commit 66eae4afffb35afe891ec14a3389a484ecb7b373 Author: Nick Mathewson nickm@torproject.org Date: Wed May 29 16:08:33 2019 -0400
Check whether gcc-hardening is runnable, and log an error if not
Closes ticket 27530. --- changes/ticket27530 | 4 ++++ configure.ac | 11 +++++++++++ 2 files changed, 15 insertions(+)
diff --git a/changes/ticket27530 b/changes/ticket27530 new file mode 100644 index 000000000..8ae4f5266 --- /dev/null +++ b/changes/ticket27530 @@ -0,0 +1,4 @@ + o Minor features (compilation): + - Log a more useful error message when we are compiling and one of the + compile-time hardening options we have selected can be linked but + not executed. Closes ticket 27530. diff --git a/configure.ac b/configure.ac index e7f959f17..1ecf82c66 100644 --- a/configure.ac +++ b/configure.ac @@ -1188,6 +1188,17 @@ m4_ifdef([AS_VAR_IF],[ TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check") fi TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, also_link, CFLAGS_FWRAPV="-fwrapv", true) + + AC_MSG_CHECKING([whether we can run hardened binaries]) + AC_RUN_IFELSE([AC_LANG_PROGRAM([], [return 0;])], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([dnl + We can link with compiler hardening options, but we can't run with them. + That's a bad sign! If you must, you can pass --disable-gcc-hardening to + configure, but it would be better to figure out what the underlying problem + is.])], + [AC_MSG_RESULT([cross])]) fi
if test "$fragile_hardening" = "yes"; then