view release on metacpan or  search on metacpan

dropbear/configure.ac  view on Meta::CPAN

ORIGCFLAGS="$CFLAGS"
LATE_CFLAGS=""
# Checks for programs.
AC_PROG_CC

if test -z "$LD" ; then
	LD=$CC
fi
AC_SUBST(LD)	

AC_DEFUN(DB_TRYADDCFLAGS, 
[{
		OLDFLAGS="$CFLAGS"
		TESTFLAGS="$1"
		CFLAGS="$CFLAGS $TESTFLAGS"
		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
			)
}])

# set compile flags prior to other tests
if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
	CFLAGS="-Os -W -Wall"
fi

AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
DB_TRYADDCFLAGS([-Wno-pointer-sign])

AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
DB_TRYADDCFLAGS([-fno-strict-overflow])

# needed for various extensions. define early before autoconf tests
AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions if glibc])

STATIC=0
AC_ARG_ENABLE(static,
	[  --enable-static         Build static binaries],
	[
		if test "x$enableval" = "xyes"; then
			STATIC=1
			AC_MSG_NOTICE(Static Build)
		fi
	], [])
AC_SUBST(STATIC)

hardenbuild=1
AC_ARG_ENABLE(harden,
	[  --disable-harden        Don't set hardened build flags],
	[
		if test "x$enableval" = "xno"; then
			hardenbuild=0
			AC_MSG_NOTICE(Disabling hardened build flags)
		fi
	], [])

if test "$hardenbuild" -eq 1; then
	AC_MSG_NOTICE(Checking for available hardened build flags:)
	# relocation flags don't make sense for static builds
	if test "$STATIC" -ne 1; then
		# pie
		DB_TRYADDCFLAGS([-fPIE])

		OLDLDFLAGS="$LDFLAGS"
		TESTFLAGS="-Wl,-pie"
		LDFLAGS="$LDFLAGS $TESTFLAGS"
		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
			[
				LDFLAGS="$OLDLDFLAGS"
				TESTFLAGS="-pie"
				LDFLAGS="$LDFLAGS $TESTFLAGS"
				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
					)
			]
			)
		# readonly elf relocation sections (relro)
		OLDLDFLAGS="$LDFLAGS"
		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
		LDFLAGS="$LDFLAGS $TESTFLAGS"
		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
			)
	fi # non-static
	# stack protector. -strong is good but only in gcc 4.9 or later
	OLDCFLAGS="$CFLAGS"
	TESTFLAGS="-fstack-protector-strong"
	CFLAGS="$CFLAGS $TESTFLAGS"
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
	    [
			CFLAGS="$OLDCFLAGS"
			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
			CFLAGS="$CFLAGS $TESTFLAGS"
			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
			    )
	    ]
	    )
	# FORTIFY_SOURCE
	DB_TRYADDCFLAGS([-D_FORTIFY_SOURCE=2])

	# Spectre v2 mitigations
	DB_TRYADDCFLAGS([-mfunction-return=thunk])
	DB_TRYADDCFLAGS([-mindirect-branch=thunk])

fi

AC_ARG_ENABLE(werror,
	[  --enable-werror         Set -Werror when building],
	[
		if test "x$enableval" = "xyes"; then
			# -Werror shouldn't be set when configure runs tests.
			# We add it to the Makefile's CFLAGS
			LATE_CFLAGS+="$LATE_CFLAGS -Werror"
			AC_MSG_NOTICE(Enabling -Werror)
		fi
	], [])

# large file support is useful for scp
AC_SYS_LARGEFILE

# Host specific options
# this isn't a definitive list of hosts, they are just added as required
AC_CANONICAL_HOST

case "$host" in

*-*-linux*)
	no_ptmx_check=1
	;;

*-*-solaris*)
	CFLAGS="$CFLAGS -I/usr/local/include"
	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"