From 2833fdb90790dd0c25c9bb176fa373ff99ebfdff Mon Sep 17 00:00:00 2001 From: xiphon Date: Fri, 29 Nov 2019 10:09:00 +0000 Subject: [PATCH] cmake: use appropriate compiler flags --- CMakeLists.txt | 80 +++++++++++++++++++++++++++++++++++++++++++++- src/CMakeLists.txt | 4 +-- src/main/main.cpp | 1 - 3 files changed, 81 insertions(+), 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 735782c3..4fca6175 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -29,6 +29,31 @@ set(ARCH "x86-64") set(BUILD_64 ON) set(INSTALL_VENDORED_LIBUNBOUND=ON) +function (add_c_flag_if_supported flag var) + string(REPLACE "-" "_" supported ${flag}_c) + check_c_compiler_flag(${flag} ${supported}) + if(${${supported}}) + set(${var} "${${var}} ${flag}" PARENT_SCOPE) + endif() +endfunction() + +function (add_cxx_flag_if_supported flag var) + string(REPLACE "-" "_" supported ${flag}_cxx) + check_cxx_compiler_flag(${flag} ${supported}) + if(${${supported}}) + set(${var} "${${var}} ${flag}" PARENT_SCOPE) + endif() +endfunction() + +function (add_linker_flag_if_supported flag var) + string(REPLACE "-" "_" supported ${flag}_ld) + string(REPLACE "," "_" supported ${flag}_ld) + check_linker_flag(${flag} ${supported}) + if(${${supported}}) + set(${var} "${${var}} ${flag}" PARENT_SCOPE) + endif() +endfunction() + find_package(Git) if(GIT_FOUND) if(NOT DEV_MODE) @@ -257,7 +282,7 @@ if(STATIC) ) if(MINGW) - list(APPEND QT5_LIBRARIES freetype) + list(APPEND QT5_LIBRARIES qtfreetype) if(CMAKE_BUILD_TYPE STREQUAL "Debug") list(APPEND QT5_LIBRARIES D3D11 Dwrite D2d1) @@ -308,6 +333,59 @@ if(APPLE) set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=default -DGTEST_HAS_TR1_TUPLE=0") endif() +# warnings +add_c_flag_if_supported(-Wformat C_SECURITY_FLAGS) +add_cxx_flag_if_supported(-Wformat CXX_SECURITY_FLAGS) +add_c_flag_if_supported(-Wformat-security C_SECURITY_FLAGS) +add_cxx_flag_if_supported(-Wformat-security CXX_SECURITY_FLAGS) + +# -fstack-protector +if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + add_c_flag_if_supported(-fstack-protector C_SECURITY_FLAGS) + add_cxx_flag_if_supported(-fstack-protector CXX_SECURITY_FLAGS) + add_c_flag_if_supported(-fstack-protector-strong C_SECURITY_FLAGS) + add_cxx_flag_if_supported(-fstack-protector-strong CXX_SECURITY_FLAGS) +endif() + +# New in GCC 8.2 +if (NOT OPENBSD AND NOT (WIN32 AND (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1))) + add_c_flag_if_supported(-fcf-protection=full C_SECURITY_FLAGS) + add_cxx_flag_if_supported(-fcf-protection=full CXX_SECURITY_FLAGS) +endif() +if (NOT WIN32 AND NOT OPENBSD) + add_c_flag_if_supported(-fstack-clash-protection C_SECURITY_FLAGS) + add_cxx_flag_if_supported(-fstack-clash-protection CXX_SECURITY_FLAGS) +endif() + +# Removed in GCC 9.1 (or before ?), but still accepted, so spams the output +if (NOT (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.1)) + add_c_flag_if_supported(-mmitigate-rop C_SECURITY_FLAGS) + add_cxx_flag_if_supported(-mmitigate-rop CXX_SECURITY_FLAGS) +endif() + +# linker +if (NOT (WIN32 AND CMAKE_C_COMPILER_ID STREQUAL "GNU")) + # Windows binaries die on startup with PIE when compiled with GCC + add_linker_flag_if_supported(-pie LD_SECURITY_FLAGS) +endif() +add_linker_flag_if_supported(-Wl,-z,relro LD_SECURITY_FLAGS) +add_linker_flag_if_supported(-Wl,-z,now LD_SECURITY_FLAGS) +add_linker_flag_if_supported(-Wl,-z,noexecstack noexecstack_SUPPORTED) +if (noexecstack_SUPPORTED) + set(LD_SECURITY_FLAGS "${LD_SECURITY_FLAGS} -Wl,-z,noexecstack") +endif() +add_linker_flag_if_supported(-Wl,-z,noexecheap noexecheap_SUPPORTED) +if (noexecheap_SUPPORTED) + set(LD_SECURITY_FLAGS "${LD_SECURITY_FLAGS} -Wl,-z,noexecheap") +endif() + +message(STATUS "Using C security hardening flags: ${C_SECURITY_FLAGS}") +message(STATUS "Using C++ security hardening flags: ${CXX_SECURITY_FLAGS}") +message(STATUS "Using linker security hardening flags: ${LD_SECURITY_FLAGS}") + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_SECURITY_FLAGS}") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CXX_SECURITY_FLAGS}") +set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${LD_SECURITY_FLAGS}") if (HIDAPI_FOUND OR LibUSB_COMPILE_TEST_PASSED) if (APPLE) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 9c66a15c..6485cdc3 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -113,8 +113,8 @@ target_compile_definitions(monero-gui ${Qt5Qml_DEFINITIONS} ) -set(CMAKE_CXX_FLAGS "${Qt5Widgets_EXECUTABLE_COMPILE_FLAGS}") -set(CMAKE_CXX_FLAGS "-std=c++0x") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Widgets_EXECUTABLE_COMPILE_FLAGS}") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++0x") if(X11_FOUND) target_link_libraries(monero-gui ${X11_LIBRARIES} pthread dl Xt xcb X11) diff --git a/src/main/main.cpp b/src/main/main.cpp index 138c2889..6b0a8744 100644 --- a/src/main/main.cpp +++ b/src/main/main.cpp @@ -92,7 +92,6 @@ Q_IMPORT_PLUGIN(QSvgIconPlugin) Q_IMPORT_PLUGIN(QGifPlugin) Q_IMPORT_PLUGIN(QICNSPlugin) Q_IMPORT_PLUGIN(QICOPlugin) -Q_IMPORT_PLUGIN(QJp2Plugin) Q_IMPORT_PLUGIN(QJpegPlugin) Q_IMPORT_PLUGIN(QMngPlugin) Q_IMPORT_PLUGIN(QSvgPlugin)