On Wed, Sep 18, 2013 at 12:39 PM, Alex Rousskov
<rousskov_at_measurement-factory.com> wrote:
> On 09/17/2013 06:00 PM, Jeffrey Walton wrote:
>> Forgive my ignorance here because I still write my makefiles by hand.
>>
>> If I wanted to delete an option used by the project, is it as simple
>> as removing the option from the switch statement around line 155:
>>
>> AC_DEFUN([SQUID_CC_GUESS_OPTIONS], [
>> AC_REQUIRE([SQUID_CC_GUESS_VARIANT])
>> AC_MSG_CHECKING([for compiler variant])
>> case "$squid_cv_compiler" in
>> gcc)
>> squid_cv_cc_option_werror="-Werror"
>> squid_cv_cxx_option_werror="-Werror"
>> squid_cv_cc_option_wall="-Wall"
>> squid_cv_cc_option_optimize="-O3"
>> squid_cv_cc_arg_pipe="-pipe"
>> ;;
>> sunstudio)
>> ...
>>
>> So I would delete squid_cv_cc_option_werror="-Werror" and
>> squid_cv_cxx_option_werror="-Werror" to remove the option (from all
>> compilers under the switch).
>
> BTW, I do not see the --disable-error-checking side effect (that you
> have complained previously about) in the trunk configure.ac code:
OK. Perhaps it was related to compiling with Clang and ICC/ICPC.
>> if test "x$enable_strict_error_checking" != "xno"; then
>> SQUID_CFLAGS="$SQUID_CFLAGS $squid_cv_cc_option_werror"
>> SQUID_CXXFLAGS="$SQUID_CXXFLAGS $squid_cv_cxx_option_werror"
>> fi
>
> Perhaps things have changed or you are dealing with a sub-configure
> script that treats enable_strict_error_checking differently.
>
>
>> How about adding options? Can I define a new option on the fly? For example:
>>
>> squid_cv_cc_option_nx_stack="-Wl,z,noexecstack"
>> squid_cv_cc_option_nx_heap="-Wl,z,noexecheap"
>
> AFAICT, there is no generic code to convert all squid_cv_cc_option_*
> variables into compiler options. You can add conversion code for your
> variables (easy, see configure.ac quote above) OR you may be able to
> temporary (while testing) hijack an existing variable if it is going to
> be used in a similar context. For example,
>
> squid_cv_cc_option_optimize="-O3 -Wl,z,noexecstack"
OK, thanks. Good idea.
> Still, manually defining correct CXXFLAGS and such when ./configuring
> Squid ought to be easier than enhancing configure.ac and .m4 scripts.
Well, its not really Squid - its the auto tools :(
It would be nice if auto tools allowed something like:
DESIRED_CFLAGS="-Wall -Wextra -Wconversion (-fPIE -pie|-fPIC -shared)
-Wl,z,noexecstack -Wl,z,noexecheap ..."
Then auto tools could loop over each and see if its available. If its
available, then add it CFLAGS. Ditto for CXXFLAGS. Obviously, auto
tools would need to understand PIE is used for executables and PIC is
used for libraries; and each require two flags - one for the compiler,
and one for the linker.
In this way, I get the security posture I want without the aggravation.
Jeff
Received on Wed Sep 18 2013 - 20:58:03 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 19 2013 - 12:00:04 MDT