configure: Warn if stack protector is not allowed

Introduce ERROR_PLATFORM_NOT_SUPPORT_SSP environment variable to treat
the "--enable-stack-protector is only supported on EFI platforms" message
as a warning instead of an error. If ERROR_PLATFORM_NOT_SUPPORT_SSP is
set to "no" (case-insensitive), then the message will be printed as
a warning. Otherwise, it prints as an error. The default behavior is to
print the message as an error.

For any wrapper build script that has some variation of:

    for p in SELECTED_GRUB_PLATFORMS; do    \
        configure --enable-stack-protector  \
            --with-platform${P} ... || die; \
    done
    make

The GRUB will fail to build if SELECTED_GRUB_PLATFORMS contains a platform
that does not support SSP.

Such wrapper scripts need to work-around this issue by modifying the
above for-loop, so it conditionally passes --enable-stack-protector to
configure for the proper GRUB platform(s).

However, if the above example is modified to have to conditionally pass
in --enable-stack-protector, its behavior is effectively the same as the
proposed change. Additionally, The list of SSP supported platforms is
now in 2 places. One in the configure script and one in the build wrapper
script. If the second list is not properly maintained it could mistakenly
disable SSP for a platform that later gained support for it.

Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/configure.ac b/configure.ac
index 57fb7094511062ffa8abd720af978a3347c76536..90f686f799469bab0f4e7d6235ca0a64cc5a7859 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -36,6 +36,10 @@ dnl description of the relationships between them.
 
 AC_INIT([GRUB],[2.11],[bug-grub@gnu.org])
 
+AS_CASE(["$ERROR_PLATFORM_NOT_SUPPORT_SSP"],
+  [n | no | nO | N | No | NO], [ERROR_PLATFORM_NOT_SUPPORT_SSP=no],
+  [ERROR_PLATFORM_NOT_SUPPORT_SSP=yes])
+
 # We don't want -g -O2 by default in CFLAGS
 : ${CFLAGS=""}
 
@@ -1349,7 +1353,12 @@ if test "x$enable_stack_protector" = xno; then
     TARGET_CFLAGS="$TARGET_CFLAGS -fno-stack-protector"
   fi
 elif test "x$platform" != xefi; then
-  AC_MSG_ERROR([--enable-stack-protector is only supported on EFI platforms])
+  if test "$ERROR_PLATFORM_NOT_SUPPORT_SSP" = "yes"; then
+    AC_MSG_ERROR([--enable-stack-protector is only supported on EFI platforms])
+  else
+    AC_MSG_WARN([--enable-stack-protector is only supported on EFI platforms])
+  fi
+  enable_stack_protector=no
 elif test "x$ssp_global_possible" != xyes; then
   AC_MSG_ERROR([--enable-stack-protector is not supported (compiler doesn't support -mstack-protector-guard=global)])
 else