maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Reindl!

On Jun 24, Reindl Harald wrote:
> please make sure that explicit set options are not overriden
> 
> in case of GCC the last option wins
> 
> so if you set "-fstack-protector" by add it to the flags you disable
> "-fstack-protector-strong" from below which depends on the GCC version
> and is now default in Fedora as example
> 
> export CFLAGS="%{optflags} -O3 -fstack-protector-strong --param=ssp-buffer-size=4 -fPIC -fomit-frame-pointer
> -fno-exceptions -ffixed-ebp -fwrapv -fno-strict-aliasing -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
> export CXXFLAGS="$CFLAGS"
> export FFLAGS="$CFLAGS"
> export FCFLAGS="$CFLAGS"
> export LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack -pie"
> export SH_LDFLAGS="$LDFLAGS"

Yes, I believe explicitly specified options are added last, so they'll
override whatever is set in cmakefiles.

Either way, our CMakeLists.txt won't try to figure out what options
(from the explicitly specified set) are incompatible or conflicting with
automatically added. But you can always configure with

  cmake -DSECURITY_HARDENED=OFF

and cmake won't add any of these options automatically.

Regards,
Sergei