diff options
| author | Donghee Na <donghee.na@python.org> | 2024-07-23 00:22:04 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-23 00:22:04 (GMT) |
| commit | a9bb3c7b3bd8ba90de87d03cd4d614dca764b116 (patch) | |
| tree | 7b74edb7a813bcaf79e84d9fbfbfeb3c6d245330 /configure.ac | |
| parent | 2762c6cc5e4c1c0d630568db5fbba7a3a71a507c (diff) | |
| download | cpython-a9bb3c7b3bd8ba90de87d03cd4d614dca764b116.zip cpython-a9bb3c7b3bd8ba90de87d03cd4d614dca764b116.tar.gz cpython-a9bb3c7b3bd8ba90de87d03cd4d614dca764b116.tar.bz2 | |
gh-121996: Introduce --disable-safety and --enable-slower-safety options (#122054)
* gh-121996: Introduce --disable-safty and --enable-slower-safty
* Update GA
* fix
* Address code review
* Update CI
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index d695cb7..1275c19 100644 --- a/configure.ac +++ b/configure.ac @@ -2499,9 +2499,28 @@ AS_VAR_IF([with_strict_overflow], [yes], # Enable flags that warn and protect for potential security vulnerabilities. # These flags should be enabled by default for all builds. -AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror]) -AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror]) -AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])]) + +AC_MSG_CHECKING([for --disable-safety]) +AC_ARG_ENABLE([safety], + [AS_HELP_STRING([--disable-safety], [disable usage of the security compiler options with no performance overhead])], + [AS_VAR_IF([enable_safety], [yes], [disable_safety=no], [disable_saftey=yes])], [disable_saftey=no]) +AC_MSG_RESULT([$disable_safety]) + +if test "$disable_safety" = "no" +then + AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [BASECFLAGS="$BASECFLAGS -fstack-protector-strong"], [AC_MSG_WARN([-fstack-protector-strong not supported])], [-Werror]) + AX_CHECK_COMPILE_FLAG([-Wtrampolines], [BASECFLAGS="$BASECFLAGS -Wtrampolines"], [AC_MSG_WARN([-Wtrampolines not supported])], [-Werror]) +fi + +AC_MSG_CHECKING([for --enable-slower-safety]) +AC_ARG_ENABLE([slower-safety], + [AS_HELP_STRING([--enable-slower-safety], [enable usage of the security compiler options with performance overhead])],[]) +AC_MSG_RESULT([$enable_slower_safety]) + +if test "$enable_slower_safety" = "yes" +then + AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=3], [BASECFLAGS="$BASECFLAGS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"], [AC_MSG_WARN([-D_FORTIFY_SOURCE=3 not supported])]) +fi case $GCC in yes) |