Add optional support for Position Independent Code and stack smashing…

… protection plus source fortify. This is needed for Guix portability, when exporting the tarball to Alpine, the musl or ulibc does not support it.

CMakeLists.txt

@@ -82,6 +82,8 @@ option(OPTION_BUILD_SCRIPTS		"Build scripts."											ON)
 option(OPTION_BUILD_SERIALS		"Build serials."											ON)
 option(OPTION_BUILD_DETOURS		"Build detours."											ON)
 option(OPTION_BUILD_PORTS		"Build ports."												OFF)
+option(OPTION_BUILD_PIC			"Build with position independent code."						ON)
+option(OPTION_BUILD_SECURITY	"Build with stack-smashing protection and source fortify."	ON)
 option(OPTION_FORK_SAFE			"Enable fork safety."										ON)
 option(OPTION_THREAD_SAFE		"Enable thread safety."										OFF)
 option(OPTION_COVERAGE			"Enable coverage."											OFF)

cmake/SecurityFlags.cmake

@@ -22,41 +22,45 @@ include(CheckCCompilerFlagStackSmashing)
 
 if("${CMAKE_C_COMPILER_ID}" STREQUAL "GNU")
 
-	# Detect position independent code flag
-	check_c_compiler_flag("-fPIC" PIC_C_FLAG)
+	if(OPTION_BUILD_PIC)
+		# Detect position independent code flag
+		check_c_compiler_flag("-fPIC" PIC_C_FLAG)
 
-	if(PIC_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+		if(PIC_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+		endif()
 	endif()
 
-	# Detect stack protector
-	check_c_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_C_FLAG)
-
-	if(STACK_PROTECTOR_STRONG_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
+	if(OPTION_BUILD_SECURITY)
+		# Detect stack protector
+		check_c_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_C_FLAG)
 
-		# use ssp-buffer-size if it is supported
-		if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
-			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
-		endif()
-	else()
-		check_c_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
-
-		if(STACK_PROTECTOR_C_FLAG)
-			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
+		if(STACK_PROTECTOR_STRONG_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong")
 
 			# use ssp-buffer-size if it is supported
 			if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
 				set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
 			endif()
+		else()
+			check_c_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
+
+			if(STACK_PROTECTOR_C_FLAG)
+				set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
+
+				# use ssp-buffer-size if it is supported
+				if(CMAKE_C_COMPILER_VERSION VERSION_GREATER 4.9)
+					set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --param ssp-buffer-size=4")
+				endif()
+			endif()
 		endif()
-	endif()
 
-	# Detect fortify source
-	check_c_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_C_FLAG)
+		# Detect fortify source
+		check_c_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_C_FLAG)
 
-	if(FORTIFY_SOURCE_C_FLAG)
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		if(FORTIFY_SOURCE_C_FLAG)
+			set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		endif()
 	endif()
 
 endif()
@@ -66,41 +70,45 @@ include(CheckCXXCompilerFlagStackSmashing)
 
 if("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
 
-	# Detect position independent code flag
-	check_cxx_compiler_flag("-fPIC" PIC_CXX_FLAG)
+	if(OPTION_BUILD_PIC)
+		# Detect position independent code flag
+		check_cxx_compiler_flag("-fPIC" PIC_CXX_FLAG)
 
-	if(PIC_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
+		if(PIC_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC")
+		endif()
 	endif()
 
-	# Detect stack protector
-	check_cxx_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_CXX_FLAG)
-
-	if(STACK_PROTECTOR_STRONG_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
+	if(OPTION_BUILD_SECURITY)
+		# Detect stack protector
+		check_cxx_compiler_flag_stack_smashing("-fstack-protector-strong" STACK_PROTECTOR_STRONG_CXX_FLAG)
 
-		# use ssp-buffer-size if it is supported
-		if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
-			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
-		endif()
-	else()
-		check_cxx_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
-
-		if(STACK_PROTECTOR_CXX_FLAG)
-			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector")
+		if(STACK_PROTECTOR_STRONG_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")
 
 			# use ssp-buffer-size if it is supported
 			if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
 				set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
 			endif()
+		else()
+			check_cxx_compiler_flag_stack_smashing("-fstack-protector" STACK_PROTECTOR_CXX_FLAG)
+
+			if(STACK_PROTECTOR_CXX_FLAG)
+				set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector")
+
+				# use ssp-buffer-size if it is supported
+				if(CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.9)
+					set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --param ssp-buffer-size=4")
+				endif()
+			endif()
 		endif()
-	endif()
 
-	# Detect fortify source
-	check_cxx_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_CXX_FLAG)
+		# Detect fortify source
+		check_cxx_compiler_flag("-D_FORTIFY_SOURCE=2" FORTIFY_SOURCE_CXX_FLAG)
 
-	if(FORTIFY_SOURCE_CXX_FLAG)
-		set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		if(FORTIFY_SOURCE_CXX_FLAG)
+			set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O3 -D_FORTIFY_SOURCE=2")
+		endif()
 	endif()
 
 endif()