phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-04-29 14:59:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

build: refactor: hardening flags -> core_interface

Browse source
This commit is contained in:
David Gumberg 2025-03-21 14:10:13 -07:00
parent 00ba3ba303
commit 77e553ab6a
1 changed files with 19 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
CMakeLists.txt
View file

@ -480,12 +480,10 @@ try_append_cxx_flags("-fmacro-prefix-map=A=B" TARGET core_interface SKIP_LINK
# -fstack-reuse=none for all gcc builds. (Only gcc understands this flag). # -fstack-reuse=none for all gcc builds. (Only gcc understands this flag).
try_append_cxx_flags("-fstack-reuse=none" TARGET core_interface) try_append_cxx_flags("-fstack-reuse=none" TARGET core_interface)
add_library(hardening_interface INTERFACE)
target_link_libraries(core_interface INTERFACE hardening_interface)
if(MSVC) if(MSVC)
try_append_linker_flag("/DYNAMICBASE" TARGET hardening_interface) try_append_linker_flag("/DYNAMICBASE" TARGET core_interface)
try_append_linker_flag("/HIGHENTROPYVA" TARGET hardening_interface) try_append_linker_flag("/HIGHENTROPYVA" TARGET core_interface)
try_append_linker_flag("/NXCOMPAT" TARGET hardening_interface) try_append_linker_flag("/NXCOMPAT" TARGET core_interface)
else() else()
# _FORTIFY_SOURCE requires that there is some level of optimization, # _FORTIFY_SOURCE requires that there is some level of optimization,
@ -499,38 +497,38 @@ else()
}" }"
) )
if(cxx_supports_fortify_source) if(cxx_supports_fortify_source)
target_compile_options(hardening_interface INTERFACE target_compile_options(core_interface INTERFACE
-U_FORTIFY_SOURCE -U_FORTIFY_SOURCE
-D_FORTIFY_SOURCE=3 -D_FORTIFY_SOURCE=3
) )
endif() endif()
unset(cxx_supports_fortify_source) unset(cxx_supports_fortify_source)
try_append_cxx_flags("-Wstack-protector" TARGET hardening_interface SKIP_LINK) try_append_cxx_flags("-Wstack-protector" TARGET core_interface SKIP_LINK)
try_append_cxx_flags("-fstack-protector-all" TARGET hardening_interface) try_append_cxx_flags("-fstack-protector-all" TARGET core_interface)
try_append_cxx_flags("-fcf-protection=full" TARGET hardening_interface) try_append_cxx_flags("-fcf-protection=full" TARGET core_interface)
if(MINGW) if(MINGW)
# stack-clash-protection is a no-op for Windows. # stack-clash-protection is a no-op for Windows.
# See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90458 for more details. # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=90458 for more details.
else() else()
try_append_cxx_flags("-fstack-clash-protection" TARGET hardening_interface) try_append_cxx_flags("-fstack-clash-protection" TARGET core_interface)
endif() endif()
if(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64") if(CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64")
if(CMAKE_SYSTEM_NAME STREQUAL "Darwin") if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
try_append_cxx_flags("-mbranch-protection=bti" TARGET hardening_interface SKIP_LINK) try_append_cxx_flags("-mbranch-protection=bti" TARGET core_interface SKIP_LINK)
else() else()
try_append_cxx_flags("-mbranch-protection=standard" TARGET hardening_interface SKIP_LINK) try_append_cxx_flags("-mbranch-protection=standard" TARGET core_interface SKIP_LINK)
endif() endif()
endif() endif()
try_append_linker_flag("-Wl,--enable-reloc-section" TARGET hardening_interface) try_append_linker_flag("-Wl,--enable-reloc-section" TARGET core_interface)
try_append_linker_flag("-Wl,--dynamicbase" TARGET hardening_interface) try_append_linker_flag("-Wl,--dynamicbase" TARGET core_interface)
try_append_linker_flag("-Wl,--nxcompat" TARGET hardening_interface) try_append_linker_flag("-Wl,--nxcompat" TARGET core_interface)
try_append_linker_flag("-Wl,--high-entropy-va" TARGET hardening_interface) try_append_linker_flag("-Wl,--high-entropy-va" TARGET core_interface)
try_append_linker_flag("-Wl,-z,relro" TARGET hardening_interface) try_append_linker_flag("-Wl,-z,relro" TARGET core_interface)
try_append_linker_flag("-Wl,-z,now" TARGET hardening_interface) try_append_linker_flag("-Wl,-z,now" TARGET core_interface)
# TODO: This can be dropped once Bitcoin Core no longer supports # TODO: This can be dropped once Bitcoin Core no longer supports
# NetBSD 10.0 or if upstream fix is backported. # NetBSD 10.0 or if upstream fix is backported.
# NetBSD's dynamic linker ld.elf_so < 11.0 supports exactly 2 # NetBSD's dynamic linker ld.elf_so < 11.0 supports exactly 2
@ -540,12 +538,12 @@ else()
# - https://github.com/bitcoin/bitcoin/pull/28724#issuecomment-2589347934 # - https://github.com/bitcoin/bitcoin/pull/28724#issuecomment-2589347934
# - https://mail-index.netbsd.org/tech-userlevel/2023/01/05/msg013666.html # - https://mail-index.netbsd.org/tech-userlevel/2023/01/05/msg013666.html
if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD" AND CMAKE_SYSTEM_VERSION VERSION_LESS 11.0) if(CMAKE_SYSTEM_NAME STREQUAL "NetBSD" AND CMAKE_SYSTEM_VERSION VERSION_LESS 11.0)
try_append_linker_flag("-Wl,-z,noseparate-code" TARGET hardening_interface) try_append_linker_flag("-Wl,-z,noseparate-code" TARGET core_interface)
else() else()
try_append_linker_flag("-Wl,-z,separate-code" TARGET hardening_interface) try_append_linker_flag("-Wl,-z,separate-code" TARGET core_interface)
endif() endif()
if(CMAKE_SYSTEM_NAME STREQUAL "Darwin") if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
try_append_linker_flag("-Wl,-fixup_chains" TARGET hardening_interface) try_append_linker_flag("-Wl,-fixup_chains" TARGET core_interface)
endif() endif()
endif() endif()