From 4ac6451491e8d4dfc4e371eee4c162b297283c0a Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 6 Sep 2016 22:38:57 +0000
Subject: Add configure option for build hardening

Ticket: https://fedorahosted.org/gss-proxy/ticket/147

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Merges #30
---
 proxy/Makefile.am | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'proxy/Makefile.am')

diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index f03f3ea..4359938 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -31,7 +31,9 @@ pkgconfigdir = $(libdir)/pkgconfig
 gpstatedir = @gpstatedir@
 gpclidir = @gpstatedir@/clients
 
+AM_CPPFLAGS =
 AM_CFLAGS =
+AM_LDFLAGS =
 if WANT_AUX_INFO
     AM_CFLAGS += -aux-info $@.X
 endif
@@ -41,7 +43,15 @@ if HAVE_GCC
     AM_CFLAGS += -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith \
                  -Wcast-qual -Wcast-align -Wwrite-strings \
                  -fstrict-aliasing -Wstrict-aliasing -Werror=strict-aliasing \
-                 -Werror-implicit-function-declaration
+                 -Werror-implicit-function-declaration \
+                 -Werror=format-security
+
+    AM_CPPFLAGS += -Wdate-time
+endif
+if BUILD_HARDENING
+    AM_CPPFLAGS += -D_FORTIFY_SOURCE=2
+    AM_CFLAGS += -fPIE -fstack-protector-strong
+    AM_LDFLAGS += -fPIE -pie -fPIC -Wl,-z,relro -Wl,-z,now
 endif
 
 dist_pkgconfig_DATA =
@@ -65,7 +75,7 @@ dist_noinst_DATA =
 # Global compilation settings #
 ###############################
 
-AM_CPPFLAGS = \
+AM_CPPFLAGS += \
     -Wall \
     -Iinclude \
     -I.. \
-- 
cgit