[tor-commits] [torsocks/master] configure.ac: avoid tests which have both -pie and -static

Mon Jan 19 18:01:58 UTC 2015

commit a791f32a4dff71aaf03f086723572d7f98e2ac12
Author: Anthony G. Basile <blueness at gentoo.org>
Date:   Sun Jan 11 17:13:35 2015 +0000

    configure.ac: avoid tests which have both -pie and -static
    
    Building and linking with both -pie and -static is not supported for
    some toolchain combinations (eg. glibc or binutil's gold).  Yet this
    combination is hit if the check for gcc hardening is done before
    AC_PROG_LIBTOOL and AC_ENABLE_STATIC.  We avoid the issue by moving the
    gcc hardening check to after AC_PROG_LIBTOOL and friends.
    
    See:
    
    https://sourceware.org/bugzilla/show_bug.cgi?id=17826
    https://sourceware.org/bugzilla/show_bug.cgi?id=16428
    https://bugs.gentoo.org/show_bug.cgi?id=533862
    
    Signed-off-by: Anthony G. Basile <blueness at gentoo.org>
    Signed-off-by: David Goulet <dgoulet at ev0ke.net>
---
 configure.ac |   46 ++++++++++++++++++++++++++++------------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3eb9060..f4aadfb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -144,24 +144,6 @@ AC_SUBST(TESTLDFLAGS)
 # Version information for libtorsocks
 TORSOCKSLDFLAGS="$LDFLAGS -version-info 1:0:0"
 
-# Check for the gcc hardening flags.
-AX_CHECK_COMPILE_FLAG([-fPIE],[CFLAGS="$CFLAGS -fPIE"],[],[])
-AX_CHECK_COMPILE_FLAG([-fwrapv],[CFLAGS="$CFLAGS -fwrapv"],[],[])
-AX_CHECK_COMPILE_FLAG([--param ssp-buffer-size=1],
-	[CFLAGS="$CFLAGS --param ssp-buffer-size=1"],[],[])
-AX_CHECK_COMPILE_FLAG([-fstack-protector-all],
-	[CFLAGS="$CFLAGS -fstack-protector-all"],[],[]
-)
-AX_CHECK_COMPILE_FLAG([-fno-strict-overflow],
-	[CFLAGS="$CFLAGS -fno-strict-overflow"],[],[]
-)
-
-dnl Add hardening linker flags
-AX_CHECK_LINK_FLAG([-pie],[LDFLAGS="$LDFLAGS -pie"],[],[])
-AX_CHECK_LINK_FLAG([-z relro],[LDFLAGS="$LDFLAGS -z relro"],[],[])
-AX_CHECK_LINK_FLAG([-z now],[LDFLAGS="$LDFLAGS -z now"],[],[])
-LDFLAGS="$LDFLAGS -D_FORTIFY_SOURCE=2"
-
 dnl Linker checks for Mac OSX, which uses DYLD_INSERT_LIBRARIES
 dnl instead of LD_PRELOAD
 case "$host_os" in
@@ -255,6 +237,34 @@ AC_ENABLE_STATIC
 DEFAULT_INCLUDES="-I\$(top_srcdir) -I\$(top_builddir) -I\$(top_builddir)/src -I\$(top_builddir)/include -include config.h"
 AC_SUBST(DEFAULT_INCLUDES)
 
+##############################################################################
+# 9. Test and add hardening flags
+##############################################################################
+
+# Check for the gcc hardening flags.
+AX_CHECK_COMPILE_FLAG([-fPIE],[CFLAGS="$CFLAGS -fPIE"],[],[])
+AX_CHECK_COMPILE_FLAG([-fwrapv],[CFLAGS="$CFLAGS -fwrapv"],[],[])
+AX_CHECK_COMPILE_FLAG([--param ssp-buffer-size=1],
+	[CFLAGS="$CFLAGS --param ssp-buffer-size=1"],[],[])
+AX_CHECK_COMPILE_FLAG([-fstack-protector-all],
+	[CFLAGS="$CFLAGS -fstack-protector-all"],[],[]
+)
+AX_CHECK_COMPILE_FLAG([-fno-strict-overflow],
+	[CFLAGS="$CFLAGS -fno-strict-overflow"],[],[]
+)
+
+dnl Add hardening linker flags
+AX_CHECK_LINK_FLAG([-pie],[LDFLAGS="$LDFLAGS -pie"],[],[])
+AX_CHECK_LINK_FLAG([-z relro],[LDFLAGS="$LDFLAGS -z relro"],[],[])
+AX_CHECK_LINK_FLAG([-z now],[LDFLAGS="$LDFLAGS -z now"],[],[])
+
+dnl Add glibc hardening
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
+##############################################################################
+# 10. Finish up
+##############################################################################
+
 AC_CONFIG_FILES([
 	Makefile
 	extras/Makefile

