Add optional support for Position Independent Code and stack smashing protection plus source fortify. This is needed for Guix portability, when exporting the tarball to Alpine, the musl or ulibc does not support it.

viferga · viferga · commit 63b3ff125cac · 2019-11-28T08:03:36.000-09:00
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -82,6 +82,8 @@ option(OPTION_BUILD_SCRIPTS		"Build scripts."											ON)
 option(OPTION_BUILD_SERIALS		"Build serials."											ON)
 option(OPTION_BUILD_DETOURS		"Build detours."											ON)
 option(OPTION_BUILD_PORTS		"Build ports."												OFF)
+option(OPTION_BUILD_PIC			"Build with position independent code."						ON)
+option(OPTION_BUILD_SECURITY	"Build with stack-smashing protection and source fortify."	ON)
 option(OPTION_FORK_SAFE			"Enable fork safety."										ON)
 option(OPTION_THREAD_SAFE		"Enable thread safety."										OFF)
 option(OPTION_COVERAGE			"Enable coverage."											OFF)
diff --git a/cmake/SecurityFlags.cmake b/cmake/SecurityFlags.cmake
@@ -22,41 +22,45 @@ include(CheckCCompilerFlagStackSmashing)
 
 if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
 
-	# Detect position independent code flag
-	check_c_compiler_flag("-fPIC" PIC_C_FLAG)
+	if(OPTION_BUILD_PIC)
+		# Detect position independent code flag
+		check_c_compiler_flag("-fPIC" PIC_C_FLAG)
 
-	if(PIC_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+		if(PIC_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+		endif()
 	endif()
 
-	# Detect stack protector
-	check_c_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_C_FLAG)
-
-	if(STACK_PROTECTOR_STRONG_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
+	if(OPTION_BUILD_SECURITY)
+		# Detect stack protector
+		check_c_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_C_FLAG)
 
-		# use ssp-buffer-size if it is supported
-		if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
-			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
-		endif()
-	else()
-		check_c_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
-
-		if(STACK_PROTECTOR_C_FLAG)
-			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
+		if(STACK_PROTECTOR_STRONG_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
 
 			# use ssp-buffer-size if it is supported
 			if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
 				set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
 			endif()
+		else()
+			check_c_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
+
+			if(STACK_PROTECTOR_C_FLAG)
+				set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
+
+				# use ssp-buffer-size if it is supported
+				if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
+					set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
+				endif()
+			endif()
 		endif()
-	endif()
 
-	# Detect fortify source
-	check_c_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_C_FLAG)
+		# Detect fortify source
+		check_c_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_C_FLAG)
 
-	if(FORTIFY_SOURCE_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		if(FORTIFY_SOURCE_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		endif()
 	endif()
 
 endif()
@@ -66,41 +70,45 @@ include(CheckCXXCompilerFlagStackSmashing)
 
 if("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
 
-	# Detect position independent code flag
-	check_cxx_compiler_flag("-fPIC" PIC_CXX_FLAG)
+	if(OPTION_BUILD_PIC)
+		# Detect position independent code flag
+		check_cxx_compiler_flag("-fPIC" PIC_CXX_FLAG)
 
-	if(PIC_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
+		if(PIC_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
+		endif()
 	endif()
 
-	# Detect stack protector
-	check_cxx_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_CXX_FLAG)
-
-	if(STACK_PROTECTOR_STRONG_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
+	if(OPTION_BUILD_SECURITY)
+		# Detect stack protector
+		check_cxx_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_CXX_FLAG)
 
-		# use ssp-buffer-size if it is supported
-		if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
-			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
-		endif()
-	else()
-		check_cxx_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
-
-		if(STACK_PROTECTOR_CXX_FLAG)
-			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector")
+		if(STACK_PROTECTOR_STRONG_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
 
 			# use ssp-buffer-size if it is supported
 			if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
 				set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
 			endif()
+		else()
+			check_cxx_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
+
+			if(STACK_PROTECTOR_CXX_FLAG)
+				set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector")
+
+				# use ssp-buffer-size if it is supported
+				if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
+					set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
+				endif()
+			endif()
 		endif()
-	endif()
 
-	# Detect fortify source
-	check_cxx_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_CXX_FLAG)
+		# Detect fortify source
+		check_cxx_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_CXX_FLAG)
 
-	if(FORTIFY_SOURCE_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		if(FORTIFY_SOURCE_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		endif()
 	endif()
 
 endif()
