Mercurial > trustbridge
diff CMakeLists.txt @ 1:524cd4908656
Build infrastructure
Add hardening flags
Add static_check target for flawfinder and cppcheck
| author | Andre Heinecke <aheinecke@intevation.de> |
|---|---|
| date | Mon, 10 Feb 2014 16:14:55 +0000 |
| parents | cb0cde2c5eb9 |
| children | 9849250f50f2 |
line wrap: on
line diff
--- a/CMakeLists.txt Fri Feb 07 11:41:15 2014 +0000 +++ b/CMakeLists.txt Mon Feb 10 16:14:55 2014 +0000 @@ -11,7 +11,6 @@ include_directories(${Qt5Widgets_INCLUDE_DIRS}) add_definitions(${Qt5Widgets_DEFINITIONS}) -set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Widgets_EXECUTABLE_COMPILE_FLAGS}") set(M13UI_SOURCES ui/main.cpp @@ -22,6 +21,17 @@ ui/icons.qrc ) +# Warn level to be used for privileged parts +set(WARN_HARDENING_FLAGS " -Wall -Wextra -Wconversion -Wformat-security") + +# Hardening flags +set(HARDENING_FLAGS " -Werror -fstack-protector-all") +set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wstack-protector") +set(HARDENING_FLAGS " ${HARDENING_FLAGS} --param ssp-buffer-size=4") +set(HARDENING_FLAGS " ${HARDENING_FLAGS} -pie -fPIE -ftrapv") +set(HARDENING_FLAGS " ${HARDENING_FLAGS} -D_FORTIFY_SOURCE=2 -O2") +set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,-z,relro,-z,now") + if(UNIX) # See: https://bugreports.qt-project.org/browse/QTBUG-35918 # XCB_EXTRA_LIBS should be gotten automatically. @@ -48,10 +58,32 @@ -lglu32 -lopengl32 -lgdi32 -ljpeg -lpng -lQt5Core -lole32 -luuid -lws2_32 -ladvapi32 -lshell32 -luser32 -lkernel32 -lz -lsicuin -lsicuuc -lsicudt -lpcre16) set(EXTRA_STATIC_LIBS Qt5::QWindowsIntegrationPlugin ${WINDOWS_EXTRA_LIBS}) + + set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,dynamicbase -Wl,nxcompat") endif() qt5_add_resources(M13UI_SOURCES ${M13UI_RESOURCES}) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${Qt5Widgets_EXECUTABLE_COMPILE_FLAGS}") +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${HARDENING_FLAGS}") + add_executable(m13ui ${M13UI_SOURCES}) target_link_libraries(m13ui Qt5::Widgets ${EXTRA_STATIC_LIBS}) + +add_custom_target(static_check) + +# CPPCheck +include(GenerateCppcheck) +generate_cppcheck(SOURCES ${M13UI_SOURCES} "" "" m13ui) +add_dependencies(static_check cppcheck) + +# FlawFinder +find_program(FLAWFINDER_PATH flawfinder DOC "flawfinder path") +if (FLAWFINDER_PATH) + add_custom_target(flawfinder COMMENT "FlawFinder" VERBATIM COMMAND ${FLAWFINDER_PATH} + ${CMAKE_SOURCE_DIR}/ui + ) + add_dependencies(static_check flawfinder) +endif (FLAWFINDER_PATH) +