diff --git a/CMakeLists.txt b/CMakeLists.txt index ba1f59094d5..538daabdc7e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -243,45 +243,6 @@ if(NOT "${CMAKE_CXX_FLAGS}" STREQUAL "${COMPILER_FLAGS}") ) endif(NOT "${CMAKE_CXX_FLAGS}" STREQUAL "${COMPILER_FLAGS}") -# check for hardening options -if(HARDEN AND NOT WIN32) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE -fstack-protector-strong") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE -fstack-protector-strong") - - if(APPLE) - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -Wl,-pie") - else() - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,relro,-z,now") - endif() - - add_definitions(-D_FORTIFY_SOURCE=2) -endif(HARDEN AND NOT WIN32) - -if(UNIX AND NOT CMAKE_COMPILER_IS_GNUCXX) - # Assume the compiler is the clang compiler. - set(CMAKE_EXE_LINKER_FLAGS "-lstdc++ -lm ${CMAKE_EXE_LINKER_FLAGS}") -endif(UNIX AND NOT CMAKE_COMPILER_IS_GNUCXX) - -if(NOT WIN32) - add_definitions(-DWESNOTH_PATH="${CMAKE_INSTALL_FULL_DATADIR}/${DATADIRNAME}") -endif(NOT WIN32) - -if(X11_FOUND) - add_definitions(-D_X11) -endif(X11_FOUND) - -add_definitions(-DLOCALEDIR="${LOCALEDIR}") - -# -DNDEBUG is automatically added to all release build types, so manually remove this define from the related variables -RemoveFlag(CMAKE_CXX_FLAGS_RELWITHDEBINFO CACHE "-DNDEBUG" "Default C++ flags for RelWithDebInfo") -RemoveFlag(CMAKE_C_FLAGS_RELWITHDEBINFO CACHE "-DNDEBUG" "Default C flags for RelWithDebInfo") -RemoveFlag(CMAKE_CXX_FLAGS_MINSIZEREL CACHE "-DNDEBUG" "Default C++ flags for MinSizeRel") -RemoveFlag(CMAKE_C_FLAGS_MINSIZEREL CACHE "-DNDEBUG" "Default C flags for MinSizeRel") - -# -rdynamic is automatically added, but we don't need it, and it increases the executable size -RemoveFlag(CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS SCRIPT "-rdynamic" "") -RemoveFlag(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS SCRIPT "-rdynamic" "") - # # # Determine optimization level # # @@ -311,6 +272,47 @@ else(NOT OPT) set(CMAKE_C_FLAGS_PROFILE "${OPT}") endif(NOT OPT) +# check for hardening options +if(HARDEN AND NOT WIN32) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIE -fstack-protector-strong") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE -fstack-protector-strong") + + if(APPLE) + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -Wl,-pie") + else() + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie -Wl,-z,relro,-z,now") + endif() + + if(NOT CMAKE_CXX_FLAGS_DEBUG STREQUAL "-O0") + add_definitions(-D_FORTIFY_SOURCE=2) + endif() +endif(HARDEN AND NOT WIN32) + +if(UNIX AND NOT CMAKE_COMPILER_IS_GNUCXX) + # Assume the compiler is the clang compiler. + set(CMAKE_EXE_LINKER_FLAGS "-lstdc++ -lm ${CMAKE_EXE_LINKER_FLAGS}") +endif(UNIX AND NOT CMAKE_COMPILER_IS_GNUCXX) + +if(NOT WIN32) + add_definitions(-DWESNOTH_PATH="${CMAKE_INSTALL_FULL_DATADIR}/${DATADIRNAME}") +endif(NOT WIN32) + +if(X11_FOUND) + add_definitions(-D_X11) +endif(X11_FOUND) + +add_definitions(-DLOCALEDIR="${LOCALEDIR}") + +# -DNDEBUG is automatically added to all release build types, so manually remove this define from the related variables +RemoveFlag(CMAKE_CXX_FLAGS_RELWITHDEBINFO CACHE "-DNDEBUG" "Default C++ flags for RelWithDebInfo") +RemoveFlag(CMAKE_C_FLAGS_RELWITHDEBINFO CACHE "-DNDEBUG" "Default C flags for RelWithDebInfo") +RemoveFlag(CMAKE_CXX_FLAGS_MINSIZEREL CACHE "-DNDEBUG" "Default C++ flags for MinSizeRel") +RemoveFlag(CMAKE_C_FLAGS_MINSIZEREL CACHE "-DNDEBUG" "Default C flags for MinSizeRel") + +# -rdynamic is automatically added, but we don't need it, and it increases the executable size +RemoveFlag(CMAKE_SHARED_LIBRARY_LINK_CXX_FLAGS SCRIPT "-rdynamic" "") +RemoveFlag(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS SCRIPT "-rdynamic" "") + # # # Start determining options for Release build # # diff --git a/SConstruct b/SConstruct index 9900aa714e1..f5998c7b4ea 100755 --- a/SConstruct +++ b/SConstruct @@ -506,7 +506,8 @@ for env in [test_env, client_env, env]: if env['harden'] and env["PLATFORM"] != 'win32': env.AppendUnique(CCFLAGS = ["-fPIE", "-fstack-protector-strong"]) - if not env["have_fortify"] : env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"]) + if not env["have_fortify"] and "-O0" not in env["opt"]: + env.AppendUnique(CPPDEFINES = ["_FORTIFY_SOURCE=2"]) if env["enable_lto"] == True: env.AppendUnique(LINKFLAGS = ["-fstack-protector-strong"])