diff options
author | Andreas Schneider <asn@samba.org> | 2013-07-05 08:13:56 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-07-09 13:00:37 -0700 |
commit | 191e6b9441d6789ecc16a3a80eb36ec5b410c083 (patch) | |
tree | d0c98fb7f4bf4a7c032861c5089c3371a5f37e27 | |
parent | aef8aad638b916026651d900b91e963897b31c1a (diff) | |
download | samba-191e6b9441d6789ecc16a3a80eb36ec5b410c083.tar.gz samba-191e6b9441d6789ecc16a3a80eb36ec5b410c083.tar.bz2 samba-191e6b9441d6789ecc16a3a80eb36ec5b410c083.zip |
waf: Build with RELRO if supported by the compiler.
Make sure we create binaries with full RELocation Read-Only support. See
https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/
for more details.
The default is to check if the compiler supports RELRO and then enable
it. Specifying '--with-relro' will make it mandatory and
'--without-relro' will disable it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | buildtools/wafsamba/wafsamba.py | 2 | ||||
-rw-r--r-- | wscript | 18 |
2 files changed, 20 insertions, 0 deletions
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index aaa09392f1..caa6fb128d 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -348,6 +348,8 @@ def SAMBA_BINARY(bld, binname, source, if bld.env['ENABLE_PIE'] == True: pie_cflags += ' -fPIE' pie_ldflags.extend(TO_LIST('-pie')) + if bld.env['ENABLE_RELRO'] == True: + pie_ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now')) # first create a target for building the object files for this binary # by separating in this way, we avoid recompiling the C files @@ -64,6 +64,14 @@ def set_options(opt): help=("Disable Position Independent Executable builds"), action="store_false", dest='enable_pie') + opt.add_option('--with-relro', + help=("Build with full RELocation Read-Only (RELRO)" + + "(default if supported by compiler)"), + action="store_true", dest='enable_relro') + opt.add_option('--without-relro', + help=("Disable RELRO builds"), + action="store_false", dest='enable_relro') + gr = opt.option_group('developer options') @@ -178,6 +186,16 @@ def configure(conf): msg="Checking compiler for PIE support"): conf.env['ENABLE_PIE'] = True + if Options.options.enable_relro != False: + if Options.options.enable_relro == True: + need_relro = True + else: + # not specified, only build RELROs if supported by compiler + need_relro = False + if conf.check_cc(cflags='', ldflags='-Wl,-z,relro,-z,now', mandatory=need_relro, + msg="Checking compiler for full RELRO support"): + conf.env['ENABLE_RELRO'] = True + def etags(ctx): '''build TAGS file using etags''' import Utils |