Move fortification to ci-linux

Fortification via the "_FORTIFY_SOURCE" define only works when optimizations are enabled. The "ci-linux" preset already sets the build type to release, so this seems to be the best place to put a release config dependent compiler option. Fixes: #128
friendlyanon · Jan 12, 2025 · a3a4978 · a3a4978
1 parent 19ab707
commit a3a4978
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/cmake-init/templates/common/CMakePresets.json b/cmake-init/templates/common/CMakePresets.json
@@ -86,8 +86,8 @@
       "description": "These flags are supported by both GCC and Clang",
       "hidden": true,
       "cacheVariables": {
-        "CMAKE_C{% if cpp %}XX{% end %}_FLAGS": "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3{% if cpp %} -D_GLIBCXX_ASSERTIONS=1{% end %} -fstack-protector-strong -fcf-protection=full -fstack-clash-protection -Wall -Wextra -Wpedantic -Wconversion -Wsign-conversion -Wcast-qual -Wformat=2 -Wundef -Werror=float-equal -Wshadow -Wcast-align -Wunused -Wnull-dereference -Wdouble-promotion -Wimplicit-fallthrough {% if c %}-Werror=strict-prototypes -Wwrite-strings{% if c90 %} -Werror=declaration-after-statement{% end %}{% else %}-Wextra-semi -Woverloaded-virtual -Wnon-virtual-dtor -Wold-style-cast{% end %}",{% if c and pm %}
-        "CMAKE_CXX_FLAGS": "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS=1 -fstack-protector-strong -fcf-protection=full -fstack-clash-protection -Wall -Wextra -Wpedantic -Wconversion -Wsign-conversion -Wcast-qual -Wformat=2 -Wundef -Werror=float-equal -Wshadow -Wcast-align -Wunused -Wnull-dereference -Wdouble-promotion -Wimplicit-fallthrough -Wextra-semi -Woverloaded-virtual -Wnon-virtual-dtor -Wold-style-cast",{% end %}
+        "CMAKE_C{% if cpp %}XX{% end %}_FLAGS": "{% if cpp %}-D_GLIBCXX_ASSERTIONS=1 {% end %}-fstack-protector-strong -fcf-protection=full -fstack-clash-protection -Wall -Wextra -Wpedantic -Wconversion -Wsign-conversion -Wcast-qual -Wformat=2 -Wundef -Werror=float-equal -Wshadow -Wcast-align -Wunused -Wnull-dereference -Wdouble-promotion -Wimplicit-fallthrough {% if c %}-Werror=strict-prototypes -Wwrite-strings{% if c90 %} -Werror=declaration-after-statement{% end %}{% else %}-Wextra-semi -Woverloaded-virtual -Wnon-virtual-dtor -Wold-style-cast{% end %}",{% if c and pm %}
+        "CMAKE_CXX_FLAGS": "-D_GLIBCXX_ASSERTIONS=1 -fstack-protector-strong -fcf-protection=full -fstack-clash-protection -Wall -Wextra -Wpedantic -Wconversion -Wsign-conversion -Wcast-qual -Wformat=2 -Wundef -Werror=float-equal -Wshadow -Wcast-align -Wunused -Wnull-dereference -Wdouble-promotion -Wimplicit-fallthrough -Wextra-semi -Woverloaded-virtual -Wnon-virtual-dtor -Wold-style-cast",{% end %}
         "CMAKE_EXE_LINKER_FLAGS": "-Wl,--allow-shlib-undefined,--as-needed,-z,noexecstack,-z,relro,-z,now,-z,nodlopen",
         "CMAKE_SHARED_LINKER_FLAGS": "-Wl,--allow-shlib-undefined,--as-needed,-z,noexecstack,-z,relro,-z,now,-z,nodlopen"
       }
@@ -113,11 +113,14 @@
     },
     {
       "name": "ci-linux",
+      "description": "Includes fortification with the CMake default release flags",
       "inherits": ["flags-gcc-clang", "ci-std"],
       "generator": "Unix Makefiles",
       "hidden": true,
       "cacheVariables": {
-        "CMAKE_BUILD_TYPE": "Release"
+        "CMAKE_BUILD_TYPE": "Release",
+        "CMAKE_C{% if cpp %}XX{% end %}_FLAGS_RELEASE": "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -O3 -DNDEBUG"{% if c and pm %},
+        "CMAKE_CXX_FLAGS_RELEASE": "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -O3 -DNDEBUG"{% end %}
       }
     },
     {