Check whether gcc-hardening is runnable, and log an error if not

Closes ticket 27530.

diff --git a/changes/ticket27530 b/changes/ticket27530
new file mode 100644 (file)
index 0000000..8ae4f52
--- /dev/null
+++ b/changes/ticket27530
@@ -0,0 +1,4 @@
+  o Minor features (compilation):
+    - Log a more useful error message when we are compiling and one of the
+      compile-time hardening options we have selected can be linked but
+      not executed. Closes ticket 27530.

diff --git a/configure.ac b/configure.ac
index e7f959f17a765d41f8205237770c14643d2e9e74..1ecf82c6626f7a1aa7a905ad7e117f8d10162113 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1188,6 +1188,17 @@ m4_ifdef([AS_VAR_IF],[
        TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check")
     fi
     TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true)
+
+   AC_MSG_CHECKING([whether we can run hardened binaries])
+   AC_RUN_IFELSE([AC_LANG_PROGRAM([], [return 0;])],
+        [AC_MSG_RESULT([yes])],
+        [AC_MSG_RESULT([no])
+         AC_MSG_ERROR([dnl
+ We can link with compiler hardening options, but we can't run with them.
+ That's a bad sign! If you must, you can pass --disable-gcc-hardening to
+ configure, but it would be better to figure out what the underlying problem
+ is.])],
+        [AC_MSG_RESULT([cross])])
 fi
 
 if test "$fragile_hardening" = "yes"; then