Retropex/bitcoin
1
0
Fork 0
mirror of https://github.com/Retropex/bitcoin.git synced 2025-05-13 03:30:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

build: Drop option for disabling hardening

Browse Source 
Building unhardened executables is not a supported use case that should
be maintained and those that want unhardened executables can still
override them by appending disable flags.

For example:

cmake -B build -DAPPEND_CPPFLAGS='-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fno-stack-protector -fcf-protection=none -fno-stack-clash-protection' -DAPPEND_LDFLAGS='-Wl,-z,lazy -Wl,-z,norelro -Wl,-z,noseparate-code'
This commit is contained in:
David Gumberg 2025-03-14 10:35:17 -07:00
parent f57db75e91
commit 00ba3ba303
2 changed files with 59 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CMakeLists.txt
View File

@ -128,7 +128,6 @@ if(WITH_BDB)
endif() endif()
cmake_dependent_option(BUILD_WALLET_TOOL "Build bitcoin-wallet tool." ${BUILD_TESTS} "ENABLE_WALLET" OFF) cmake_dependent_option(BUILD_WALLET_TOOL "Build bitcoin-wallet tool." ${BUILD_TESTS} "ENABLE_WALLET" OFF)
option(ENABLE_HARDENING "Attempt to harden the resulting executables." ON)
option(REDUCE_EXPORTS "Attempt to reduce exported symbols in the resulting executables." OFF) option(REDUCE_EXPORTS "Attempt to reduce exported symbols in the resulting executables." OFF)
option(WERROR "Treat compiler warnings as errors." OFF) option(WERROR "Treat compiler warnings as errors." OFF)
option(WITH_CCACHE "Attempt to use ccache for compiling." ON) option(WITH_CCACHE "Attempt to use ccache for compiling." ON)
@ -481,14 +480,13 @@ try_append_cxx_flags("-fmacro-prefix-map=A=B" TARGET core_interface SKIP_LINK
# -fstack-reuse=none for all gcc builds. (Only gcc understands this flag). # -fstack-reuse=none for all gcc builds. (Only gcc understands this flag).
try_append_cxx_flags("-fstack-reuse=none" TARGET core_interface) try_append_cxx_flags("-fstack-reuse=none" TARGET core_interface)
if(ENABLE_HARDENING) add_library(hardening_interface INTERFACE)
add_library(hardening_interface INTERFACE) target_link_libraries(core_interface INTERFACE hardening_interface)
target_link_libraries(core_interface INTERFACE hardening_interface) if(MSVC)
if(MSVC)
try_append_linker_flag("/DYNAMICBASE" TARGET hardening_interface) try_append_linker_flag("/DYNAMICBASE" TARGET hardening_interface)
try_append_linker_flag("/HIGHENTROPYVA" TARGET hardening_interface) try_append_linker_flag("/HIGHENTROPYVA" TARGET hardening_interface)
try_append_linker_flag("/NXCOMPAT" TARGET hardening_interface) try_append_linker_flag("/NXCOMPAT" TARGET hardening_interface)
else() else()
# _FORTIFY_SOURCE requires that there is some level of optimization, # _FORTIFY_SOURCE requires that there is some level of optimization,
# otherwise it does nothing and just creates a compiler warning. # otherwise it does nothing and just creates a compiler warning.
@ -549,7 +547,6 @@ if(ENABLE_HARDENING)
if(CMAKE_SYSTEM_NAME STREQUAL "Darwin") if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
try_append_linker_flag("-Wl,-fixup_chains" TARGET hardening_interface) try_append_linker_flag("-Wl,-fixup_chains" TARGET hardening_interface)
endif() endif()
endif()
endif() endif()
if(REDUCE_EXPORTS) if(REDUCE_EXPORTS)
@ -684,7 +681,6 @@ message("Cross compiling ....................... ${cross_status}")
message("C++ compiler .......................... ${CMAKE_CXX_COMPILER_ID} ${CMAKE_CXX_COMPILER_VERSION}, ${CMAKE_CXX_COMPILER}") message("C++ compiler .......................... ${CMAKE_CXX_COMPILER_ID} ${CMAKE_CXX_COMPILER_VERSION}, ${CMAKE_CXX_COMPILER}")
include(FlagsSummary) include(FlagsSummary)
flags_summary() flags_summary()
message("Attempt to harden executables ......... ${ENABLE_HARDENING}")
message("Treat compiler warnings as errors ..... ${WERROR}") message("Treat compiler warnings as errors ..... ${WERROR}")
message("Use ccache for compiling .............. ${WITH_CCACHE}") message("Use ccache for compiling .............. ${WITH_CCACHE}")
message("\n") message("\n")

1
CMakePresets.json
View File

@ -77,7 +77,6 @@
"BUILD_UTIL_CHAINSTATE": "ON", "BUILD_UTIL_CHAINSTATE": "ON",
"BUILD_WALLET_TOOL": "ON", "BUILD_WALLET_TOOL": "ON",
"ENABLE_EXTERNAL_SIGNER": "ON", "ENABLE_EXTERNAL_SIGNER": "ON",
"ENABLE_HARDENING": "ON",
"ENABLE_WALLET": "ON", "ENABLE_WALLET": "ON",
"WARN_INCOMPATIBLE_BDB": "OFF", "WARN_INCOMPATIBLE_BDB": "OFF",
"WITH_BDB": "ON", "WITH_BDB": "ON",