From 191e6b9441d6789ecc16a3a80eb36ec5b410c083 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 5 Jul 2013 08:13:56 +0200
Subject: waf: Build with RELRO if supported by the compiler.

Make sure we create binaries with full RELocation Read-Only support. See
https://isisblogs.poly.edu/2011/06/01/relro-relocation-read-only/
for more details.

The default is to check if the compiler supports RELRO and then enable
it. Specifying '--with-relro' will make it mandatory and
'--without-relro' will disable it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 buildtools/wafsamba/wafsamba.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'buildtools')

diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index aaa09392f1..caa6fb128d 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -348,6 +348,8 @@ def SAMBA_BINARY(bld, binname, source,
     if bld.env['ENABLE_PIE'] == True:
         pie_cflags += ' -fPIE'
         pie_ldflags.extend(TO_LIST('-pie'))
+    if bld.env['ENABLE_RELRO'] == True:
+        pie_ldflags.extend(TO_LIST('-Wl,-z,relro,-z,now'))
 
     # first create a target for building the object files for this binary
     # by separating in this way, we avoid recompiling the C files
-- 
cgit