From 7b29b45348c2d01ad133f42ff14bded00a73be5d Mon Sep 17 00:00:00 2001 From: olszomal Date: Wed, 20 Jul 2022 15:13:08 +0200 Subject: [PATCH] Set compiler and linker flags --- cmake/SetCompilerFlags.cmake | 92 ++++++++++++++++++++++++++++++++++++ cmake/SetOptions.cmake | 30 ------------ 2 files changed, 92 insertions(+), 30 deletions(-) create mode 100644 cmake/SetCompilerFlags.cmake delete mode 100644 cmake/SetOptions.cmake diff --git a/cmake/SetCompilerFlags.cmake b/cmake/SetCompilerFlags.cmake new file mode 100644 index 0000000..7036c35 --- /dev/null +++ b/cmake/SetCompilerFlags.cmake @@ -0,0 +1,92 @@ +include(CheckCCompilerFlag) + +function(add_compile_flags_target target) + if (CMAKE_C_COMPILER_ID MATCHES "Clang|AppleClang|GNU" ) + target_compile_options(${target} PRIVATE $<$:-ggdb -g>) + endif() + + if(CMAKE_C_COMPILER_ID MATCHES "GNU|Clang") + # Support address space layout randomization (ASLR) + target_compile_options(${target} PRIVATE -fPIE) + check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) + if(HAVE_STACK_PROTECTOR_ALL) + target_link_options(${target} PRIVATE -fstack-protector-all) + else() + check_c_compiler_flag("-fstack-protector" HAVE_STACK_PROTECTOR) + if(HAVE_STACK_PROTECTOR) + target_link_options(${target} PRIVATE -fstack-protector) + else() + message(WARNING "No stack protection supported") + endif() + endif() + target_link_options(${target} PRIVATE -fstack-check) + target_link_options(${target} PRIVATE -fPIE -pie) + target_link_options(${target} PRIVATE -Wl,-z,relro) + target_link_options(${target} PRIVATE -Wl,-z,now) + target_link_options(${target} PRIVATE -Wl,-z,noexecstack) + + target_compile_options(${target} PRIVATE $<$:-O2>) + target_compile_options(${target} PRIVATE $<$:-pedantic>) + target_compile_options(${target} PRIVATE $<$:-Wno-long-long>) + target_compile_options(${target} PRIVATE $<$:-Wconversion>) + target_compile_options(${target} PRIVATE $<$:-D_FORTIFY_SOURCE=2>) + target_compile_options(${target} PRIVATE $<$:-Wformat=2>) + target_compile_options(${target} PRIVATE $<$:-Wundef>) + target_compile_options(${target} PRIVATE $<$:-Wshadow>) + target_compile_options(${target} PRIVATE $<$:-Wredundant-decls>) + target_compile_options(${target} PRIVATE $<$:-Wcast-qual>) + target_compile_options(${target} PRIVATE $<$:-Wnull-dereference>) + target_compile_options(${target} PRIVATE $<$:-Wmissing-declarations>) + target_compile_options(${target} PRIVATE $<$:-Wmissing-prototypes>) + endif() + + if(CMAKE_C_COMPILER_ID MATCHES "GNU") + target_compile_options(${target} PRIVATE $<$:-Wall>) + target_compile_options(${target} PRIVATE $<$:-Wextra>) + target_compile_options(${target} PRIVATE $<$:-Wno-deprecated-declarations>) + target_compile_options(${target} PRIVATE $<$:-Wstrict-aliasing=3>) + target_compile_options(${target} PRIVATE $<$:-Wstrict-overflow=2>) + target_compile_options(${target} PRIVATE $<$:-Wlogical-op>) + target_compile_options(${target} PRIVATE $<$:-Wwrite-strings>) + target_compile_options(${target} PRIVATE $<$:-Wcast-align=strict>) + target_compile_options(${target} PRIVATE $<$:-Wdisabled-optimization>) + target_compile_options(${target} PRIVATE $<$:-Wshift-overflow=2>) + endif() + + if(MSVC) + # Enable parallel builds + add_definitions(/MP) + # Use address space layout randomization, generate PIE code for ASLR (default on) + target_link_options(${target} PRIVATE /DYNAMICBASE) + # Create terminal server aware application (default on) + target_link_options(${target} PRIVATE /TSAWARE) + # Mark the binary as compatible with Intel Control-flow Enforcement Technology (CET) Shadow Stack + target_link_options(${target} PRIVATE /CETCOMPAT) + # Enable compiler generation of Control Flow Guard security checks + target_compile_options(${target} PRIVATE /guard:cf) + target_link_options(${target} PRIVATE /guard:cf) + # Buffer Security Check + target_compile_options(${target} PRIVATE /GS) + # Suppress startup banner + target_link_options(${target} PRIVATE /NOLOGO) + # Generate debug info + target_link_options(${target} PRIVATE /DEBUG) + if("${CMAKE_SIZEOF_VOID_P}" STREQUAL "8") + # High entropy ASLR for 64 bits targets (default on) + target_link_options(${target} PRIVATE /HIGHENTROPYVA) + # Enable generation of EH Continuation (EHCONT) metadata by the compiler + target_compile_options(${target} PRIVATE /guard:ehcont) + target_link_options(${target} PRIVATE /guard:ehcont) + else() + # Can handle addresses larger than 2 gigabytes + target_link_options(${target} PRIVATE /LARGEADDRESSAWARE) + # Safe structured exception handlers (x86 only) + target_link_options(${target} PRIVATE /SAFESEH) + endif() + target_compile_options(${target} PRIVATE $<$:/D_FORTIFY_SOURCE=2>) + # Unrecognized compiler options are errors + target_compile_options(${target} PRIVATE $<$:/options:strict>) + endif() +endfunction() + +add_compile_flags_target(osslsigncode) \ No newline at end of file diff --git a/cmake/SetOptions.cmake b/cmake/SetOptions.cmake deleted file mode 100644 index 2db09f4..0000000 --- a/cmake/SetOptions.cmake +++ /dev/null @@ -1,30 +0,0 @@ -# add command line options - -# set Release build mode -if(NOT CMAKE_BUILD_TYPE) - set(CMAKE_BUILD_TYPE "Release" CACHE STRING "Choose Release or Debug" FORCE) -endif() - -option(enable-strict "Enable strict compile mode" OFF) -option(enable-pedantic "Enable pedantic compile mode" OFF) -option(with-curl "Enable curl" ON) - -# enable compile options -if(enable-strict) - message(STATUS "Enable strict compile mode") - if(MSVC) - # Microsoft Visual C warning level - add_compile_options(/Wall) - else() - add_compile_options(-Wall -Wextra) - endif() -endif() - -if(enable-pedantic) - message(STATUS "Enable pedantic compile mode") - if(MSVC) - add_compile_options(/W4) - else() - add_compile_options(-pedantic) - endif() -endif()