1919# ################################################################################################################################################
2020# Script version = Major minor patch
2121# ################################################################################################################################################
22- script_version=" 2.1.0 "
22+ script_version=" 2.1.1 "
2323# ################################################################################################################################################
2424# Set some script features - https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
2525# ################################################################################################################################################
@@ -991,18 +991,35 @@ _debug() {
991991# ######################################################################################################################################################
992992# This function sets some compiler flags globally - b2 settings are set in the ~/user-config.jam set in the _installation_modules function
993993# ######################################################################################################################################################
994- # Define common flag sets
994+ # Define common flag sets - hardening is prioritized over performance.
995+ # https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html#tldr-what-compiler-options-should-i-use
995996_custom_flags () {
996997 # Compiler optimization flags (for CFLAGS/CXXFLAGS)
997998 qbt_optimization_flags=" -O3 -pipe -fdata-sections -ffunction-sections"
998999 # Preprocessor only flags - _FORTIFY_SOURCE=3 has been in the GNU C Library (glibc) since version 2.34
9991000 qbt_preprocessor_flags=" -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS"
10001001 # Security flags for compiler
1001- qbt_security_flags=" -fstack-clash-protection -fstack-protector-strong -fno-plt"
1002+ qbt_security_flags=" -fstack-clash-protection -fstack-protector-strong -fno-plt -fno-delete-null-pointer-checks -fno-strict-overflow -fno-strict-aliasing -ftrivial-auto-var-init=zero -fexceptions "
10021003 # Warning control
1003- qbt_warning_flags=" -w -Wno-error -Wno-error=attributes -Wno-attributes -Wno-psabi "
1004+ qbt_warning_flags=" -w"
10041005 # Linker specific flags
1005- qbt_linker_flags=" -Wl,-O1,--as-needed,--sort-common,-z,now,-z,pack-relative-relocs,-z,relro,-z,max-page-size=65536"
1006+ qbt_linker_flags=" -Wl,-O1,--as-needed,--sort-common,-z,nodlopen,-z,noexecstack,-z,now,-z,pack-relative-relocs,-z,relro,-z,max-page-size=65536,--no-copy-dt-needed-entries"
1007+
1008+ gcc_version=" $( gcc -dumpversion | cut -d. -f1) "
1009+
1010+ if [[ " ${gcc_version} " -ge 13 ]]; then
1011+ qbt_security_flags+=" -fstrict-flex-arrays=3"
1012+ fi
1013+
1014+ if [[ " ${qbt_cross_name} " == " x86_64" || " ${os_arch} " =~ ^(amd64| x86_64)$ && " ${qbt_cross_name} " = " default" ; then
1015+ qbt_security_flags+=" -fcf-protection=full"
1016+ fi
1017+
1018+ if [[ ! " ${os_version_codename} " =~ ^(bookworm)$ ]]; then
1019+ if [[ " ${qbt_cross_name} " == " aarch64" || " ${os_arch} " =~ ^(arm64| aarch64)$ && " ${qbt_cross_name} " = " default" ; then
1020+ qbt_security_flags+=" -mbranch-protection=standard"
1021+ fi
1022+ fi
10061023
10071024 if [[ " ${os_id} " =~ ^(alpine)$ ]] && [[ -z " ${qbt_cross_name} " || " ${qbt_cross_name} " == " default" ; then
10081025 if [[ ! " ${app_name} " =~ ^(openssl)$ ]]; then
@@ -1029,7 +1046,7 @@ _custom_flags() {
10291046 if [[ " ${qbt_static_ish} " == " yes" || " ${app_name} " =~ ^(glibc| icu)$ ]]; then
10301047 qbt_static_flags=" "
10311048 else
1032- qbt_static_flags=" -static-libstdc++ -static-libgcc -static"
1049+ qbt_static_flags=" -static -static-libgcc -static-libstdc++ "
10331050 fi
10341051
10351052 # If you set and export your own flags in the env that the script is run, they will be appended to the defaults
@@ -2788,8 +2805,11 @@ _installation_modules "${@}" # requires shifted params from options block 2
27882805# If any modules fail the qbt_modules_test then exit now.
27892806# ######################################################################################################################################################
27902807if [[ " ${qbt_modules_test} " == ' fail' || " ${# } " -eq ' 0' ; then
2791- printf ' \n%b\n' " ${text_blink}${unicode_red_circle}${color_end}${text_bold} One or more of the provided modules are not supported${color_end} "
2792- printf ' \n%b\n' " ${unicode_yellow_circle}${text_bold} Below is a list of supported modules${color_end} "
2808+ if [[ " ${qbt_modules_test} " == ' fail' ; then
2809+ printf ' \n%b\n' " ${text_blink}${unicode_red_circle}${color_end}${text_bold} One or more of the provided modules are not supported${color_end} "
2810+ fi
2811+
2812+ printf ' \n%b\n' " ${unicode_yellow_circle}${text_bold} Below is a list of supported modules:${color_end} "
27932813 printf ' \n%b\n' " ${unicode_magenta_circle}${color_magenta_light} ${qbt_modules_install_processed[*]}${color_end} "
27942814 _print_env
27952815 exit
@@ -2806,7 +2826,7 @@ _glibc_bootstrap() {
28062826}
28072827# shellcheck disable=SC2317
28082828_glibc () {
2809- " ${qbt_dl_folder_path} /configure" " ${multi_glibc[@]} " " ${qbt_install_dir} " " ${qbt_dl_folder_path} " | & _tee " ${qbt_install_dir} /logs/${app_name} .log"
2829+ " ${qbt_dl_folder_path} /configure" " ${multi_glibc[@]} " " ${qbt_install_dir} " cet --enable- static-nss --disable-nscd --srcdir=" ${qbt_dl_folder_path} " | & _tee " ${qbt_install_dir} /logs/${app_name} .log"
28102830 make -j" $( nproc) " | & _tee -a " ${qbt_install_dir} /logs/$app_name .log"
28112831 _post_command build
28122832 make install | & _tee -a " ${qbt_install_dir} /logs/${app_name} .log"
0 commit comments