-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathlinux-flags.mk
120 lines (107 loc) · 4.32 KB
/
linux-flags.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Define some compilation flags for Linux
#
# Debian defines hardening flags in https://wiki.debian.org/Hardening:
# * gcc -Wformat-security -Werror=format-security
# * gcc -O2 -D_FORTIFY_SOURCE=2
# * gcc -fstack-protector --param ssp-buffer-size=4
# * gcc -fPIE -pie
# * ld -z relro -z now
#
# Arch Linux defines compilation flags in /etc/makepkg.conf (from pacman)
# https://projects.archlinux.org/svntogit/packages.git/tree/trunk/makepkg.conf?h=packages/pacman
# * -D_FORTIFY_SOURCE=2
# * -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4
# * -Wl,-O1,--sort-common,--as-needed,-z,relro
include $(dir $(lastword $(MAKEFILE_LIST)))common.mk
# Centralize the choice of C compiler here (gcc, clang...)
CC ?= cc
# C preprocessor flags
# Generate dependencies files targeting $@ in a [email protected] file
# ... while allowing using CPPFLAGS outside of a target (where $@ is empty).
# Gentoo Hardened already defines _FORTIFY_SOURCE in the compiler and warns
# about possible redefinition, so detect these warnings.
# Ubuntu 24.04 defines _FORTIFY_SOURCE as built-in when optimizations are enabled,
# so using ccpp-option is not directly possible.
CPPFLAGS = $(@:%=-Wp,-MT,$@ -Wp,-MD,$(dir $@).$(notdir $@).d) \
$(call try-run,$(CC) -O2 -Werror -D_FORTIFY_SOURCE=2 -E - < /dev/null,-D_FORTIFY_SOURCE=2)
# C compiler flags
# list of warnings from https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
CFLAGS = -O2 -ansi -pedantic -pipe \
-Wall -Wextra \
-Waggregate-return \
-Wcast-align \
-Wfloat-equal \
-Wformat=2 \
-Winit-self \
-Winline \
-Wmissing-declarations \
-Wmissing-format-attribute \
-Wmissing-include-dirs \
-Wmissing-prototypes \
-Wnested-externs \
-Wold-style-definition \
-Wpointer-arith \
-Wredundant-decls \
-Wshadow \
-Wstrict-prototypes \
-Wunknown-pragmas \
-Wwrite-strings \
-Wno-long-long \
-Wno-unused-function \
-fPIE \
-fno-common \
-fno-exceptions \
-fstack-protector --param=ssp-buffer-size=4 \
-fvisibility=hidden
# Linker flags
LDFLAGS = -Wl,-O1,-as-needed,-no-undefined,-z,relro,-z,now,--fatal-warnings \
-fPIE -pie -fstack-protector
# Uncomment the next line to enable debug
#CFLAGS += -g -fvar-tracking-assignments -fno-omit-frame-pointer
# Add strong stack protector if supported
CFLAGS += $(call ccpp-option,-fstack-protector-strong)
# Disable lazy binding (from gcc 6 and clang 6)
CFLAGS += $(call ccpp-option,-fno-plt)
LIBS =
# Add clang-specific options unknown to GCC
ifeq ($(call ccpp-has-option,-Weverything), y)
CFLAGS += -Weverything \
-Wno-padded \
-Wno-shift-sign-overflow \
-Wno-unused-macros
# added after clang 3.0
CFLAGS += $(call cc-disable-warning,disabled-macro-expansion)
CFLAGS += $(call cc-disable-warning,documentation)
# clang 3.6 added -Wreserved-id-macro, which is incompatible with _GNU_SOURCE definition
CFLAGS += $(call cc-disable-warning,reserved-id-macro)
# clang 3.7 added -Wdocumentation-unknown-command and -fcatch-undefined-behavior
CFLAGS += $(call cc-disable-warning,documentation-unknown-command)
# clang 10.0 warns about using "bool", with -Wc99-extensions
CFLAGS += $(call cc-disable-warning,c99-extensions)
# clang 13.0 added -Wreserved-identifier, which triggers many warnings in headers when names starts with _
CFLAGS += $(call cc-disable-warning,reserved-identifier)
# clang 16.0 added -Wunsafe-buffer-usage, which warns in any use of raw pointers
CFLAGS += $(call cc-disable-warning,unsafe-buffer-usage)
# clang 18 added -Wswitch-default, which is incompatible with using switch statements with intended missing default
CFLAGS += $(call cc-disable-warning,switch-default)
# clang 18 on Fedora 41 reports that 'printf' was marked unused but was used
CFLAGS += $(call cc-disable-warning,used-but-marked-unused)
endif
# Add GCC-specific options unknown to clang
ifeq ($(call ccpp-has-option,-Wtrampolines), y)
CFLAGS += \
-Wjump-misses-init \
-Wlogical-op \
-Wtrampolines
# gcc 4.6 added -Wsuggest-attribute=[const|pure|noreturn]
CFLAGS += $(call ccpp-option,-Wsuggest-attribute=format)
CFLAGS += $(call ccpp-option,-Wsuggest-attribute=noreturn)
# gcc 4.8 added -fstack-check=specific
CFLAGS += $(call ccpp-option,-fstack-check=specific)
endif
# Application build configuration
BIN_EXT := $(EXT_PREFIX)bin
# Shared Object build configuration
LIB_EXT := $(EXT_PREFIX)so
LIB_CFLAGS = -fPIC -fvisibility=hidden
LIB_LDFLAGS = -fPIC -shared -Wl,-soname,$@