opt_hardening = get_option('hardening')
-
if opt_hardening.enabled() or opt_hardening.auto()
hardening_features = []
if opt_hardening.auto()
warning(name + ' is disabled or not supported')
else
- error('Failing because ' + name + ' is not supported but hardening was explicitly requested')
+ error('Failing because ' + name + ' is not supported but hardening was requested')
+ endif
+ endif
+ endforeach
+endif
+
+opt_full_hardening = get_option('hardening-full')
+if opt_full_hardening.enabled() or opt_full_hardening.auto()
+ full_hardening_features = []
+ subdir('relro-full') # Full RELRO
+
+ foreach feature: full_hardening_features
+ available = feature[0]
+ name = feature[1]
+
+ if not available
+ if opt_full_hardening.auto()
+ warning(name + ' is disabled or not supported')
+ else
+ error('Failing because ' + name + ' is not supported but full hardening was requested')
endif
endif
endforeach
--- /dev/null
+have_full_relro = true
+full_variants = [
+ # '-Wl,-z,defs',
+ '-Wl,-z,ibt,-z,shstk',
+]
+
+foreach variant: full_variants
+ if cxx.has_link_argument(variant)
+ full_hardening_features += [[true, 'Full RELRO (' + variant + ')']]
+ add_project_link_arguments(variant, language: ['c', 'cpp'])
+ else
+ have_full_relro = false
+ endif
+endforeach
+
+summary('Full RELRO', have_full_relro, bool_yn: true, section: 'Hardening')
option('lua', type: 'combo', choices: ['auto', 'luajit', 'lua'], value: 'auto', description: 'Lua implementation to use')
option('hardening', type: 'feature', value: 'auto', description: 'Compiler security checks')
+option('hardening-full', type: 'feature', value: 'auto', description: 'Compiler security checks with a performance penalty')
option('fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level')
option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG')
option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')