do standard configure stuff, like gcc hardening and checking for basic headers and generating config.h

1 files changed, 35 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index da40200..4064bef 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8,7 +8,10 @@ AM_INIT_AUTOMAKE([1.15])
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
 
 AC_CONFIG_SRCDIR([brandt.c])
-#AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_HEADERS([brandt_config.h])
+
+# Checks for header files.
+AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h])
 
 # Checks for programs.
 AC_PROG_CC_C99
@@ -58,6 +61,37 @@ AS_IF([test $libgnunetutil != 1],
 # restore LIBS
 LIBS=$SAVE_LIBS
 
+
+# Adam shostack suggests the following for Windows:
+# -D_FORTIFY_SOURCE=2 -fstack-protector-all
+AC_ARG_ENABLE(gcc-hardening,
+   AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks),
+[if test x$enableval = xyes; then
+    CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all"
+    CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector"
+    CFLAGS="$CFLAGS --param ssp-buffer-size=1"
+    LDFLAGS="$LDFLAGS -pie"
+fi])
+
+
+# Linker hardening options
+# Currently these options are ELF specific - you can't use this with MacOSX
+AC_ARG_ENABLE(linker-hardening,
+  AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups),
+[if test x$enableval = xyes; then
+   LDFLAGS="$LDFLAGS -z relro -z now"
+fi])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_TYPE_UINT16_T
+AC_TYPE_UINT32_T
+AC_TYPE_UINT64_T
+AC_TYPE_INTMAX_T
+AC_TYPE_UINTMAX_T
+
+
 AC_CONFIG_FILES([
 Makefile
 doc/Makefile