d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
715922d73f
freebsd-nq/share/mk/bsd.sys.mk
Ruslan Ermilov 042df2e2da Enable GCC stack protection (aka Propolice) for userland: 
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00

85 lines
2.2 KiB
Makefile
Raw Blame History

# $FreeBSD$
#
# This file contains common settings used for building FreeBSD
# sources.
# Enable various levels of compiler warning checks. These may be
# overridden (e.g. if using a non-gcc compiler) by defining NO_WARNS.
# for GCC: http://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_3.html#IDX143
.if !defined(NO_WARNS) && ${CC} != "icc"
. if defined(CSTD)
. if ${CSTD} == "k&r"
CFLAGS += -traditional
. elif ${CSTD} == "c89" || ${CSTD} == "c90"
CFLAGS += -std=iso9899:1990
. elif ${CSTD} == "c94" || ${CSTD} == "c95"
CFLAGS += -std=iso9899:199409
. elif ${CSTD} == "c99"
CFLAGS += -std=iso9899:1999
. else
CFLAGS += -std=${CSTD}
. endif
# -pedantic is problematic because it also imposes namespace restrictions
#CFLAGS += -pedantic
. endif
. if defined(WARNS)
. if ${WARNS} >= 1
CWARNFLAGS += -Wsystem-headers
. if !defined(NO_WERROR)
CWARNFLAGS += -Werror
. endif
. endif
. if ${WARNS} >= 2
CWARNFLAGS += -Wall -Wno-format-y2k
. endif
. if ${WARNS} >= 3
CWARNFLAGS += -W -Wno-unused-parameter -Wstrict-prototypes\
-Wmissing-prototypes -Wpointer-arith
. endif
. if ${WARNS} >= 4
CWARNFLAGS += -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch\
-Wshadow -Wcast-align -Wunused-parameter
. endif
# BDECFLAGS
. if ${WARNS} >= 6
CWARNFLAGS += -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls
. endif
. if ${WARNS} >= 2 && ${WARNS} <= 4
# XXX Delete -Wuninitialized by default for now -- the compiler doesn't
# XXX always get it right.
CWARNFLAGS += -Wno-uninitialized
. endif
. if !defined(WITH_GCC3)
CWARNFLAGS += -Wno-pointer-sign
. endif
. endif
. if defined(FORMAT_AUDIT)
WFORMAT = 1
. endif
. if defined(WFORMAT)
. if ${WFORMAT} > 0
#CWARNFLAGS += -Wformat-nonliteral -Wformat-security -Wno-format-extra-args
CWARNFLAGS += -Wformat=2 -Wno-format-extra-args
. if !defined(NO_WERROR)
CWARNFLAGS += -Werror
. endif
. endif
. endif
.endif
.if defined(IGNORE_PRAGMA)
CWARNFLAGS += -Wno-unknown-pragmas
.endif
.if ${MK_SSP} != "no" && ${CC} != "icc" && ${MACHINE_ARCH} != "ia64"
# Don't use -Wstack-protector as it breaks world with -Werror.
SSP_CFLAGS ?= -fstack-protector
CFLAGS += ${SSP_CFLAGS}
.endif
# Allow user-specified additional warning flags
CFLAGS += ${CWARNFLAGS}
Reference in New Issue View Git Blame Copy Permalink