Home Explore Help
Sign In
liberatehongkong
/
ricochet
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
ricochet
/
hardened.pri

hardened.pri 2.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. load(configure)
    2. 

  2. # Define common variables; these are used by config tests _and_ the actual build
    3. 

  3. 

  4. # Supported in gcc 4.8+
    5. 

  5. HARDENED_SANITIZE_FLAGS = -fsanitize=address
    6. 

  6. # Supported in gcc 4.9+
    7. 

  7. HARDENED_SANITIZE_UBSAN_FLAGS = -fsanitize=undefined -fsanitize=integer-divide-by-zero -fsanitize=bounds -fsanitize=alignment -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize-recover
    8. 

  8. # Supported in gcc 5.0+
    9. 

  9. HARDENED_SANITIZE_UBSAN_MORE_FLAGS = -fsanitize=vptr -fsanitize=object-size
    10. 

  10. # vtable-verify requires some OS support; see https://bugzilla.novell.com/show_bug.cgi?id=877239
    11. 

  11. HARDENED_VTABLE_VERIFY_FLAGS = -fvtable-verify=std
    12. 

  12. 

  13. HARDENED_STACK_PROTECTOR_STRONG_FLAGS = -fstack-protector-strong
    14. 

  14. HARDENED_STACK_PROTECTOR_FLAGS = -fstack-protector --param=ssp-buffer-size=4
    15. 

  15. 

  16. HARDENED_MINGW_64ASLR_FLAGS = -Wl,--dynamicbase -Wl,--high-entropy-va
    17. 

  17. 

  18. 

  19. # Run tests and apply options where possible
    20. 

  20. CONFIG(hardened) {
    21. 

  21.     # mingw is always PIC, and complains about the flag
    22. 

  22.     !mingw:HARDEN_FLAGS = -fPIC
    23. 

  23. 

  24.     CONFIG(debug,debug|release): qtCompileTest(sanitize):HARDEN_FLAGS += $$HARDENED_SANITIZE_FLAGS
    25. 

  25.     qtCompileTest(sanitize-ubsan):HARDEN_FLAGS += $$HARDENED_SANITIZE_UBSAN_FLAGS
    26. 

  26.     qtCompileTest(sanitize-ubsan-more):HARDEN_FLAGS += $$HARDENED_SANITIZE_UBSAN_MORE_FLAGS
    27. 

  27.     qtCompileTest(vtable-verify):HARDEN_FLAGS += $$HARDENED_VTABLE_VERIFY_FLAGS
    28. 

  28. 

  29.     qtCompileTest(stack-protector-strong) {
    30. 

  30.         HARDEN_FLAGS += $$HARDENED_STACK_PROTECTOR_STRONG_FLAGS
    31. 

  31.     } else {
    32. 

  32.         qtCompileTest(stack-protector):HARDEN_FLAGS += $$HARDENED_STACK_PROTECTOR_FLAGS
    33. 

  33.     }
    34. 

  34. 

  35.     mingw {
    36. 

  36.         qtCompileTest(mingw-64aslr):QMAKE_LFLAGS *= $$HARDENED_MINGW_64ASLR_FLAGS
    37. 

  37.         QMAKE_LFLAGS *= -Wl,--nxcompat -Wl,--dynamicbase
    38. 

  38.     }
    39. 

  39. 

  40.     QMAKE_CXXFLAGS *= $$HARDEN_FLAGS
    41. 

  41.     QMAKE_LFLAGS *= $$HARDEN_FLAGS
    42. 

  42. 

  43.     # _FORTIFY_SOURCE requires -O, so only use on release builds
    44. 

  44.     CONFIG(release,debug|release):QMAKE_CXXFLAGS *= -D_FORTIFY_SOURCE=2
    45. 

  45.     # Linux specific
    46. 

  46.     unix:!macx:QMAKE_LFLAGS *= -pie -Wl,-z,relro,-z,now
    47. 

  47. }
    48. 

  48.