-# Fortify Source
-# Inputs: hardening_features
-
fortify_source_opt = get_option('fortify-source')
+fortify_source = fortify_source_opt != 'disabled'
+fortify_source_level = 0
-if fortify_source_opt != 'disabled'
+if fortify_source
fortify_source_level = 2
if fortify_source_opt == 'auto'
fortify_source_level = 3
endif
endforeach
- if fortify_source_level == 0
- fortify_source_level = 'no'
- endif
-
hardening_features += [[fortify_source_level != 0, 'Source Fortification']]
+endif
+
+fortify_source = fortify_source and fortify_source_level != 0
+summary('Source Fortification', fortify_source, bool_yn: true, section: 'Hardening')
+
+if fortify_source
summary('Source Fortification Level', fortify_source_level, section: 'Hardening')
endif
-# Read-only Global Offset Table
-# Inputs: hardening_features
-
ld_help = run_command(cxx, '-Wl,-help', check: true).stdout().strip()
variants = ['relro', 'now']
found_variant = false
-# Hardening
opt_hardening = get_option('hardening')
if opt_hardening.enabled() or opt_hardening.auto()
error('Hardening was requested but building position independent executables is disabled')
endif
hardening_features += [[opt_pie, 'Building position independent executables (PIEs)']]
- conf.set10('PIE', opt_pie, description: 'Whether we enable building a Position Independent Executable (PIE)')
+ conf.set('PIE', opt_pie, description: 'Build a Position Independent Executable (PIE)')
summary('PIE', opt_pie, bool_yn: true, section: 'Hardening')
subdir('stack-prot') # Stack Protector
-# Stack Protector
-# Inputs: hardening_features
-
support_stack_protector = cxx.has_argument('-fstack-protector')
if support_stack_protector
-# Stack-smashing Protection
-# Inputs: hardening_features
-
support_stack_smashing_protector = cxx.has_argument('--param=ssp-buffer-size=4')
if support_stack_smashing_protector
add_global_arguments('--param=ssp-buffer-size=4', language: ['c', 'cpp'])
projects / thirdparty / pdns.git / commitdiff
