scons: fix strict hardened builds on Gentoo

2018-07-27 15:13:59 +03:00 · 2018-07-27 15:13:59 +03:00 · 47b902033d
commit 47b902033d
parent 94b6c3dc4e
2 changed files with 20 additions and 2 deletions
--- a/5
+++ b/5
@ -377,6 +377,9 @@ if env["prereqs"]:
        conf.CheckBoostLocaleBackends(["icu", "winapi"]) \
            or Warning("Only icu and winapi backends of Boost Locale are supported. Bugs/crashes are very likely with other backends")

+    if env['harden']:
+        env["have_fortify"] = conf.CheckFortifySource()
+
    env = conf.Finish()

    client_env = env.Clone()
@ -504,7 +507,7 @@ for env in [test_env, client_env, env]:

        if env['harden'] and env["PLATFORM"] != 'win32':
            env.AppendUnique(CCFLAGS = ["-fPIE"])
-            env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"])
+            if not env["have_fortify"] : env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"])
            
            if env["PLATFORM"] == 'darwin':
                env.AppendUnique(LINKFLAGS = ["-fPIE", "-Wl,-pie"])
--- a/scons/cplusplus.py
+++ b/scons/cplusplus.py
@ -38,4 +38,19 @@ def CheckCPlusPlus(context, gcc_version = None):
        context.Result("no")
        return False

-config_checks = { "CheckCPlusPlus" : CheckCPlusPlus }
+def CheckFortifySource(context):
+    message = "Checking whether compiler has built-in -D_FORTIFY_SOURCE... "
+    test_program = """
+    #ifndef _FORTIFY_SOURCE
+    #error _FORTIFY_SOURCE not defined
+    #endif
+    """
+    context.Message(message)
+    if context.TryBuild(context.env.Object, test_program, ".c") == 1:
+        context.Result("yes")
+        return True
+    else:
+        context.Result("no")
+        return False
+
+config_checks = { "CheckCPlusPlus" : CheckCPlusPlus, "CheckFortifySource" : CheckFortifySource }