diff --git a/configure.ac b/configure.ac index da40200..4064bef 100644 --- a/configure.ac +++ b/configure.ac @@ -8,7 +8,10 @@ AM_INIT_AUTOMAKE([1.15]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_CONFIG_SRCDIR([brandt.c]) -#AC_CONFIG_HEADERS([config.h]) +AC_CONFIG_HEADERS([brandt_config.h]) + +# Checks for header files. +AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h]) # Checks for programs. AC_PROG_CC_C99 @@ -58,6 +61,37 @@ AS_IF([test $libgnunetutil != 1], # restore LIBS LIBS=$SAVE_LIBS + +# Adam shostack suggests the following for Windows: +# -D_FORTIFY_SOURCE=2 -fstack-protector-all +AC_ARG_ENABLE(gcc-hardening, + AS_HELP_STRING(--enable-gcc-hardening, enable compiler security checks), +[if test x$enableval = xyes; then + CFLAGS="$CFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all" + CFLAGS="$CFLAGS -fwrapv -fPIE -Wstack-protector" + CFLAGS="$CFLAGS --param ssp-buffer-size=1" + LDFLAGS="$LDFLAGS -pie" +fi]) + + +# Linker hardening options +# Currently these options are ELF specific - you can't use this with MacOSX +AC_ARG_ENABLE(linker-hardening, + AS_HELP_STRING(--enable-linker-hardening, enable linker security fixups), +[if test x$enableval = xyes; then + LDFLAGS="$LDFLAGS -z relro -z now" +fi]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_TYPE_UINT16_T +AC_TYPE_UINT32_T +AC_TYPE_UINT64_T +AC_TYPE_INTMAX_T +AC_TYPE_UINTMAX_T + + AC_CONFIG_FILES([ Makefile doc/Makefile