From: Fred Morcos Date: Mon, 9 Oct 2023 10:44:57 +0000 (+0200) Subject: Meson: Fix broken backends with "Full RELRO" X-Git-Tag: rec-5.1.0-alpha1~80^2~97 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88d1b155b42d1719cf6260fc3122dd5fbe02e52f;p=thirdparty%2Fpdns.git Meson: Fix broken backends with "Full RELRO" --- diff --git a/meson/hardening/meson.build b/meson/hardening/meson.build index dd4e8dd17a..2a0bc15bad 100644 --- a/meson/hardening/meson.build +++ b/meson/hardening/meson.build @@ -1,5 +1,4 @@ opt_hardening = get_option('hardening') - if opt_hardening.enabled() or opt_hardening.auto() hardening_features = [] @@ -25,7 +24,26 @@ if opt_hardening.enabled() or opt_hardening.auto() if opt_hardening.auto() warning(name + ' is disabled or not supported') else - error('Failing because ' + name + ' is not supported but hardening was explicitly requested') + error('Failing because ' + name + ' is not supported but hardening was requested') + endif + endif + endforeach +endif + +opt_full_hardening = get_option('hardening-full') +if opt_full_hardening.enabled() or opt_full_hardening.auto() + full_hardening_features = [] + subdir('relro-full') # Full RELRO + + foreach feature: full_hardening_features + available = feature[0] + name = feature[1] + + if not available + if opt_full_hardening.auto() + warning(name + ' is disabled or not supported') + else + error('Failing because ' + name + ' is not supported but full hardening was requested') endif endif endforeach diff --git a/meson/hardening/relro-full/meson.build b/meson/hardening/relro-full/meson.build new file mode 100644 index 0000000000..0118d332bc --- /dev/null +++ b/meson/hardening/relro-full/meson.build @@ -0,0 +1,16 @@ +have_full_relro = true +full_variants = [ + # '-Wl,-z,defs', + '-Wl,-z,ibt,-z,shstk', +] + +foreach variant: full_variants + if cxx.has_link_argument(variant) + full_hardening_features += [[true, 'Full RELRO (' + variant + ')']] + add_project_link_arguments(variant, language: ['c', 'cpp']) + else + have_full_relro = false + endif +endforeach + +summary('Full RELRO', have_full_relro, bool_yn: true, section: 'Hardening') diff --git a/meson_options.txt b/meson_options.txt index aa766dd7b6..02cc9778da 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -1,5 +1,6 @@ option('lua', type: 'combo', choices: ['auto', 'luajit', 'lua'], value: 'auto', description: 'Lua implementation to use') option('hardening', type: 'feature', value: 'auto', description: 'Compiler security checks') +option('hardening-full', type: 'feature', value: 'auto', description: 'Compiler security checks with a performance penalty') option('fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level') option('rng-kiss', type: 'boolean', value: false, description: 'Use the unsafe KISS RNG') option('signers-libsodium', type: 'feature', value: 'auto', description: 'Enable libsodium-based signers')