summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRoman Perepelitsa <roman.perepelitsa@gmail.com>2021-07-22 12:19:22 +0300
committerRoman Perepelitsa <roman.perepelitsa@gmail.com>2021-07-22 12:19:22 +0300
commit70ae5810d81f941a93e2077a2aa080f341deb96e (patch)
tree433a52474f4a0435c6ce087162bc71c0d0b759a5
parent077abf95e0a3c6325a6cdd9761cab75b2f5468c6 (diff)
Squashed 'gitstatus/' changes from 0440e38b..1edd9e62
1edd9e62 build: respect standard compiler/linker env vars and fortify by default git-subtree-dir: gitstatus git-subtree-split: 1edd9e621ec5c8bf038767e529194b5c53b36352
-rwxr-xr-xbuild68
1 files changed, 47 insertions, 21 deletions
diff --git a/build b/build
index 8190f478..d3e96d74 100755
--- a/build
+++ b/build
@@ -136,52 +136,78 @@ case "$gitstatus_cpu" in
*) archflag="-march";;
esac
-cflags="$archflag=$gitstatus_cpu -fno-plt"
-
-command touch "$workdir"/file-prefix-map-test.c
-if 2>/dev/null "${CC:-/bin/cc}" \
- -ffile-prefix-map=x=y \
- -c "$workdir"/file-prefix-map-test.c \
- -o "$workdir"/file-prefix-map-test.o; then
+cflags="$archflag=$gitstatus_cpu -fno-plt -D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fpie"
+ldflags=
+static_pie=
+
+printf 'int main() {}\n' >"$workdir"/cc-test.c
+if 2>/dev/null "${CC:-cc}" \
+ -ffile-prefix-map=x=y \
+ -Werror \
+ -c "$workdir"/cc-test.c \
+ -o "$workdir"/cc-test.o; then
cflags="$cflags -ffile-prefix-map=$workdir/="
fi
+command rm -f -- "$workdir"/cc-test "$workdir"/cc-test.o
+if 2>/dev/null "${CC:-cc}" \
+ -fstack-clash-protection -fcf-protection \
+ -Werror \
+ -c "$workdir"/cc-test.c \
+ -o "$workdir"/cc-test.o; then
+ cflags="$cflags -fstack-clash-protection -fcf-protection"
+fi
+
+command rm -f -- "$workdir"/cc-test "$workdir"/cc-test.o
+if 2>/dev/null "${CC:-cc}" \
+ -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now \
+ -Werror \
+ "$workdir"/cc-test.c \
+ -o "$workdir"/cc-test; then
+ ldflags="$ldflags -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+fi
+
+command rm -f -- "$workdir"/cc-test "$workdir"/cc-test.o
+if 2>/dev/null "${CC:-cc}" \
+ -fpie -static-pie \
+ -Werror \
+ "$workdir"/cc-test.c \
+ -o "$workdir"/cc-test; then
+ static_pie='-static-pie'
+fi
+
if [ "$gitstatus_cpu" = x86-64 ]; then
cflags="$cflags -mtune=generic"
fi
libgit2_cmake_flags=
-libgit2_cflags="$cflags"
+libgit2_cflags="${CFLAGS-} $cflags -O3 -DNDEBUG"
gitstatus_cxx=g++
-gitstatus_cxxflags="$cflags -I${workdir}/libgit2/include -DGITSTATUS_ZERO_NSEC -D_GNU_SOURCE"
-gitstatus_ldflags="-L${workdir}/libgit2/build"
+gitstatus_cxxflags="${CXXFLAGS-} $cflags -I${workdir}/libgit2/include -DGITSTATUS_ZERO_NSEC -D_GNU_SOURCE -D_GLIBCXX_ASSERTIONS"
+gitstatus_ldflags="${LDFLAGS-} $ldflags -L${workdir}/libgit2/build"
gitstatus_ldlibs=
gitstatus_make=make
case "$gitstatus_kernel" in
linux)
- gitstatus_ldflags="$gitstatus_ldflags -static"
- gitstatus_ldflags="$gitstatus_ldflags -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
freebsd)
gitstatus_make=gmake
- gitstatus_ldflags="$gitstatus_ldflags -static"
- gitstatus_ldflags="$gitstatus_ldflags -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
openbsd)
gitstatus_cxx=eg++
gitstatus_make=gmake
- gitstatus_ldflags="$gitstatus_ldflags -static"
- gitstatus_ldflags="$gitstatus_ldflags -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
netbsd)
gitstatus_make=gmake
- gitstatus_ldflags="$gitstatus_ldflags -static"
- gitstatus_ldflags="$gitstatus_ldflags -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
darwin)
@@ -202,11 +228,11 @@ case "$gitstatus_kernel" in
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=OFF"
;;
msys*|mingw*)
- gitstatus_ldflags="$gitstatus_ldflags -static"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
cygwin*)
- gitstatus_ldflags="$gitstatus_ldflags -static"
+ gitstatus_ldflags="$gitstatus_ldflags ${static_pie:--static}"
libgit2_cmake_flags="$libgit2_cmake_flags -DENABLE_REPRODUCIBLE_BUILDS=ON"
;;
*)
@@ -295,7 +321,7 @@ command mkdir libgit2/build
cd libgit2/build
CFLAGS="$libgit2_cflags" command cmake \
- -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_BUILD_TYPE=None \
-DZERO_NSEC=ON \
-DTHREADSAFE=ON \
-DUSE_BUNDLED_ZLIB=ON \