yes",
   "xinerama"   => "yes",
@@ -281,6 +282,11 @@
       @options["cflags"] << " -DNDEBUG"
     end
 
+    # Hardening
+    if "yes" == @options["hardening"]
+      @options["cflags"] <<  " -fstack-protector-strong -Wformat -Wformat-security"
+    end
+
     # Get revision
     if File.exists?(".hg") and (hg = find_executable0("hg"))
       match = `#{hg} tip`.match(/^[^:]+:\s*(\d+).*/)
@@ -515,6 +521,7 @@
 XRandR support......: #{@options["xrandr"]}
 XTest support.......: #{@options["xtest"]}
 Debugging messages..: #{@options["debug"]}
+Hardening...........: #{@options["hardening"]}
 
 EOF
   end
@@ -716,6 +723,7 @@
 datadir=PATH       Set data directory (current: #{@options["datadir"]})
 mandir=PATH        Set man directory (current: #{@options["mandir"]})
 debug=[yes|no]     Whether to build with debugging messages (current: #{@options["debug"]})
+hardening[yes|no]  Whether to build with gcc hardening flags (current: #{@options["hardening"]})
 xpm=[yes|no]       Whether to build with Xpm support (current: #{@options["xpm"]})
 xft=[yes|no]       Whether to build with Xft support (current: #{@options["xft"]})
 xinerama=[yes|no]  Whether to build with Xinerama support (current: #{@options["xinerama"]})